Add identity store nil checks

vault/core.go

@@ -697,7 +697,7 @@ func (c *Core) LookupToken(token string) (*TokenEntry, error) {
 // This list includes the policies from the entity itself and from all the
 // groups in which the given entity ID is a member of.
 func (c *Core) fetchEntityAndDerivedPolicies(entityID string) (*identity.Entity, []string, error) {
-	if entityID == "" {
+	if entityID == "" || c.identityStore == nil {
 		return nil, nil, nil
 	}
 

vault/identity_store_util.go

@@ -21,7 +21,8 @@ import (
 func (c *Core) loadIdentityStoreArtifacts(ctx context.Context) error {
 	var err error
 	if c.identityStore == nil {
-		return fmt.Errorf("identity store is not setup")
+		c.logger.Warn("identity store is not setup, skipping loading")
+		return nil
 	}
 
 	err = c.identityStore.loadEntities(ctx)

vault/request_handling.go

@@ -364,7 +364,8 @@ func (c *Core) handleRequest(ctx context.Context, req *logical.Request) (retResp
 		resp != nil &&
 		resp.Auth != nil &&
 		resp.Auth.EntityID != "" &&
-		resp.Auth.GroupAliases != nil {
+		resp.Auth.GroupAliases != nil &&
+		c.identityStore != nil {
 		err := c.identityStore.refreshExternalGroupMembershipsByEntityID(resp.Auth.EntityID, resp.Auth.GroupAliases)
 		if err != nil {
 			c.logger.Error("failed to refresh external group memberships", "error", err)
@@ -498,7 +499,10 @@ func (c *Core) handleLoginRequest(ctx context.Context, req *logical.Request) (re
 
 		mEntry := c.router.MatchingMountEntry(req.Path)
 
-		if auth.Alias != nil && mEntry != nil && !mEntry.Local {
+		if auth.Alias != nil &&
+			mEntry != nil &&
+			!mEntry.Local &&
+			c.identityStore != nil {
 			// Overwrite the mount type and mount path in the alias
 			// information
 			auth.Alias.MountType = req.MountType