Adds whitelist to repo server

Adds list of servers allowed to acceess the repo server.

base/repo_server/main.tf

@@ -166,7 +166,7 @@ module "public_dns_record" {
 #The Cloud init data is to prepare the instance for use. 
 data "template_file" "cloud_init" {
   # Should these be in a common directory? I suspect they'd be reusable
-  template = "${file("${path.module}/cloud-init/cloud_init.tpl")}"
+  template = file("${path.module}/cloud-init/cloud_init.tpl")
 
   vars = {
     hostname = var.instance_name
@@ -212,7 +212,7 @@ resource "aws_security_group_rule" "http-in" {
   from_port = 80
   to_port = 80
   protocol = "tcp"
-  cidr_blocks = [ "10.0.0.0/8" ]
+  cidr_blocks = toset(concat([ "10.0.0.0/8" ], var.repo_server_whitelist))
   security_group_id = aws_security_group.repo_server_security_group.id
 }
 
@@ -222,7 +222,7 @@ resource "aws_security_group_rule" "https-in" {
   from_port = 443
   to_port = 443
   protocol = "tcp"
-  cidr_blocks = [ "10.0.0.0/8" ]
+  cidr_blocks = toset(concat([ "10.0.0.0/8" ], var.repo_server_whitelist))
   security_group_id = aws_security_group.repo_server_security_group.id
 }
 

base/repo_server/vars.tf

@@ -39,6 +39,7 @@ variable "afs_azure_pop" { type = list(string) }
 variable "afs_pop" { type = list(string) }
 variable "proxy" { type = string }
 variable "salt_master" { type = string }
+variable "repo_server_whitelist" { type = list(string) }
 
 variable "cidr_map" { type = map }
 variable "dns_info" { type = map }