From d3ff069c9f3bc4a357d2e87c93e668e9fd10bcdb Mon Sep 17 00:00:00 2001
From: Ellie <ellie.sterner@hashicorp.com>
Date: Wed, 23 Apr 2025 09:19:04 -0500
Subject: [PATCH] docs: fix version of static role rotation issue (#30282)

* docs: fix version of static role issue

* add corrected versions and remove database references

* fix phrase

* remove plus

* remove redundant sentence

* add database aspect

* clarify upgrade path

* clarify upgrade path

* fix versions

* remove line

* Update website/content/partials/known-issues/static-role-premature-rotations.mdx

* improve wording

---------

Co-authored-by: Tony Wittinger <anwittin@users.noreply.github.com>
---
 website/content/docs/release-notes/1.16.1.mdx |  3 ++-
 website/content/docs/release-notes/1.17.0.mdx |  3 ++-
 website/content/docs/release-notes/1.18.0.mdx |  3 ++-
 website/content/docs/release-notes/1.19.0.mdx |  3 ++-
 ...tabase-static-role-premature-rotations.mdx | 24 +++++++++++++++++++
 .../static-role-premature-rotations.mdx       | 19 +++++++++++----
 6 files changed, 46 insertions(+), 9 deletions(-)
 create mode 100644 website/content/partials/known-issues/database-static-role-premature-rotations.mdx

diff --git a/website/content/docs/release-notes/1.16.1.mdx b/website/content/docs/release-notes/1.16.1.mdx
index e2989606fe..537add3f11 100644
--- a/website/content/docs/release-notes/1.16.1.mdx
+++ b/website/content/docs/release-notes/1.16.1.mdx
@@ -31,7 +31,8 @@ description: |-
 | New default (1.16.13)       | [Vault product usage metrics reporting](/vault/docs/upgrading/upgrade-to-1.6.x#product-usage-reporting)                                                                                      |
 | Deprecation (1.16.13)       | [`default_report_months` is deprecated for the `sys/internal/counters` API](/vault/docs/upgrading/upgrade-to-1.16.x#activity-log-changes)                                                    |
 | Known Issue (1.16.16)       | [Authorization failures using Azure federated identity credentials](/vault/docs/upgrading/upgrade-to-1.16.x#authorization-failures-using-azure-federated-identity-credentials) |
-| Known issue (1.16.16)       | [Unexpected static role rotations on upgrade](/vault/docs/upgrading/upgrade-to-1.16.x#static-role-rotations) | 
+| Known issue (1.16.16-1.16.18) | [Unexpected LDAP static role rotations on upgrade](/vault/docs/upgrading/upgrade-to-1.16.x#static-role-rotations) | 
+| Known issue (1.16.16-1.16.19) | [Unexpected Database static role rotations on upgrade](/vault/docs/upgrading/upgrade-to-1.16.x#db-static-role-rotations) | 
 | Known issue (1.16.0)        | [Vault log file missing subsystem logs](/vault/docs/upgrading/upgrade-to-1.16.x#log-files)
 
 
diff --git a/website/content/docs/release-notes/1.17.0.mdx b/website/content/docs/release-notes/1.17.0.mdx
index 64e3d2a794..cfedd4277b 100644
--- a/website/content/docs/release-notes/1.17.0.mdx
+++ b/website/content/docs/release-notes/1.17.0.mdx
@@ -31,7 +31,8 @@ description: |-
 | New default (1.17.9)                           | [Vault product usage metrics reporting](/vault/docs/upgrading/upgrade-to-1.17.x#product-usage-reporting)                                                                                         |
 | Deprecation (1.17.9)                           | [`default_report_months` is deprecated for the `sys/internal/counters` API](/vault/docs/upgrading/upgrade-to-1.17.x#activity-log-changes)                                                        |
 | Known Issue (1.17.12)                          | [Authorization failures using Azure federated identity credentials](/vault/docs/upgrading/upgrade-to-1.17.x#authorization-failures-using-azure-federated-identity-credentials) |
-| Known issue (1.17.12)                          | [Unexpected static role rotations on upgrade](/vault/docs/upgrading/upgrade-to-1.17.x#static-role-rotations) |
+| Known issue (1.17.12-1.17.14)                  | [Unexpected LDAP static role rotations on upgrade](/vault/docs/upgrading/upgrade-to-1.17.x#static-role-rotations) |
+| Known issue (1.17.12-1.17.15)                  | [Unexpected Database static role rotations on upgrade](/vault/docs/upgrading/upgrade-to-1.17.x#db-static-role-rotations) |
 | Known issue (1.17.0)                           | [Vault log file missing subsystem logs](/vault/docs/upgrading/upgrade-to-1.17.x#log-files)
 
