From b018e58799db969d179df242767b065028bf55fa Mon Sep 17 00:00:00 2001
From: Nemo <me@captnemo.in>
Date: Tue, 8 Sep 2020 13:53:32 +0530
Subject: [PATCH] Remove whitelist everywhere

---
 README.md  | 29 ++++++++++++++++++++---------
 outputs.tf | 20 ++++++++++++++++++--
 2 files changed, 38 insertions(+), 11 deletions(-)

diff --git a/README.md b/README.md
index ad1a931..05c6d7c 100644
--- a/README.md
+++ b/README.md
@@ -1,12 +1,12 @@
-# terraform-http-duo-whitelist ![](https://img.shields.io/badge/license-MIT-blue.svg)
+# terraform-http-duo-ips ![](https://img.shields.io/badge/license-MIT-blue.svg)
 
 This module provides an updated list of Duo's public CIDRs. These are maintained against the Duo Documentation: https://help.duo.com/s/article/1337
 
 # Usage
 
 ```hcl
-module "duo-whitelist" {
-  source  = "captn3m0/duo-whitelist/http"
+module "duo-ips" {
+  source  = "captn3m0/duo-ips/http"
   version = "1.0.0"
 }
 
@@ -15,23 +15,34 @@ resource "aws_security_group_rule" "allow_all_to_duo" {
   from_port       = 0
   to_port         = 443
   protocol        = "tcp"
-  cidr_blocks     = ["${module.duo-whitelist.cidr}"]
+  cidr_blocks     = ["${module.duo-ips.cidr}"]
   security_group_id = "sg-123456"
 }
 ```
 
-# Outputs
+## Outputs
 
 The following outputs are exported:
 
-## cidrs
+### ad\_hostnames\_ca
 
-Description: List of all Duo Service CIDRs. Whitelist for egress
+Description: Map of Duo's Microsoft Azure Active Directory Conditional Access application for Canada deployments
 
-## trusted\_endpoints\_cidrs
+### ad\_hostnames\_eu
 
-Description: Duo's Trusted Endpoint CIDRs. Whitelist for ingress
+Description: Map of Duo's Microsoft Azure Active Directory Conditional Access application for Europe deployments
 
+### cidrs
+
+Description: List of all Duo Service CIDRs. Allow for egress to Duo
+
+### duo\_ad\_hostnames\_us
+
+Description: Map of Duo's Microsoft Azure Active Directory Conditional Access application for US deployments
+
+### trusted\_endpoints\_cidrs
+
+Description: List of Duo's Trusted Endpoint CIDRs. Allow for ingress from Duo
 
 # LICENSE
 
diff --git a/outputs.tf b/outputs.tf
index 526fc98..1ad6e59 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1,5 +1,5 @@
 output "cidrs" {
-  description = "List of all Duo Service CIDRs. Whitelist for egress"
+  description = "List of all Duo Service CIDRs. Allow for egress to Duo"
 
   value = [
     "54.241.191.128/26",
@@ -8,11 +8,12 @@ output "cidrs" {
     "52.32.63.128/26",
     "52.59.243.192/26",
     "35.182.14.128/26",
+    "3.25.48.128/26"
   ]
 }
 
 output "trusted_endpoints_cidrs" {
-  description = "List of Duo's Trusted Endpoint CIDRs. Whitelist for ingress"
+  description = "List of Duo's Trusted Endpoint CIDRs. Allow for ingress from Duo"
 
   value = [
     "13.56.32.240/29",
@@ -22,3 +23,18 @@ output "trusted_endpoints_cidrs" {
     "35.182.14.128/30",
   ]
 }
+
+output "ad_hostnames_ca" {
+  description = "Map of Duo's Microsoft Azure Active Directory Conditional Access application for Canada deployments"
+  values      = ["http://cc1.azureauth.duosecurity.com/"]
+}
+
+output "ad_hostnames_eu" {
+  description = "Map of Duo's Microsoft Azure Active Directory Conditional Access application for Europe deployments"
+  values      = ["http://ec1.azureauth.duosecurity.com/", "http://eu-west.azureauth.duosecurity.com/"]
+}
+
+output "duo_ad_hostnames_us" {
+  description = "Map of Duo's Microsoft Azure Active Directory Conditional Access application for US deployments"
+  values      = ["http://us.azureauth.duosecurity.com/"]
+}