From 3e7e99cc868ffda4941c524dba78f57f18ac1dd9 Mon Sep 17 00:00:00 2001 From: Antonin G <98969594+agoude@users.noreply.github.com> Date: Tue, 30 Sep 2025 17:39:40 +0200 Subject: [PATCH 01/24] Create guide.en-gb.md Changelog: - creation of the file --- .../s3_interconnect_with_vRack/guide.en-gb.md | 60 +++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.en-gb.md diff --git a/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.en-gb.md b/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.en-gb.md new file mode 100644 index 00000000000..f91c621cd32 --- /dev/null +++ b/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.en-gb.md @@ -0,0 +1,60 @@ +--- +title: Object Storage - How to connect Object Storage buckets with other resources in a vRack +excerpt: Find out how to use Object Storage together with resources in a Private Network +updated: 2025-10-02 +--- + +## Objective + +This guide explains how to use Object Storage together with resources in a Private Network. + +## Requirements + +- An [Object Storage bucket](/pages/storage_and_backup/object_storage/s3_getting_started_with_object_storage) +- A [vRack Private Network service](/pages/public_cloud/public_cloud_network_services/getting-started-07-creating-vrack) +- A [Public Cloud Gateway](/pages/public_cloud/public_cloud_network_services/getting-started-02-create-private-network-gateway) +- Resources to connect (Public Cloud instances, Managed Kubernetes, Bare Metal servers, etc.) + +## Instructions + +### Context + +Your use case may require a secure connection between a private network and your Object Storage bucket. Our vRack Private Network & Public Cloud Gateway services will help meeting your specific requirements both in terms of security and performance. + +This also allows you to interconnect Object Storage buckets with your resources attached via a vRack Private Network (see the architecture diagram below). + +![vrack private network with buckets - diagram](images/object_storage_buckets_vrack_private.png){.thumbnail} + +### Creating a vRack Private Network and Public Cloud Gateway + +In order to create and configure both a Public Cloud Gateway and a vRack Private Network, please follow the instructions in our documentation: [Creating a private network with Gateway](/pages/public_cloud/public_cloud_network_services/getting-started-02-create-private-network-gateway). This guide page explains how to: + +- Select and create the appropriate Gateway both in terms of performance and geo-availability. +- Attach an existing or newly created vRack Private Network to it. + +### Gateway IPs whitelisting + +Once the Gateway has been created and associated to a vRack Private Network, the next step is to whitelist a set of IPs from your Object Storage. To do so, there are multiple ways: + + - Using Object Storage Bucket Policies: The feature is not yet implemented but will be soon available. + - Using Object Storage User Policies where you can explicitely witelist IP ranges that can work with Object Storage resources + +#### User Policies + +First as a quick reminder, here is how today user permissions are evaluated: + +1. if exists, evaluate user policy else fallback to ACLs + 1. check for an explicit deny: if there is an explicit deny, then deny permission, else, check for an explicit allow + 2. check for an explicit allow: if there is an explicit allow, then allow permission + c. if there is no explicit deny nor explicit allow, then fallback to ACLs +3. fallback to ACLs + +In our scenario we + +After this last step, you will be ready to use your Object Storage together with resources connected to a vRack Private Network. + +## Go further + +If you need training or technical assistance to implement our solutions, contact your sales representative or click on [this link](/links/professional-services) to get a quote and ask our Professional Services experts for assisting you on your specific use case of your project. + +Join our [community of users](/links/community). From 71b5d570cab1b9301014d5926a07fc19ce19978f Mon Sep 17 00:00:00 2001 From: Antonin G <98969594+agoude@users.noreply.github.com> Date: Wed, 1 Oct 2025 10:04:05 +0200 Subject: [PATCH 02/24] Create test will be removed then --- .../object_storage/s3_interconnect_with_vRack/images/test | 1 + 1 file changed, 1 insertion(+) create mode 100644 pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/images/test diff --git a/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/images/test b/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/images/test new file mode 100644 index 00000000000..9daeafb9864 --- /dev/null +++ b/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/images/test @@ -0,0 +1 @@ +test From 2d316c229b6d2861144352d9f08f72c80c10b4ba Mon Sep 17 00:00:00 2001 From: Antonin G <98969594+agoude@users.noreply.github.com> Date: Wed, 1 Oct 2025 10:04:52 +0200 Subject: [PATCH 03/24] Add image Add object_storage_buckets_vrack_private.png --- .../object_storage_buckets_vrack_private.png | Bin 0 -> 49301 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/images/object_storage_buckets_vrack_private.png diff --git a/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/images/object_storage_buckets_vrack_private.png b/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/images/object_storage_buckets_vrack_private.png new file mode 100644 index 0000000000000000000000000000000000000000..c5165d775d636299c1d7e99bbbadc56f958b8f4a GIT binary patch literal 49301 zcmY(q1ytM36E<3*6e&=oxU{$gcW;Zk6$oB}yStTA+=>OaV#Nu;wRmwWgy0a|Jy7hX z@BjPmJ$KH@AtBk{?#|9UJM-*pq`Imc4i-7qlP6Db6y&8fpFDXwjC$E(priid@zLcK z>d#X*O}URxs>UdHQ6JE(KB#JyUeE2x6Wrc^ucs+&xD-#G{9;v* z{_x4$_`v9;w_)E*k(9i={Ktcy9B?@p>^Y z(x1@~XQwvrCtm4uI18Kjei+su7#a(&E3S0Esu6C;Ox#kmFAG5Rw(x&OX7JHqo6DN* zKE-+*0^YXYJ8g)2=TKDN*FUvjH=NNhH4ie|%`_X9w^K0K&FGn}gS#385sUkHH&y>V z5RpWqsfhSh<8Yc5@b(48eeLU9BS)Q**$>gZJneY|=XfP+LA=jTGx1AKdN||Ojvkm! z!XXddpmnl4H`}*4xr9IFdc-NkQ>E*8=_v9l>rmRw;&-5eW!MkhkS|!_v5&*%8*q#V zt2UdflN*HVEMR$+7gx2-SJic$-1@l#s3zuSw^h>nZony>zx{KIh{|aSlu|RUD5r@8 zV8s@HwO0O>?-ZFZV z;MjdreEDI<#lMXaT@Im`pr;dZ&i^Fac=<{D3P9zbjCxu+GN}7ve#c|Tn`|cG-ghRa zrt(4;4Dv^7Cl05Be)r1^XN=wqEmOMom3me6xcb_cJ^JJOexKy%_r#GxQ3a6|=f8yi zdz1>(J1Rk}VtFE-A&#z5QLW3chrmBJXeHpZ-pWYpM4+pz9rDGyYw*vrxpo$2qF_K} zLx9WwCNpKbisrtO@i<$xIam%Zgb(O+BHkpB^p-Z=igzXW(ajXjRZspu?fOv zU)b3G6A@mx3`L6H)1Y*BVo4fbf>Yu3K!K;I7Mn~wpJ4l>r_3zL!t3MnEl>V8KHazV z2cOP-_#d~@$%2{7D+Jh#d#pbJw9Z(a<4OJe^a?YY3d9vvtUwKXi&(;rj$QtP=ad_b zDa&tL%?nKra8kCc%b;)hP>h<4aLJq-D{OFhJdM z4!gzd+0FM*`-_Gez&RO7L^hkaor;PT15=SB&d|VUE@fAnRH@~R9cgS7Lu&Y4;ff2I z<)z=G1LZ2 z-LmgQxsSzE!+L*OnSUP#v={30V*n2MQreE{)}v42l|S09z3@SomhUjqkdt zZG%Kgtt{ewZ2kv`n6CSW%7QyAhsixOfI+O*{fF+yv9Cp z{a2dsj{OPDyNAbzFI7t>a!A4DUN-S%_3@pgj{Dc?;L0l4l#Z5syfEJ`rSaYs>zFhH z8{V`|i?4lAe{iv-U4rUr@D71L5?TOs2N)?T_gJd~$kMmNO}r8EhUppiw)@f<8F93I z`zO1f#cuDSPcY+T6-`+Zv7>4%7mV*N2TN)md&!(ZLVfXHrQ_ps?>I!F$Y_6>;8GU% z4$BW5X-ENH#*-E_$Q5r!{!S?~+od{dQ|?jQKhi56tS;+1;U=7H-!?eGiIo1R`t*(# zl=2-(!}IJ7EkJ43u|GWbN*knb9RF1%v#`ip>)N&G;B@{b+o+|?57=?8A7i%hIwn(u zLP`!sGF+J>cXGk|DCI8OL2z2wMsSLOI30f!i;d*nF7^8adpkgOHRqsgT7KBi@1$$A ze5L?VW~(CT8qv&cGd50j5t}~w`-(Gj#mA&g;Ha_0z(5PiE`MCR`Vq%CizKR3`9#j8 z*?a?iA`d7b$cFKlLrwppSXOOs(p{wXSuwEVtuaF@joxljMMP_aT%-GvPOs&b>0+Ip z{8+VmiswgFvVPU{$Zr+T0EQ6U+#qobyT-$hD-Tj!F8yM?Icz$?{EW)EA@2(MS;k!l zGe+n9Ht3^@YONZN?U9>1qR!04qeeelwAjUYqXyTe-(4eva{JPE%ss@A)8~kK+`pEu zcofTP{CfoaFW{*|bOpZ;M7$|YqQ76!oW**7l~9Z!-7%Z(wh(e>{pmU4_AoUw$DRX< zq#W?eU|2rgUZ<*FY?8seh&a` z5O04TNldy6kb`dSl#Ko~(T0Yn+-`}#)P@0Mwmt#Hast+5dM#3z^CJ|;2ZD0_sDoX0 zfe;tbhwC{rQXzXja0M_Fw&MGe=HkY%o~LBQvu8pBk>Wh{Jgd>WXs?P)$e(E0=TWKx z*s5A|c&|ZINTQp@I4lo}+Kjo0K0SJw%j^_wobJ-DoTTB4*~iZhY_m)vP?}%a^C5k_ zUvW$07#L0K#CQz2^08kCl8&4)IPQp_G4N!YM4TQ6osn&E>Qzd6|Efvw-mDj_vA)52 zMInwK|9FF`oFTkY44k@EF%KYo1%ePOg?@pg{UI0_h>nPw>zczjOD74%L5ec%UTE*%1*Yjj&F$I1lyRn zrJo1rF=Nc{VMpSx6Vpn?3axVdK8WREmr?KnSd^sqeJDjKO3~ttGKioZ&%-|7{H+us zO!*f7r zymDKEw-rIERrj0BQAt| z%!KCk2kBm$(FXA}map1!073f!;&`c@`%|mm%%wWibnSeTk_@1JZ{~4shbqzKn^m*R zr4s;4@@}6tu-=Cx@hnPP5YWdeg9TGEG6_b)F{YbxFsRxsd@YIc$2%z1)4#ZX5} zIvbiSM~3ftKM44TwW)f_O|u0UT%FF>18qf~$A0&2*Of&$5su4q)T8h~IM9ohnrgfH z)y}KR-IzK`=*AT8U~%yvi)Ja?8o{KHFXOAF-u*(|o~R77OinMq831@c`KLyNx1p>J zzi-EV4#to|Ca4)X$8s9sTM7}P?y;NOJ`86T7Gw(y+!n^mdi6{4;gaTBhCZVoP_F!A zZ_|xf?H*xb+ZJb3o*M|K*>zQox;g5R*fUgCbMY&HiQ3*J=Pm)5r~|xa^6>bTch`Tt{k^zd2kK?t1UHJLj}#Bz7;N#^V}F zhEB7x7fPIhHd8E1Q*)O2#HK#^igTg)nm^fC?g1n^e%ExX=ev+_xhX*2`O1 zGWg~B0aj67`{SvV?G)y~mXKQ#yD~pTgAU-OS=U*88J7#=UitduWY5M%hKe8FPZyEl z^D_|w*QnFcCI!W}r~m`LZPLA(U?%e!E14=z&vpHEAApgU#3Tx-s1~!~ZKZ74K`=Gy zhs!*Eb1Ar@L(P1gvXs##t9CrSN8ZvoNthcrL(?w#K$K)Ts=Hk2!X9R2L!Q|V04qy< zD6z^m(24vtM}I+FtzFsUUs;l|n4D%115y}3AIPM2td5o&Os}mT;zw<{wTl#1T~nD^ zQ0q|d4DmnpuC+u=z|$KSMs^rf-xu6o=#tl`Ii3EyP2>^Cc(mh1`4D+vR~GLJ(qmyq zJdR=XV!KJzq3o1h?}m}&)7!TK+8(j zH_fmCe)pD9JG*CYj1Q77vzJxcH#3B-#@_N|Wdg|W6EOf;5UAgwZ8(&~di+V>TUbP= zc!1o2D|w7>88&_U)x_sP$;8Sn-rDFRjwxKs4O(Vv^|^UvS1otN?VI4jo{=&3zUnXV zC^MGk^0GhpL<~wkD86QR1bw7D$HAn zcveoKSBDPhn_yR`!hWkEfQh@W7QhP%#r6K4bxH(5HdsBNWtkt6*229F6Nz}2Mafy_VfVv{l+T7JT%k* z(L?1YK?Q1v%RYQo?-q?TK7M{t5|+Fyg%OU~`~s%WN9!p=(M3<@6{|~k%Qoy<1zv2d z-I`GL$ObLgvF}GRJSVvG$)Z`-xAmQlAXZWt9aF+8=0@m*mrWo1ECf2@jtsTV!DB;BGVVX#w;|!?uKhew82k`$V)$iHC|4X8E^H2}{C!=iY z(M84oWb4h(|2;tK9P7{jY3lPr>B(IJZO|3 zUY)f1q4i0m*i=7C=96r`uT|a;_*VXOSHvi5mvCtzPUhVOPIS3jpan0h-eI*FZ~J?= z@Ty&{!U76t-)$MXP-PaHm}@TWCwG#47b&PHo@IP4KVXqs_GOx}6)X_F2fs+Qt8Ex; z6hCPOE)?P*mQz%2Hh3X*gI2_^GmXc$PJc1K5nAxRs!LBZ$v6ICxGg-mVmc^1RO}Kf z#>mW35T`OH}$@SCjtT&-k9P9;rICGE{tn{3O8Opzd$k?nWa@5uE%Zx*j&D z7Kp@+sqj-f^9!T5oSEkv8-KFpaYj|mD^$F;fTb2W_pAW?2~>5!tkU7kM{mKrE~j|@6O2Wm$~?