From 34af6bab1e2addeb20566d45f41ea5453053eac0 Mon Sep 17 00:00:00 2001
From: Nick Cabatoff <ncabatoff@hashicorp.com>
Date: Mon, 21 Mar 2022 15:09:31 -0400
Subject: [PATCH] Add a check for missing entity during local alias
 invalidation. (#14622)

---
 changelog/14622.txt     | 3 +++
 vault/identity_store.go | 4 ++++
 2 files changed, 7 insertions(+)
 create mode 100644 changelog/14622.txt

diff --git a/changelog/14622.txt b/changelog/14622.txt
new file mode 100644
index 000000000..289756a53
--- /dev/null
+++ b/changelog/14622.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+replication (enterprise): fix panic due to missing entity during invalidation of local aliases.
+```
\ No newline at end of file
diff --git a/vault/identity_store.go b/vault/identity_store.go
index 4332af32e..bd0d11116 100644
--- a/vault/identity_store.go
+++ b/vault/identity_store.go
@@ -773,6 +773,10 @@ func (i *IdentityStore) Invalidate(ctx context.Context, key string) {
 				i.logger.Error("failed to fetch entity during local alias invalidation", "entity_id", alias.CanonicalID, "error", err)
 				return
 			}
+			if entity == nil {
+				i.logger.Error("failed to fetch entity during local alias invalidation, missing entity", "entity_id", alias.CanonicalID, "error", err)
+				continue
+			}
 
 			// Delete local aliases from the entity.
 			err = i.deleteAliasesInEntityInTxn(txn, entity, []*identity.Alias{alias})