revoke_lease not working #969
-
My script is logging in with an approle, and using those credentials to call GCP (vault_client.secrets.gcp.generate_service_account_key). After doing some work with the GCP account I wanted to release the keys, so I was trying If I logged in to the CLI with the same approle, I am able to revoke the lease without a problems. Then when looking at the
I can see the urls are built very differently, and then comparing that again to what the API doco says (https://developer.hashicorp.com/vault/api-docs/system/leases#revoke-lease) is different again, as the API doco say to use a POST method, not PUT. I am not sure what to make of all it, perhaps its version compatibilities (we are using Vault 1.12.3)??? but I was able to write this little function that did the job. Note I am still using PUT
Is anyone able to work out is going on here? |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 2 replies
-
I'm seeing this too. Looks like the API has quietly been changed for the revoke. So it looks like the HVAC revoke will potentially only work with v1.8.x and earlier. 😭 |
Beta Was this translation helpful? Give feedback.
-
As for
It looks like our A feature request should be submitted (with a PR if you're up for it!) to add the The API's documentation is here: https://developer.hashicorp.com/vault/api-docs/system/leases#revoke-lease Regarding
So while the CLI is using the path-based approach, the way @shaneseaton |
Beta Was this translation helpful? Give feedback.
-
@briantist Thanks for your response. You are indeed on the money with the permission issue. An easy oversight to make, we have updated our policies and the HVAC calls are working as expected. Thanks, I wouldn't have caught this without your assistance. |
Beta Was this translation helpful? Give feedback.
As for
PUT
vsPOST
: https://developer.hashicorp.com/vault/api-docs#api-operationsIt looks like our
revoke_lease
method has not been updated in ~5 years, but it should still work.A feature request should be submitted (with a PR if you're up for it!) to add the
sync
parameter but it should still be working without it.The API's documentation is here: https://developer.hashicorp.com/vault/api-docs/system/leases#revoke-lease
Regarding
lease_id
(emphasis mine):