&)tWv%W|E?nN z({4I_`b=zg*Bg*)a(H8-H8z>2LYFPf-l$iCfHYK1ix`EBYc;s!TIi$J$HoSlzn^TS zn>m&RcJZm4F7-?G9Xq=N@cNH|cfHw%EZwT6<=Ju@s-W*O{iz%5XK!M^0o)p@l44DY z>pfWyilq7ytC8?M7mVu5onY9C_j9L$wqBx&Gacc94~Kisbv~B`%ZpA~VVh?2WWm7K}_YLkw! zqw4lB@mt(kh#t#;axVW%qgD@S%?)eE&g~mb=-HpZ;!SQ-ZcOj(_T`~CMK8TJ>hZ1+BdZN3@mK%LI|!yH=J5Mdn`Zc!wu`)gf=_FIYpFqT&5$dPw7HqcF(@jkC8y@5WK1caIVP<9eaV7RSF&XADRp*gHo-H{l9gFj4%P*tvZO#`}U^am{VvLLhdCML=hq%>d ztW<|&<2jtuTlcfYNoL;S{#we19z#sI$H~Ij-10{~^1}#E%9E;gRST`N8C4%@@OaYp zmY>?q7Ww`@CBIF}-4ViW8h7Jd%>Boem(~0;NOQoW#$|<_!;pt+mM|XVObi7Pm1&K| z@_{vNst>p$g2J?f`XUcRDA=tO3S!P zLuK`Yw~Cw{KS6{B4>@gMi~YvZm84_M(bq+0z6P5OrS3n0JZ6-{YKI4KsE~7`MG`UcqWp+rKRt%~0}i zFfOaAO6u>`H2hg-0W~~?Di7O18uW~eiUR2nA~Pla)fLH$PN73lSQgMRaZJug9Hq1> zXkbee)?l8_szA;-4|{dM>oDMb)ktvT1IIy+6Y?Oe$aF#}(>x)nd%gs6;(MQ-zWByT!^mF*4DM2`1`5 zyQEwe8=Ev?Gg+!kv7@xc#(5_jH)M|Zr9FpX%@bjt8xQ-O;i3M;W;bq+y<`!AcuHYk zIOF4MZ*O1Flr(mx7Nc44+{n;isTr?0oz~Gk7R;uh+3VO?IZJ4*R>gSxWAoTzn~1=; zh1Kw}Ahb%Q8Qc>d|MOl}e|=)D$D_(^FPX(P-t9Xh%%Tv1vcJ2V^Zn&kO0U(`E?f*Ke#s}Ojj?-bE0B{jhDP$JR;78&=X|Twuf9%?*~hNK zzOh49LR3PIj(sg?D`qHZx+L9Uh}+-M(l4Ur9KdAIxGDqZ(QWewVnnTk=H#B#BEwfg4!w)1}m8GFddalY8W%11ygSO+*f+7?yi~g{LIf^i#KD@du#m2!pC}@v zOySu-#Nz9%h56C^vU?0n`hYqe3l9dtFK1vPVL)71PEi=4DXhu}*kGEOk!{5`F3`^w zY2m3VTs)53w?ISF(;CpWkS%un6Z0uXJO`giLYVA;thGEwOIx?&+$qia;J-t;TjFoI^Kojm8|)QE0z{-jGn zYASZT)UrH#8BdBD#sA#XmHhl^E-wZio}j_(gfl>>HEw$H@Xhc@E%``V>l2NH1jdlB zWo1g(-~2KMacMM~4{8cx$*m`uZqiuRkzzNWQ?O^j$}E|YxJ6lEq~xUCXU zY}N~-5To|vP>NY>y+~Eu&W?43K_hOtZgu~By&eAR*PoZoC>C?Gjga}AXLy zs>0&q@vyMSt0&Tq<{)PBs;UA`2`eRqXeFxI-7hHi`6J89SnG>x_+Jwce66dCn<>%- zI@tb(4?%Tl`)VilAln-{t5>;|Zq$%AAIz%z2Tioljm&CwsRG202(Ab*4fT0b zTvZ+SMWaA=E!`?dBf7HlW{X1X_5eE9?$_w!6ySe0$Ry;l{_Q3clc;&Q-4C(ehcXj? zVN{Ge>Ste2TTAfx7uGpZq(oxK!+BR?-FY={r|9kQj+XW#yS*dMD@vi)1`YPyL2dzA z5{Kad1NR3xuRbdQ+!&HpPR}n@8Njgn&tzYvQ0#!a{Y3h2&T3C{L3>o-Ej}Da3r0bb zP6GX_3Oy+LaXXT_wzjrrMNBmDYrpjyqT02daI?*!l)bcA3c<4b;NalvyYulBq}S@N zryJXutaaIuedEM99e5EMy?9h2g}*T<%=%+AkWwds zgoK1MD^*c&*Xnz8yhgihhSC;O6$h}sHRR8P^Q(0Pg3ET1o__%A;0mgIJij;i>SUr69^#ZdQops-~J4rSuuIuVP?O>}8Uic^_rLB8}>_CdwAELUwK7fw@slV8nl#0Ab zH3^IyOkyhMF!qH6++JzlGAXC!^(MX>MaLok*8LG?4CZn=GQ6M>nL2XzA{very`p8< zbZu<uCZG8D}TV_D&r)#RRmT z1)4F;0%(1SA5lsykdEn=nV>WC^|dz%y00fNJlbwzXtg6GAowKW8!k5cq%W~MEiv&& z+aJ@Ouu|?`iGaUv1q5^=Y5U@ziMa2mGc0EXjC5ie^Ts1Q+OF55S#xM*GM|aNZ7Bl` zo79U6t~>9q78I{O#D|0=WH;fHo#B2=#v+AHm6HH*r2 zcjzbZ{j-P;mJ7Yj&COR)+f~_cV&1RIeVE$4$^_v?6RkLR)VnT@>3GQp;0uYPmCjBA zr6Vg{mUgk>NC_~Z*DFX&RFvk&yNBE3@;n%kKKjoR68U(qp=6f5B%|7ghle475AUeB zK7VO(^v$J{jZq(%vfEfOEL1x&X8v{Hd%qsd`8_kUykS~2a68*8nZ(|mp_ONAEIlMJ zq|+t=*l~GuTgeF)`uf=|^EXx&8P~1O)51^*WI+(7J>Kc*=}-tIk9h=vY#h}TodpS-xSFGxR|R*N0{*5sH5SjKzwTs}Jhn$J?d+qO_MR9Y*vo)?)V{)Y_&-xS)fyN8WL)ddgcxEXsm z;!s;?IYiV>-JaRssr?d6K#9ea>Z_c=hgse6w~T<^?BKgmp{yW4GAS|fk7t}stti;@ zRX!~#tE~l7}#bfU-SK-uCb4dPYN1xGMav;Xv%4Jk7#FLrWnF#cN)^ z8APJKcCvzOt-u>E6_wb(d@Zgwf&-Y9FjXF^0m4{!w8ycv+vlUl;~OIe)Jo%jp1er4 z!SGG)_oh1zhFN_1It)>xWA8lo&mvRe5`U4rTHoAarEpTzdQ~y3iSIuK%R>$XI4hGA zqh~OH*JWylFK>}m{g;g#J;%9oaRK2|Cx2VRRR&BpEzf8b9@rOr+k?oP+sQ^yixBN!+o z>?d5BzTg1NZW0*gFw78xwWl)~tHN*$C>ljH&I`D;%E^Pn5;Sc8hq82)6dD7w_3d4C z{v=>SA*ap@pEot`w;UCp0-)MuKr(j$ySiuB`}7Ux;^~CQ-5oOX^f!&ba7Sp<9;5J; z-&WmS;oIf6#`H`#&MVs3T*K_IoPrJlERJjOAsZvsV>_0q;;BO1O?|u5C8K_vA<&<( zWb-Od{g?m)^AyivmlCJFg!Nw)T((GCHxpTuYM4TUx%JHi1j31gvVKgutgbqHRWgC8 zSQfLx_6zC`#5A#3lT)qP#*HJ1hM%#8??-`Hme(4C>YlO9_OGfv&RLw%vV5hDSP8s* zeMIVx4qNJ+<%=7>Rq#Xv7?))HYDCT@{OFV6vGqGKiPGi)>Z4m*r@iR51JrvnSMQT*oddwkC#1zv{65 zjYU+_#!=h3YP}`=2~!Fg?*PjWG4M8{(Ejbp<3l5XSHT;GYfH)3LaNE=UylHasI5e}rs+o-#p_*Lwn{c)SkRFJ9 ztg`P-pQhLVQ|?j-16zU0QrQMS_DKjVe)R#aajmd2-Q=a2HW;$;R}p_Y*MBp-RqiEX z88g4hPdab@D#Q==`LI}M@w#U-7Tb~zG-x3gb7lTz-${5OT&|zAA=d*wB5Je?PaMl5;laq1#j@J|t=w zOv;=7Otw08INKYSlasSPYnL6LyLD1GpZ6_ECkk@zMX|3mv6Pf z!T|yGeEA^8d_bg@vy#?Uyq3Yt{5u@E`@S%G3NCJFT`bkdqq~UEddDq)_&K@%@|VeGw?oHW1MlX_fkNlH!( zRzUvSG=B7lhKnZ?zIT7$a~x5UfAQ-_LtKrkvADD!`3-Zq1(Jd*Bm1jqmZnY)=45*l zheIFEb03+z^51fUh{Od{6%n3hv;0;T)BEeMtgDtRNSI|(x_5SWOC_3#k(;R|ISQl-?w>BT$QIH3T5!z`l8+_D#Npf-OilGfZIy=e1;T;B2)L5IT53_*{PCF zF3CW0B{@swTuYvc{I$<@d|&axiP3RrFoQaW5&p4JMfR*p{)boRvU~5oF7Nz7bV$-=&NKu7Oi?bC|!y)rW1UFQBu@QOwh zGl@}^iwu>*aOu-68pR8)gq6r3jY2>y>z+%a(cBJ>%pIf~Y{rPM!ykPRw2OB;0!eSj zBKsYVz1b4(Hmls4f*fB3p3IvrN{W(8X46C;i+7sXXUZgW`^@-@-3|p-EKoXSPz^hP zx7$Ao0(vO*L(GB=F$)m=Z1erAcHHvdkI3=@muM8nG)(Zk7^bI`TT^;HZd{hlnmT z*J*+Knd9q=_sz3uOO3Kz_`ZWgAm8#=kJfy|e1?P~U*p4MDNL^_(s%5v1nr@8*M`S& zayfHhDhmXEhSO%!3L(d=f{PDumPK(9w3UZjN3k|0Y&<|jAE9eb_$)nQEqnWtfw`PtbqKL}FCyQFc z6ZT8_`1}4s8NS(K59i@O4ND430~7jRgPw$GZ=4eG`$o<}9pL=K0qAoKe&?ftY%aLC zxH?Pi2T_|o-ncobMy;~%Uw056=lC6IATo(|7o0kcvQzCs$SBf{+3D0YHsF0qc!@|A z=aCe%bhLK+dHz{^yC!O8u#ri?XaWc>!Wm>qTxcciGbNp5ii7jg?6$!HRl-4tRpzh_ z@1L`Ww2e`XdoDO-botgtWN%8G3RQP{#gZraf7YPvxZmJddA)i{8}X=;*Z;hP=I+AV+BW? zb;?fv3VtF4gSEsDrcmrBJ zah$IzPszoMNu;sO`EIJ2Kr z()~O5zU)gh153%q!a${Kd_T)N%)Qi~NdZju;pH|%k?wh{TI3{dz(nkxNKyU@_Yki}jUZ!7Ia=yd^BXo1%O$E6$N93-=$QW$xq+r{4 z3$KbfYEg#QOMX^=!QJ>=yh>@jrD6^scLlApdV#>a4La+;?Ej`1f{2VbImWYEBfd?1(h~Vj0cA^7W?E z@fPA0gw?N%@vGDLT16K@};-$-cchM)#Nlkgc=?HtS^-6tCd#m_*nu|EpT8qWV9R*F@9#zE!t(3gsz zt+zA(0kg^7{Ny);RC0{y8YtB>X&s9p;dJ5KXtNKXpbZ_vFo97DFn$OBQ>;QB-L8;A2JpUi7cZRB-G0QC}fujbD zgCqBjQ3UHA9Y+RaEbL0j+g0MxTdQoZlDQqnU#^?}%FbHo=~=llZ@t4Nyk8zNB4!fO zxO^BZ^%5_mGQIcgALGOdY1^7D!oZqDO#`B#?Sa1?H74qsZGo~zgX2he-_M^D`*M6) z&)FkadtATk=|5ljbu#~UNjmTY!%?7j!Fj}{O0>(ln$BC=c_IuWsRFtJW$CfazC=NF z<^fdqgrv~9WtkB}tHHGwN}sf6Rxg+3x{%6cdgTph745&tpsrME5>S#N3z6AE*#SAb zuvRFYfc^hm;YhV7U0ogc?OT>6|JDD3Yb6)@{dW=&()dTS5-hnA=_HrW3)#iz4;Q)= z&g;p$GK1vgR8)XCs&1(H=Vv%LR!>*DB?JFbwp#WivVK*2?jxejbN7*jw}3J04f^Ll zy`Edw&@^tzSKOzDqy_ntryAdL;|n^h5;#JqjI()m)W;L6KZ+3I#}{sxLoHCO3Fznm z&W`Jqnyj5?oLGS(Vu8-PzstpaX$8vXG?e7@nHH%AJe%C5tD%3KiT_1FeXgrD_$TM0 z4*#QVxtKqoYIj9>m_O`C6j6q)nK7A8^ts)sud=oxUy|L-P5Wo)}25;U`A^t-wt+lr##pKWYE zTM_xu%QM{f54KUp)dcxlNk={wyr;x(yPn>T@6QZIRa6zVn)35yJ!x(hJ`wY$v|*U> z+)w@x9%T_+w~V9|3H}1L8U>?h=y*ze@mAXFlO`1IW{cC{zji&;^eewOz3i+#0E+RxYhcICRI z;f$NykSAs^#nP+!50Bmg#3&^`X#B?Sf~HtiOGgz|I(wn|IE+_H<;c%lPh1k00lPN= z&%99!+qEd{c3^C!pa~du-&d3BVfp@=CY+nFgqEeVyMD!LFsYT@AcWmOAd?+sgv94t zV|_3w**OL<;APe-6!~4S7V4hoit?Y3e>_+z_77fcs(SZAl=pnJ$05&8jk6ZQ)2I8Y zHr}|>^OUoFOcUk*&R;PkP+Ng(8m?mA+NU%@uehb0qIY1Y_FIXo;{~h#t?)lO(VA`~ zQxq>mF2*4NxQ8KuV#%L&cx;5Gwl?SsR`eK8%0MVZe8m`JXsrH=lzV%7yE$o}!abGI zxqAOU_eNc0DR@mm82ePJ;{(XJd5L!s2US_HNy9jnhK&rxRz@8TWIYM>tQ!6Sw9KjQ zLREqFu1STD%<`em6hh0&qJ?xnRXtmsV}*|9OSPK9edAS!Wi;?b+fiS~6U&^exfJoA z;9$wQXe7XYp!%ZIV5HqX`+({FTtP`TZU}OfM>=6lLc0J6vl=uA4wAluPQV zyR1DMQ_!ko0G0kjJt4d~?-|sQf-IZa`PQhjK?CuN|2I1{bPy;;HCHDhA?cFj!`dz4 z|IfPO_4*4pf7E@lCB?yE`jw@}dus96WqU?uGBZQDg(bY~Q}ta=X>bZ4L1|n8xL^)F5K3{T=qBC%rP+g%Uz**v^B*TPn3KOIXy{A>YWKnHb58xL z-EipBp`6O|I)AExce**1J$Sm>;)A@0}6%KE0B^qu8AFx5!5kY@eN3i<#oO%9qPH2!vrp7TB! zJBndN8lm{&NT+{l+HI|e{1u?(0^eV+mOkc9z{ zVwp94hIEVyZ8C`>sNRJ(ne^7K|JYYK9~&I(Z)m?wU=5WDEvR#eS3wm#)Hb1`s;^sd zaf&stl^_7{(27pSWSxp{YDqnCHiTH|Rv~!qjebOHheRCJQ@9X8N_+_Z%?Z}Hl(TK= z4W_8zT;}KF78@m$5BWUzap&ac8?m;7j3nI+rB}t7E3M2ezpe+)hyC}QlkeMCsDkD7 z1pJa2`qGv7tDX=k)pgw-wRik0H*6=kgk9mFQl?frQfoGdIf-)QoZ3)ze|nl`9~5$^ zl*7x_p}gs599_9@kBNGutX~AfISBC;7 z1P@PilVI5*@(-QJVzz9!ltDz1MgseMTEsx^e5_w!Jw8&Rwsgs7yjpO*q!a!vsG|u_ z6gO8Ya^rTkVzmy{i9s}j$@2szpA;N!IW7&=9FFuz9IhzF0(p3gs-JxD91FeT(l`K|KDo28<- zZT9YR;yk2ohi#&Polok&p;Y!J;$+`<2sa&;*s1tLkjn1szpOg z)L?xRL$UAbg3Y+B+o3W_CA!F=E);ksIGlP1M@Tts+kA_3UiQCbrMwu|jpZ_cEg1^X zgI}5{o=&_ranGjtil;0419^tg=am{(@K_AYLR645eIb7&_TbpZnUn|zM!MiaxI#!(S965W@0iOXul$h;L4CP(m+x&tX-AhLs@;FYcwhtu=-#SxtZPh2L#v4@0$uljq4yRz`WNc zWo1X|tl3rE?1%ZzBLyNnJ6PEN0#^?rFX^t$2RX@us$N@cZ$^iO z{bJ}%R8n^&cGW4byjRI59`^j_>Tp9y%pz{fJ*D?a7ZXAwx z;1MN31?pCXGv@OQaU5s~%Mk^bg8B0c%8{LC4vB26nn5L+IZ)SZe&F3n2Y=IL zTuKvCm*RA-WO=Sl9G|W~x9^fjQ75p$USBKPqP5GWPZRC*7Fp5HWODNvzDHUCCk;>8 z-*A%x^ef}`Iz80Q(5GF9I8ZsMFcA!=l(>Cb8WSV?ZXCQ4Cl>pB?T`~3`r^gO6`pj< zVnn-$#lIz1q-A6$36+tt9461E!X;7ijhM;^05=GXX1GA z=I2PsT70j2ka*zvoK74376X@3MQ-J3N3j?zS*)n9mb&|+)Wm<3B&*9|5#1RcqIk5w z`-LMa!p^3~eWO&G{BXHwT=9MOetk0`tyAdP%eX>>5mwPBN1TR}KJ0c43EhfVnQ>%% z2CLvc-|T;5X#&==r5JCt+nvlwdafr(I`p_LU73w{5Zxg+1BwyVZ+L;p1ZUT?ShrL%H*)@NA# zTE3X`ylWa)xZ7z*Tu;7aa`vM!S)AW|QuXk_gRcz5ITfkCxdM$ClZLI_d$gX>?`01p z{&OhYH^X+s>$&5HeX~Xi-Ur8`F7*-XIF0NBhj>+5P!p%`{yxKUj}7)Lc>I+y4z!R$oJi@^5Dk*=7!A zDT3&Y^Cy@7R?0M8jm=!&v=A*`s=TFMP71xXlwQBW^FNs=qxVO4u9Hpl@Eyqa37C(N zwcQVLGla$ZqBacFSP7MEoRcv80L%%k{YGyOSQl zxQv$mx%KT09LRa~<6$4iIMFMr&3Fo%@_abt|BM&EUXQ5D(k7k$cGlS<&V7z|mkM*Wo5`wZh;ugH?6eEYA+U{GOQj}Aw0L5-wOyfdCU?)eR-mHHMM$fTX(NVVZlFXlAEo4v&qFJ)41+t} z$Irq?nFJimg(aVW=Puj7c&{JWUTSY%wv${T!g8YnI0W%e+l*NILx&5vY-DTZzGF?z zD$BBi57EOT7-TfiPL9Wqw9Vogm)SvsVM!-{U(T*oy?ff^HlZih#P<|A9?_fqd~CJK z^l8&QR13AJ+D%(>Y|bcdH0|uiMo;6iWLdwM}>aaU+hN@OCoT?wm? zox0lK)pk0OVZL}>9$Qbn<)N9*uJ;Hf+ zG)O|!u}`c>eb&p_XtjDfe%v!ISX?SQS2=#z_cFCNdMCqA zgdT6nWrZBY-{R`=%I0l+kj<2Hi!z#D@iYqJZkx(KTG8V)=D6jd;z~ zS>Vmxhxi_EXT4|Cz}L~aW6@pDk6gSroT)p`|4`$%_%ykl=-mzRQXr$hEK9Os#TOZC zrsULiDJp+MN^<&u`sPXbOAB(m{=vn>5s0Ppl0UJLarBjJZXlC3qD*H_8qkUC3~2JI z-FO2JJTxlTt`6NZZuj9n%B2c*x;JHW^tOH;c(!Si1k^B6E##x2 zYVc4CARTEK{trgh{vW3P!Y``t{r-oQ2I+33YXB)}5T(0>p=BuPk}g5%t^uS(x*58W z7-|UV?h>C?q8J`J|o;BYcn zvI$qpZ!^3^ER|uve8jlb$n)mn6@k{}S8@+UF6e7%*ryvuaH#}cTj>9uw7tomJBHhG z!3KnLS?kyJ)x}Yh+}ET2oJ<`ezoQIlD?ux7g@^30W2J4+O{a$9$f2|A{a$lm@gQ97 zFi)8b--buM4_8)^yI>Y^VU=!;D%h%Bz4xXfRrvRD$c?nKy#TBv*?6;QR94`x9B`JhktMH9c+V{WVwR#>^6uR&S5zxG)Ai-_Sko<;~Iu0GuU zrH#&_E{4}&V&GtQo%6U$f3n(_Iho&J17^aZ0>-C?_Gw`2LWG*inkqRi%eLnT2i>8b z6@Bl@l3cEeKiu0oksjqxgosIAyeIN;ycsh|0vjwavA1X?sAdvGSA|g}@h+%?=tyAV z`1-}!)-H1RjXo1b}V-uf*%E=1p2Tor)IZ^6Ih#v!FGYLQAr9faG zGZUjEuWVZM*L-3omZBLxc4i#KlD$9t`jXlc{0WKBAe|c(gfQ!{&TNhgH&uGK+q{Ty zD)aEDtgaeuO^8VI&A=c+-X!38X+Ba_6L>NJq8RCUQzqpYG@C1MAGY2PKGj^B<5E65 z&T;rT!b9^j=JBFe^>H!I$z3FT|B-{1rJq%wfYL^>FC=9wuH$dlH&vIW5ZW@{SewBH zLd2BPy^A0I>l~G@RmbeZE~XI)MAl}*Q_X3wdT`9QCsn`J^5-tY6LBi{$;<|R^S=#b zcD9XSzEY%ZJ55ma`e?