hashicorp · akshya96 · Mar 25, 2024 · Mar 22, 2024 · Mar 22, 2024 · Mar 25, 2024
@@ -12,6 +12,7 @@ import (
 	"io"
 	"net/http"
 	"os"
+	"path"
 	"sort"
 	"strconv"
 	"strings"
@@ -1893,7 +1894,7 @@ type activityConfig struct {
 func defaultActivityConfig() activityConfig {
 	return activityConfig{
 		DefaultReportMonths: 12,
-		RetentionMonths:     24,
+		RetentionMonths:     ActivityLogMinimumRetentionMonths,
 		Enabled:             "default",
 	}
 }
@@ -1913,9 +1914,36 @@ func (a *ActivityLog) loadConfigOrDefault(ctx context.Context) (activityConfig,
 		return config, err
 	}
 
+	// check if the retention time is lesser than the default
+	if config.RetentionMonths < ActivityLogMinimumRetentionMonths {
+		updatedConfig, err := a.setDefaultRetentionMonthsInConfig(ctx, config)
+		if err != nil {
+			return config, err
+		}
+		return updatedConfig, nil
+	}
 	return config, nil
 }
 
+// setDefaultRetentionMonthsInConfig sets the retention months in activity config with default value.
+// This supports upgrades from versions prior to set the new default ActivityLogMinimumRetentionMonths.
+func (a *ActivityLog) setDefaultRetentionMonthsInConfig(ctx context.Context, inputConfig activityConfig) (activityConfig, error) {
+	inputConfig.RetentionMonths = ActivityLogMinimumRetentionMonths
+
+	// Store the config
+	entry, err := logical.StorageEntryJSON(path.Join(activitySubPath, activityConfigKey), inputConfig)
+	if err != nil {
+		return inputConfig, err
+	}
+	if err := a.view.Put(ctx, entry); err != nil {
+		return inputConfig, err
+	}
+
+	// Set the new config on the activity log
+	a.SetConfig(ctx, inputConfig)
+	return inputConfig, nil
+}
+
 // HandleTokenUsage adds the TokenEntry to the current fragment of the activity log
 // This currently occurs on token usage only.
 func (a *ActivityLog) HandleTokenUsage(ctx context.Context, entry *logical.TokenEntry, clientID string, isTWE bool) error {

@@ -861,7 +861,7 @@ func TestActivityLog_API_ConfigCRUD_Census(t *testing.T) {
 		if err == nil {
 			t.Fatal("expected error")
 		}
-		if resp.Data["error"] != `retention_months must be at least 24 while Reporting is enabled` {
+		if resp.Data["error"] != retentionMonthsOutOfBounds {
 			t.Fatalf("bad: %v", resp)
 		}
 	} else {
@@ -872,13 +872,20 @@ func TestActivityLog_API_ConfigCRUD_Census(t *testing.T) {
 
 	req = logical.TestRequest(t, logical.UpdateOperation, "internal/counters/config")
 	req.Storage = view
-	req.Data["retention_months"] = 26
+	req.Data["retention_months"] = 56
 	resp, err = b.HandleRequest(namespace.RootContext(nil), req)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	if resp != nil {
-		t.Fatalf("bad: %#v", resp)
+	if core.ManualLicenseReportingEnabled() {
+		if resp != nil {
+			t.Fatalf("bad: %#v", resp)
+		}
+	} else {
+		expectedWarning := defaultToRetentionMonthsMaxWarning
+		if resp.Warnings[0] != expectedWarning {
+			t.Fatalf("expected warning not present")
+		}
 	}
 
 	req = logical.TestRequest(t, logical.UpdateOperation, "internal/counters/config")
@@ -918,9 +925,14 @@ func TestActivityLog_API_ConfigCRUD_Census(t *testing.T) {
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
+	expectedRetentionMonths := activityLogMaximumRetentionMonths
+	if core.ManualLicenseReportingEnabled() {
+		expectedRetentionMonths = 56
+	}
+
 	expected := map[string]interface{}{
 		"default_report_months":    12,
-		"retention_months":         26,
+		"retention_months":         expectedRetentionMonths,
 		"enabled":                  "enable",
 		"queries_available":        false,
 		"reporting_enabled":        core.AutomatedLicenseReportingEnabled(),

