From 45879cda203cf9acfc46ece7464a31700706fc73 Mon Sep 17 00:00:00 2001
From: Shahe Islam <shahe.islam@education.gov.uk>
Date: Tue, 19 Nov 2024 16:12:53 +0000
Subject: [PATCH] Allowing IP restriction

---
 terraform/.terraform.lock.hcl                 |  2 ++
 terraform/app.tf                              | 24 ++-----------------
 .../vendor/modules/domains                    |  1 +
 .../infrastructure/vendor/modules/domains     |  1 +
 4 files changed, 6 insertions(+), 22 deletions(-)
 create mode 160000 terraform/domains/environment_domains/vendor/modules/domains
 create mode 160000 terraform/domains/infrastructure/vendor/modules/domains

diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl
index 7de9266d8..e4b4c2c72 100644
--- a/terraform/.terraform.lock.hcl
+++ b/terraform/.terraform.lock.hcl
@@ -6,6 +6,7 @@ provider "registry.terraform.io/hashicorp/azurerm" {
   constraints = "3.116.0"
   hashes = [
     "h1:2QbjtN4oMXzdA++Nvrj/wSmWZTPgXKOSFGGQCLEMrb4=",
+    "h1:BCR3NIorFSvGG3v/+JOiiw3VM4PkChLO4m84wzD9NDo=",
     "zh:02b6606aff025fc2a962b3e568e000300abe959adac987183c24dac8eb057f4d",
     "zh:2a23a8ce24ff9e885925ffee0c3ea7eadba7a702541d05869275778aa47bdea7",
     "zh:57d10746384baeca4d5c56e88872727cdc150f437b8c5e14f0542127f7475e24",
@@ -25,6 +26,7 @@ provider "registry.terraform.io/statuscakedev/statuscake" {
   version     = "2.2.2"
   constraints = "2.2.2"
   hashes = [
+    "h1:nVaJkDBk4sv0yWFzg3p+yeJGzE8mB4KJv3Q6/UgU164=",
     "h1:wFoZJfmNvG6XTf65NLai67geSHqYV1Tilx7OITrHilE=",
     "zh:0916313344c579d6e05d70f88129a10fe48f7dabe0e61cad17874d6c496f288d",
     "zh:0d491ff72c2eda6482855033ca2146c5ace1663d07cb3da7253b59ed2e2ec6f4",
diff --git a/terraform/app.tf b/terraform/app.tf
index afbf5ad28..a86319a0a 100644
--- a/terraform/app.tf
+++ b/terraform/app.tf
@@ -137,28 +137,8 @@ resource "azurerm_linux_web_app" "rsm-app" {
     minimum_tls_version = "1.2"
     health_check_path   = "/health"
 
-    ip_restriction_default_action     = "Deny"
-    scm_ip_restriction_default_action = "Deny"
-
-    dynamic "ip_restriction" {
-      for_each = var.domain != null ? [1] : []
-
-      content {
-        name     = "FrontDoor"
-        action   = "Allow"
-        priority = 1
-        headers = [{
-          x_azure_fdid      = try([local.infrastructure_secrets.FRONTDOOR_ID], [])
-          x_fd_health_probe = []
-          x_forwarded_for   = []
-          x_forwarded_host  = []
-        }]
-        service_tag               = "AzureFrontDoor.Backend"
-        ip_address                = null
-        virtual_network_subnet_id = null
-
-      }
-    }
+    ip_restriction_default_action     = "Allow"
+    scm_ip_restriction_default_action = "Allow"
   }
 
   app_settings = local.rsm_env_vars
diff --git a/terraform/domains/environment_domains/vendor/modules/domains b/terraform/domains/environment_domains/vendor/modules/domains
new file mode 160000
index 000000000..eae51cf1b
--- /dev/null
+++ b/terraform/domains/environment_domains/vendor/modules/domains
@@ -0,0 +1 @@
+Subproject commit eae51cf1b82b5eb5a4fe6cafd76d50c8469b4aad
diff --git a/terraform/domains/infrastructure/vendor/modules/domains b/terraform/domains/infrastructure/vendor/modules/domains
new file mode 160000
index 000000000..26f3b77e8
--- /dev/null
+++ b/terraform/domains/infrastructure/vendor/modules/domains
@@ -0,0 +1 @@
+Subproject commit 26f3b77e849d40258b854234e9e2e3b8ef463296