~VYeXG}zO1^1Qj^0KrDqPMrmIqQil;4{Yra~?ncGf?&f&*4 zZ|}?3snZ`fn7{(;$ICx}JB98X}kW_0`n181?f=vqE(OrNm(UIO*IIJdCcr z+AfIDGs&W{jixH8*sQiU{rpaDJ=CFf+byoH!PC4wKCo)B zM%lr%(Vc7tVXdZy%dHe@uLolqF)kFlWHG<5dwIW$ibryCtNyseyc8k-Sc4Pj=T{aH z`1*8Q%Bja(-B>MeV(==}RO~wvtZD^6%onFBn25i8Y#t40Fvs>ksh~;bv|*WBHJKkI zizrdEjuP|C4xdi$n%~|R2>)?wxoi{~I9_4paoSw%=jw2iqWak9$r!WE%j!2a)o5ok zS-n2_GvFrUuKmV%0=y{nuv2v54Z5OBx?@z1j7reco$dgJ!`$+1QVK`fvpiA%V_X}7 zK_|x_UNL$jf`JA}i|KMG4bU^=v!k4chId1Td@HwWY2PRek29YpA&>wukNe?_?Q%6x zBt3k8+WlLuj`=w&rP0eZa6cmQa}WXKq#{$fjkU@vS<2vIOl8FL)1IdrvVxKx>)oSLkIZc zla_Rq)=OZYZw;fe4GG}v$iZIgBwh2rb*SY0mJQ+CZ9WhYhZRB_;u{WL5!ZXZn=A%f zKPjK?y2G=8Byx(?_ms4Zd(p=$#L~Hzl*&}{4s*q|rUU;%RqgKT7b_}9d>+>~C$5P| z$w(r=x{aOSnjof?ZHKE$T{B_|nm=XqMJEAtPHk5uLOuxVFIxfp>6e@8aprw(uWZ^1 zO9V4Y8+&{}NmCGgyaWP*>)(?+_&J85)XkFncXqgdk!6U^wY2OzZWuMI#_6q56Dn6nip>#@n17*H>29=Nao2!|2@16KAHJtebf5GL*n$%`7y}37@Rmvb`WbV`ns3RYlNQaLw*I!N!b=w zhk283WD4T{>X$}|(iF?e2ojTkadYyS>bSO012{>F7WYiv-0x^@cK7wNN#u=Lf8 zDp38D=IkjNtiHL%gr;`32l@rEk)k3}My6)m!M2X&_auE11Zbo|+eLq#Wfv^H$raa# z3GLDkTBxmiO5{BW5qe~ZA3xq+qlMD9*Y!C*ZPLJW%%SNaw(E7F4$fBevzi{HfGQKp zqPK?2z3I#cyFV^70gC452B5>DvMA=%*uP%2WE(Zg29|r_J;8(nQYx9eWKm?z8Q6AH zUkH_@0BIr-LXoW-(RzJb-UoH96Oskx`2KqtX+?rw7^A|Pq`xOejP67F=(6@yoG5F)(JJ2%k6CvVPm97+kR}|BLuRP-o z2zrG)vAV`NrL)~W6q>$TfwtI9pLh+R;OCGjVRbf~EpVY?Ho0xB%uCE&-`R@MY zkgnpDuLthSS<|6ir|dag^&F#=SqI}PiBIk@>=!s)|7(maIz?AS`5X^E0z#0F@TY@( z+FE;NS3Vq0!W}*Ngk?`+#n=L?hVD-uPopfRfl&D&;P2XXEA0uQXJNSn4D?tt zSg#M2<-H65Xw6R}W00GhTea__S-z5GH)g@i)hsn2^UlY>J{^+&=k}bbMw38HT4!>; zwm1C21y2;{`$nzki$J6l!zW%ZD1mU!ge)1O-)<{3SfzGI>yar3t5MAUHC#1x1AO4a z$(ydD%G{G5@zG;%*QO|zamu_c|GPF)MC@?vODGLXuzE+`P@U0hY>%GXES%SY``1q+ z`~UQ0;N{f-cE+&QeH3Bmt*?{qKgzhCL^$AI-~fZImNDECW`w*M|MYW%*6Y>ZQFQJg z&Ch^=PsV$P8k*MW?)UUrgn|t^+-2THSt|ej1EHWJ`){|a~j#W&d0gbhW;;$r&V$ zH@{b42W%rN4!Ca2c|}7P<-#dn2Ja?yP@4u(q8XH(gT#GB!^~&lFVR z_k9D@Fk)Gu5WSDjv(voLq|-^_7vHSnxOh2PCR4j%R`Fo4N* z+I87KUXgA9!o|zRr1+L8^hlxGxtVlwHR9UdpV~tqZ9Gsp_-rMuFvF0XGz#PFT8K0(>Zhf7raXtFFQ&M)=k-$%jEHA86-4s(wFxPKII&@*5UK3XcO2%r{)X~~go#GV zaPxU;@}Y=4pC)^@%{L=+&zpxp^ZRN&lm?@Q(==%Kb`EPM{B@^5xk>AD^TJVhZ~BW@ zW}#GaYTrTt_(jPZGSm>+9oCgoU=v|*1xa#$XUbPR)VpU!(z>uL>Pa8(pnOGs+H5&s zvwrSb3?7oQxfu<;>ka{Q$_t>yU_$~{I;Iy4ty-p;WWmXa%C?X(tyTNBmRHzg!&rSt z#~?+$802wgC4oJC4^#5WwsD@B{?cH{$B%{KmMCqTh-!%@{J?akw?syt@pNU)O)Yp= zh{pdkGiiOTCU1wza?oEYOW;)%6WSBUT}VwL!-=@yMg*OTcN1Gi1zx`T$;lCv@1@T~ zZ`dE#fc&w9jLsb(i$+cfmwU~nEc#j!A5s1OqHzlL#^WMEJkj@%2}0&t9MI*|)AM>K z)`U+5!lKiIy`%Kntw-64V;#;LEGm`m=mF;=`hSc-t&Tui$2 z3X^LGM=&`5RF2~_R>HozSSCjoI#yxs zC`a*6LZtkh@ZIKR;hB)pB^P`9;^gdJ10<4O&{4ajK|VjCte#|COE+}7B+pv}t`tiu z>PIHA<{f|+5inoJ16c4jsD_Q@Fgor`XxV?wFFgg+6P*@U8hm? z#0D>H#XDk_9!X%Ty5Gtd#6o`D>3Di>iEHPc-mop46Ej-@>^Nk30&+sLhndsyB}_?B zJaKa+gBNQO0-vYiAM!Z-dQvzrdXW?9cS7jcY<~%+K&FjSmniE^EK-YDIX>0c4toNk zq$&TaRXzqsdw2bV_r_tCMu@q*0{s!)))!exec=p~k`_zGf{pOO*6<>0loI_4;*O(@ zalV&7)9bKOs=WQnmwt@wu|?O79RGb4%x}Z_%(q*0xslkv(R^1YY?tp zK(+Nho+&3mxL7;Cs!>pNBmBd!Vca^CAeh`@vhUg_ORJOfvH!d97a8@ZXxEoN4H`zLOdnc2B4xd!* zdQNydOaE(lOh6-HEtMT2Q^PQ?OJg^&xrV$0G33|WTR21y&6ZdDR;}3| zM}c>9$|!ZwnboC4ZpsO*j&j_E-+AX>&Wxam1%s7b4uFC`9#1>Z%*%^LRwL~aMD@eg zS+U@!UvGq1X2}pU)&1y8!LS`F#9F$JcHS=I_T65zjEgAhqSbdF^dbPI;mXJ%K8 zfYlO8Otz^4uH*PpG4AY~20r@-!Q741Fkq>V4^;(Z4TWC5iTjGpyk>|^ymx%cm$N@x zPTFwDLQ$Xp@FLD}v;YTD;kL`YBM5V?XxsCmah^8L(r01AV}Xt_g_IRZQ}`xp51aCm z%f_3le(!6acheYOd%db*9kFs%IFeDha9mOmvUA5<+}C+c`NW2v$HxLmzTpkT%CV+A z66vVCWl-!3qIE<`u`W_qfii%lns^yoQp*cp^|?ddk1v0_dQ=J+^Q{38J-%7xlMNz`gP46CmOoT zNK4;eCyG`wPBWfn9>n3&Uh!K5ACGvf}X2(H{Pk&G$*~OZR z4R9BW`w}`=5dZY#-eC{0=L;Nnon@VpP=zt`rRqWlo69%=~NO*vc!)F}a zcV4n&J;t${&BDDuL!lLSA32OoK|Q|;7R!9HEUkZL{|h6aBya#G?Db*DU}P8xQ~z5b z)GfyP>%>7Zffo$@0;zXaWk~S(gth>WGFR$BFy9A+qaCaSqDU>_f+d}smFL?j2v79> zyu88a$y&nwp8Nd*B?jKrjYkaqq5zPutbi-%FL&{cJ&Du zu}H>L)svU&h&!A@_`9ALqhr_&=LN%@TP3H`16nqlqGRr&ZpC zW}C~Fp0V1CezDpHM{CkU^p z9iN6zcRDMYb`FxODIFfqi$Hk4SEJy@}YGvStyHW>1t6NN`*c zP0EYVn7x{B0gHIX{JGtjBRuDC4;B~=7^%|Qqp07#%2O{>q&Num^|6X4oTgtSJQ)br z-bg4czHl{)ef!+%ce|4Zb4j)DLASQaJ0gUh8$9vk0`K#cqSSd~EGE!5Pfo-6xCBw7 zbjzh9n-2S2xqX3N9R!8m*SH(5!91&;dSDN4TA8mv3!Iqp5}s(c98R&3#Y-M^dR2WG z!PcaKtX}d;WT%ezrKxJO^>04*&9pix9Ca0O&L63{Ew1eGP-Ff3(Pz(%_WK0Wqj!g3 zg~R8mzwB(1v5HOTZ_-~3H)~{S-%;R%YX)bN;0e4ojmBb|p!S9QmOyi21&CsMd*gg6 zs|SqfT3tFEx%F-Roa3~xt^HQ=YX)}a<+g%N>HjszRx3+f7 z&tu!!*x3c0_P|dv2e5p*78kseIT=h{c#E*?`EET}@{onfMS#!`+Vlk(F|z> zBCIZidSVWvKm=o43M96qA09?ry0A6nBiDARHr|VaM~$|@%tb3yTw0`lv0Q+Q^Eg9= zJ8_>FRsfzbv@HMC*>%}a4_e~s z=b;FVBl)FMrNbP1fcCJsRV$ogRLMcTe^)Q-3r`G>P}Xo_+zbDoLSs_c1J?>`wWFr4 zjgI7X=kh?So2t$4XVceGJzHNTR(=@a9!FtsK6rar`&uqy+O75rYzruZV$DMfTwjvK z@>~w;o?1#7k2QWt>jQ~Uz1FwIlr!98zRBhl-lMmQ{B2&;5Djk*67MNEOlB|j40Y!@$eR-i%ix9Xnz3QCV1M|~fENkz*)nRR3T zGB3w4IE|=B@!iGASZ|%1F~{I;&J>suy7L9W=3@i|QW*gzBW*zaU@gQ=R-K~&(%${y zkGQjs20FpWA*F-ACvQ!pbG?=O0WAOB-XBQ%w?w2yX3ltq5V1uF7)}f5a?O$svq9!3 zS62Y-qZ;iCVQ+5+OYkSOIZh~3yHqSchgt3IBDi+I0n~dx+KIy#Lmz&x<`f&UdP_~r zqx&p>8_Y1<%q!7&o@5zplO9SE4U1b84hlEfOeE5`MdO;Cq6l7!|5q5_Unc{K0Cv<4 z@VnZaHMvW_04e(?{Ypn!-sI25ErB0c6Ps3ql!!H2h+?J~JyzeN@aHTSfwCUGZ2SsK zyPhv1ma8EYOjvY}>~d=#f0MEQe*)Nn27zB_T-MjYB$jW0W{eEy*~i$8lYfZJ=1QrIOGk>!f%aDum5MEOWkvZ0q!lz{!0HaomsH8v^4>u;e%ZSb3#UH z+@WvVlyG6$|EIFOC-D39@g&ucX{1dej`~PM@7E#Kaz-hWu z5zGJ2Ysdch%JB~f!|E+Z8+nW8{7A|$ z_FUmT(NFL*!3;UH9tiwzkuIU~2B7)dFV?OWq$ZI=yk8c|RCHOQR?Z7Vu9Wv0V?{~2v+aUiU@_|VFLP)DhY~oZDxVM-6Dy)nt7Ax)b0U* zjHspW{k1L@Ob9!T;1CWiV^HorYv@?{eMB21y-0XEUFda@XoXhzLDIaA87<>i`B>K? z(dnOV=cV!ECPbuVf>A0m{Qs<1B{TJdFkt(kXD!WA$sqK`u)iN(O4)Wq8+nJG)w^1R zvgVYu7^jZ)$SZ;J_>Cg8Q7lRUF(s@H;yllK*FFF_T=cK%~#^-e4^b&Rt)qusmwjd`YW(QjKa1i?D&uacmGTK2a~!l|7uY0k(LK zKQSSe3Kk`d+8OIx%k9xo(I3sU=cc%f-4v%Gm~XzZ{RbExDg(o0x8K{^dxq%z@k2yM zp5@QK#DOuTkF^`gfZhdvnHEJfl@rdIh%(@is$}fPl5j$wwpWn*BPaOB(mQSH1b42|$gKU>^RZ6SfCIYAr0p5_ zZv^+>+jC@j^_P<4^?6F$5#R^MDVsJJ6B0jeL0M`bRi?M_JBN&eltP;?{CGv1wHL6a z!0&i~l$L1%0-`OP#H1vfy(Rp`#aqtY$v>%u|9ttQ>>7r|-T9$RSdzEEgq$a~{~8q~ z@2ne@I5qjlL7R~gG6r_U8);1f!bEKX8oN7(mt@>VGA7dhFiFh_#_Lm}$M$MVm7|woqjD$+4ort7nnLiYc&&<`i5LvbI$mbGcKjoM_NMTGH`Qwep-y3f- z>^8JiakzD7cL7K5G-1-x5aq?U`YA$H!>#x)+ZisInxLDR1Yo0$3Z!maP`g@-{BJy6g(8Zs+g}smd;K1b2qbmr}O6Q*(o;r8~NCr?#tyn*>KnCuc(hd z@d?UQn49(+4&HjphEQ_m|8`j2e@`VF*0061M}Jl@OgslzIoR$@O zg?ugsUCUjB%Sjqua1Vo~mO&`sZiuHhVUYdw54sF#1Rr>pIanjTOF4n}GIMB-4kG$b zlLAV8q05DT-^{n$VJgFxsvY7mKCx*{@)Ho!GG}k2F%?bcK-FRS4l$R=WF~Gn)fM84 zX&ji8fSS#4$o*Vn59g^$pDn0#?2lvTG36HsQ|)EVEsQH zSGuc_u8p7pC(H9zdCvoh&)=&tfG$-jV$0)(mVhSAVdIA2;8uK(toWf&Llcx9+Yb|) zF+|}pK#AuuGHEuW0`{kM8V@F>Gp5Ly+vPnj&_ciVsP~Gn3gOua9mk(%kskA_#w1up z;A@vt7)}yGA(r(2L=EU3}(l{Ri$$w{0YtZ z_lHGC8*-1&jY;HQW*+#rPKxoX=Y)we&k3VS6O2HCWX4*7b_-T5O&iveoGGs=g}22a z^WO;k8iZ9qAvYD^KJtFoeQx#g)fOtvok5{&^jP+)#H7IRBnIe#D>I??1R&^xE5K(- z#>K=#18Ksi4=Nr%Ae-+!9W`Ad@})|}l_R$YC#_vzrC7~3s5MeZRB*$sYsOa9t0O6` zV+Wj>f(L>)U$iqkKBelF^yd;p#YpmQRINJmK7}7)RGt9e zQ$by-h$B1+!fGV`wyK9UIo=gJZ1T?y_Zut+Ma2@)xaU|xs8DdLchNVDPs|5mTNN!S zf(z)Hn&T%pG4*%ulEjGM*i8#T%mZmNkqxHi*w1<6sLo=Ep*LaL+x#TwxCI-jJ!%^v z&ADj-FL9DC3m`wNzGV6e5V_pEw^d2HUHb^L@N7YN_Gld{8)~v)#tQk+Tvi?;ZL4Uh zWwUeeMOcGnqR%KJhRdl1L%jh@3iZ{6{B}r`0-;k9>Z6}GYNFQUbQ*T5S8sZ%$16D& zczjm@d$M@w@%k*8In#fC~Ki5 z$}uEX_)#Eq;J5HJ(Z(O1s0O)<0!ncSiD#SQ+S5#=SkL#xM>vz*{k|i^6M-Vvs~Lzj z8jAbQY8b;$o9S{|Vok}*NK%$^4qTKsS^ zEbw^Ta#lERE8#2MT0os<*risHRf`Ch6=MVeh9!@^o!jMVVuYDF3*^6itpiG*-*yXP zL`)Gd3Fqe^TIQ#p6qUO*u2U+yk=sz??0SAHimtHS zU13h>2SnO)%xL{$mHut2KHqyblRg-BoE7MebuX>CSe#%VB~Q5V#4|EyA@_07s(MDQ zYY$Z70reiTq(y-9IgXFe^Zk49%ZbJYD{a-&%LtdKBzGMnIW?70Qlh_ZbOQKtKNf*? zqrkU~U{J|lYeu33DAcN9=~h8W@%{Sma(F}#I$Hp?WuwiV3CVicsj&!Zb`Yu+7r3x{ zTl0k6GHh}qJ#?RkB00;&jJ?+pG4oP@LFu96>!I%zr|*(Fp2y~;ge~2>H45n>#L!R* zSI2Tb`!C3R$45mJIw*2zt6__+1mVW!2&ov4aFlOq|8o+M%)1`V4@Yi*9cG3=dF5H2 zcpWo&W~K?Vw9DqgKvIA;0Xsy`#3c9aJe-*&x3ts%?j}J+TsQ-+d9Ol!c?mD!FFeZs z9PjK!D_UqW33ps>yGI%}Y*PwpF%NG&bQRCLdL;o*Uq793nlG5i){Nf^;bXvuHam?YV7l44{zET_pb#ySV2rC%1ShIv0ZYj!AsIcEa}ct89sa z6!D&O^ASFQ2bzv^y`oYjiWS_5-3ZV|kVH&2`Bc1Dh%sc|<+XRc!Nes-0BlVi0@{Tp zh}r!#iCrVZDn|!LKhw=n<-f4ls9&fh+>Dh3=GfqOAoj`w9~^?NZJ>?uVcAGZOd)HL zZ+nmSR()hZC&^jYX{i#aw!e?HL)*hal}Kk;8zwraf{g z|Bj8X6pm+mg_80rnFUDI=l7Hj$ar|_(@th8Ckg>W4opdl8wXl);&t?!4!^BFsloWr1jS* z<{f7jh8+RVZH*FY-&2rh(H1mTb^g)XUX-~<3Z9-Ih_$5TwGbKg+G?s=up0Il!KW95 zbQ(O2480TvDP=_^`Ts7d`SDWNk-{#PcadD!L)7-nUL~{nJ2a1VO!IikzWyrRW==+# z;kx>XL=oNm0-t~Yptx$jfMU{}N1+G^EFjZZWig8}hDB4xoo@Dh!}iqBcr!oUs@Yq^ z{-R!+e>A;aNr*Z5o|-kAxz$T>fs_l!vwtOV*5@*~C@gI7yBrre@z>33Rqw^vP&vCd z@+U65&ZGyLIg>-k4p^mSJSDu@2}xGz?L+h6c9$^PGJEu4U4Sv+j*{~lX;##2FBx~e zc$^maxG{gafA3?;foboS2?{TxhMJ^c-YA^wj!JGJK=&WjQFpk>#!=D^7e|~r+>hSWSFqmkM z;jb%U%xgJYTP#v;;}Bx@$x^=sw#NS!!F)7un-8PM!JK15xmm>LwO81bf~eB;J~axy z3}d72P*8N{+PPWIn9Gl(jvr+uYbaveFk4%uvKge=aMrD4yM?an16K>;783#9%Gx^5 z<=u@qRkZ{3hd>k$@6D?wXVa43&3`!fKN3aV=FVwm*MG z>Ied1C)@;nbc6pdM9xBD+`E*Qe!WR9wUy#Q4a*d>j{Ww@ zYHWf)%Nt6A7e*{*UU=VG{(NdC4NE49}nXC>s2h(RpKv;=Hi|psn25utUQb&NN(3wYWITxV!Z8 z$X)lIAS+Ma*m57&>~UEpnZ-_2rywPH~d=*9L~< z*?f_c6!q0iRe>#TDUY#M)kIXJL+jONz`>V8ten$(etjWSGg3y5sr>_SG>Z! zdd+aI?ZFKYKN^oDMAbBc|C0+F{|nPbZVye0l%CipMY}O^(4jM)xxDe>$R#H$Gj@X_ z{7yl4cr^0>bP<5f=vCF$Au}@<{3$?nAXzSI?@heO<^MHPKd%fNpyikTjY7=cnh-b$ z1G1cMBuLyd4_`#Gj|$7nWxTE9s4SRW} z{&i~oa`lERZMfCmGYg``NbYr*i*=?hh(h7twqq4Tp9_Es-Q6A|My&t8>g(`Htkm{~ z7P+2K5e)Xg3NS`W-{?3p>t>C@vrOsaNln#{f=|xR!)7D+JxD- z=PpaLrtRxR^+5V~kSz54%Cwo0gf74zt6lQEOUyLW-m~LhGoIvcPb@b*IDLIF<&Bn_ zp*c%2ke+s3CeZo}fn~79eEC)W;(8MtXz!^7i^jl9J)5Hfj*t2yRO9ZXTF?Ve%-*gm z(N+mvqyXe~R=8_O_%>bNExpON+UP`j{pVpa!pBE}-Inmg5Bp2mSbg}2*%dEk&z^>7 zy9mx|@1iiD9DBPTKFcLh%ACvpa=Y+0evGj7M%GiJ?+-4JwrC|mmV&)>;H35Ul4 zoH4shZK4Rm`?