Enable FIPS mode when requested

jm-dt · jm-dt · commit a2f6d9637bb5 · 2023-12-20T07:30:09.000+01:00
This adds an option to enable FIPS mode if enablefips is set.

OneAgent uses the FIPS mode to be compliant with the FIPS 140-3
computer security standard.
diff --git a/docs/framework-dynatrace_one_agent.md b/docs/framework-dynatrace_one_agent.md
@@ -30,6 +30,7 @@ The credential payload of the service may contain the following entries:
 | `environmentid` | Your Dynatrace environment ID is the unique identifier of your Dynatrace environment. You can find it in the deploy Dynatrace section within your environment.
 | `networkzone` | (Optional) Network zones are Dynatrace entities that represent your network structure. They help you to route the traffic efficiently, avoiding unnecessary traffic across data centers and network regions. Enter the network zone you wish to pass to the server during the OneAgent Download.
 | `skiperrors` | (Optional) The errors during agent download are skipped and the injection is disabled. Use this option at your own risk. Possible values are 'true' and 'false'. This option is disabled by default!
+| `enablefips`| (Optional) Enables the use of [FIPS 140 cryptographic algorithms](https://docs.dynatrace.com/docs/shortlink/oneagentctl#fips-140). Possible values are 'true' and 'false'. This option is disabled by default!
 
 ## Configuration
 For general information on configuring the buildpack, including how to specify configuration values through environment variables, refer to [Configuration and Extension][].
diff --git a/lib/java_buildpack/framework/dynatrace_one_agent.rb b/lib/java_buildpack/framework/dynatrace_one_agent.rb
@@ -71,6 +71,10 @@ def release
         environment_variables = @droplet.environment_variables
         environment_variables.add_environment_variable(LD_PRELOAD, agent_path(manifest))
 
+        if enable_fips?
+          File.delete(@droplet.sandbox + 'agent/dt_fips_disabled.flag')
+        end
+
         dynatrace_environment_variables(manifest)
       end
 
@@ -87,6 +91,8 @@ def supports?
 
       APITOKEN = 'apitoken'
 
+      ENABLE_FIPS = 'enablefips'
+
       DT_APPLICATION_ID = 'DT_APPLICATIONID'
 
       DT_CONNECTION_POINT = 'DT_CONNECTION_POINT'
@@ -109,8 +115,9 @@ def supports?
 
       SKIP_ERRORS = 'skiperrors'
 
-      private_constant :APIURL, :APITOKEN, :DT_APPLICATION_ID, :DT_CONNECTION_POINT, :DT_NETWORK_ZONE, :DT_LOGSTREAM,
-                       :DT_TENANT, :DT_TENANTTOKEN, :ENVIRONMENTID, :FILTER, :NETWORKZONE, :SKIP_ERRORS
+      private_constant :APIURL, :APITOKEN, :ENABLE_FIPS, :DT_APPLICATION_ID, :DT_CONNECTION_POINT, :DT_NETWORK_ZONE,
+                       :DT_LOGSTREAM, :DT_TENANT, :DT_TENANTTOKEN, :LD_PRELOAD, :ENVIRONMENTID, :FILTER, :NETWORKZONE,
+                       :SKIP_ERRORS
 
       def agent_download_url
         download_uri = "#{api_base_url(credentials)}/v1/deployment/installer/agent/unix/paas/latest?include=java" \
@@ -193,7 +200,11 @@ def logstream?
       end
 
       def skip_errors?
-        credentials[SKIP_ERRORS].to_b
+        credentials[SKIP_ERRORS] == "true"
+      end
+
+      def enable_fips?
+        credentials[ENABLE_FIPS] == "true"
       end
 
       def tenanttoken(manifest)
