Require activity log retention months at least the minimum (hashicorp…

…#20078) * reject retention month updates that are less than min retention months * add changelog * reword error * switch to retention_months
fopina · Apr 11, 2023 · 4b6ec40 · 4b6ec40
1 parent 65297e5
commit 4b6ec40
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/changelog/20078.txt b/changelog/20078.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+core/activity: error when attempting to update retention configuration below the minimum 
+```
diff --git a/vault/logical_system_activity.go b/vault/logical_system_activity.go
@@ -351,6 +351,10 @@ func (b *SystemBackend) handleActivityConfigUpdate(ctx context.Context, req *log
 		return logical.ErrorResponse("retention_months cannot be 0 while enabled"), logical.ErrInvalidRequest
 	}
 
+	if a.core.censusLicensingEnabled && config.RetentionMonths < a.configOverrides.MinimumRetentionMonths {
+		return logical.ErrorResponse("retention_months must be at least %d while Reporting is enabled", a.configOverrides.MinimumRetentionMonths), logical.ErrInvalidRequest
+	}
+
 	// Store the config
 	entry, err := logical.StorageEntryJSON(path.Join(activitySubPath, activityConfigKey), config)
 	if err != nil {