FAQ | This is a LIVE service | Changelog

Sanctuary sync --dry-run not outputting anything

Description

sanctuary sync --dry-run does not appear to output anything, even when changes would be made. It does not make the changes, as expected though.

Further details

Running on https://gitlab.developers.cam.ac.uk/uis/devops/digital-admissions/pools/deploy with logan@2.5.0:

$ sanctuary --dry-run sync
$ sanctuary sync --dry-run

Both outputted nothing.

From the description "will print out what the tool would do but does not actually make any changes." I would have expected it to tell me the two secrets it will update, and the two it cannot update (as they don't exist yet).

If I also combine with --verbose I can get some output:

sanctuary sync --dry-run --verbose
[info     ] Enabling dry run. Secrets will not be changed.
[info     ] Processing secret              secret_name=smtp-credentials-dev
[info     ] Using application default Google credentials.
[info     ] Updating secret                from_secret=SecretSpec(google_secret=None, op_cli_item=OnePasswordCLIItem(item_id='43dvwpb7g6fpb4xhmvpqswf7xu', fields=['username', 'password'], field=None, use_field_labels=False), op_cli_document=None) to_secret=SecretSpec(google_secret=GoogleSecret(project='uga-devel-7447350c', name='smtp-credentials', version='latest', destroy_previous_versions=False), op_cli_item=None, op_cli_document=None)
[info     ] Processing secret              secret_name=smtp-credentials-stag
[info     ] Updating secret                from_secret=SecretSpec(google_secret=None, op_cli_item=OnePasswordCLIItem(item_id='4ayjwcu2dkts7njn45aaobyhfq', fields=['username', 'password'], field=None, use_field_labels=False), op_cli_document=None) to_secret=SecretSpec(google_secret=GoogleSecret(project='uga-test-1f58c76d', name='smtp-credentials', version='latest', destroy_previous_versions=False), op_cli_item=None, op_cli_document=None)
[info     ] Processing secret              secret_name=smtp-credentials-int
[info     ] Updating secret                from_secret=SecretSpec(google_secret=None, op_cli_item=OnePasswordCLIItem(item_id='fkfisumyfdpixbfnz4eugep5qi', fields=['username', 'password'], field=None, use_field_labels=False), op_cli_document=None) to_secret=SecretSpec(google_secret=GoogleSecret(project='uga-int-85261c0e', name='smtp-credentials', version='latest', destroy_previous_versions=False), op_cli_item=None, op_cli_document=None)
[info     ] Processing secret              secret_name=smtp-credentials-prod
[info     ] Updating secret                from_secret=SecretSpec(google_secret=None, op_cli_item=OnePasswordCLIItem(item_id='drzvbkxdiq3h5xqu4jrsshywbu', fields=['username', 'password'], field=None, use_field_labels=False), op_cli_document=None) to_secret=SecretSpec(google_secret=GoogleSecret(project='uga-prod-4ef210b2', name='smtp-credentials', version='latest', destroy_previous_versions=False), op_cli_item=None, op_cli_document=None)

However the int and prod secrets don't exist yet so should have error'd, yet it does not represent this.

deploy % sanctuary sync --verbose          
[info     ] Processing secret              secret_name=smtp-credentials-dev
[info     ] Using application default Google credentials.
[info     ] Ensuring that secret exists and is ready for update. secret=SecretSpec(google_secret=GoogleSecret(project='uga-devel-7447350c', name='smtp-credentials', version='latest', destroy_previous_versions=False), op_cli_item=None, op_cli_document=None)
[info     ] Updating secret                from_secret=SecretSpec(google_secret=None, op_cli_item=OnePasswordCLIItem(item_id='43dvwpb7g6fpb4xhmvpqswf7xu', fields=['username', 'password'], field=None, use_field_labels=False), op_cli_document=None) to_secret=SecretSpec(google_secret=GoogleSecret(project='uga-devel-7447350c', name='smtp-credentials', version='latest', destroy_previous_versions=False), op_cli_item=None, op_cli_document=None)
[info     ] Processing secret              secret_name=smtp-credentials-stag
[info     ] Ensuring that secret exists and is ready for update. secret=SecretSpec(google_secret=GoogleSecret(project='uga-test-1f58c76d', name='smtp-credentials', version='latest', destroy_previous_versions=False), op_cli_item=None, op_cli_document=None)
[info     ] Updating secret                from_secret=SecretSpec(google_secret=None, op_cli_item=OnePasswordCLIItem(item_id='4ayjwcu2dkts7njn45aaobyhfq', fields=['username', 'password'], field=None, use_field_labels=False), op_cli_document=None) to_secret=SecretSpec(google_secret=GoogleSecret(project='uga-test-1f58c76d', name='smtp-credentials', version='latest', destroy_previous_versions=False), op_cli_item=None, op_cli_document=None)
[info     ] Processing secret              secret_name=smtp-credentials-int
[info     ] Ensuring that secret exists and is ready for update. secret=SecretSpec(google_secret=GoogleSecret(project='uga-int-85261c0e', name='smtp-credentials', version='latest', destroy_previous_versions=False), op_cli_item=None, op_cli_document=None)
[error    ] Error processing secret.       error_message=Google secrets must be created before being set. secret_name=smtp-credentials-int
[info     ] Processing secret              secret_name=smtp-credentials-prod
[info     ] Ensuring that secret exists and is ready for update. secret=SecretSpec(google_secret=GoogleSecret(project='uga-prod-4ef210b2', name='smtp-credentials', version='latest', destroy_previous_versions=False), op_cli_item=None, op_cli_document=None)
[error    ] Error processing secret.       error_message=Google secrets must be created before being set. secret_name=smtp-credentials-prod

Here you can see the actual sync details. It shows how it can't update the two secrets that don't exist yet.