From 749f6cacfcb505dfb023337830c5566b94aa3af3 Mon Sep 17 00:00:00 2001
From: Angela Tran <angela@compiler.la>
Date: Mon, 7 Nov 2022 21:50:12 +0000
Subject: [PATCH 1/2] feat(terraform): define variable-driven IP address
 restrictions

---
 terraform/app_service.tf | 8 +++++++-
 terraform/variables.tf   | 4 ++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/terraform/app_service.tf b/terraform/app_service.tf
index 7fa9c9e5..f22e255a 100644
--- a/terraform/app_service.tf
+++ b/terraform/app_service.tf
@@ -19,7 +19,13 @@ resource "azurerm_linux_web_app" "main" {
   https_only          = true
 
   site_config {
-    ftps_state             = "Disabled"
+    ftps_state = "Disabled"
+    dynamic "ip_restriction" {
+      for_each = var.IP_ADDRESS_WHITELIST
+      content {
+        ip_address = ip_restriction.value
+      }
+    }
     vnet_route_all_enabled = true
     application_stack {
       docker_image     = "ghcr.io/cal-itp/eligibility-server"
diff --git a/terraform/variables.tf b/terraform/variables.tf
index 1c35be88..4a9aba28 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -3,3 +3,7 @@
 variable "VELOCITY_ETL_SERVICE_PRINCIPAL_ID" {
   description = "Object ID from the registered application for the Velocity server ETL uploading: https://cloudsight.zendesk.com/hc/en-us/articles/360016785598-Azure-finding-your-service-principal-object-ID"
 }
+variable "IP_ADDRESS_WHITELIST" {
+  description = "List of IP addresses allowed to connect to the app service."
+  type        = list(any)
+}

From 7d171e9f197e6ff1721efe66044291fc754bdd9b Mon Sep 17 00:00:00 2001
From: Angela Tran <angela@compiler.la>
Date: Mon, 7 Nov 2022 17:46:24 -0600
Subject: [PATCH 2/2] chore(terraform): improve variable type declaration

Co-authored-by: Aidan Feldman <aidan@compiler.la>
---
 terraform/variables.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/terraform/variables.tf b/terraform/variables.tf
index 4a9aba28..5a4e3109 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -5,5 +5,5 @@ variable "VELOCITY_ETL_SERVICE_PRINCIPAL_ID" {
 }
 variable "IP_ADDRESS_WHITELIST" {
   description = "List of IP addresses allowed to connect to the app service."
-  type        = list(any)
+  type        = list(string)
 }