 
diff --git a/website/content/docs/release-notes/1.18.0.mdx b/website/content/docs/release-notes/1.18.0.mdx
index 699972a10f..8b0c42a0f7 100644
--- a/website/content/docs/release-notes/1.18.0.mdx
+++ b/website/content/docs/release-notes/1.18.0.mdx
@@ -20,7 +20,8 @@ description: |-
 | Beta feature removed (1.18) | [Request limiter removed](/vault/docs/upgrading/upgrade-to-1.18.x#request-limiter-configuration-removal)             |
 | New default (1.18.2)        | [Vault product usage metrics reporting](/vault/docs/upgrading/upgrade-to-1.18.x#product-usage-reporting)             |
 | Known Issue (1.18.5)        | [Authorization failures using Azure federated identity credentials](/vault/docs/upgrading/upgrade-to-1.18.x#authorization-failures-using-azure-federated-identity-credentials) |
-| Known issue (1.18.5)        | [Unexpected static role rotations on upgrade](/vault/docs/upgrading/upgrade-to-1.18.x#static-role-rotations) | 
+| Known issue (1.18.5-1.18.7) | [Unexpected LDAP static role rotations on upgrade](/vault/docs/upgrading/upgrade-to-1.18.x#static-role-rotations) | 
+| Known issue (1.18.5-1.18.8) | [Unexpected Database static role rotations on upgrade](/vault/docs/upgrading/upgrade-to-1.18.x#db-static-role-rotations)
 | Known issue (1.18.0)        | [Vault log file missing subsystem logs](/vault/docs/upgrading/upgrade-to-1.18.x#log-files)
 
 
diff --git a/website/content/docs/release-notes/1.19.0.mdx b/website/content/docs/release-notes/1.19.0.mdx
index 769d04141b..a6833a4773 100644
--- a/website/content/docs/release-notes/1.19.0.mdx
+++ b/website/content/docs/release-notes/1.19.0.mdx
@@ -23,7 +23,8 @@ description: |-
 | Known issue (1.19.x, 1.18.x, 1.17.x, 1.16.x)  | [Duplicate HSM keys creation when migrating to HSM from Shamir](/vault/docs/upgrading/upgrade-to-1.19.x#hsm-keys)
 | New behavior (1.19.0)                         | [Uppercase values are no longer forced to lower case](/vault/docs/upgrading/upgrade-to-1.19.x#case-sensitive)
 | Known issue (1.19.0)                          | [Login/token renewal failures after group changes](/vault/docs/upgrading/upgrade-to-1.19.x#group-writes)
-| Known issue (1.19.0)                          | [Unexpected static role rotations on upgrade](/vault/docs/upgrading/upgrade-to-1.19.x#static-role-rotations)
+| Known issue (1.19.0, 1.19.1)                  | [Unexpected LDAP static role rotations on upgrade](/vault/docs/upgrading/upgrade-to-1.19.x#static-role-rotations)
+| Known issue (1.19.0, 1.19.1, 1.19.2)          | [Unexpected Database static role rotations on upgrade](/vault/docs/upgrading/upgrade-to-1.19.x#db-static-role-rotations)
 | Known issue (1.19.0)                          | [Vault log file missing subsystem logs](/vault/docs/upgrading/upgrade-to-1.19.x#log-files)
        
 
diff --git a/website/content/partials/known-issues/database-static-role-premature-rotations.mdx b/website/content/partials/known-issues/database-static-role-premature-rotations.mdx
new file mode 100644
index 0000000000..0c73f04e5b
--- /dev/null
+++ b/website/content/partials/known-issues/database-static-role-premature-rotations.mdx
@@ -0,0 +1,24 @@
+### Database static role rotations on upgrade ((#db-static-role-rotations))
+
+#### Affected Upgrade Path
+* This issue only occurs when upgrading from the following initial versions to the following target versions:
+
+Initial Versions (any version prior to 1.15.0):
+- 1.14.x
+- 1.13.x
+- and earlier
+
+Target Versions:
+- 1.19.0, 1.19.1, 1.19.2
+- 1.18.5, 1.18.6, 1.18.7, 1.18.8
+- 1.17.12, 1.17.13, 1.17.14, 1.17.15
+- 1.16.16, 1.16.17, 1.16.18, 1.16.19
+
+#### Issue
+Vault automatically rotates existing static roles tied to Database
+credentials once when upgrading to an affected target version from an 
+affected initial version. After the one-time rotation, the static roles behave as expected.
+
+#### Workaround
+If you rely on Database static roles and are currently on a version prior to 1.15.0, 
+avoid upgrading directly to the target versions listed above.
\ No newline at end of file
diff --git a/website/content/partials/known-issues/static-role-premature-rotations.mdx b/website/content/partials/known-issues/static-role-premature-rotations.mdx
index e54c285301..3bf3f27e64 100644
--- a/website/content/partials/known-issues/static-role-premature-rotations.mdx
+++ b/website/content/partials/known-issues/static-role-premature-rotations.mdx
@@ -1,13 +1,22 @@
-### Static role rotations on upgrade ((#static-role-rotations))
+### LDAP static role rotations on upgrade ((#static-role-rotations))
 
 #### Affected Versions
-- 1.19.0, 1.18.5, 1.17.12, 1.16.16
+- 1.19.0, 1.19.1
+- 1.18.5, 1.18.6, 1.18.7
+- 1.17.12, 1.17.13, 1.17.14
+- 1.16.16, 1.16.17, 1.16.18
+
+#### Fixed Versions
+- 1.19.2
+- 1.18.8
+- 1.17.15
+- 1.16.19
 
 #### Issue
-Vault automatically rotates existing static roles tied to database and LDAP
+Vault automatically rotates existing static roles tied to LDAP
 credentials once when upgrading to an affected version. After the one-time
 rotation, the static roles behave as expected.
 
 #### Workaround
-If you rely on LDAP or static database roles, avoid upgrading to the affected
-versions until we fix the issue.
\ No newline at end of file
+If you rely on LDAP static roles, avoid upgrading to the affected
+versions.
\ No newline at end of file