{N+Q{$FfUXCrTiK&pf`)i`oCJev^V)}jg5ucX!v0DAXOHY7oPF&sZSB?L8t+atr+@AN1Vd_cq85lfJ5hAJ&UU=#B zo}Jf^g98}ypom!O4}j39Fq#DY`lX9AzI0{BUoZ^F(5^h=ugLqQ3n?KjjFRX`zZ;nM zvlokxI1C%D7i**$?ybzz$50WDW4Osp*)`wvIb2Waop_&`B@uKoVj=k|p4Kdz7EB>W|ZDpRudhy}V-U-eY6e;NNl$$2GB$yy#1;I$XYDgQ~ zv2Px~gS75&fRnEV5L_zIeNwW~;~1E^dfEyspP&yt*Lly2oTuwI^cM)ZjTylD03AF@3eF8>g{c$jALPWhz8KpE61UiL-2}KN^u6*8ZqQcV2y4iKFsOMii0C8zQ*Q~A@UG2UKfW;F@qU82pc7E4r&&to& zp|yYUl;A)8IjP1DU0!jZgBf{q7`l6&8OfQS>k}X_eW^L2DP$Z8-?YDCm)*g_Jba)4 z?j{pEL02Q_1sRQY>yu4=4TU+gU!rs6Bc**~N(4<8FtV+ya|o5KJ{r!hP`{qR@tvJz z#m_OtY53BlIz*fp#a(iwZ%u~ypQf2>OFcB>Zwk2P4e5;3T-OFL&xP*R2_b_fY#zHc z2@ZCFZga7aW+QO~9|2%mc_rs#gY&=%5i##H??1}R`*8xCW|9zZSQrW~KQ8+Z(_SHL zIf_)S-#%o~l=Vccz!a26#ya_TH?vlnk!ew#lZ-U5cL16@q=!CPf=rMLw?-BF$ zOHTVuoa0@=q=Cbp&d#^W<%o=Co_ovHN;32wY2#dlc346!R_|!S3q`T!Pdnk8f2+a*5%L z2SEmTySdMMoaH+=IX-sL^<9^JY7Fqe-du#)=>nn;vv3Ny=4JI-v7puqoyL+|i~Wh~ zj5b}Y5!J#7vDb$JGU!p3$y-wZrbg!JFky&;z-=YJ%L!EY0?otvIpejTh%-3qDT`o3 z<@{p|FsZnVkD5^x5hz2AamN*I(F1ESiL6n~_eYuhBn||Qe7(LTPXp@@KzG}Y*Pg3p zrmbD-KABtfOlwnzJ{Cg#(S4zh88p#6GWSF>OmFig6^I!h(@5EXmvkRhCjkU52s7V; z*yBr|fx6yxu0{un?*;+Hz~0sz>K=L1+hXqYxZCWXi*z(S2q)@Z0JZSN7yP}0D|oP5 zaUD2o`kUHIXf*vzs-pGj**$)nFb~RO3iSNxbl@HS2L5cuYL7#MVQ{q$7kYKaE+-J* zUfj$#edhNMd1Un)dRSCJvdcDoq{hQ~)grH}WCMUtG-l)36))sX3q^?8J0-Ke{M#ZUcf4hgL$E3Rdr{LBE`EjZ42r zww6wR45t8RV*lHl4}bIDlrIy9afuP~dTI*$TuKHn=A)Kk%>zfr;F2l}T8XTo;KE)1 zM6)m8vG!C)S>>5R7k04M$`Q%;uFO6&SANU@q;5y7{izLj3jnEo#3CdRiqzcDRfFiq zyG7h4u9%;q?EN{HVi7sy+o>@oHqT5wXKewJCpnOYFDQw9rGDLfBhPs<+TWjC)ao>_u@hNo1rAaq$=|KGz0Iy>8 zp_a-~nW5U;iO=Nsk>#HsHsuBEuc^79SK;6zEKZ&DSX3^SDkYLS)rV0==-2jrP|WV_ z5jx%Gz1O0u^Z4ZxH+EDvNGqx>E=Yzlb|DlEWx0?Wj z8G4r)guT1}G(wPSbJ(0%YhX^ot(G{x&mao)My~ofDHFSRoRaeNzO$%_mnzEntsGV? zDS{=JdHqPi2QkjRtFba1X_V)U5f$B)u-UQWr26F@Tx;ka;I99^80Te=a#O{Du(98=B)w{Yy7N$#H~7=TE~y|qhk zMX${9XgHzWe%@=biOON&1zur|%bjS5*}gS-yh?uWcpS@1&V+vB?NHWUgvHfC{VGva z9sRLZlx0%aug_0d%7XjJkLD*NCba0W3<7O?POL6zV5RgnT}d(p|C{qwhwk?Pb=|t84wpKpiAz(A3HqS>P4YxZG-B5Hb$1P5yF_O{q`n zXptA-OWYio*e|9qL2Llycm?n<>0fi>J`iAf#5rkz+?!f2rM+dDpWHw$5jNEKN`Q+p za`w7R$^jnf&I?Es#zl=CTOsIV{hO8a4_+UnK>!Dh z52uPtQmmAocv4a5sVr;0V@LecoLX_irqsFODuOcR`)$Bu-f{)LY^W{I*p!(wSg73V zi?Uw-&)q4J`^!^@KdnP22POq`X4lCsKtBIu{Z7S?&?EALuAXvX3lcR8RF6ldDlV48MSHn;NABne zE^WGXeYXoQJ_hB@F4xM%=$rgwB$zJS;mnXSO!(UW;`8x+Qg*SuIYs9vO&$yChZD9_ z0e!MLjw=IDLV9{oy`jg;_uNed7ui_=-Zp58!udYl=@|oq0cm=ViLe@otT??wKF+$- z1wlZBG`04qPHPahFWj|@Mj#Q%I_PMy>BRm~=m9`O_*yWo`0Z931lB_w%D*xF9Wo3{ z_F5391NZ}q05^}jgO;zG8)hLg5U<1_z>T`ST_c@m>^yM{8bt~D)+vbn1c^|ggb@{@ zoBwn^&roE8)*Mz6NH_WFygH&Fi}dY_6uJRm9}hw9Ue21-l?1T1Q|tZHwMdzz@l`rc z+!wvZJxDT4+thXJ7v1~EG{D)$~hS?iG{_tC9OF(izkdW@`LX#*M z!25h%{DG0;m|dr3>V1yy82^^fewgC^p-N08>A8ItfRdeOsuK>5^9wkG>j@tn0u;#c zo#OJg@4*$U1%(-nbD{5m#ht~dnu$s!H$ZwQ zRfd|UNV!M#yt7MmxszutIA~c94ST&7BzxL)v?5rT&Fpa~+3;SlVY-Rgx1fBi0Q{VmM8<%sMUUa)u*VRFQf>_uz!;YRWO;095& zz(9{G8}W&`eu|1dlx(}NrQ0Itc=r&RrEPB>Q?e)kv1=|Whh>~9gbP{ufuZt^Aevi3 zR)xz!|7lKMI}Sw4UMZSh+^#sjQ3ATd3eVO42miZaQo)56skXM&kJUnu4F~i;9^qi6 zW~!4B8|-x%>iNLUs@LoNbT@0(|G%!zIOB{>2BbbA5(AfZt4&>y9EH=94Cw@tVWmfRJ?f` z#DG-qv-bWDx`K}_Dt@%GktxLAhT)BJvzDY6a_p4sowCkcs_wEgcgkF=0VYOvu)UP! zCT-mUialuMw`C!Y|0K;q^BG(`L2^6p!2T zC3-Dz7lZ)!DuG!(qd51^X3m?{1zMepvg-~XMy8wN{bs%HUWw)jyV+Wvl?+EQU= zjK&UfEaq^S(GI6l!SG5QSIioUF6LUkqtS8K5^S@9r{Sh<)9q;8Xy7M0#t3XJNf974 z>&cNQW#&4g0UhPQbV2Qp1xHwhG+GV4pr)lxVX~;yw+^CsNg)h$cpi(>RQ zyQSJT+6IhSMfGN77U+*oHZ?bQ{G59ibbs&dE-q{u?$X{aJQQ-o4#5Ww(+K?D_;&US zI?C>B>P&}!boima+z}r=+FS!M$8|`JMwkB0YuHcvC3lY=2*#uso{c!ohZM%Us}z6k z@z)7G;;)sc1s!E!hrRKpUxS^zGS_wZiw}VfEg-x!Fk}+8nJH3ojPVmX&bjv@D-Dms*(a*SeN;9_VNGDs02nNaXj8YA8Hnm3-03 zR#C3-6&s>2t&%*Mps1KY#W}CxECbawQKIZ4um}VoY)CeSDp=9V(zjW|VI5a`GclHJ z_2@#{nZ~<$ji2^IVg0ENAdYE=jw-xCeW5mt_fwMa#7j|hRln7g{ENoHJK)m8xN)!r z3IoYIU?<%AdVWBmUTms!qmpB&M!Zs;ZId&xT3L)(R{0LOwC1J@z{5)RSZmvfyFS=K zyl}70Y1JAKOirla+QB~JUtnh-n_hl@@e0y$%FWaEKE%j{ZuL$FY-mXf0z6p!whvwd z#dwp7K-+y)kNX)8XYT!UjIAp1UGw7wUbzw~`jyPy=@jABx&k|;Sxl3$Yp1VJ71^Q3%OZpH5q_dIP-8K6O!gX1L0aj8iG{Kw}i$inb9jQ+nLi=1+u15l%=2U*F;G3o7sJ%Bj zESc2f5fBE7&7;Q_a+K&i_%`@raf=54>+FiHnm6`D14*n`uCV^sJ3&bWEpNrio&n3K z{p|*$n5$^|le>;R3A>|2J9GPQy_`PRy^5S7hs}?30cpPN`1Ni3xl@L^u2&XPLRbRJ zLO=WoCQ{!{08mcwt0!uBGT>~tJbIg%CLB(4q|n7MC!f}2A`(4YNBTqyG;h)H%Wb~#V&{Nht*kv{;sCMWJ_gdg>0l>XL>q6CZSFE} zGiS%wm2D^`z3OqO$`YAHK#lmPtoMV>?SU!hpOFjobYj=ZNt>c$uRGi338XB`n=uUr zmHLHR626?E8-Rf*tJ!BYTmN)9W%sNeJ{8lgGd)!{p<8g1MIKfgjR@wL60Z1G3j^{I z8C&BNIc`3R(dpppaaK^f)v?mE(*A>ei=Fa8Jx8mbsk7rOu+Rb zPuv0fUW4a*0%Nk%rwB@8@CQAM@38fpCXI>k;jdwoViMmvKh?K^|GH`>XLC<7ydw0S z`GHvA3#<^w5L<=+oi_(l1xWQV#<0D3N#d22D()&+GBb!HcTm{L=%6`nQOh_A_B~A+ z__N!KOCcu@`Acq(?4*eYM?Q9<-JCC*`Qz^XmMJh zAb+!44zmZJbxMB9r9Z)?Cwa#%vbOL#V4T6Pcz7B^1=K@9e3^0Ypy)Ye%?24*xk<@n zLZ;@i82Vr*Vtar^+klgLD18wIe1MXN0h@h``J;nD?jnm57todfiVLX+==xT3HKSII z-m7+%)a|WE(~C`j5RuV+=*^JAoLV@2CvlwoxUW{ea&z;hu7F@u`EfqNRfsna8g8|m z5J+)E!5Zbv(Nj$Q^ep!pDH7NN-RQ9AieK*+m)noQU{-QnnkyB#RM7y}J_x5#&2w5# z`^i>I&CT>gOoelmY1 z{|TG-VXT`aA6LnK`l?qpvI-5N9#PD5OevQo=HP*61Hez0}x$KBHr13-}GCy9;GKGHR6*Qi4l19^IH{p>kK z)u^)~rj^Yynzqsa6gzu8K);P|j8A5V7ahASC*);j@#3D5bpw>f*=bBl#%kdtA%Iy+ z)>NcnngLfSw~|RhvoUYo2BtvQ@oCpqrV<#d` z+`ZSIG|B0yGO)|oOn!c#4UsaHW*1~*c#e;M8q1lE3JBv?Z&|N>Jftx4nj}_-1Ysw0 zcd+9*l%<1_tJafSi6tT~I8n27j;=J+S!h%_+s7i&2M3hnYij_xJd-nb>B8b z{~}~043{>5L_PpWg#?fh8YhE1ZRs3R^ZRHMChf|@nv58&zkAK(64_qWhsJw z5dmVoz-58P@dIhiMLZ)`kxaRqT!;_R0UA~b3I|Nfdt!s>;n!Wfp*OJ z#kc8Uy?0L3JT}>kKu4 zU=+F;xikKh{jz3)lBbfZg2JGp$JrWfdCRFG&K8tm1kocD7NO)H2^F! zbNZxuRnqBq^CPgqk!VJ!Ql_dwJ#d~di8^53Hx}Kno>brofdK%U8;t|q=N(9Y3b8Jq zjXQXHva6qdIIAr6zWlA)6Ca!PoS5LskmcYhaFBkhmCL9ru_|qtDmKu{x~{!M^;qXT zaw&+Sz0v5dx97-*##f~=Ch{cS-!yWhzb<8fg0d>(eN)S$-eKDOlnjLEe{?vZ2}#n< zv*z4fZ!8A5lY@@ki+h*C4brCD#R z&ldPu*vZE$@ZsL~^HYuUY2=NhbsrB)|3Tez(*fBV&4-lwJL_=R&v;+uaOT2W{~x~w z&hrBl3@tw+NDtnmZ~AZc(ASr+_bbiXBw~;8mMTsk^X)yS=sL4&j)Ts-f$Htw)Q3q$ zE@Yrz;cAvnE$$B(_Mf@DtQ>Ux(lZvTaS9WpQ*Z;a@-5XMRNH=U%q3`OtYZ?R6At@o ze8Oy=wEh^INWwb5lAS0U9@?{Zi16<3rLP)Xzhl+CAS`I2U zp&F587()>e?*B<40akV~B36%Vz@7Oyyn1IFz-AMn&)}4!O4lQ27ulV9n6vZWQ7VPA z6fXNAv&s!8E2;&UNx>1j&(6Ln$yitf#b&i&Qov-p&s#z`q`H`?_4vwbFS)8ZfP27V zM-r&>={qwP`?2a}W?e}}-+2vmqC_qwL^|}3gOq{paPj1uY{sk*6ZL_I4_;NYB;}Is znJjBPtk$T#dl6K}OW~3&Z#RWhNLKxJ@QZwIB*$Ew(UNLX8Q%)+rE*apZ11ff&v5&y zwh51@7Kq>HTN?eAi=L&#=N3@VQ*gbqOS(KcfmA3BK!B86N&&sstnX`_(_t!@&YM{o zAi2!mb?$yR(_qj#>u}cz)nFS3DD+*vkQXxI4F$bf4KYI3^KhzFAAYn5@2cF7fve*e zm5fH^{7k7zY*@$_8eR-IXvHeQCbYh;Vu>&Hf^eb%c+YPmMeZdHJcO7~N}BL?qOJEq zOk%GH*ooP>dKw~T~AZ`Yz3`X|p6; z0omrBaWnhD$l_T`H$3NAC1C{Okda;j2S3*y`kVqZ?e6OQBS;{1ap#}PTd&6V|6?ek zl*thM-@>kXcB?QN->Xi#+^ZAqzu(rg9P@xYAsHx z;=iX<*OD^ucmyqM16~wL(xhQD$0|w6P%eNqw@7Q12_#U_g|X z{ezGvll?_&Zoig8+S}&U0E});pbBB+^fD}zZA3)-T(~{n;Wli7N8c(`b*+Cd7OwO| zv>C0{nXBZ#ko#XvfexsiWU9^-B4GO zbdd&F``6i_;~Req2fDm0%>ylhh6U5JQD0^eA2^W36E7=)qWnC}65cecr6+DOsG9Nv&NpI04LDfRcfWm9X}==H)HOyplN-dq{$hUQNLdnNbDhJ1W$ycP^S^^*5=(zQLdBxTVDGT#y%%BHRkh3K9 zE5AfnRMHSJ4K<$3K8kb&u@%(!ECvZ~KqdL*+Go&gg2)L`4HLqis2zjLxnx8)+TvUA zteXIib`i-8KV8puPh)nGmvt;~%yvS*#Tv>LAXCR|G$d%vbv)G+g}moWfm5KfJ=x;j^SEaqxkx60%jQTN*#~B|aY+`vrlbsZ3I- z!E%lgLy7wg>AO^!vYuNmcHkl8;Fm@k9F-YLc{6{TSuV;19gYG9Eqqxi%PJk0bH#38 zd(TL<@k=>gk9{eJDUT1&m1GlRGSHt6z%yuy4EB<>%65f3VnGu7)*fO5-{&jQC*PWm zOzupeszN>o&aP~7Q`6nKiQyM6WwUz5t29D%6PPY=n{9+*jU*1_)ixbQ!$6!=(^CQ* z$z_aBrbz(Fb_a0e3J{O%Xs9%LijwNObuA8%eYpi|cc#_UZ0NxW-IQ1jp*8=hzvtxy6L?t^Z?&x9)+w{(cT^$ByI2(Jm2Bc_6rUO$SJ zt^6p4QH^~&^$qt;@Q)rRPwJ!U`p`SgEsYo4(_eL~YU&x@DztQfZiZJg5T!izNalkE z&K7X>LZ^pXKRS3!{@QFolD}N9YiT84gY(tM{0Qt4gm&OD(qDXzY%6U8lyHD z>HO1bZ)9zfw9;}L6A)X(L=5{oe+|M+$VKYu3d_{FPS&`!6OEFayFJsX^hmV5mqYuI zWIAFczBd8uPX;$KmM_KjQ>*BlQ+bbaMw|K|1HA`EI#|e_Jk*DF;Db{L6)j4xC9DYr~cl)zeO;=VY*c z&I)a)ZZDaHRKlBp>64ydH%@VB?G}plRE_GN;WUc$SMM}`E(z#|m5>2zTDQk_g;nqU zl-X~=)!%Eo$KJx9g~)I}|K|Q}b36rO=zgeb@Br`CPp=ADJ0Up1I3ua-`{h(SOuaYP*Z??02Q zRIIIWy{|L0JgcH`U9O+Ak&jRF)SGBkV>sK)4m%Pf2l{FsZdXF5`#U@LetOR(U~R5C z=s0@Xwc#k3n!2ohSRcncVEvoqqnz1H6;7khS{OdK>ysuu9E_nLDdOHpG-}5P^j~Yz zMzNX3E|Xe(uDa)#nz2G<@BvZn4=>VV7|E|xU*fszLYL>mfeQh^hZhS(>04GU87lZ0 zbu0CKM;fMw%F!HUbi!E0J<@a#$Hs)m)HqO&UHbP$x{dN+15zS`=XGOTy+GU**y=YS z1y3TJa16W6Ve@3*Nn$NTU389)sqXb2A?_lWNNWVj8FDD#2`U`w{*3yFMxwpLa zJL#X^f8?5A4HA`9EehH!WOg(G9zoKvO#9~q=zGu-rm9~YS2yfG+1J@{wF!UaJ*~%V z^aR(c!VgHQsZ~b;7Se*xI`k@y1-CYMh7C7)#i8Vn6R5Q>;=4!(uf%PU;GkyVl!0pFLv@QN#qsAx`e;BE+_B8nd%yL!G*yCKA^ejx1{UfM-H%`-dTCu@WfzaR zhbh9(@G)Jqn*;Cd!%%jXz^Yggzfwu#5Pb}u(Nra#$FLVy_bkPeoB%N~2!SD7gfnv@ zjI3pTdx}I+VBUySv9VvY27WIAcsS}CvJ~@ta#@(s`f$P5=Q>B-pVbG=ywpHsy=R6U z2EB%~T;1Z{12LUaAJ3vQl`q{QM>}&c@{Ghc&-l`MR}gvV6P-XMvbOv6Ep=0-z|r$m zL)MFdBJcM}Uiewzrw%tiR#gC$M%60(bz;6Ud{kuMyoD;Y_9mrzgF(X(=PcU9@Yaum zh9X^VgkC>AY*@<8N>q^=P{ykF`uozQok5TS$6$WQOx2Q`qf{U-R&wy?*!YN|$y@1R zmF+5QXf=}`GUE?IDxXUGMO()ft?|DD{-0^g(8GU8eX6-=c{yDKRQxW?H31M1VATtB zXB}Qzz%(E{04`QGjko8idQHu+KlBmZ8-mkBf<6Z=Fs;ScDNx)i<}QYI_7*Op%l`6* z|3cE~8=T7JSHk}Usl$`(cdh-DXdVM|9E|fzOf}#MNV2RN&P#r;xJDu)&zHXlt)VXO z2JR20=oPB0EUyQeXmUOawt`g-U?j%)?(!4anJ;b+B!!TSQ~Xhnxgek8GqS}jFgTyb z*j@4j`0}&AmuwkEW1Qg$Iy2LG)%N<+2Ku!$4-~_2SZ$dsCB!$vdJ17b)y>qjLW@t+ z>m+{nR`)P1fH-7KRiN{=Ye@z1b11@VfVP?2qA)D#mMakMOUHbSow$ zZixe_jwfnk_DuX-g{xJnLzIcIA45u0siif;Q)r7L)BpV6f@>$?8d(rrjQ(Dg*l1r( z{Mv9(eao7ec%Eq~+sqG#NBr=I1{?QR0CeSVOTXGA*&A=VZwd}3Zi<&_Zy+l<3g)I^ zWa!}>Sl{>%O_oQpq%$xnK{9{N)@bw1{3ag7qZvb+H@YsQsb>q$f25)(&luJ2u~{JN9q5HQD4NhZcHFFJB`aFc$L*Wuq{bw; zrSV)l{G3Ab8SxuvrHN4T;0R)e8WkETA$Rph<#TS@jt?&9qO%#z?@J_e_gI*eOhuzD zKb(_Kn^biS+9Kjo_oQD+s)_vxyalk}$CL#$(VTRxY} ztR#fb-`SzFE0OFQc_R#~Qq`Yi2- z#qV{aUXx_G#Fr@JtiMhN#%JAJ-E($LO%S%QI;ZHhLt|pDU_$xG1<#Q2a`N+D6rIHR zq~T6fXH~F>McI3S=H33nM7fu-wIkQM4&R375x}=Py1Jeh*YAtBk>3Eg9>*@d%AC)i zzdi`ke3TnrouLv@cn~A$z7Y1{U&x=~)D zj7Or3_i!PrR5*oE2VlKTPZy@)688e!lPW9|=OpBVdG`Z#l84~VxTpr5vGW-+dPo1q zeTxOs3f<5tT${Q@Mjt~F+`}HISX`1T(oFT)A z3ecCc7I;G21!#geaK&b271N}a>?Wm|+|Exv9?1ZVR-LlLzvBceT8J%^Du5ODp7omR z`HSE1oX>0}8Q+SSgZzTP^=t8{uC5$)qFVW4j0@!K^v&k$xk>KegBB8)u?D}Xh4%EE z60q{7R#71+zOzQfsPsCBs$XIFQM{`21fdBN3nhdlx8;9>v{v1h5gtXEBpGaR`-OCV zj5D^4Q5bWtz5J$I=f(NPGeN`DEM_y9f~r+$Dr=wFq;cE5fh-W$UPI3fbKT@ONE^f# zxz$Cl3s{h6!A@vKK#yMQ*j;L4#hdT%H4eFb`pdN2?