From 84c58f66bb65f4517691a81256efd1f5a0315d50 Mon Sep 17 00:00:00 2001
From: Ellie <ellie.sterner@hashicorp.com>
Date: Thu, 12 Sep 2024 14:26:09 -0500
Subject: [PATCH] add warning to identify which entities have 1+ aliases with
 the same mount accessor (#28054)

* add warning to identity which entities have 1+ aliases with the same mount accessor

* remove redundant log
---
 vault/identity_store_util.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/vault/identity_store_util.go b/vault/identity_store_util.go
index 19395e0c68..4e963e48e7 100644
--- a/vault/identity_store_util.go
+++ b/vault/identity_store_util.go
@@ -459,6 +459,10 @@ LOOP:
 
 				mountAccessors := getAccessorsOnDuplicateAliases(entity.Aliases)
 
+				if len(mountAccessors) > 0 {
+					i.logger.Warn("Entity has multiple aliases on the same mount(s)", "entity_id", entity.ID, "mount_accessors", mountAccessors)
+				}
+
 				for _, accessor := range mountAccessors {
 					if _, ok := duplicatedAccessors[accessor]; !ok {
 						duplicatedAccessors[accessor] = struct{}{}
@@ -498,10 +502,6 @@ LOOP:
 		accessorCounter++
 	}
 
-	if len(duplicatedAccessorsList) > 0 {
-		i.logger.Warn("One or more entities have multiple aliases on the same mount(s), remove duplicates to avoid ACL templating issues", "mount_accessors", duplicatedAccessorsList)
-	}
-
 	if i.logger.IsInfo() {
 		i.logger.Info("entities restored")
 	}