feat: fetch azure ad ips

.github/workflows/update.yaml

@@ -0,0 +1,13 @@
+on:
+  schedule:
+    - cron: "0 0 * * 1"
+  workflow_dispatch:
+
+jobs:
+  update:
+    runs-on: ${{ var.RUNS_ON }}
+    steps:
+      - uses: actions/checkout@v4
+      - run: |
+          make update
+          make push

Makefile

@@ -0,0 +1,11 @@
+.PHONY: update-azuread update
+
+update-azuread: ## Fetch Azure Active Directory IPs and store them in azuread_ips.txt
+	./scripts/update_azuread.sh
+
+update: update-azuread ## Fetch all third-party IPs and store them in files
+
+push:
+	git add .
+	git commit -m "Beep. Bop. Automated update"
+	git push

README.md

@@ -5,3 +5,11 @@ This repository is automatically updated with EVERTRUST's CIDR ranges for whitel
 The latest version is available at all times at: https://raw.githubusercontent.com/evertrust/ip-addresses/main/ips.txt.
 
 We recommend pulling this database every day, as we may add or remove addresses with a 48h interval.
+
+## Third-party addresses
+
+For conveniance purposes, this repository also keeps an index of some third-party vendor IPs lists that are regularly updated. These lists come without any guarantee and are usually tailored for EVERTRUST's software integrations.
+
+Currently, the following lists are maintained:
+
+- [azuread_ips.txt](./azuread_ips.txt): the list of IPs used for SCIM provisioning for Entra (formerly Azure AD)

scripts/update_azuread.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# Fetch the latest download link from the Microsoft download center
+download_url=$(curl https://www.microsoft.com/en-us/download/confirmation.aspx?id=56519 | grep -o 'https://download.microsoft.com/[^"]*.json' | head -n 1)
+
+# Store the raw JSON into some variable
+raw_response=$(curl "$download_url")
+
+# Parse the JSON response and extract only IPs used for Azure AD SCIM provisioning
+echo "$raw_response" | jq -r '.values[] | select(.id == "AzureActiveDirectory") | .properties.addressPrefixes[]' > azuread_ips.txt