%xUX%R>18`a0^9Qi*zMe|*hw zvq%Oet#j^HA~B!w{)6Q2?>`8gC$yf#fJ3+Rb0?*+90Tv=vNyDms{kt{Y_j5W4bPE=P>w7Ef`Q;0ho8EO$>kOl_bD~h*&);)~ zQVw;*$dP*QdZLapHi(efvDn$C`A!brSoyIyL-%wGgaH>+#&Lk%ctb@h z+`V0*mAmD{A3dK!e8cx4;nenU+ZDcNVf}P{p>8Z`Q9@g6F}9yv-*%p)QddAKO+a}+ z^7|c-1=t4xiy8N|KrELxm!C2-qA(_Zj~ed$SF|o>*6VKUJc~wmoo+JRp??BJ1L`(p z0Ms+JsPv?anfSDEzN@ta+b zz}hzY|Jed@;`hhjaV}vra0I&R5{-J|u(0S?Ko8vq^hyreVOA_laFkNuq)w!St}Lia zSmdM=uKSOpG`80t6-){q%yn2aE3plP$grPb+Us=-)=*v?lVjP@Zm8kx*h@iyB`Ww1{oruTz%TfK4xms}$iMeg3G$X` zh{MI~O4lt9v56WuvGuLP)kp2yW>Z1SxD!o1<(ti>-k5XHuiM+f1@#nmH!>2~GJsz# ztKq%M2e(ucy{G8{fFPw4rrX9PYWwB1pi-mZZXQ7(FNzAd(`HAnpVczncuVSXM+aHe)R zEL;187ERD-Po>TLnEk-ugMM-KhkF|z{$z1nQPq3sJPvgNia#zgXUkoNN$ zeZR+q7t$x^`@b*)f5hgef!;F(p;!ItR{|1&OyMhC>p2M6nX$qDM7ifHM}Nl_zThwL zYxp>|rO&>F_-5j0*^IZywn^LBx?%eWtR;F_j=9s}0grDtlovE+My+0Y(UjycpOSzxUilkh45> z_pTF^$N&DC5Ffr4uatwQLeDbF+YS!GgCjO_VN4?=Cw3cWNJQR$-5npqQWITkXAiKa z9ojINJ1yhoyKzYZ#9(PM401bgrLq0~>&)DHM@ALZ=`X*b-26N@=np)c&mP&%md6n% zL~d_B=yTp|+a_@C*(*KEOtB*X=!8XQ@tW#5@X2CzgE<{nyl-egSYMgwA^h|Cmx77s z<0NE6WA>agGz1((`mFz+<4Q@@j=OCrM?V(|jZz$Qir1l3$>Si;CvVR-LW* zhi-|zXX{@6BfvnP)UGVUVSN^VYt3{P_&$uLYtftMOTpjOLutQ1iH-#&#`wjn14IoB z1V9!;1uLx8SqGBC9tL<*IJxIG1J0Gk&TL<<>16@ydE=S>lWsR(*<)E{BS$b@iy328 zg~r2h88wtCYNabXs7)WMyFWn?$Zax5Adni38Yu?eYFAb44v)96^~|btUU#;> z8TNli($)7aT}Prx;Wz)$Uy-mr0(84kqC6Oh5%C3RIFy_LKFgzfAiifWLLu(3X}aGK zYji;^Djo8GHq!OqzA}h{(4%j4{o6gU{;uBMWL+-Qlf&`OiBGvT%wJg>nGyhUezk{$ z8edmQmKh9~t7&EtkJX?Llyqk(xe*17r}j8Z4W|C#`$GR87jxi)n~NkKT+Uo+O7sPX3O>82IKen6*}iZwiihYczYa zoEBSe&-MaVRY0)#fOqe#^wk4}<-M;9s|EO@yC9iAE7X8T7&MuZivu^Dep3y2btC4< zr&_V?ZyYOtg6CH`2Kf@h0Yu5F3$-e;;X`t0N6mBdC#M5kPHTr22qOVN+V}cYOET`H z1~@939r4PDfb{of(K0D0fYU^dihD)7`pW#;o}i%hLJyKl)y>Ajf|VH(Lsi=_ry^*r zqptj9I+2X-dc2`2Dj|`^)J&nL{W|>Je1gie=kDl?A^=ZBJ5Ah)3<4;ljRJ=Kg*%Ze z>vhJ+|MoHQ;?eF)DZz766gKG8ml90JC0jUz@bt?pg(|56oa-Zx=EROiym=(p1Y5t|Cvnqa-45My4>C`bumpC6c{DY6e4-b|tvmsOajcBAn zfyD3yoZHP|1o7h?u4~des_RewCp_=a$;@!(h&T>UgIO0p3F*5CcOSh3y<#1d1#?LOe(;9$Sbh}@T+2f$kYY3+II z4EU>mG!#bcl}!)tzIWJ|QOsikF0PHWgH$wV0pX#A88;d#aHgZ3HSyqsXPj=$S0UUE z*A;+p3AoSO?TpdjsT`YN*1@eD|CcsGOaY=PM<--fOJ%Y&<0fDVTj_H6HCqAcGE!9P zyn>nmmhdFGE?}S1r|P+&?)q5ZUARx3lnxoWcqkaaF8Tdi6Vv3;z!w!A^kWT&dONwe zQbODPQaVS2K;>JMIj{{fP&7abY(XGD5ba8>u-IgjO|5<%6wmTRrBD<*juXxWoaNm% zHn%$WW~81b<$nQMk?lLAWI+uL-2a}QVW7d;Vde8(*J2W){SHrq-KQ9qryVrNeg_oD zqZn3`U7l_Oy#V85ah3nb4i&+{0i!?|MyB;Xkl1bPHh9=>G&`Pd##@cC>?;JhXJl4C$2?iJ# zDC3W7 z&ZN`u(Yu$9y6CTX(;0r!Op`O(7QB`iJd6Klbye|*S43E3Z(e63I{*(%fJQ~mr(Ce2`V)!FJa0fzhnx$v(nET=_i z#5;2!+8|-a?Z9MnkUZI1TujVp6|oWAm8V1HtI$@G`oT&~ub>mkq`j+`pEKX&{C?oQ zoFy-MTAZTdMVVt8nJfR>g))EDd5k++pk^iPr90;QMoY8Hp~^y=_4{Zto=7yp-7+Qy z1_rg&lj|bhy!l3>5JN4kBAyJ{o#!p+iAhOCUk;&Q*ZrC3$a5#h zaCm5BWC7%C#qT*iOLAJ(M@56|UA?7B@8zeSsPJb-Pj-FlHkVJm7lije@DXe>V9H zq*0047~k%&N$a>l78Jj<*G=qodGW=I^-F;?%qTeW+t=d_5dO;7ol_cbEyY|dM1UUr ze0Ro4yG?CuVxqF~u|Y_%zT!sg@!hq6+&!%&m&pivJzBB zg7Okb!U%hFOWBY}KH}cO9pUp}`sTZsyX=bHD!HZQwc4~K@-EXi?sW;KP48+eg#Sj% z!ae!O3G&PK&a~1*R0WT@ceP<#jbj#rcG^FD2)k&r4nS9%Rpmvap4)W3S4LF=3YSml zr?}0ptA|@MKHTJFfHwoQkh}88djc@Vs@BJ%i0*boriWT?{Y{cYFz(KZ5xT>%ZGViD zzB&xa`mTP2RoQhGJ2&DK6c0IlZ}DM#sI^Q^>MECixdGskMsSr_4M09S{aA2q=LHi7 z+tyFV%{kRbHI-{9!)V97PcA-+=BF3S!Nb>N-OvSZOKi#0yt)R051K8OBGk%Cjn0^=hi1;xwbJe*Wd~xH z9b!GewczE0DEvLHpM9OQk9u{cKj$Dh>&{+Fwr?qM#wQ&)%GjyF#NKTc_8AUYVh+|& zu)56*BY3%7ZhEg3Yqb9Hizp3bs&V+w1jviiE_BY;-0_CDQ64Q#wi)33CCIsN$-?&j z04TFvSMce}@t%RRP4?BZHmfsl*{tf1xr#S^=~L^!?OV<|V7soyybp_aKNVJSU+4MQ zCdnVtt?CHgV%>-f9Kpe!M#G&nj0z+Goa~Z}Kd)?PZp;30g%_;s5Doy-|L}r6+x})I zrfvcgSc)8<0QKTsEjaZt1?z8@A@g$cjO+k&=Pv`Q-38C`r8i&vCKR`GhSj4qNjK{X zftai4JCcJ}+k%-N{~zH-BAKf9k>(99a^7qLXg}RvOqt)jjpU%#z6M(lG^&uuq&Z+* zSPi(oSmGRu9jcoBj~DEop=RDkpbHVXVxFI{H8)7GrLMo= zcW0JKyWil{%-?j6yf>(j0taCTDriqLTxpEt#e!3(^w@-06REO@%hR?M6WjMTlp`!x zZ8hjhW9xQv5)`1dw6lpLw6l0~E%G-Um)d#O6M4v_Ev^xJ?1Fo~H5WaTy>qsG+u=F;pH0bCS;jOJ_L=FsF6Gc$}Qv{DhM+@G|Su%XMQX-@bjT zquJ@p%d1T)_MTF z6Mg|tx3S)wvVc!v-5E62-2bdCnVg$*F!ya>GsB+1Q!k`J2)i-Lb`0#5mXom1cFdu5 zAbU#&L->J2g|q?r-kE)0akjD~kahGtVZF_DfdR+Wv%Nl9e)G&LYe;CxGt)EkXwD3ob3v33dfx~9`J<1{q;Z)Z?zvvVO=P9Xd$-``+2gRR)T$2s6& z+wZ)>?24k`QfPh1c5o|T5VBqmqDhMeuSLf& zajQ8>dAk&9M?URbpK`^i$A)DgzT2rKDYO2GuPVbU4JdiC&TeZ$GFNhOfJ@VP1P(TK z5SqK0>QbpJ+!DqFk15fv3pNaFV#KSDU&^E_GE z4szqoCOROD5=Nu^l(dn-^^^mP>h!8N{3Sn|@T4>Of(!yKM1wi$I&^l#QJ89c#c*L(0#OncIXyqCifYZ(r3_x9bug-B#I0XpF&dSYXjz?yp&V4D~qp-+5fj2;N z+Z#{>j@^PEetkgi`mp}`>Q^^DJTQ@_3-~k8Q3DFRh|Vtl|Nh4P@XNRKx?jc5dZhRn P@FOKAFIp!2#sB{RFqSw| literal 0 HcmV?d00001 From 0b3db88b133a94bf3e376e8dc329985dcefd8337 Mon Sep 17 00:00:00 2001 From: Antonin G <98969594+agoude@users.noreply.github.com> Date: Wed, 1 Oct 2025 10:05:31 +0200 Subject: [PATCH 04/24] Delete pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/images/test Delete test file --- .../object_storage/s3_interconnect_with_vRack/images/test | 1 - 1 file changed, 1 deletion(-) delete mode 100644 pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/images/test diff --git a/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/images/test b/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/images/test deleted file mode 100644 index 9daeafb9864..00000000000 --- a/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/images/test +++ /dev/null @@ -1 +0,0 @@ -test From cc876477ded7a90697b574a1e2ff5d49d3bc26f1 Mon Sep 17 00:00:00 2001 From: Antonin G <98969594+agoude@users.noreply.github.com> Date: Wed, 1 Oct 2025 17:50:59 +0200 Subject: [PATCH 05/24] Update guide.en-gb.md --- .../s3_interconnect_with_vRack/guide.en-gb.md | 39 ++++++++++++++----- 1 file changed, 29 insertions(+), 10 deletions(-) diff --git a/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.en-gb.md b/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.en-gb.md index f91c621cd32..4cb09fc58b2 100644 --- a/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.en-gb.md +++ b/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.en-gb.md @@ -37,21 +37,40 @@ In order to create and configure both a Public Cloud Gateway and a vRack Private Once the Gateway has been created and associated to a vRack Private Network, the next step is to whitelist a set of IPs from your Object Storage. To do so, there are multiple ways: - Using Object Storage Bucket Policies: The feature is not yet implemented but will be soon available. - - Using Object Storage User Policies where you can explicitely witelist IP ranges that can work with Object Storage resources + - Using Object Storage User Policies where you can explicitely whitelist IP ranges that can work with Object Storage resources #### User Policies +#### Context First as a quick reminder, here is how today user permissions are evaluated: -1. if exists, evaluate user policy else fallback to ACLs - 1. check for an explicit deny: if there is an explicit deny, then deny permission, else, check for an explicit allow - 2. check for an explicit allow: if there is an explicit allow, then allow permission - c. if there is no explicit deny nor explicit allow, then fallback to ACLs -3. fallback to ACLs - -In our scenario we - -After this last step, you will be ready to use your Object Storage together with resources connected to a vRack Private Network. +1. if exists, evaluate user policy, else fallback to ACLs + 1. check for an explicit deny: if there is an explicit deny, then deny permission, else, check for an explicit allow + 2. check for an explicit allow: if there is an explicit allow, then allow permission + 3. if there is no explicit deny nor explicit allow, then fallback to ACLs +2. fallback to ACLs + +This evaluation process will be subject to change with the upcoming implementation of bucket policies. + +#### Implementation + +In our scenario, we will allow all operations to specific IPs by whitelisting authorized IPs wit the following policy statement: + +```json +{ + "Statement": [{ + "Sid": "ExampleStatement01", + "Effect": "Allow", + "Action": "s3:*", + "Resource": ["*"], + "Condition": { + "IpAddress": { + "aws:SourceIp": "10.0.0.5/16" + } + } + }] +} +``` ## Go further From 837ed60ccee1c5f8ad1e70f4ede75e7eb583c5ce Mon Sep 17 00:00:00 2001 From: Antonin G <98969594+agoude@users.noreply.github.com> Date: Wed, 1 Oct 2025 17:53:17 +0200 Subject: [PATCH 06/24] Create meta.yaml new meta.yaml file --- .../object_storage/s3_interconnect_with_vRack/meta.yaml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/meta.yaml diff --git a/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/meta.yaml b/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/meta.yaml new file mode 100644 index 00000000000..ff55f108395 --- /dev/null +++ b/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/meta.yaml @@ -0,0 +1,2 @@ +id: f76edf7c-194f-47eb-861e-e2a3330091ec +full_slug: public-cloud-storage-s3-with-private-network From 340ab77213f6f0b29469900179ef8b794e4e4c94 Mon Sep 17 00:00:00 2001 From: Antonin G <98969594+agoude@users.noreply.github.com> Date: Wed, 1 Oct 2025 17:55:44 +0200 Subject: [PATCH 07/24] Update index.md update index file w/ s3_interconnect_with_vRack --- pages/index.md | 1 + 1 file changed, 1 insertion(+) diff --git a/pages/index.md b/pages/index.md index 2a901c9c757..7a1e6a8e4c3 100644 --- a/pages/index.md +++ b/pages/index.md @@ -739,6 +739,7 @@ + [Object Storage - Setting up CORS on Object Storage](storage_and_backup/object_storage/s3_setting_up_cors) + [Object Storage - Master asynchronous replication across your buckets](storage_and_backup/object_storage/s3_asynchronous_replication) + [Object Storage - Getting Started with Versioning](storage_and_backup/object_storage/s3_versioning) + + [Object Storage - How to connect Object Storage buckets with other resources in a vRack](storage_and_backup/object_storage/s3_interconnect_with_vRack) + [Configure Object Storage with your solutions](public-cloud-storage-object-storage-configure-object-storage-with-your-solutions) + [Object Storage - Third-party applications compatibility](storage_and_backup/object_storage/s3_ecosystem) + [Object Storage - Use Object Storage with Rclone](storage_and_backup/object_storage/s3_rclone) From 78865a3595df45a07f7b153b07c5cda70f128344 Mon Sep 17 00:00:00 2001 From: Antonin G <98969594+agoude@users.noreply.github.com> Date: Wed, 1 Oct 2025 18:07:37 +0200 Subject: [PATCH 08/24] Update guide.en-gb.md --- .../object_storage/s3_interconnect_with_vRack/guide.en-gb.