[Epic Blob-CSI] Finalize FDI firewall rules

[cboin1996]

Refer to epic here

The fdi firewall was setup with static IP's written directly in terraform, and this can be improved.

In particular, we need to:

• Instruct FDI to make their public unclassified private, and update AAW terraform to reflect this change (this will be implemented in the new daaas subscription, but will remain as is for vdl)
• Copy something like this in order to expose the source IP range for prot-b nodes, and unclassified nodes
  • Add output in https://gitlab.k8s.cloud.statcan.ca/cloudnative/aaw/modules/terraform-azure-statcan-aaw-environment/-/blob/main/outputs.tf#L49
  • Upstream, you will need to make a change similar to this: StatCan/terraform-azure-statcan-aaw-network@8d7d584, but with address_prefixes as specified in https://gitlab.k8s.cloud.statcan.ca/cloudnative/aaw/terraform-advanced-analytics-workspaces-infrastructure/-/blob/main/dev_cc_00.tf#L180. for example

[chuckbelisle]

I'm pretty sure this can be closed, please review and action

[rohank07]

FDI has submitted the WIF document for DAS Common storage and are waiting for approval. Once that is done Yie from Architecture will help open flows from AAW firewall and the fortigate firewall. Will open a seperate ticket for ad hoc work if needed.
Closing: As for the AAW protb and unclassified nodes the flows to the AAW firewall are open