From 9274d74698559827fc212021764648ebc8d9ee06 Mon Sep 17 00:00:00 2001
From: Ellie <ellie.sterner@hashicorp.com>
Date: Fri, 26 Jul 2024 07:13:11 -0500
Subject: [PATCH] fix bug in which vault altered a canonical ID belonging to an
 alias, not a clone (#27824)

---
 vault/identity_store_aliases.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vault/identity_store_aliases.go b/vault/identity_store_aliases.go
index 152f4cb0e8a3..0fc822fe041d 100644
--- a/vault/identity_store_aliases.go
+++ b/vault/identity_store_aliases.go
@@ -247,7 +247,7 @@ func (i *IdentityStore) handleAliasCreateUpdate() framework.OperationFunc {
 		if mountEntry.NamespaceID != ns.ID {
 			return logical.ErrorResponse("matching mount is in a different namespace than request"), logical.ErrPermissionDenied
 		}
-		alias, err := i.MemDBAliasByFactors(mountAccessor, name, false, false)
+		alias, err := i.MemDBAliasByFactors(mountAccessor, name, true, false)
 		if err != nil {
 			return nil, err
 		}