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.en-gb.md b/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.en-gb.md index 4cb09fc58b2..1753c0f39d0 100644 --- a/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.en-gb.md +++ b/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.en-gb.md @@ -54,7 +54,7 @@ This evaluation process will be subject to change with the upcoming implementati #### Implementation -In our scenario, we will allow all operations to specific IPs by whitelisting authorized IPs wit the following policy statement: +In our scenario, we will allow all operations to specific IPs by whitelisting them with the following policy statement: ```json { From 40cca7bb06c441bfb07b8009ae09f585054fb163 Mon Sep 17 00:00:00 2001 From: Antonin G <98969594+agoude@users.noreply.github.com> Date: Wed, 1 Oct 2025 18:11:09 +0200 Subject: [PATCH 09/24] Create guide.fr-fr.md FR guide version --- .../s3_interconnect_with_vRack/guide.fr-fr.md | 85 +++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.fr-fr.md diff --git a/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.fr-fr.md b/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.fr-fr.md new file mode 100644 index 00000000000..f9c15c1db66 --- /dev/null +++ b/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.fr-fr.md @@ -0,0 +1,85 @@ +--- +title: "Object Storage - Comment connecter mon bucket Object Storage avec d'autres ressources dans un réseau privé vRack ?" +excerpt: "Découvrez comment utiliser l'Object Storage avec des ressources dans un réseau privé." +updated: 2025-10-03 +flag: hidden +--- + +## Objectif + +Ce guide explique comment utiliser l'Object Storage avec d'autres ressources dans un réseau privé. + +## Prérequis + +Vous devez disposer des éléments suivants : + +- Un [bucket Object Storage](/pages/storage_and_backup/object_storage/s3_getting_started_with_object_storage). +- Un [réseau privé vRack](/pages/public_cloud/public_cloud_network_services/getting-started-07-creating-vrack). +- Une [Gateway Public Cloud](/pages/public_cloud/public_cloud_network_services/getting-started-02-create-private-network-gateway). +- D'autres ressources (instances Public Cloud, Managed Kubernetes, Bare Metal servers, etc.). + +## En pratique + +### Contexte + +Selon vos besoins, une connexion sécurisée entre un réseau privé et votre bucket Object Storage peut s'avérer nécessaire. Nos services **réseau privé vRack** et **Gateway Public Cloud** sont conçus pour répondre à vos besoins spécifiques en matière de sécurité et de performance. + +Cela vous permet également d'interconnecter deux buckets Object Storage avec vos ressources rassemblées dans un réseau privé vRack (voir le diagramme d'architecture ci-dessous). + +![vrack private network with buckets - diagram](images/object_storage_buckets_vrack_private.png){.thumbnail} + +### Création d'un réseau privé vRack et d'une Gateway Public Cloud + +Afin de créer et de configurer à la fois une Gateway Public Cloud et un réseau privé vRack, veuillez suivre le guide « [Créer un réseau privé avec une Gateway](/pages/public_cloud/public_cloud_network_services/getting-started-02-create-private-network-gateway) ». Ce guide explique comment : + +- Sélectionner et créer la Gateway appropriée en termes de performance et de géo-disponibilité. +- Rattacher un réseau privé vRack existant ou nouvellement créé à la Gateway. + +### Whitelisting des IP + +Une fois la Gateway créée et associée à un réseau privé vRack, l'étape suivante consiste à mettre en place un whitelisting d'un ensemble d'adresses IP que souhaitez autorisées pour dialoguer avec vos ressources Object Storage. +Pour ce faire, plusieurs moyens existent : + +- Utilisation des Bucket Policies Object Storage : cette fonctionnalité n'est pas encore implémentée, elle sera bientôt disponible. +- Utilisation des User Policies où vous pouvez explicitement whitelister un ensemble d'adresses IP + +#### Politique utilisateur (User Policies) + +#### Contexte + +Tout dabord petit rappel du processus actuel d'évaluations des autorisations utilisateur : + +1. si elle existe, évaluer la politique utilisateur sinon se référer aux ACLs + 1. vérifier s'il existe un *Deny* explicite : s'il existe un *Deny* explicite, refuser l'autorisation, sinon, vérifier s'il existe un *Allow* explicite + 2. vérifier s'il existe un *Allow* explicite : s'il existe un *Allow* explicite, accorder l'autorisation + 3. s'il n'existe ni *Deny* explicite ni *Allow* explicite, se référer aux ACL +2. se référer aux ACLs + +Ce processus d'évaluation sera susceptible d'être modifié avec la mise en œuvre prochaine des bucket policies. + +#### Implémentation + +Dans notre scénario, nous allons autoriser toutes les opérations pour un ensemble d'IP spécifiquement whitelistées en utilisant la politique suivante : + +```json +{ + "Statement": [{ + "Sid": "ExampleStatement01", + "Effect": "Allow", + "Action": "s3:*", + "Resource": ["*"], + "Condition": { + "IpAddress": { + "aws:SourceIp": "10.0.0.5/16" + } + } + }] +} +``` +Pour appliquer cette nouvelle politique à votre utilisateur S3, veuillez suivre lles étapes définies dans le guide le guide « [Object Storage - Gestion des identités et des accès](/pages/storage_and_backup/object_storage/s3_identity_and_access_management) », et ainsi finaliser l'interconnexion entre vos ressources Object Storage et celles présentes au sein de votre réseau privé. + +## Aller plus loin + +Si vous avez besoin d'une formation ou d'une assistance technique pour la mise en oeuvre de nos solutions, contactez votre commercial ou cliquez sur [ce lien](/links/professional-services) pour obtenir un devis et demander une analyse personnalisée de votre projet à nos experts de l’équipe Professional Services. + +Échangez avec notre [communauté d'utilisateurs](/links/community). From 787ef7fa9e930df898d5934a398603d5d99b09c8 Mon Sep 17 00:00:00 2001 From: Antonin G <98969594+agoude@users.noreply.github.com> Date: Wed, 1 Oct 2025 18:13:10 +0200 Subject: [PATCH 10/24] Update guide.en-gb.md add conclusion --- .../object_storage/s3_interconnect_with_vRack/guide.en-gb.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.en-gb.md b/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.en-gb.md index 1753c0f39d0..47a1a897601 100644 --- a/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.en-gb.md +++ b/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.en-gb.md @@ -72,6 +72,9 @@ In our scenario, we will allow all operations to specific IPs by whitelisting t } ``` +To set this new policy to your S3 user, please follow the different steps shared in the « [Object Storage - Identity and access management](/pages/storage_and_backup/object_storage/s3_identity_and_access_management) » guide, and finalise the interconnection between your Object Storage resources and those within your vRack private network. + + ## Go further If you need training or technical assistance to implement our solutions, contact your sales representative or click on [this link](/links/professional-services) to get a quote and ask our Professional Services experts for assisting you on your specific use case of your project. From 9d48e0ebec7df556d26fe36f4002b3276c68778c Mon Sep 17 00:00:00 2001 From: Antonin G <98969594+agoude@users.noreply.github.com> Date: Wed, 1 Oct 2025 18:13:25 +0200 Subject: [PATCH 11/24] Update guide.fr-fr.md typo --- .../object_storage/s3_interconnect_with_vRack/guide.fr-fr.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.fr-fr.md b/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.fr-fr.md index f9c15c1db66..b8d26c3f886 100644 --- a/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.fr-fr.md +++ b/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.fr-fr.md @@ -76,7 +76,7 @@ Dans notre scénario, nous allons autoriser toutes les opérations pour un ensem }] } ``` -Pour appliquer cette nouvelle politique à votre utilisateur S3, veuillez suivre lles étapes définies dans le guide le guide « [Object Storage - Gestion des identités et des accès](/pages/storage_and_backup/object_storage/s3_identity_and_access_management) », et ainsi finaliser l'interconnexion entre vos ressources Object Storage et celles présentes au sein de votre réseau privé. +Pour appliquer cette nouvelle politique à votre utilisateur S3, veuillez suivre lles étapes définies dans le guide « [Object Storage - Gestion des identités et des accès](/pages/storage_and_backup/object_storage/s3_identity_and_access_management) », et ainsi finaliser l'interconnexion entre vos ressources Object Storage et celles présentes au sein de votre réseau privé. ## Aller plus loin From be1e2c0d4d8a3269cf70ef4db6d9de0665a147ce Mon Sep 17 00:00:00 2001 From: Antonin G <98969594+agoude@users.noreply.github.com> Date: Wed, 1 Oct 2025 18:14:04 +0200 Subject: [PATCH 12/24] Update guide.fr-fr.md typos --- .../object_storage/s3_interconnect_with_vRack/guide.fr-fr.