From a9d296234e4b5cce6a662bacf362ae4b2ba47333 Mon Sep 17 00:00:00 2001 From: hc-github-team-secure-vault-core <82990506+hc-github-team-secure-vault-core@users.noreply.github.com> Date: Wed, 12 Apr 2023 13:11:51 -0400 Subject: [PATCH] backport of commit 4b6ec4079d1bdccde4cab416417a296c8c233c1b (#20118) Co-authored-by: miagilepner Co-authored-by: Mike Palmiotto --- changelog/20078.txt | 3 +++ vault/logical_system_activity.go | 4 ++++ 2 files changed, 7 insertions(+) create mode 100644 changelog/20078.txt diff --git a/changelog/20078.txt b/changelog/20078.txt new file mode 100644 index 000000000000..8749354b315d --- /dev/null +++ b/changelog/20078.txt @@ -0,0 +1,3 @@ +```release-note:improvement +core/activity: error when attempting to update retention configuration below the minimum +``` \ No newline at end of file diff --git a/vault/logical_system_activity.go b/vault/logical_system_activity.go index 9c121db67829..2c1dde1ee126 100644 --- a/vault/logical_system_activity.go +++ b/vault/logical_system_activity.go @@ -348,6 +348,10 @@ func (b *SystemBackend) handleActivityConfigUpdate(ctx context.Context, req *log return logical.ErrorResponse("retention_months cannot be 0 while enabled"), logical.ErrInvalidRequest } + if a.core.censusLicensingEnabled && config.RetentionMonths < a.configOverrides.MinimumRetentionMonths { + return logical.ErrorResponse("retention_months must be at least %d while Reporting is enabled", a.configOverrides.MinimumRetentionMonths), logical.ErrInvalidRequest + } + // Store the config entry, err := logical.StorageEntryJSON(path.Join(activitySubPath, activityConfigKey), config) if err != nil {