Unable to revoke AWS user

[pag-r]

According to revoke-lease user record should be revoked

Environment:

• Vault Version:
  Vault v0.8.3 ('bdd70ff0326b1a93241d3e079b7f174cefe8e727')
• Operating System/Architecture:
  Linux localhost 3.10.0-693.el7.x86_64 Initial Website Import #1 SMP Tue Aug 22 21:09:27 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
  CentOS Linux release 7.4.1708 (Core)

Vault Config File:

{"backend": {"zookeeper":
 {"address":"zookeeper:2181", "redirect_addr":"http://0.0.0.0:6379" }}, "listener": {"tcp": 
{"address":"0.0.0.0:8200","tls_disable":1}},
"disable_mlock":true,"plugin_directory":"/vault/vault_plugins"}

Expected Behavior:
PUT http://vault:8140/v1/sys/leases/revoke
with data

{"lease_id":"aws/creds/test/27074344-417f-a595-5dfd-eb6ed327ccdd"}

Above request should revoke AWS user.
Actual Behavior:
Error is returned:

Error code: 400 Bad Request
{
    "errors": [
        "failed to revoke entry: resp:(*logical.Response)(nil) err:SerializationError: 
failed to decode query XML error response\ncaused by: expected element type 
<ErrorResponse> but have <Response>"
    ]
}

[jefferai]

Unfortunately this seems to be coming from the underlying AWS library. Any chance you could see if 0.9 fixes things for you?

[pag-r]

I'm preparing new Docker with all deps and version 0.9.0. Will back to you with the results.

[joelthompson]

It looks like the actual error message returned from the IAM API is getting swallowed. Any chance you can look in your CloudTrail logs for details about the actual error?

[jefferai]

@pag-r Please write back if you are still having issues!