From 3fe2b0ddadffb9a536a4ab0a3c5619bacb3535b8 Mon Sep 17 00:00:00 2001
From: antoninguyot <antonin.guyot@icloud.com>
Date: Tue, 10 Sep 2024 18:15:30 +0200
Subject: [PATCH] feat: fetch azure ad ips

---
 .github/workflows/update.yaml | 13 +++++++++++++
 Makefile                      | 11 +++++++++++
 README.md                     |  8 ++++++++
 scripts/update_azuread.sh     | 10 ++++++++++
 4 files changed, 42 insertions(+)
 create mode 100644 .github/workflows/update.yaml
 create mode 100644 Makefile
 create mode 100755 scripts/update_azuread.sh

diff --git a/.github/workflows/update.yaml b/.github/workflows/update.yaml
new file mode 100644
index 0000000..0ac85d2
--- /dev/null
+++ b/.github/workflows/update.yaml
@@ -0,0 +1,13 @@
+on:
+  schedule:
+    - cron: "0 0 * * 1"
+  workflow_dispatch:
+
+jobs:
+  update:
+    runs-on: ${{ var.RUNS_ON }}
+    steps:
+      - uses: actions/checkout@v4
+      - run: |
+          make update
+          make push
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..7ae0e3c
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,11 @@
+.PHONY: update-azuread update
+
+update-azuread: ## Fetch Azure Active Directory IPs and store them in azuread_ips.txt
+	./scripts/update_azuread.sh
+
+update: update-azuread ## Fetch all third-party IPs and store them in files
+
+push:
+	git add .
+	git commit -m "Beep. Bop. Automated update"
+	git push
diff --git a/README.md b/README.md
index eded180..4d47cb2 100644
--- a/README.md
+++ b/README.md
@@ -5,3 +5,11 @@ This repository is automatically updated with EVERTRUST's CIDR ranges for whitel
 The latest version is available at all times at: https://raw.githubusercontent.com/evertrust/ip-addresses/main/ips.txt.
 
 We recommend pulling this database every day, as we may add or remove addresses with a 48h interval.
+
+## Third-party addresses
+
+For conveniance purposes, this repository also keeps an index of some third-party vendor IPs lists that are regularly updated. These lists come without any guarantee and are usually tailored for EVERTRUST's software integrations.
+
+Currently, the following lists are maintained:
+
+- [azuread_ips.txt](./azuread_ips.txt): the list of IPs used for SCIM provisioning for Entra (formerly Azure AD)
diff --git a/scripts/update_azuread.sh b/scripts/update_azuread.sh
new file mode 100755
index 0000000..907b43f
--- /dev/null
+++ b/scripts/update_azuread.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# Fetch the latest download link from the Microsoft download center
+download_url=$(curl https://www.microsoft.com/en-us/download/confirmation.aspx?id=56519 | grep -o 'https://download.microsoft.com/[^"]*.json' | head -n 1)
+
+# Store the raw JSON into some variable
+raw_response=$(curl "$download_url")
+
+# Parse the JSON response and extract only IPs used for Azure AD SCIM provisioning
+echo "$raw_response" | jq -r '.values[] | select(.id == "AzureActiveDirectory") | .properties.addressPrefixes[]' > azuread_ips.txt