From 16d6083453bd5e4299a70202b1ad640a1179f780 Mon Sep 17 00:00:00 2001
From: "Michael B. Klein" <mbklein@gmail.com>
Date: Fri, 5 Jan 2024 20:01:43 +0000
Subject: [PATCH] Move tfvars back to secrets

---
 firewall/ip_address_sets.tf | 4 ++--
 firewall/variables.tf       | 5 +++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/firewall/ip_address_sets.tf b/firewall/ip_address_sets.tf
index d10775a..8809122 100644
--- a/firewall/ip_address_sets.tf
+++ b/firewall/ip_address_sets.tf
@@ -3,7 +3,7 @@ resource "aws_wafv2_ip_set" "nul_ip_set" {
   description        = "NU Library IPv4 Addresses"
   scope              = "REGIONAL"
   ip_address_version = "IPV4"
-  addresses          = local.nul_ips
+  addresses          = var.nul_ips.v4
   tags               = local.tags
 }
 
@@ -12,7 +12,7 @@ resource "aws_wafv2_ip_set" "nul_ipv6_set" {
   description        = "NU Library IPv6 Addresses"
   scope              = "REGIONAL"
   ip_address_version = "IPV6"
-  addresses          = local.nul_ips_v6
+  addresses          = var.nul_ips.v6
   tags               = local.tags
 }
 
diff --git a/firewall/variables.tf b/firewall/variables.tf
index 8319904..b76d7e5 100644
--- a/firewall/variables.tf
+++ b/firewall/variables.tf
@@ -18,6 +18,11 @@ variable "global_rate_limit" {
   default = 1000
 }
 
+variable "nul_ips" {
+  type    = map(list(string))
+  default = {v4 = [], v6 = []}
+}
+
 variable "resources" {
   type    = map
   default = {}