From c8b4afd189c94c1ddc62e6caabd5dd4be697f5c3 Mon Sep 17 00:00:00 2001
From: miagilepner <mia.epner@hashicorp.com>
Date: Tue, 11 Apr 2023 17:09:01 +0200
Subject: [PATCH] Require activity log retention months at least the minimum
 (#20078)

* reject retention month updates that are less than min retention months

* add changelog

* reword error

* switch to retention_months
---
 changelog/20078.txt              | 3 +++
 vault/logical_system_activity.go | 4 ++++
 2 files changed, 7 insertions(+)
 create mode 100644 changelog/20078.txt

diff --git a/changelog/20078.txt b/changelog/20078.txt
new file mode 100644
index 000000000..8749354b3
--- /dev/null
+++ b/changelog/20078.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+core/activity: error when attempting to update retention configuration below the minimum 
+```
\ No newline at end of file
diff --git a/vault/logical_system_activity.go b/vault/logical_system_activity.go
index 8278247b0..b4cdb0d66 100644
--- a/vault/logical_system_activity.go
+++ b/vault/logical_system_activity.go
@@ -351,6 +351,10 @@ func (b *SystemBackend) handleActivityConfigUpdate(ctx context.Context, req *log
 		return logical.ErrorResponse("retention_months cannot be 0 while enabled"), logical.ErrInvalidRequest
 	}
 
+	if a.core.censusLicensingEnabled && config.RetentionMonths < a.configOverrides.MinimumRetentionMonths {
+		return logical.ErrorResponse("retention_months must be at least %d while Reporting is enabled", a.configOverrides.MinimumRetentionMonths), logical.ErrInvalidRequest
+	}
+
 	// Store the config
 	entry, err := logical.StorageEntryJSON(path.Join(activitySubPath, activityConfigKey), config)
 	if err != nil {