Sanctuary sync --dry-run not outputting anything
Description
sanctuary sync --dry-run
does not appear to output anything, even when changes would be made. It does not make the changes, as expected though.
Further details
Running on https://gitlab.developers.cam.ac.uk/uis/devops/digital-admissions/pools/deploy with logan@2.5.0
:
$ sanctuary --dry-run sync
$ sanctuary sync --dry-run
Both outputted nothing.
From the description "will print out what the tool would do but does not actually make any changes." I would have expected it to tell me the two secrets it will update, and the two it cannot update (as they don't exist yet).
If I also combine with --verbose
I can get some output:
sanctuary sync --dry-run --verbose
[info ] Enabling dry run. Secrets will not be changed.
[info ] Processing secret secret_name=smtp-credentials-dev
[info ] Using application default Google credentials.
[info ] Updating secret from_secret=SecretSpec(google_secret=None, op_cli_item=OnePasswordCLIItem(item_id='43dvwpb7g6fpb4xhmvpqswf7xu', fields=['username', 'password'], field=None, use_field_labels=False), op_cli_document=None) to_secret=SecretSpec(google_secret=GoogleSecret(project='uga-devel-7447350c', name='smtp-credentials', version='latest', destroy_previous_versions=False), op_cli_item=None, op_cli_document=None)
[info ] Processing secret secret_name=smtp-credentials-stag
[info ] Updating secret from_secret=SecretSpec(google_secret=None, op_cli_item=OnePasswordCLIItem(item_id='4ayjwcu2dkts7njn45aaobyhfq', fields=['username', 'password'], field=None, use_field_labels=False), op_cli_document=None) to_secret=SecretSpec(google_secret=GoogleSecret(project='uga-test-1f58c76d', name='smtp-credentials', version='latest', destroy_previous_versions=False), op_cli_item=None, op_cli_document=None)
[info ] Processing secret secret_name=smtp-credentials-int
[info ] Updating secret from_secret=SecretSpec(google_secret=None, op_cli_item=OnePasswordCLIItem(item_id='fkfisumyfdpixbfnz4eugep5qi', fields=['username', 'password'], field=None, use_field_labels=False), op_cli_document=None) to_secret=SecretSpec(google_secret=GoogleSecret(project='uga-int-85261c0e', name='smtp-credentials', version='latest', destroy_previous_versions=False), op_cli_item=None, op_cli_document=None)
[info ] Processing secret secret_name=smtp-credentials-prod
[info ] Updating secret from_secret=SecretSpec(google_secret=None, op_cli_item=OnePasswordCLIItem(item_id='drzvbkxdiq3h5xqu4jrsshywbu', fields=['username', 'password'], field=None, use_field_labels=False), op_cli_document=None) to_secret=SecretSpec(google_secret=GoogleSecret(project='uga-prod-4ef210b2', name='smtp-credentials', version='latest', destroy_previous_versions=False), op_cli_item=None, op_cli_document=None)
However the int
and prod
secrets don't exist yet so should have error'd, yet it does not represent this.
deploy % sanctuary sync --verbose
[info ] Processing secret secret_name=smtp-credentials-dev
[info ] Using application default Google credentials.
[info ] Ensuring that secret exists and is ready for update. secret=SecretSpec(google_secret=GoogleSecret(project='uga-devel-7447350c', name='smtp-credentials', version='latest', destroy_previous_versions=False), op_cli_item=None, op_cli_document=None)
[info ] Updating secret from_secret=SecretSpec(google_secret=None, op_cli_item=OnePasswordCLIItem(item_id='43dvwpb7g6fpb4xhmvpqswf7xu', fields=['username', 'password'], field=None, use_field_labels=False), op_cli_document=None) to_secret=SecretSpec(google_secret=GoogleSecret(project='uga-devel-7447350c', name='smtp-credentials', version='latest', destroy_previous_versions=False), op_cli_item=None, op_cli_document=None)
[info ] Processing secret secret_name=smtp-credentials-stag
[info ] Ensuring that secret exists and is ready for update. secret=SecretSpec(google_secret=GoogleSecret(project='uga-test-1f58c76d', name='smtp-credentials', version='latest', destroy_previous_versions=False), op_cli_item=None, op_cli_document=None)
[info ] Updating secret from_secret=SecretSpec(google_secret=None, op_cli_item=OnePasswordCLIItem(item_id='4ayjwcu2dkts7njn45aaobyhfq', fields=['username', 'password'], field=None, use_field_labels=False), op_cli_document=None) to_secret=SecretSpec(google_secret=GoogleSecret(project='uga-test-1f58c76d', name='smtp-credentials', version='latest', destroy_previous_versions=False), op_cli_item=None, op_cli_document=None)
[info ] Processing secret secret_name=smtp-credentials-int
[info ] Ensuring that secret exists and is ready for update. secret=SecretSpec(google_secret=GoogleSecret(project='uga-int-85261c0e', name='smtp-credentials', version='latest', destroy_previous_versions=False), op_cli_item=None, op_cli_document=None)
[error ] Error processing secret. error_message=Google secrets must be created before being set. secret_name=smtp-credentials-int
[info ] Processing secret secret_name=smtp-credentials-prod
[info ] Ensuring that secret exists and is ready for update. secret=SecretSpec(google_secret=GoogleSecret(project='uga-prod-4ef210b2', name='smtp-credentials', version='latest', destroy_previous_versions=False), op_cli_item=None, op_cli_document=None)
[error ] Error processing secret. error_message=Google secrets must be created before being set. secret_name=smtp-credentials-prod
Here you can see the actual sync
details. It shows how it can't update the two secrets that don't exist yet.