Adds list of users for access to storage and more service endpoints

This sets up the rest of the service endpoints on the subnets. It also
adds a variable map specifically to grant IP access to the storage
buckets. This new variable map is necessary since the azure storage ip
rules do not accept /32 CIDR ranges. The rest of the services do support
cidr ranges.

terraform/providers/dev/buckets.tf

@@ -9,7 +9,7 @@ module "task_order_bucket" {
   region       = var.region
   policy       = "Allow"
   subnet_ids   = [module.vpc.subnets]
-  whitelist    = var.admin_user_whitelist
+  whitelist    = var.storage_admin_whitelist
 }
 
 # TF State should be restricted to admins only, but IP protected
@@ -25,5 +25,5 @@ module "tf_state" {
   region       = var.region
   policy       = "Deny"
   subnet_ids   = []
-  whitelist    = var.admin_user_whitelist
+  whitelist    = var.storage_admin_whitelist
 }

terraform/providers/dev/variables.tf

@@ -39,8 +39,8 @@ variable "networks" {
 variable "service_endpoints" {
   type = map
   default = {
-    public  = ""
-    private = "Microsoft.Storage,Microsoft.KeyVault"
+    public  = "Microsoft.ContainerRegistry" # Not necessary but added to avoid infinite state loop
+    private = "Microsoft.Storage,Microsoft.KeyVault,Microsoft.ContainerRegistry,Microsoft.Sql"
   }
 }
 
@@ -96,6 +96,14 @@ variable "admin_user_whitelist" {
   }
 }
 
+variable "storage_admin_whitelist" {
+  type = map
+  default = {
+    "Rob Gil"           = "66.220.238.246"
+    "Dan Corrigan Work" = "108.16.207.173"
+  }
+}
+
 variable "vpn_client_cidr" {
   type    = list
   default = ["172.16.255.0/24"]