Comment 1 for bug 1952792

If Juju makes an cloud (MAAS in this case) API call, if the cloud responses with codes 401, 403 etc then Juju will deem the credential to be invalid as the api call was rejected as unauthorised.

It seems that here MAAS might be responding to attempt to delete a locked node with 403, thus triggering the juju to deem the credential as invalid. We need to audit what return codes MAAS uses and see what's appropriate to use to trigger the invalid credential behaviour in juju.