From 9c8fcaf5a5103fa3e1b63e09bf9cf436ac3b318a Mon Sep 17 00:00:00 2001
From: Hamid Ghaf <83242695+hghaf099@users.noreply.github.com>
Date: Tue, 31 Jan 2023 16:06:16 -0500
Subject: [PATCH] prevent panic on mfa enforcement delete after a namespace is
 deleted (#18923)

* prevent panic on mfa enforcement delete after a namespace is deleted

* CL
---
 changelog/18923.txt | 3 +++
 vault/login_mfa.go  | 4 ++++
 2 files changed, 7 insertions(+)
 create mode 100644 changelog/18923.txt

diff --git a/changelog/18923.txt b/changelog/18923.txt
new file mode 100644
index 000000000..2b4abae01
--- /dev/null
+++ b/changelog/18923.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+core: prevent panic in login mfa enforcement delete after enforcement's namespace is deleted
+```
diff --git a/vault/login_mfa.go b/vault/login_mfa.go
index 2a7ac6c19..03ba941d0 100644
--- a/vault/login_mfa.go
+++ b/vault/login_mfa.go
@@ -2700,6 +2700,10 @@ func (b *LoginMFABackend) deleteMFALoginEnforcementConfigByNameAndNamespace(ctx
 		return err
 	}
 
+	if eConfig == nil {
+		return nil
+	}
+
 	entryIndex := mfaLoginEnforcementPrefix + eConfig.ID
 	barrierView, err := b.Core.barrierViewForNamespace(eConfig.NamespaceID)
 	if err != nil {