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.fr-fr.md b/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.fr-fr.md index b8d26c3f886..19f4fb94137 100644 --- a/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.fr-fr.md +++ b/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.fr-fr.md @@ -47,7 +47,7 @@ Pour ce faire, plusieurs moyens existent : #### Contexte -Tout dabord petit rappel du processus actuel d'évaluations des autorisations utilisateur : +Tout d'abord, voici un rappel du processus actuel d'évaluation des autorisations utilisateur : 1. si elle existe, évaluer la politique utilisateur sinon se référer aux ACLs 1. vérifier s'il existe un *Deny* explicite : s'il existe un *Deny* explicite, refuser l'autorisation, sinon, vérifier s'il existe un *Allow* explicite From 84699d445dd2f93fa29a55a18e0390884ff1097c Mon Sep 17 00:00:00 2001 From: Antonin G <98969594+agoude@users.noreply.github.com> Date: Wed, 1 Oct 2025 18:15:14 +0200 Subject: [PATCH 13/24] Update guide.en-gb.md change arbo --- .../object_storage/s3_interconnect_with_vRack/guide.en-gb.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.en-gb.md b/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.en-gb.md index 47a1a897601..ab0593561a3 100644 --- a/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.en-gb.md +++ b/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.en-gb.md @@ -39,9 +39,8 @@ Once the Gateway has been created and associated to a vRack Private Network, the - Using Object Storage Bucket Policies: The feature is not yet implemented but will be soon available. - Using Object Storage User Policies where you can explicitely whitelist IP ranges that can work with Object Storage resources -#### User Policies +#### User Policies implementation -#### Context First as a quick reminder, here is how today user permissions are evaluated: 1. if exists, evaluate user policy, else fallback to ACLs @@ -52,8 +51,6 @@ First as a quick reminder, here is how today user permissions are evaluated: This evaluation process will be subject to change with the upcoming implementation of bucket policies. -#### Implementation - In our scenario, we will allow all operations to specific IPs by whitelisting them with the following policy statement: ```json From 41b913791495162a38e6e44eee6b06d9e2cbfd71 Mon Sep 17 00:00:00 2001 From: Antonin G <98969594+agoude@users.noreply.github.com> Date: Wed, 1 Oct 2025 18:15:32 +0200 Subject: [PATCH 14/24] Update guide.fr-fr.md change arbo --- .../object_storage/s3_interconnect_with_vRack/guide.fr-fr.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.fr-fr.md b/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.fr-fr.md index 19f4fb94137..48a644eff96 100644 --- a/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.fr-fr.md +++ b/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.fr-fr.md @@ -43,9 +43,8 @@ Pour ce faire, plusieurs moyens existent : - Utilisation des Bucket Policies Object Storage : cette fonctionnalité n'est pas encore implémentée, elle sera bientôt disponible. - Utilisation des User Policies où vous pouvez explicitement whitelister un ensemble d'adresses IP -#### Politique utilisateur (User Policies) +#### Implémentation de la politique utilisateur (User Policies) -#### Contexte Tout d'abord, voici un rappel du processus actuel d'évaluation des autorisations utilisateur : From 851dbfc0bdd9fb13d66f0bf90af0264bef9fdea1 Mon Sep 17 00:00:00 2001 From: Antonin G <98969594+agoude@users.noreply.github.com> Date: Thu, 2 Oct 2025 09:35:21 +0200 Subject: [PATCH 15/24] Update meta.yaml reuse ID and slug from previous PR --- .../object_storage/s3_interconnect_with_vRack/meta.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/meta.yaml b/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/meta.yaml index ff55f108395..516d5b66f05 100644 --- a/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/meta.yaml +++ b/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/meta.yaml @@ -1,2 +1,2 @@ -id: f76edf7c-194f-47eb-861e-e2a3330091ec +id: aa9e5bc0-73d7-4a4a-aff4-ee1a17262430 full_slug: public-cloud-storage-s3-with-private-network From e0dbf2cfe0e187eab932bdbd5674fef7b1c1e3d4 Mon Sep 17 00:00:00 2001 From: Antonin G <98969594+agoude@users.noreply.github.com> Date: Thu, 2 Oct 2025 09:39:48 +0200 Subject: [PATCH 16/24] Create test test file for new folder - will be removed --- .../connect_other_ressources_in_vrack_private_network/test | 1 + 1 file changed, 1 insertion(+) create mode 100644 pages/storage_and_backup/connect_other_ressources_in_vrack_private_network/test diff --git a/pages/storage_and_backup/connect_other_ressources_in_vrack_private_network/test b/pages/storage_and_backup/connect_other_ressources_in_vrack_private_network/test new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/pages/storage_and_backup/connect_other_ressources_in_vrack_private_network/test @@ -0,0 +1 @@ + From 198c5ae0a3985ba2a91f25f8af2ec5f8d8fd5874 Mon Sep 17 00:00:00 2001 From: Antonin G <98969594+agoude@users.noreply.github.com> Date: Thu, 2 Oct 2025 09:40:06 +0200 Subject: [PATCH 17/24] Delete pages/storage_and_backup/connect_other_ressources_in_vrack_private_network directory --- .../connect_other_ressources_in_vrack_private_network/test | 1 - 1 file changed, 1 deletion(-) delete mode 100644 pages/storage_and_backup/connect_other_ressources_in_vrack_private_network/test diff --git a/pages/storage_and_backup/connect_other_ressources_in_vrack_private_network/test b/pages/storage_and_backup/connect_other_ressources_in_vrack_private_network/test deleted file mode 100644 index 8b137891791..00000000000 --- a/pages/storage_and_backup/connect_other_ressources_in_vrack_private_network/test +++ /dev/null @@ -1 +0,0 @@ - From fe5ff07199bf1e1d45455dda84aa222378f40336 Mon Sep 17 00:00:00 2001 From: Antonin G <98969594+agoude@users.noreply.github.com> Date: Thu, 2 Oct 2025 09:40:54 +0200 Subject: [PATCH 18/24] Create meta.yaml meta.yaml file in the corresponding folder --- .../connect_other_ressources_in_vrack_private_network/meta.yaml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 pages/storage_and_backup/object_storage/connect_other_ressources_in_vrack_private_network/meta.yaml diff --git a/pages/storage_and_backup/object_storage/connect_other_ressources_in_vrack_private_network/meta.yaml b/pages/storage_and_backup/object_storage/connect_other_ressources_in_vrack_private_network/meta.yaml new file mode 100644 index 00000000000..516d5b66f05 --- /dev/null +++ b/pages/storage_and_backup/object_storage/connect_other_ressources_in_vrack_private_network/meta.yaml @@ -0,0 +1,2 @@ +id: aa9e5bc0-73d7-4a4a-aff4-ee1a17262430 +full_slug: public-cloud-storage-s3-with-private-network From d4e4916f7072dec3dcf1bba8ff545812bd55994c Mon Sep 17 00:00:00 2001 From: Antonin G <98969594+agoude@users.noreply.github.com> Date: Thu, 2 Oct 2025 09:43:52 +0200 Subject: [PATCH 19/24] Rename guide.fr-fr.md to guide.fr-fr.md Move file to the right folder /connect_other_ressources_in_vrack_private_network/ --- .../guide.fr-fr.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename pages/storage_and_backup/object_storage/{s3_interconnect_with_vRack => connect_other_ressources_in_vrack_private_network}/guide.fr-fr.md (100%) diff --git a/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.fr-fr.md b/pages/storage_and_backup/object_storage/connect_other_ressources_in_vrack_private_network/guide.fr-fr.md similarity index 100% rename from pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.fr-fr.md rename to pages/storage_and_backup/object_storage/connect_other_ressources_in_vrack_private_network/guide.fr-fr.md From 02ba47b01cbef27be2d0241d494761ff57db40a7 Mon Sep 17 00:00:00 2001 From: Antonin G <98969594+agoude@users.noreply.github.com> Date: Thu, 2 Oct 2025 09:44:42 +0200 Subject: [PATCH 20/24] Rename guide.en-gb.md to guide.en-gb.md Move file in the correct folder /connect_other_ressources_in_vrack_private_network/ --- .../guide.en-gb.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename pages/storage_and_backup/object_storage/{s3_interconnect_with_vRack => connect_other_ressources_in_vrack_private_network}/guide.en-gb.md (100%) diff --git a/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.en-gb.md b/pages/storage_and_backup/object_storage/connect_other_ressources_in_vrack_private_network/guide.en-gb.md similarity index 100% rename from pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/guide.en-gb.md rename to pages/storage_and_backup/object_storage/connect_other_ressources_in_vrack_private_network/guide.en-gb.md From 7f10280c9fd26c242d05e845a4534148b65548c4 Mon Sep 17 00:00:00 2001 From: Antonin G <98969594+agoude@users.noreply.github.com> Date: Thu, 2 Oct 2025 09:46:11 +0200 Subject: [PATCH 21/24] Rename object_storage_buckets_vrack_private.png to object_storage_buckets_vrack_private.png Move image in the correct folder /connect_other_ressources_in_vrack_private_network/ --- .../images/object_storage_buckets_vrack_private.png | Bin 1 file changed, 0 insertions(+), 0 deletions(-) rename pages/storage_and_backup/object_storage/{s3_interconnect_with_vRack => connect_other_ressources_in_vrack_private_network}/images/object_storage_buckets_vrack_private.png (100%) diff --git a/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/images/object_storage_buckets_vrack_private.png b/pages/storage_and_backup/object_storage/connect_other_ressources_in_vrack_private_network/images/object_storage_buckets_vrack_private.png