FAQ | This is a LIVE service | Changelog

Skip to content

fix: --dry-run mode in sanctuary

Dmitrii Unterov requested to merge 34-improve-dry-run-in-sanctuary into master

Closes #34 (closed)

Changes in this MR:

  1. `--dry-run` mode is now explicitly "verbose". No need to add `--verbose` option.

    before:

    $ sanctuary sync --dry-run
    # no output

    after:

    $ sanctuary sync --dry-run
    [info     ] Enabling dry run. Secrets will not be changed.
    [info     ] Processing secret              secret_name=secretname
    [info     ] Using application default Google credentials.
    [info     ] Ensuring that secret exists and is ready for update. secret=SecretSpec(google_secret=GoogleSecret(project='project', name='secret', version='latest', destroy_previous_versions=False), op_cli_item=None, op_cli_document=None)
    [info     ] Updating secret                from_secret=SecretSpec(google_secret=None, op_cli_item=OnePasswordCLIItem(item_id='someidhere', fields=['secret_field'], field=None, use_field_labels=True), op_cli_document=None) to_secret=SecretSpec(google_secret=GoogleSecret(project='project', name='secret', version='latest', destroy_previous_versions=False), op_cli_item=None, op_cli_document=None)
  2. Now even with --dry-run the script checks if secret exists on GCP side.

    before:

    $ sanctuary sync --dry-run
    [info     ] Enabling dry run. Secrets will not be changed.
    [info     ] Processing secret              secret_name=secretname
    [info     ] Using application default Google credentials.
    [info     ] Ensuring that secret exists and is ready for update. secret=SecretSpec(google_secret=GoogleSecret(project='project', name='secret_not_exists', version='latest', destroy_previous_versions=False), op_cli_item=None, op_cli_document=None)
    [info     ] Updating secret                from_secret=SecretSpec(google_secret=None, op_cli_item=OnePasswordCLIItem(item_id='someidhere', fields=['secret_field'], field=None, use_field_labels=True), op_cli_document=None) to_secret=SecretSpec(google_secret=GoogleSecret(project='project', name='secret', version='latest', destroy_previous_versions=False), op_cli_item=None, op_cli_document=None)

    after:

    $ sanctuary sync --dry-run
    [info     ] Enabling dry run. Secrets will not be changed.
    [info     ] Processing secret              secret_name=development
    [info     ] Using application default Google credentials.
    [info     ] Ensuring that secret exists and is ready for update. secret=SecretSpec(google_secret=GoogleSecret(project='project', name='secret_not_exists', version='latest', destroy_previous_versions=False), op_cli_item=None, op_cli_document=None)
    [error    ] Error processing secret.       error_message=Google secrets must be created before being set. secret_name=development
Edited by Dmitrii Unterov

Merge request reports

Loading