Enable FIPS mode when requested

jm-dt · jm-dt · commit 49e08c2d9f6a · 2023-10-31T15:14:28.000+01:00
diff --git a/docs/framework-dynatrace_one_agent.md b/docs/framework-dynatrace_one_agent.md
@@ -30,6 +30,7 @@ The credential payload of the service may contain the following entries:
 | `environmentid` | Your Dynatrace environment ID is the unique identifier of your Dynatrace environment. You can find it in the deploy Dynatrace section within your environment.
 | `networkzone` | (Optional) Network zones are Dynatrace entities that represent your network structure. They help you to route the traffic efficiently, avoiding unnecessary traffic across data centers and network regions. Enter the network zone you wish to pass to the server during the OneAgent Download.
 | `skiperrors` | (Optional) The errors during agent download are skipped and the injection is disabled. Use this option at your own risk. Possible values are 'true' and 'false'. This option is disabled by default!
+| `enablefips`| (Optional) Enables the use of [FIPS 140 cryptographic algorithms](https://docs.dynatrace.com/docs/shortlink/oneagentctl#fips-140). Possible values are 'true' and 'false'. This option is disabled by default!
 
 ## Configuration
 For general information on configuring the buildpack, including how to specify configuration values through environment variables, refer to [Configuration and Extension][].
diff --git a/lib/java_buildpack/framework/dynatrace_one_agent.rb b/lib/java_buildpack/framework/dynatrace_one_agent.rb
@@ -71,6 +71,11 @@ def release
         environment_variables = @droplet.environment_variables
         environment_variables.add_environment_variable(LD_PRELOAD, agent_path(manifest))
 
+        if enable_fips?
+          @logger.warn { "DELETE FIPS FLAG FILE, because this is true: #{credentials[ENABLE_FIPS]}" }
+          File.delete(@droplet.sandbox + 'agent/dt_fips_disabled.flag')
+        end
+
         dynatrace_environment_variables(manifest)
       end
 
@@ -87,6 +92,8 @@ def supports?
 
       APITOKEN = 'apitoken'
 
+      ENABLE_FIPS = 'enablefips'
+
       DT_APPLICATION_ID = 'DT_APPLICATIONID'
 
       DT_CONNECTION_POINT = 'DT_CONNECTION_POINT'
@@ -109,8 +116,9 @@ def supports?
 
       SKIP_ERRORS = 'skiperrors'
 
-      private_constant :APIURL, :APITOKEN, :DT_APPLICATION_ID, :DT_CONNECTION_POINT, :DT_NETWORK_ZONE, :DT_LOGSTREAM,
-                       :DT_TENANT, :DT_TENANTTOKEN, :ENVIRONMENTID, :FILTER, :NETWORKZONE, :SKIP_ERRORS
+      private_constant :APIURL, :APITOKEN, :ENABLE_FIPS, :DT_APPLICATION_ID, :DT_CONNECTION_POINT, :DT_NETWORK_ZONE,
+                       :DT_LOGSTREAM, :DT_TENANT, :DT_TENANTTOKEN, :LD_PRELOAD, :ENVIRONMENTID, :FILTER, :NETWORKZONE,
+                       :SKIP_ERRORS
 
       def agent_download_url
         download_uri = "#{api_base_url(credentials)}/v1/deployment/installer/agent/unix/paas/latest?include=java" \
@@ -196,6 +204,10 @@ def skip_errors?
         credentials[SKIP_ERRORS].to_b
       end
 
+      def enable_fips?
+        credentials[ENABLE_FIPS].to_b
+      end
+
       def tenanttoken(manifest)
         manifest['tenantToken']
       end