@@ -115,7 +115,7 @@ func (a *ActivityLog) SetStandbyEnable(ctx context.Context, enabled bool) {
 	// TODO only patch enabled?
 	a.SetConfigStandby(ctx, activityConfig{
 		DefaultReportMonths: 12,
-		RetentionMonths:     24,
+		RetentionMonths:     ActivityLogMinimumRetentionMonths,
 		Enabled:             enableStr,
 	})
 }

diff --git a/vault/census.go b/vault/census.go
@@ -10,6 +10,14 @@ import "time"
 // CensusAgent is a stub for OSS
 type CensusReporter interface{}
 
+const (
+	// ActivityLogMinimumRetentionMonths sets the default minimum retention_months
+	ActivityLogMinimumRetentionMonths = 0
+
+	// activityLogMaximumRetentionMonths sets the default maximum retention_months
+	activityLogMaximumRetentionMonths = 36
+)
+
 func (c *Core) setupCensusManager() error                        { return nil }
 func (c *Core) BillingStart() time.Time                          { return time.Time{} }
 func (c *Core) AutomatedLicenseReportingEnabled() bool           { return false }

@@ -18,6 +18,14 @@ import (
 	"github.com/hashicorp/vault/sdk/logical"
 )
 
+var (
+	// retentionMonthsOutOfBounds is an error string for invalid values of retention_months
+	retentionMonthsOutOfBounds = fmt.Sprintf("retention_months value outside valid range: [%d, %d]", ActivityLogMinimumRetentionMonths, activityLogMaximumRetentionMonths)
+
+	// defaultToRetentionMonthsMaxWarning is a warning message for setting the max retention_months value when retention_months value is more than activityLogMaximumRetentionMonths
+	defaultToRetentionMonthsMaxWarning = fmt.Sprintf("%s: defaulting to max: %d", retentionMonthsOutOfBounds, activityLogMaximumRetentionMonths)
+)
+
 // activityQueryPath is available in every namespace
 func (b *SystemBackend) activityQueryPath() *framework.Path {
 	return &framework.Path{
@@ -109,7 +117,7 @@ func (b *SystemBackend) rootActivityPaths() []*framework.Path {
 				},
 				"retention_months": {
 					Type:        framework.TypeInt,
-					Default:     24,
+					Default:     ActivityLogMinimumRetentionMonths,
 					Description: "Number of months of client data to retain. Setting to 0 will clear all existing data.",
 				},
 				"enabled": {
@@ -367,13 +375,13 @@ func (b *SystemBackend) handleActivityConfigUpdate(ctx context.Context, req *log
 			config.RetentionMonths = retentionMonthsRaw.(int)
 		}
 
-		if config.RetentionMonths < 0 {
-			return logical.ErrorResponse("retention_months must be greater than or equal to 0"), logical.ErrInvalidRequest
+		if config.RetentionMonths < ActivityLogMinimumRetentionMonths {
+			return logical.ErrorResponse(retentionMonthsOutOfBounds), logical.ErrInvalidRequest
 		}
 
-		if config.RetentionMonths > 36 {
-			config.RetentionMonths = 36
-			warnings = append(warnings, "retention_months cannot be greater than 36; capped to 36.")
+		if config.RetentionMonths > activityLogMaximumRetentionMonths {
+			config.RetentionMonths = activityLogMaximumRetentionMonths
+			warnings = append(warnings, defaultToRetentionMonthsMaxWarning)
 		}
 	}
 
@@ -416,7 +424,7 @@ func (b *SystemBackend) handleActivityConfigUpdate(ctx context.Context, req *log
 		return logical.ErrorResponse("retention_months cannot be 0 while enabled"), logical.ErrInvalidRequest
 	}
 
-	// if manual license reporting is enabled, retention months must at least be 24 months
+	// if manual license reporting is enabled, retention months must at least be 48 months
 	if a.core.ManualLicenseReportingEnabled() && config.RetentionMonths < minimumRetentionMonths {
 		return logical.ErrorResponse("retention_months must be at least %d while Reporting is enabled", minimumRetentionMonths), logical.ErrInvalidRequest
 	}