# For IPs that are trusted because of which employee/location they're coming from.
# 
# Fred dreams of deleting this file completely.
locals {

  # "Trusted IPs" are used for the bastion host and for testing direct access to things like alsi.
  # These are sensitive, so keep the list small! Consider using 'admin_ips' instead!
  trusted_ips = [
    "108.203.37.38/32",  # Duane Waddle
    "24.11.231.98/32",   # George Starcher
    "99.151.37.185/32",  # Wesley Leonard
    "73.10.53.113/32",   # Rick Page Home
    "74.211.32.26/32",   # Brad Poulton
    "71.120.148.108/32", # Brandon Naughton
    "67.167.142.200/32", # Fred Damstra
    "188.210.17.19/32",  # Jeremy Cooper
    "97.117.127.174/32", # Colby Williams
  ]

  # Admin IPs are allowed to access the admin pages of systems
  # Automatically includes "trusted IPs" above
  admin_ips = flatten(distinct(concat(
    [
      "108.28.25.119/32",   # James Kerr Home
      "104.9.149.90/32",    # Greg Rivas Home
      "170.248.173.247/32", # AFS site
      "170.248.173.245/32", # AFS site
      "107.207.74.118/32",  # Angelita Crawley Home
      "69.207.192.131/32",  # Aaron Flores Home
      "70.120.19.33/32",    # Hilda Colon-Martinez Home
      "198.13.82.11/32",    # Hussein Carrenard Home
      # Access while on the Test VPN:
      "18.252.69.251/32", # Test VPN NAT GW - vpc-access-afs-mdr-test-c2-gov-us-gov-east-1a
      "18.253.180.54/32", # Test VPN NAT GW - vpc-access-afs-mdr-test-c2-gov-us-gov-east-1b
      "18.253.72.90/32",  # Test VPN NAT GW - vpc-access-afs-mdr-test-c2-gov-us-gov-east-1c
      # Access while on the Prod VPN:
      "18.252.61.226/32",  # Prod VPN NAT GW - vpc-access-afs-mdr-prod-c2-gov-us-gov-east-1a
      "18.252.100.113/32", # Prod VPN NAT GW - vpc-access-afs-mdr-prod-c2-gov-us-gov-east-1b
      "18.252.105.2/32",   # Prod VPN NAT GW - vpc-access-afs-mdr-prod-c2-gov-us-gov-east-1c
    ],
    local.trusted_ips
  )))

  # portal_test_whitelist allows access to the test portal
  # Automatically includes admin_ips and trusted_ips
  portal_test_whitelist = flatten(distinct(concat(
    [
      "12.245.107.250/32", # DPS Office Legato
      "12.204.167.162/32", # DPS Office San Antonio
      "54.86.98.62/32",    # DPS AWS User VPN
      "73.213.108.186/32", # LaDonia Wicks
    ],
    local.admin_ips
  )))

  # from https://config.zscaler.com/zscalergov.net/cenr
  zscalar_ips = [
    "165.225.3.0/24",
    "136.226.10.0/23",
    "136.226.12.0/23",
    "136.226.14.0/23",
    "165.225.46.0/24",
    "136.226.6.0/23",
    "136.226.4.0/23",
    "136.226.8.0/23",
    "136.226.22.0/24",
    "165.225.48.0/24",
    "136.226.18.0/23",
    "136.226.16.0/23",
    "136.226.20.0/23",
  ]

}