FAQ | This is a LIVE service | Changelog

sanctuary: secret version already destroyed

@rjw57 I haven't had time to try and look at what is causing this, but it has happened a couple of times now. When I update a document-type secret in 1Password and then run sanctuary sync I get the following error. If I re-run the command after a few seconds it works with no issue.

> sanctuary sync

/Users/ryan/.virtualenvs/logan/lib/python3.11/site-packages/google/auth/_default.py:78: UserWarning: Your application has authenticated using end user credentials from Google Cloud SDK without a quota project. You might receive a "quota exceeded" or "API not enabled" error. See the following page for troubleshooting: https://cloud.google.com/docs/authentication/adc-troubleshooting/user-creds. 
  warnings.warn(_CLOUD_SDK_CREDENTIALS_WARNING)
Traceback (most recent call last):
  File "/Users/ryan/.virtualenvs/logan/lib/python3.11/site-packages/google/api_core/grpc_helpers.py", line 65, in error_remapped_callable
    return callable_(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/ryan/.virtualenvs/logan/lib/python3.11/site-packages/grpc/_channel.py", line 946, in __call__
    return _end_unary_response_blocking(state, call, False, None)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/ryan/.virtualenvs/logan/lib/python3.11/site-packages/grpc/_channel.py", line 849, in _end_unary_response_blocking
    raise _InactiveRpcError(state)
grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
        status = StatusCode.FAILED_PRECONDITION
        details = "SecretVersion.state is already DESTROYED."
        debug_error_string = "UNKNOWN:Error received from peer ipv4:142.250.179.234:443 {created_time:"2023-08-10T19:18:36.973311+01:00", grpc_status:9, grpc_message:"SecretVersion.state is already DESTROYED."}"
>

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/Users/ryan/.virtualenvs/logan/bin/sanctuary", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/Users/ryan/.virtualenvs/logan/lib/python3.11/site-packages/logan/sanctuary/tool.py", line 57, in main
    settings.synchronise(dry_run=dry_run)
  File "/Users/ryan/.virtualenvs/logan/lib/python3.11/site-packages/logan/sanctuary/settings.py", line 105, in synchronise
    secret_spec.synchronise(self, dry_run=dry_run)
  File "/Users/ryan/.virtualenvs/logan/lib/python3.11/site-packages/logan/sanctuary/settings.py", line 85, in synchronise
    self.to_secret.update(settings, from_value)
  File "/Users/ryan/.virtualenvs/logan/lib/python3.11/site-packages/logan/sanctuary/settings.py", line 55, in update
    field_value.update(settings, value)
  File "/Users/ryan/.virtualenvs/logan/lib/python3.11/site-packages/logan/sanctuary/google.py", line 108, in update
    self._destroy_all_but_latest_version(settings)
  File "/Users/ryan/.virtualenvs/logan/lib/python3.11/site-packages/logan/sanctuary/google.py", line 118, in _destroy_all_but_latest_version
    client.destroy_secret_version(
  File "/Users/ryan/.virtualenvs/logan/lib/python3.11/site-packages/google/cloud/secretmanager_v1/services/secret_manager_service/client.py", line 1852, in destroy_secret_version
    response = rpc(
               ^^^^
  File "/Users/ryan/.virtualenvs/logan/lib/python3.11/site-packages/google/api_core/gapic_v1/method.py", line 113, in __call__
    return wrapped_func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/ryan/.virtualenvs/logan/lib/python3.11/site-packages/google/api_core/timeout.py", line 120, in func_with_timeout
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/Users/ryan/.virtualenvs/logan/lib/python3.11/site-packages/google/api_core/grpc_helpers.py", line 67, in error_remapped_callable
    raise exceptions.from_grpc_error(exc) from exc
google.api_core.exceptions.FailedPrecondition: 400 SecretVersion.state is already DESTROYED.