FailedToRetrieveVaultException: Unable to retrieve vaults.
njsnx opened this issue · 2 comments
Hi,
Playing around with Secrets Automation and trying to use the Python SDK for this.
I've deployed the Connect server via the docker-compose file that is on the 1password website and can see this is running a connect-sync and connect-api container.
from onepasswordconnectsdk.client import (
Client,
new_client_from_environment,
new_client
)
client: Client = new_client_from_environment("http://localhost:8080")
print(client.get_vaults())When run with my OP_CONNECT_TOKEN set, returns:
onepasswordconnectsdk.client.FailedToRetrieveVaultException: Unable to retrieve vaults. Received 500 for /v1/vaults with message failed to initiate, review service logs for details
Logs in the API container show:
op-connect-api_1 | {"log_message":"(I) GET /v1/vaults","timestamp":"2021-04-14T08:08:57.118532Z","level":3,"scope":{"request_id":"b4c0866b-2f73-4037-8e71-99ededcc54cc"}}
op-connect-api_1 | {"log_message":"(I) notifying syncer of new token","timestamp":"2021-04-14T08:08:57.120932Z","level":3,"scope":{"request_id":"b4c0866b-2f73-4037-8e71-99ededcc54cc","jti":"dxrh5akt7p7s4iumyc5hpl275m"}}
op-connect-api_1 | {"log_message":"(I) awaiting healthy syncer before continuing","timestamp":"2021-04-14T08:08:57.124482Z","level":3,"scope":{"request_id":"b4c0866b-2f73-4037-8e71-99ededcc54cc","jti":"dxrh5akt7p7s4iumyc5hpl275m"}}
op-connect-api_1 | {"log_message":"(E) syncer did not become healthy, terminating request","timestamp":"2021-04-14T08:09:07.127257Z","level":1,"scope":{"request_id":"b4c0866b-2f73-4037-8e71-99ededcc54cc","jti":"dxrh5akt7p7s4iumyc5hpl275m"}}
op-connect-api_1 | {"log_message":"(I) GET /v1/vaults completed (500: Internal Server Error)","timestamp":"2021-04-14T08:09:07.12877Z","level":3,"scope":{"request_id":"b4c0866b-2f73-4037-8e71-99ededcc54cc","jti":"dxrh5akt7p7s4iumyc5hpl275m"}}
From what I can see, 1 key part stands out:
(E) syncer did not become healthy, terminating request
beyond this log message, it is not clear where the issue is or how I could continue to debug this so apologies for not providing
more info.
Hi 👋 ,
Thank you giving the Python SDK a shot and sharing your feedback!
Let me give some technical context first: before the Connect API can respond to any requests, it first synchronizes the vaults. All incoming requests to the API wait for this process to complete. However, all API requests also have a timeout as not to wait forever for this sync to complete.
What I think is happening here, is that the sync is taking longer than this timeout. If this is indeed the case, the logs of op-connect-sync should at some point after the syncer did not become healthy state:
{"log_message":"(I) ### sync complete ###","timestamp":"xxxxxx","level":3}
Could you check if this is the case? If this is in the logs, all following requests to Connect should succeed. However, that does still mean we have to make some changes to the Connect server to make it clearer what is going on.
If the logs of op-connect-sync never report a completed sync, something else is going wrong and we have to do some more investigation.
Facing something similar from a few days now. I'm running connect-api in docker and I'm getting the following errors on the sync
deploy-op-connect-sync-1 | {"log_message":"(I) ### starting sync ###","timestamp":"2022-01-24T21:49:32.261401298Z","level":3}
deploy-op-connect-sync-1 | {"log_message":"(I) syncing account","timestamp":"2022-01-24T21:49:32.261611589Z","level":3}
deploy-op-connect-sync-1 | {"log_message":"(I) syncing keysets","timestamp":"2022-01-24T21:49:32.856424548Z","level":3}
deploy-op-connect-sync-1 | {"log_message":"(I) keyset versions match, nothing to do","timestamp":"2022-01-24T21:49:32.856580256Z","level":3}
deploy-op-connect-sync-1 | {"log_message":"(I) syncing service account tokens","timestamp":"2022-01-24T21:49:32.856375131Z","level":3}
deploy-op-connect-sync-1 | {"log_message":"(I) updating account vault list","timestamp":"2022-01-24T21:49:32.85662209Z","level":3}
deploy-op-connect-sync-1 | {"log_message":"(I) account vault list update complete","timestamp":"2022-01-24T21:49:32.857475965Z","level":3}
deploy-op-connect-sync-1 | {"log_message":"(I) service account token sync complete","timestamp":"2022-01-24T21:49:32.994491048Z","level":3}
deploy-op-connect-sync-1 | {"log_message":"(I) syncing templates","timestamp":"2022-01-24T21:49:32.994568673Z","level":3}
deploy-op-connect-sync-1 | {"log_message":"(I) template sync complete","timestamp":"2022-01-24T21:49:33.243850881Z","level":3}
deploy-op-connect-sync-1 | {"log_message":"(E) Server: (failed to do templateJob, terminating sync job), Wrapped: (txFunc returned error), Wrapped: (failed to insert template), UNIQUE constraint failed: templates.uuid","timestamp":"2022-01-24T21:49:33.243908131Z","level":1}
deploy-op-connect-sync-1 | {"log_message":"(E) Server: (failed to do accountJob, terminating sync job), Wrapped: (failed to do templateJob, terminating sync job), Wrapped: (txFunc returned error), Wrapped: (failed to insert template), UNIQUE constraint failed: templates.uuid","timestamp":"2022-01-24T21:49:33.244079881Z","level":1}
deploy-op-connect-sync-1 | {"log_message":"(W) syncJob failed, will re-authenticate and try again...","timestamp":"2022-01-24T21:49:33.244139131Z","level":2}
I"m using this manifest
Update:
Found the issue, had to delete the volume created and then everything started working again when creating resources from scratch.