From fd73613aa60fc77a4c4015b8052980ff278bea09 Mon Sep 17 00:00:00 2001
From: Michal Nawrocki <michal.nawrocki@digital.justice.gov.uk>
Date: Fri, 20 Sep 2024 12:44:09 +0100
Subject: [PATCH] MAP-1602 access list rollback

---
 helm_deploy/values-prod.yaml | 56 +++++++++++++++++++++++++++++-------
 1 file changed, 46 insertions(+), 10 deletions(-)

diff --git a/helm_deploy/values-prod.yaml b/helm_deploy/values-prod.yaml
index 2f7b5cb7..4d933be9 100644
--- a/helm_deploy/values-prod.yaml
+++ b/helm_deploy/values-prod.yaml
@@ -20,29 +20,65 @@ generic-service:
     INGRESS_URL: https://use-of-force.service.justice.gov.uk
 
     allowlist:
+      office: "217.33.148.210/32"
       quantum: "62.25.109.197/32"
       quantum_alt: "212.137.36.230/32"
       health-kick: "35.177.252.195/32"
       digitalprisons1: "52.56.112.98/32"
       digitalprisons2: "52.56.118.154/32"
+      mojvpn: "81.134.202.29/32"
       j5-phones-1: "35.177.125.252/32"
       j5-phones-2: "35.177.137.160/32"
+      sodexo-northumberland: "88.98.48.10/32"
+      sodexo-northumberland2: "51.148.47.137/32"
+      sodoxeo-forest-bank: "51.155.85.249/32"
+      sodexo-peterborough: "51.155.55.241/32"
+      serco: "217.22.14.0/24"
+      ark-nps-hmcts-ttp1: "195.59.75.0/24"
+      ark-nps-hmcts-ttp2: "194.33.192.0/25"
+      ark-nps-hmcts-ttp3: "194.33.193.0/25"
+      ark-nps-hmcts-ttp4: "194.33.196.0/25"
+      ark-nps-hmcts-ttp5: "194.33.197.0/25"
+      moj-official-ark-c-expo-e: "51.149.249.0/29"
+      moj-official-ark-c-vodafone: "194.33.248.0/29"
+      moj-official-ark-f-vodafone: "194.33.249.0/29"
+      moj-official-ark-f-expo-e: "51.149.249.32/29"
+      oakwood-01: "217.161.76.184/29"
+      oakwood-02: "217.161.76.192/29"
+      oakwood-1: "217.161.76.187/32"
+      oakwood-2: "217.161.76.195/32"
+      oakwood-3: "217.161.76.186/32"
+      oakwood-4: "217.161.76.194/32"
       durham-tees-valley: "51.179.197.1/32"
       interservfls: "51.179.196.131/32"
-      crc-rrp: "62.253.83.37/32"
-      crc-pp-wwm: "5.153.255.210/32"
+      sodexo1: "80.86.46.16/32"
+      sodexo2: "80.86.46.17/32"
+      sodexo3: "80.86.46.18/32"
+      sodexo4: "51.148.9.201"
+      cloudplatform-live1-1: "35.178.209.113/32"
+      cloudplatform-live1-2: "3.8.51.207/32"
+      cloudplatform-live1-3: "35.177.252.54/32"
       dxc_webproxy1: "195.92.38.20/32"
       dxc_webproxy2: "195.92.38.21/32"
       dxc_webproxy3: "195.92.38.22/32"
       dxc_webproxy4: "195.92.38.23/32"
-      serco: "217.22.14.0/24"
-
-      groups:
-        - prisons
-        - private_prisons
-        - probation
-        - moj_cloud_platform
-        - digital_staff_and_mojo
+      moj-official-tgw-prod: "51.149.250.0/24"
+      moj-official-tgw-preprod: "51.149.251.0/24"
+      crc-rrp: "62.253.83.37/32"
+      crc-pp-wwm: "5.153.255.210/32"
+      fivewells-1: "20.49.214.199/32"
+      fivewells-2: "20.49.214.228/32"
+      fivewells-3: "195.89.157.56/29"
+      fivewells-4: "195.59.215.184/29"
+      fivewells-5: "51.149.250.0/24"
+      fivewells-6: "51.149.249.0/29"
+      fivewells-7: "194.33.249.0/29"
+      fivewells-8: "51.149.249.32/29"
+      fivewells-9: "194.33.248.0/29"
+      global-protect: "35.176.93.186/32"
+      petty-france-wifi: "213.121.161.112/28"
+      azure-landing-zone-public-egress-1: "20.26.11.71/32"
+      azure-landing-zone-public-egress-2: "20.26.11.108/32"
 
 # determine which slack channel alerts are sent to, via the correct Alert Manager receiver
 generic-prometheus-alerts: