diff --git a/lib/services/local/integrations.go b/lib/services/local/integrations.go index 3b9842ee79690..3b1248f69c54f 100644 --- a/lib/services/local/integrations.go +++ b/lib/services/local/integrations.go @@ -213,8 +213,11 @@ func integrationReferencedByAWSICPlugin(ctx context.Context, bk backend.Backend, continue } - if pluginV1.GetType() == types.PluginType(types.PluginTypeAWSIdentityCenter) { - switch pluginV1.Spec.GetAwsIc().IntegrationName { + if pluginV1.GetType() != types.PluginType(types.PluginTypeAWSIdentityCenter) { + continue + } + if awsIC := pluginV1.Spec.GetAwsIc(); awsIC != nil { + switch awsIC.IntegrationName { case name: return nil, trace.BadParameter("cannot delete AWS OIDC integration currently referenced by AWS Identity Center integration %q", pluginV1.GetName()) default: diff --git a/lib/services/local/saml_idp_service_provider.go b/lib/services/local/saml_idp_service_provider.go index da99ef05d8ad0..6b08cf084afd9 100644 --- a/lib/services/local/saml_idp_service_provider.go +++ b/lib/services/local/saml_idp_service_provider.go @@ -419,9 +419,13 @@ func spReferencedByAWSICPlugin(ctx context.Context, bk backend.Backend, serviceP if !ok { continue } - - if pluginV1.Spec.GetAwsIc().SamlIdpServiceProviderName == serviceProviderName { - return trace.BadParameter("cannot delete SAML service provider currently referenced by AWS Identity Center integration %q", pluginV1.GetName()) + if pluginV1.GetType() != types.PluginType(types.PluginTypeAWSIdentityCenter) { + continue + } + if awsIC := pluginV1.Spec.GetAwsIc(); awsIC != nil { + if awsIC.SamlIdpServiceProviderName == serviceProviderName { + return trace.BadParameter("cannot delete SAML service provider currently referenced by AWS Identity Center integration %q", pluginV1.GetName()) + } } }