WIP

imperva · Nov 19, 2023 · 939448e · 939448e
1 parent ec43867
commit 939448e
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 6 deletions.
diff --git a/modules/aws/agent-gw/variables.tf b/modules/aws/agent-gw/variables.tf
@@ -181,6 +181,10 @@ variable "dam_version" {
     condition     = can(regex("^(\\d{1,2}\\.){3}\\d{1,2}$", var.dam_version))
     error_message = "Version must be in the format dd.dd.dd.dd where each dd is a number between 1-99 (e.g 14.10.1.10)"
   }
+  validation {
+    condition     = split(".", var.dam_version)[0] == "14"
+    error_message = "DAM version not supported."
+  }
 }
 
 variable "ami" {

diff --git a/modules/aws/mx/hub.tf b/modules/aws/mx/hub.tf
@@ -1,9 +1,18 @@
 locals {
   default_audit_policy  = "Default Rule - All Events"
-  hub_action_set        = "Send to DSF Hub"
-  hub_action_set_action = local.hub_action_set
+  _hub_action_set        = "Send to DSF Hub"
+  _hub_action_set_action = local._hub_action_set
+  _hub_action_set147        = "Default Archive Action Set"
+  _hub_action_set_action147 = local._hub_action_set147
+  hub_action_set = local.dam_version != "14.7" ? local._hub_action_set : local._hub_action_set147
+  hub_action_set_action = local.dam_version != "14.7" ? local._hub_action_set_action : local._hub_action_set_action147
 
-  hub_configuration = var.hub_details == null ? [] : concat([{
+  dam_version_major = split(".", var.dam_version)[0]
+  dam_version_minor = split(".", var.dam_version)[1]
+  dam_version = "${local.dam_version_major}.${local.dam_version_minor}"
+  # Archiving action set is created differently on 14.7
+
+  action_set_item = var.hub_details == [] ? null : local.dam_version != "14.7" ? [{
     name     = "send_to_hub_action_set" # https://docs.imperva.com/bundle/v14.11-database-activity-monitoring-user-guide/page/78508.htm
     method   = "PUT"
     url_path = "SecureSphere/api/v1/conf/actionSets/${local.hub_action_set}/${local.hub_action_set_action}"
@@ -12,13 +21,26 @@ locals {
       "host" : try(var.hub_details.address, null),
       "port" : try(var.hub_details.port, null),
       "apiToken" : try(var.hub_details.access_token, null)
-      # "encryptedToken": false
       "enabled" : true
       "strictCertificateChecking" : false
       }
     )
+  }] : [{
+    name     = "default_archive_action_set" # https://docs.imperva.com/bundle/v14.7-database-activity-monitoring-user-guide/page/78508.htm
+    method   = "POST"
+    url_path = "SecureSphere/api/v1/conf/actionSets/${local.hub_action_set}/${local.hub_action_set}"
+    payload = jsonencode({
+      "type" : "SonarArchiver",
+      "host" : try(var.hub_details.address, null),
+      "port" : try(var.hub_details.port, null),
+      "apiToken" : try(var.hub_details.access_token, null)
+      "strictCertificateChecking" : false
+      "actionInterface": "Send to Sonar"
+      }
+    )
     }]
-    ,
+
+  hub_configuration = concat(local.action_set_item,
     var.large_scale_mode == true ? [] : [{
       name     = "archive_default_audit_policy_to_hub" # https://docs.imperva.com/bundle/v14.11-database-activity-monitoring-user-guide/page/78508.htm
       method   = "PUT"

diff --git a/modules/aws/mx/variables.tf b/modules/aws/mx/variables.tf
@@ -179,7 +179,11 @@ variable "dam_version" {
   description = "The DAM version to install"
   validation {
     condition     = can(regex("^(\\d{1,2}\\.){3}\\d{1,2}$", var.dam_version))
-    error_message = "Version must be in the format dd.dd.dd.dd where each dd is a number between 1-99 (e.g 14.10.1.10)"
+    error_message = "Version must be in the format dd.dd.dd.dd where each dd is a number between 1-99 (e.g 14.10.1.10)."
+  }
+  validation {
+    condition     = split(".", var.dam_version)[0] == "14"
+    error_message = "DAM version not supported."
   }
 }