Added support for DAM 14.7 (LTS) (#318)

imperva · Nov 20, 2023 · 19ad03d · 19ad03d
1 parent 2bc9b7e
commit 19ad03d
Show file tree

Hide file tree

Showing 6 changed files with 58 additions and 11 deletions.
diff --git a/modules/aws/agent-gw/variables.tf b/modules/aws/agent-gw/variables.tf
@@ -181,6 +181,10 @@ variable "dam_version" {
     condition     = can(regex("^(\\d{1,2}\\.){3}\\d{1,2}$", var.dam_version))
     error_message = "Version must be in the format dd.dd.dd.dd where each dd is a number between 1-99 (e.g 14.10.1.10)"
   }
+  validation {
+    condition     = split(".", var.dam_version)[0] == "14"
+    error_message = "DAM version not supported."
+  }
 }
 
 variable "ami" {

diff --git a/modules/aws/mx/configuration.tf b/modules/aws/mx/configuration.tf
@@ -1,5 +1,5 @@
 locals {
-  conf_timeout = 60 * 15
+  conf_timeout = 60 * 40
 
   configuration_elements = concat(
     local.service_group_configuration,
@@ -8,9 +8,12 @@ locals {
   )
   commands = <<-EOF
       ${templatefile("${path.module}/configure.tftpl",
-  { mx_address        = local.mx_address_for_api
-    https_auth_header = local.https_auth_header
-configuration_elements = local.configuration_elements })}
+        { mx_address        = local.mx_address_for_api
+          https_auth_header = local.https_auth_header
+          configuration_elements = local.configuration_elements
+          timeout = local.conf_timeout
+        })
+      }
     EOF
 }
 

diff --git a/modules/aws/mx/configure.tftpl b/modules/aws/mx/configure.tftpl
@@ -2,9 +2,20 @@
 set -x
 set -e
 
+start_time=$(date +%s)
+
 cookie_file=$(mktemp)
 response_file=$(mktemp)
 
+function exit_on_timeout() {
+  now=$(date +%s)
+  elapsed=$((now-start_time))
+  if [ $elapsed -gt ${timeout} ]; then
+    echo "Timeout reached."
+    exit 1
+  fi
+}
+
 http_code=$(curl -k -s --cookie-jar $cookie_file -o $response_file -w "%%{http_code}" \
   --request POST 'https://${mx_address}:8083/SecureSphere/api/v1/auth/session' \
   --header "Authorization: Basic ${https_auth_header}")
@@ -27,6 +38,7 @@ while true; do
     fi
   fi
 
+  exit_on_timeout
   echo "sleep 1m"
   sleep 60
 done
@@ -52,6 +64,8 @@ while true; do
       break
     fi
   fi
+
+  exit_on_timeout
   echo "sleep 1m"
   sleep 60
 done

diff --git a/modules/aws/mx/hub.tf b/modules/aws/mx/hub.tf
@@ -1,9 +1,18 @@
 locals {
   default_audit_policy  = "Default Rule - All Events"
-  hub_action_set        = "Send to DSF Hub"
-  hub_action_set_action = local.hub_action_set
+  _hub_action_set        = "Send to DSF Hub"
+  _hub_action_set_action = local._hub_action_set
+  _hub_action_set147        = "Default Archive Action Set"
+  _hub_action_set_action147 = local._hub_action_set147
+  hub_action_set = local.dam_version != "14.7" ? local._hub_action_set : local._hub_action_set147
+  hub_action_set_action = local.dam_version != "14.7" ? local._hub_action_set_action : local._hub_action_set_action147
 
-  hub_configuration = var.hub_details == null ? [] : concat([{
+  # Archiving action set is created differently on 14.7
+  dam_version_major = split(".", var.dam_version)[0]
+  dam_version_minor = split(".", var.dam_version)[1]
+  dam_version = "${local.dam_version_major}.${local.dam_version_minor}"
+
+  action_set_item = var.hub_details == null ? [] : local.dam_version != "14.7" ? [{
     name     = "send_to_hub_action_set" # https://docs.imperva.com/bundle/v14.11-database-activity-monitoring-user-guide/page/78508.htm
     method   = "PUT"
     url_path = "SecureSphere/api/v1/conf/actionSets/${local.hub_action_set}/${local.hub_action_set_action}"
@@ -12,13 +21,26 @@ locals {
       "host" : try(var.hub_details.address, null),
       "port" : try(var.hub_details.port, null),
       "apiToken" : try(var.hub_details.access_token, null)
-      # "encryptedToken": false
       "enabled" : true
       "strictCertificateChecking" : false
       }
     )
+  }] : [{
+    name     = "default_archive_action_set" # https://docs.imperva.com/bundle/v14.7-database-activity-monitoring-user-guide/page/78508.htm
+    method   = "POST"
+    url_path = "SecureSphere/api/v1/conf/actionSets/${local.hub_action_set}/${local.hub_action_set_action}"
+    payload = jsonencode({
+      "type" : "SonarArchiver",
+      "host" : try(var.hub_details.address, null),
+      "port" : try(var.hub_details.port, null),
+      "apiToken" : try(var.hub_details.access_token, null)
+      "strictCertificateChecking" : false
+      "actionInterface": "Send to Sonar"
+      }
+    )
     }]
-    ,
+
+  hub_configuration = var.hub_details == null ? [] : concat(local.action_set_item,
     var.large_scale_mode == true ? [] : [{
       name     = "archive_default_audit_policy_to_hub" # https://docs.imperva.com/bundle/v14.11-database-activity-monitoring-user-guide/page/78508.htm
       method   = "PUT"

diff --git a/modules/aws/mx/main.tf b/modules/aws/mx/main.tf
@@ -62,7 +62,7 @@ locals {
   ]
 
   https_auth_header = base64encode("admin:${var.mx_password}")
-  timeout           = 60 * 35
+  timeout           = 60 * 40
 
   readiness_commands = templatefile("${path.module}/readiness.tftpl", {
     mx_address        = local.mx_address_for_api

diff --git a/modules/aws/mx/variables.tf b/modules/aws/mx/variables.tf
@@ -179,7 +179,11 @@ variable "dam_version" {
   description = "The DAM version to install"
   validation {
     condition     = can(regex("^(\\d{1,2}\\.){3}\\d{1,2}$", var.dam_version))
-    error_message = "Version must be in the format dd.dd.dd.dd where each dd is a number between 1-99 (e.g 14.10.1.10)"
+    error_message = "Version must be in the format dd.dd.dd.dd where each dd is a number between 1-99 (e.g 14.10.1.10)."
+  }
+  validation {
+    condition     = split(".", var.dam_version)[0] == "14"
+    error_message = "DAM version not supported."
   }
 }