From de56c728a1676bfa37c1f4b81fde44484edd2df1 Mon Sep 17 00:00:00 2001
From: miagilepner <mia.epner@hashicorp.com>
Date: Fri, 31 Mar 2023 17:05:16 +0200
Subject: [PATCH] VAULT-13191: OSS changes (#19891)

* add open source changes for reporting

* fix function signature

* add changelog
---
 changelog/19891.txt                        |  3 +++
 command/server/config_test_helpers.go      |  1 +
 command/server/config_test_helpers_util.go |  1 +
 vault/activity_log.go                      | 10 ++++++++++
 vault/core.go                              |  3 +++
 vault/logical_system_activity.go           |  5 +++++
 vault/testing.go                           |  1 +
 7 files changed, 24 insertions(+)
 create mode 100644 changelog/19891.txt

diff --git a/changelog/19891.txt b/changelog/19891.txt
new file mode 100644
index 000000000..b030151e8
--- /dev/null
+++ b/changelog/19891.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+core (enterprise): add configuration for license reporting 
+```
\ No newline at end of file
diff --git a/command/server/config_test_helpers.go b/command/server/config_test_helpers.go
index f0327f2e6..c171fdbe6 100644
--- a/command/server/config_test_helpers.go
+++ b/command/server/config_test_helpers.go
@@ -1100,6 +1100,7 @@ func testParseSeals(t *testing.T) {
 			},
 		},
 	}
+	addExpectedDefaultEntConfig(expected)
 	config.Prune()
 	require.Equal(t, config, expected)
 }
diff --git a/command/server/config_test_helpers_util.go b/command/server/config_test_helpers_util.go
index ff72cd6db..7f8c02e1c 100644
--- a/command/server/config_test_helpers_util.go
+++ b/command/server/config_test_helpers_util.go
@@ -6,4 +6,5 @@
 package server
 
 func addExpectedEntConfig(c *Config, sentinelModules []string)                         {}
+func addExpectedDefaultEntConfig(c *Config)                                            {}
 func addExpectedEntSanitizedConfig(c map[string]interface{}, sentinelModules []string) {}
diff --git a/vault/activity_log.go b/vault/activity_log.go
index 432cccc3b..00e685b9e 100644
--- a/vault/activity_log.go
+++ b/vault/activity_log.go
@@ -196,6 +196,9 @@ type ActivityLogCoreConfig struct {
 
 	// CensusReportInterval is the testing configuration for time
 	CensusReportInterval time.Duration
+
+	// MinimumRetentionMonths defines the minimum value for retention
+	MinimumRetentionMonths int
 }
 
 // NewActivityLog creates an activity log.
@@ -956,6 +959,10 @@ func (a *ActivityLog) SetConfigInit(config activityConfig) {
 	a.defaultReportMonths = config.DefaultReportMonths
 	a.retentionMonths = config.RetentionMonths
 
+	if a.retentionMonths < a.configOverrides.MinimumRetentionMonths {
+		a.retentionMonths = a.configOverrides.MinimumRetentionMonths
+	}
+
 	if a.configOverrides.CensusReportInterval > 0 {
 		a.CensusReportInterval = a.configOverrides.CensusReportInterval
 	}
@@ -1013,6 +1020,9 @@ func (a *ActivityLog) SetConfig(ctx context.Context, config activityConfig) {
 
 	a.defaultReportMonths = config.DefaultReportMonths
 	a.retentionMonths = config.RetentionMonths
+	if a.retentionMonths < a.configOverrides.MinimumRetentionMonths {
+		a.retentionMonths = a.configOverrides.MinimumRetentionMonths
+	}
 
 	// check for segments out of retention period, if it has changed
 	go a.retentionWorker(ctx, time.Now(), a.retentionMonths)
diff --git a/vault/core.go b/vault/core.go
index a2e0c90c7..8f2503a16 100644
--- a/vault/core.go
+++ b/vault/core.go
@@ -644,6 +644,9 @@ type Core struct {
 	// censusAgent is the mechanism used for reporting Vault's billing data.
 	censusAgent *CensusAgent
 
+	// censusLicensingEnabled records whether Vault is exporting census metrics
+	censusLicensingEnabled bool
+
 	// activeTime is set on active nodes indicating the time at which this node
 	// became active.
 	activeTime time.Time
diff --git a/vault/logical_system_activity.go b/vault/logical_system_activity.go
index 40ded2364..8278247b0 100644
--- a/vault/logical_system_activity.go
+++ b/vault/logical_system_activity.go
@@ -325,6 +325,11 @@ func (b *SystemBackend) handleActivityConfigUpdate(ctx context.Context, req *log
 			if config.Enabled == "enable" && enabledStr == "disable" ||
 				!activityLogEnabledDefault && config.Enabled == "enable" && enabledStr == "default" ||
 				activityLogEnabledDefault && config.Enabled == "default" && enabledStr == "disable" {
+
+				// if census is enabled, the activity log cannot be disabled
+				if a.core.censusLicensingEnabled {
+					return logical.ErrorResponse("cannot disable the activity log while Reporting is enabled"), logical.ErrInvalidRequest
+				}
 				warnings = append(warnings, "the current monthly segment will be deleted because the activity log was disabled")
 			}
 
diff --git a/vault/testing.go b/vault/testing.go
index cd295058c..17d25ef8f 100644
--- a/vault/testing.go
+++ b/vault/testing.go
@@ -239,6 +239,7 @@ func TestCoreWithSealAndUINoCleanup(t testing.T, opts *CoreConfig) *Core {
 	}
 
 	conf.ActivityLogConfig = opts.ActivityLogConfig
+	testApplyEntBaseConfig(conf, opts)
 
 	c, err := NewCore(conf)
 	if err != nil {