similarity index 100% rename from pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/images/object_storage_buckets_vrack_private.png rename to pages/storage_and_backup/object_storage/connect_other_ressources_in_vrack_private_network/images/object_storage_buckets_vrack_private.png From 80090eb14ea62f655e2f5da85fe6bcefa0477ac8 Mon Sep 17 00:00:00 2001 From: Antonin G <98969594+agoude@users.noreply.github.com> Date: Thu, 2 Oct 2025 09:46:37 +0200 Subject: [PATCH 22/24] Delete pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/meta.yaml Remove older meta.yaml file --- .../object_storage/s3_interconnect_with_vRack/meta.yaml | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/meta.yaml diff --git a/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/meta.yaml b/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/meta.yaml deleted file mode 100644 index 516d5b66f05..00000000000 --- a/pages/storage_and_backup/object_storage/s3_interconnect_with_vRack/meta.yaml +++ /dev/null @@ -1,2 +0,0 @@ -id: aa9e5bc0-73d7-4a4a-aff4-ee1a17262430 -full_slug: public-cloud-storage-s3-with-private-network From 4ef3480086c37f595af2eafb71306db6950b2b1a Mon Sep 17 00:00:00 2001 From: Antonin G <98969594+agoude@users.noreply.github.com> Date: Thu, 2 Oct 2025 09:48:02 +0200 Subject: [PATCH 23/24] Update index.md Update index with correct path: storage_and_backup/object_storage/connect_other_ressources_in_vrack_private_network/ --- pages/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/index.md b/pages/index.md index 7a1e6a8e4c3..e487ec81237 100644 --- a/pages/index.md +++ b/pages/index.md @@ -739,7 +739,7 @@ + [Object Storage - Setting up CORS on Object Storage](storage_and_backup/object_storage/s3_setting_up_cors) + [Object Storage - Master asynchronous replication across your buckets](storage_and_backup/object_storage/s3_asynchronous_replication) + [Object Storage - Getting Started with Versioning](storage_and_backup/object_storage/s3_versioning) - + [Object Storage - How to connect Object Storage buckets with other resources in a vRack](storage_and_backup/object_storage/s3_interconnect_with_vRack) + + [Object Storage - How to connect Object Storage buckets with other resources in a vRack](storage_and_backup/object_storage/connect_other_ressources_in_vrack_private_network) + [Configure Object Storage with your solutions](public-cloud-storage-object-storage-configure-object-storage-with-your-solutions) + [Object Storage - Third-party applications compatibility](storage_and_backup/object_storage/s3_ecosystem) + [Object Storage - Use Object Storage with Rclone](storage_and_backup/object_storage/s3_rclone) From b64c9aa7adff90dc318df7d8023a2c9392760255 Mon Sep 17 00:00:00 2001 From: Yoann Cosse Date: Thu, 2 Oct 2025 17:59:49 +0200 Subject: [PATCH 24/24] Proofreading --- .../guide.en-gb.md | 14 +++++++------- .../guide.fr-fr.md | 11 +++++------ 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/pages/storage_and_backup/object_storage/connect_other_ressources_in_vrack_private_network/guide.en-gb.md b/pages/storage_and_backup/object_storage/connect_other_ressources_in_vrack_private_network/guide.en-gb.md index ab0593561a3..c847f685287 100644 --- a/pages/storage_and_backup/object_storage/connect_other_ressources_in_vrack_private_network/guide.en-gb.md +++ b/pages/storage_and_backup/object_storage/connect_other_ressources_in_vrack_private_network/guide.en-gb.md @@ -1,7 +1,7 @@ --- title: Object Storage - How to connect Object Storage buckets with other resources in a vRack excerpt: Find out how to use Object Storage together with resources in a Private Network -updated: 2025-10-02 +updated: 2025-10-03 --- ## Objective @@ -27,7 +27,7 @@ This also allows you to interconnect Object Storage buckets with your resources ### Creating a vRack Private Network and Public Cloud Gateway -In order to create and configure both a Public Cloud Gateway and a vRack Private Network, please follow the instructions in our documentation: [Creating a private network with Gateway](/pages/public_cloud/public_cloud_network_services/getting-started-02-create-private-network-gateway). This guide page explains how to: +In order to create and configure both a Public Cloud Gateway and a vRack Private Network, please follow the instructions in our documentation: [Creating a private network with Gateway](/pages/public_cloud/public_cloud_network_services/getting-started-02-create-private-network-gateway). This guide explains how to: - Select and create the appropriate Gateway both in terms of performance and geo-availability. - Attach an existing or newly created vRack Private Network to it. @@ -36,8 +36,8 @@ In order to create and configure both a Public Cloud Gateway and a vRack Private Once the Gateway has been created and associated to a vRack Private Network, the next step is to whitelist a set of IPs from your Object Storage. To do so, there are multiple ways: - - Using Object Storage Bucket Policies: The feature is not yet implemented but will be soon available. - - Using Object Storage User Policies where you can explicitely whitelist IP ranges that can work with Object Storage resources +- Using Object Storage Bucket Policies: The feature is not yet implemented but will be available soon. +- Using Object Storage User Policies where you can explicitly whitelist IP ranges that can work with Object Storage resources #### User Policies implementation @@ -45,8 +45,8 @@ First as a quick reminder, here is how today user permissions are evaluated: 1. if exists, evaluate user policy, else fallback to ACLs 1. check for an explicit deny: if there is an explicit deny, then deny permission, else, check for an explicit allow - 2. check for an explicit allow: if there is an explicit allow, then allow permission - 3. if there is no explicit deny nor explicit allow, then fallback to ACLs + 2. check for an explicit allow: if there is an explicit allow, then allow permission + 3. if there is no explicit deny nor explicit allow, then fallback to ACLs 2. fallback to ACLs This evaluation process will be subject to change with the upcoming implementation of bucket policies. @@ -69,7 +69,7 @@ In our scenario, we will allow all operations to specific IPs by whitelisting t } ``` -To set this new policy to your S3 user, please follow the different steps shared in the « [Object Storage - Identity and access management](/pages/storage_and_backup/object_storage/s3_identity_and_access_management) » guide, and finalise the interconnection between your Object Storage resources and those within your vRack private network. +To set this new policy to your S3 user, please follow the different steps shared in the [Object Storage - Identity and access management](/pages/storage_and_backup/object_storage/s3_identity_and_access_management) guide, and finalise the interconnection between your Object Storage resources and those within your vRack private network. ## Go further diff --git a/pages/storage_and_backup/object_storage/connect_other_ressources_in_vrack_private_network/guide.fr-fr.md b/pages/storage_and_backup/object_storage/connect_other_ressources_in_vrack_private_network/guide.fr-fr.md index 48a644eff96..7b33ad8edb8 100644 --- a/pages/storage_and_backup/object_storage/connect_other_ressources_in_vrack_private_network/guide.fr-fr.md +++ b/pages/storage_and_backup/object_storage/connect_other_ressources_in_vrack_private_network/guide.fr-fr.md @@ -1,8 +1,7 @@ --- -title: "Object Storage - Comment connecter mon bucket Object Storage avec d'autres ressources dans un réseau privé vRack ?" -excerpt: "Découvrez comment utiliser l'Object Storage avec des ressources dans un réseau privé." +title: "Object Storage - Comment connecter mon bucket Object Storage avec d'autres ressources dans un réseau privé vRack" +excerpt: "Découvrez comment utiliser l'Object Storage avec des ressources dans un réseau privé" updated: 2025-10-03 -flag: hidden --- ## Objectif @@ -37,14 +36,13 @@ Afin de créer et de configurer à la fois une Gateway Public Cloud et un résea ### Whitelisting des IP -Une fois la Gateway créée et associée à un réseau privé vRack, l'étape suivante consiste à mettre en place un whitelisting d'un ensemble d'adresses IP que souhaitez autorisées pour dialoguer avec vos ressources Object Storage. +Une fois la Gateway créée et associée à un réseau privé vRack, l'étape suivante consiste à mettre en place un whitelisting d'un ensemble d'adresses IP que vous souhaitez autoriser pour dialoguer avec vos ressources Object Storage. Pour ce faire, plusieurs moyens existent : - Utilisation des Bucket Policies Object Storage : cette fonctionnalité n'est pas encore implémentée, elle sera bientôt disponible. - Utilisation des User Policies où vous pouvez explicitement whitelister un ensemble d'adresses IP - -#### Implémentation de la politique utilisateur (User Policies) +#### Implémentation de la politique utilisateur (User Policies) Tout d'abord, voici un rappel du processus actuel d'évaluation des autorisations utilisateur : @@ -75,6 +73,7 @@ Dans notre scénario, nous allons autoriser toutes les opérations pour un ensem }] } ``` + Pour appliquer cette nouvelle politique à votre utilisateur S3, veuillez suivre lles étapes définies dans le guide « [Object Storage - Gestion des identités et des accès](/pages/storage_and_backup/object_storage/s3_identity_and_access_management) », et ainsi finaliser l'interconnexion entre vos ressources Object Storage et celles présentes au sein de votre réseau privé. ## Aller plus loin