diff --git a/modules/aws/agent-gw/variables.tf b/modules/aws/agent-gw/variables.tf index e5eab6a3f..2f9e757fb 100644 --- a/modules/aws/agent-gw/variables.tf +++ b/modules/aws/agent-gw/variables.tf @@ -181,6 +181,10 @@ variable "dam_version" { condition = can(regex("^(\\d{1,2}\\.){3}\\d{1,2}$", var.dam_version)) error_message = "Version must be in the format dd.dd.dd.dd where each dd is a number between 1-99 (e.g 14.10.1.10)" } + validation { + condition = split(".", var.dam_version)[0] == "14" + error_message = "DAM version not supported." + } } variable "ami" { diff --git a/modules/aws/mx/hub.tf b/modules/aws/mx/hub.tf index c8c6b3b67..00b64d816 100644 --- a/modules/aws/mx/hub.tf +++ b/modules/aws/mx/hub.tf @@ -1,9 +1,18 @@ locals { default_audit_policy = "Default Rule - All Events" - hub_action_set = "Send to DSF Hub" - hub_action_set_action = local.hub_action_set + _hub_action_set = "Send to DSF Hub" + _hub_action_set_action = local._hub_action_set + _hub_action_set147 = "Default Archive Action Set" + _hub_action_set_action147 = local._hub_action_set147 + hub_action_set = local.dam_version != "14.7" ? local._hub_action_set : local._hub_action_set147 + hub_action_set_action = local.dam_version != "14.7" ? local._hub_action_set_action : local._hub_action_set_action147 - hub_configuration = var.hub_details == null ? [] : concat([{ + dam_version_major = split(".", var.dam_version)[0] + dam_version_minor = split(".", var.dam_version)[1] + dam_version = "${local.dam_version_major}.${local.dam_version_minor}" + # Archiving action set is created differently on 14.7 + + action_set_item = var.hub_details == [] ? null : local.dam_version != "14.7" ? [{ name = "send_to_hub_action_set" # https://docs.imperva.com/bundle/v14.11-database-activity-monitoring-user-guide/page/78508.htm method = "PUT" url_path = "SecureSphere/api/v1/conf/actionSets/${local.hub_action_set}/${local.hub_action_set_action}" @@ -12,13 +21,26 @@ locals { "host" : try(var.hub_details.address, null), "port" : try(var.hub_details.port, null), "apiToken" : try(var.hub_details.access_token, null) - # "encryptedToken": false "enabled" : true "strictCertificateChecking" : false } ) + }] : [{ + name = "default_archive_action_set" # https://docs.imperva.com/bundle/v14.7-database-activity-monitoring-user-guide/page/78508.htm + method = "POST" + url_path = "SecureSphere/api/v1/conf/actionSets/${local.hub_action_set}/${local.hub_action_set}" + payload = jsonencode({ + "type" : "SonarArchiver", + "host" : try(var.hub_details.address, null), + "port" : try(var.hub_details.port, null), + "apiToken" : try(var.hub_details.access_token, null) + "strictCertificateChecking" : false + "actionInterface": "Send to Sonar" + } + ) }] - , + + hub_configuration = concat(local.action_set_item, var.large_scale_mode == true ? [] : [{ name = "archive_default_audit_policy_to_hub" # https://docs.imperva.com/bundle/v14.11-database-activity-monitoring-user-guide/page/78508.htm method = "PUT" diff --git a/modules/aws/mx/variables.tf b/modules/aws/mx/variables.tf index d018db556..8a4beb4d5 100644 --- a/modules/aws/mx/variables.tf +++ b/modules/aws/mx/variables.tf @@ -179,7 +179,11 @@ variable "dam_version" { description = "The DAM version to install" validation { condition = can(regex("^(\\d{1,2}\\.){3}\\d{1,2}$", var.dam_version)) - error_message = "Version must be in the format dd.dd.dd.dd where each dd is a number between 1-99 (e.g 14.10.1.10)" + error_message = "Version must be in the format dd.dd.dd.dd where each dd is a number between 1-99 (e.g 14.10.1.10)." + } + validation { + condition = split(".", var.dam_version)[0] == "14" + error_message = "DAM version not supported." } }