From 891f27508ab5f78911c88b86f418e89686e02c19 Mon Sep 17 00:00:00 2001 From: Jessie Liu Date: Tue, 24 Sep 2024 18:51:33 +0000 Subject: [PATCH] rebase and cleanup --- launcher/agent/agent.go | 7 ++-- launcher/agent/agent_test.go | 10 ++---- launcher/container_runner.go | 2 +- launcher/internal/experiments/experiments.go | 13 ------- launcher/launcher/main.go | 37 ++++---------------- launcher/spec/launch_spec.go | 10 +++--- 6 files changed, 18 insertions(+), 61 deletions(-) diff --git a/launcher/agent/agent.go b/launcher/agent/agent.go index 697b1dd7..ea4aced3 100644 --- a/launcher/agent/agent.go +++ b/launcher/agent/agent.go @@ -11,7 +11,6 @@ import ( "crypto" "fmt" "io" - "log" "log/slog" "net/http" "sync" @@ -175,7 +174,7 @@ func (a *agent) Refresh(ctx context.Context) error { return nil } -func fetchContainerImageSignatures(ctx context.Context, fetcher signaturediscovery.Fetcher, targetRepos []string, retry backoff.BackOff, logger *log.Logger) []oci.Signature { +func fetchContainerImageSignatures(ctx context.Context, fetcher signaturediscovery.Fetcher, targetRepos []string, retry backoff.BackOff, logger *slog.Logger) []oci.Signature { signatures := make([][]oci.Signature, len(targetRepos)) var wg sync.WaitGroup @@ -194,10 +193,10 @@ func fetchContainerImageSignatures(ctx context.Context, fetcher signaturediscove }, retry, func(err error, _ time.Duration) { - logger.Printf("Failed to fetch container image signatures from repo %q: %v", targetRepo, err) + logger.Error("Failed to fetch container image signatures from repo: "+err.Error(), slog.String("repo", targetRepo)) }) if err != nil { - logger.Printf("Failed all attempts to refresh container signatures from repo %q: %v", targetRepo, err) + logger.Error("Failed all attempts to refresh container signatures from repo: "+err.Error(), slog.String("repo", targetRepo)) } else { signatures[index] = sigs } diff --git a/launcher/agent/agent_test.go b/launcher/agent/agent_test.go index 6d1e36d7..2127376f 100644 --- a/launcher/agent/agent_test.go +++ b/launcher/agent/agent_test.go @@ -6,7 +6,7 @@ import ( "crypto/rsa" "encoding/base64" "fmt" - "log" + "log/slog" "math" "runtime" "sync" @@ -119,11 +119,7 @@ func TestAttest(t *testing.T) { verifierClient := fake.NewClient(fakeSigner) -<<<<<<< HEAD - agent, err := CreateAttestationAgent(tpm, client.AttestationKeyECC, verifierClient, tc.principalIDTokenFetcher, tc.containerSignaturesFetcher, tc.launchSpec, log.Default()) -======= agent, err := CreateAttestationAgent(tpm, client.AttestationKeyECC, verifierClient, tc.principalIDTokenFetcher, tc.containerSignaturesFetcher, tc.launchSpec, slog.Default()) ->>>>>>> 4b0af5d (fix conflicts) if err != nil { t.Fatalf("failed to create an attestation agent %v", err) } @@ -300,7 +296,7 @@ func TestFetchContainerImageSignatures(t *testing.T) { testRetryPolicy.MaxElapsedTime = time.Millisecond sdClient := signaturediscovery.NewFakeClient() - gotSigs := fetchContainerImageSignatures(ctx, sdClient, tc.targetRepos, testRetryPolicy, log.Default()) + gotSigs := fetchContainerImageSignatures(ctx, sdClient, tc.targetRepos, testRetryPolicy, slog.Default()) if len(gotSigs) != len(tc.wantBase64Sigs) { t.Errorf("fetchContainerImageSignatures did not return expected signatures for test case %s, got signatures length %d, but want %d", tc.name, len(gotSigs), len(tc.wantBase64Sigs)) } @@ -504,7 +500,7 @@ func TestFetchContainerImageSignatures_RetriesOnFailure(t *testing.T) { } } - gotSigs := fetchContainerImageSignatures(ctx, sdClient, repos, backoff.WithMaxRetries(b, 2), log.Default()) + gotSigs := fetchContainerImageSignatures(ctx, sdClient, repos, backoff.WithMaxRetries(b, 2), slog.Default()) if len(gotSigs) != len(wantSigs) { t.Errorf("fetchContainerImageSignatures did not return expected signatures for test case %s, got signatures length %d, but want %d", tc.name, len(gotSigs), len(wantSigs)) diff --git a/launcher/container_runner.go b/launcher/container_runner.go index 190a85c9..eebbb669 100644 --- a/launcher/container_runner.go +++ b/launcher/container_runner.go @@ -518,7 +518,7 @@ func (r *ContainerRunner) Run(ctx context.Context) error { } // create and start the TEE server - r.logger.Println("EnableOnDemandAttestation is enabled: initializing TEE server.") + r.logger.Info("EnableOnDemandAttestation is enabled: initializing TEE server.") teeServer, err := teeserver.New(ctx, path.Join(launcherfile.HostTmpPath, teeServerSocket), r.attestAgent, r.logger) if err != nil { return fmt.Errorf("failed to create the TEE server: %v", err) diff --git a/launcher/internal/experiments/experiments.go b/launcher/internal/experiments/experiments.go index 164ced26..cef84e84 100644 --- a/launcher/internal/experiments/experiments.go +++ b/launcher/internal/experiments/experiments.go @@ -4,7 +4,6 @@ package experiments import ( "encoding/json" "fmt" - "log/slog" "os" ) @@ -43,15 +42,3 @@ func readJSONInput(b []byte) (Experiments, error) { } return experiments, nil } - -// Log takes a structured logger and uses it to log the launcher's experiment flags. -func (e Experiments) Log(logger *slog.Logger) { - logger.Info("Experiment settings", - slog.Bool("test_feature", e.EnableTestFeatureForImage), - slog.Bool("signed_container_image", e.EnableSignedContainerImage), - slog.Bool("on_demand_attestation", e.EnableOnDemandAttestation), - slog.Bool("memory_monitoring", e.EnableMemoryMonitoring), - slog.Bool("signed_container_cache", e.EnableSignedContainerCache), - slog.Bool("measure_memory_monitoring", e.EnableMeasureMemoryMonitor), - ) -} diff --git a/launcher/launcher/main.go b/launcher/launcher/main.go index 8947ba00..2d6e72de 100644 --- a/launcher/launcher/main.go +++ b/launcher/launcher/main.go @@ -59,9 +59,7 @@ func main() { var err error ctx := context.Background() - logger = slog.Default() - // log.Default() outputs to stderr; change to stdout. - // log.SetOutput(os.Stdout) + logger = slog.New(slog.NewTextHandler(os.Stdout, nil)) defer func() { os.Exit(exitCode) }() @@ -90,7 +88,7 @@ func main() { } if err := os.MkdirAll(launcherfile.HostTmpPath, 0744); err != nil { - logger.Printf("failed to create %s: %v", launcherfile.HostTmpPath, err) + logger.Error(fmt.Sprintf("failed to create %s: %v", launcherfile.HostTmpPath, err)) } // Get RestartPolicy and IsHardened from spec @@ -104,28 +102,6 @@ func main() { return } -<<<<<<< HEAD -======= - if err := os.MkdirAll(launcherfile.HostTmpPath, 0744); err != nil { - logger.Warn(fmt.Sprintf("failed to create %s: %v", launcherfile.HostTmpPath, err)) - } - experimentsFile := path.Join(launcherfile.HostTmpPath, experimentDataFile) - - args := fmt.Sprintf("-output=%s", experimentsFile) - err = exec.Command(binaryPath, args).Run() - if err != nil { - logger.Warn(fmt.Sprintf("failure during experiment sync: %v\n", err)) - } - - e, err := experiments.New(experimentsFile) - if err != nil { - logger.Warn(fmt.Sprintf("failed to read experiment file: %v\n", err)) - // do not fail if experiment retrieval fails - } - e.Log(logger) - launchSpec.Experiments = e - ->>>>>>> cdd18a2 (text handler and experiment logging) defer func() { // Catch panic to attempt to output to Cloud Logging. if r := recover(); r != nil { @@ -134,9 +110,9 @@ func main() { } msg, ok := rcMessage[exitCode] if ok { - logger.Info(exitMessage, "exit_code", exitCode, "exit_msg", msg) + logger.Info(exitMessage, slog.Int("exit_code", exitCode), slog.String("exit_msg", msg)) } else { - logger.Info(exitMessage, "exit_code", exitCode) + logger.Info(exitMessage, slog.Int("exit_code", exitCode)) } }() if err = startLauncher(launchSpec, serialConsole); err != nil { @@ -223,8 +199,7 @@ func startLauncher(launchSpec spec.LaunchSpec, serialConsole *os.File) error { } gceAk.Close() - ctx := context.Background() - token, err := registryauth.RetrieveAuthToken(ctx, mdsClient) + token, err := registryauth.RetrieveAuthToken(context.Background(), mdsClient) if err != nil { logger.Info(fmt.Sprintf("failed to retrieve auth token: %v, using empty auth for image pulling\n", err)) } @@ -235,7 +210,7 @@ func startLauncher(launchSpec spec.LaunchSpec, serialConsole *os.File) error { } logger.Info("Launch completed", "latency_sec", uptime) - ctx = namespaces.WithNamespace(ctx, namespaces.Default) + ctx := namespaces.WithNamespace(context.Background(), namespaces.Default) r, err := launcher.NewRunner(ctx, containerdClient, token, launchSpec, mdsClient, tpm, logger, serialConsole) if err != nil { return err diff --git a/launcher/spec/launch_spec.go b/launcher/spec/launch_spec.go index 9c5f13ff..b7001618 100644 --- a/launcher/spec/launch_spec.go +++ b/launcher/spec/launch_spec.go @@ -7,7 +7,7 @@ import ( "encoding/json" "errors" "fmt" - "log" + "log/slog" "os" "os/exec" "path" @@ -217,7 +217,7 @@ func (s *LaunchSpec) UnmarshalJSON(b []byte) error { // input to the GCE instance custom metadata and return a LaunchSpec. // ImageRef (tee-image-reference) is required, will return an error if // ImageRef is not presented in the metadata. -func GetLaunchSpec(ctx context.Context, logger *log.Logger, client *metadata.Client) (LaunchSpec, error) { +func GetLaunchSpec(ctx context.Context, logger *slog.Logger, client *metadata.Client) (LaunchSpec, error) { data, err := client.GetWithContext(ctx, instanceAttributesQuery) if err != nil { return LaunchSpec{}, err @@ -271,17 +271,17 @@ func isHardened(kernelCmd string) bool { return false } -func fetchExperiments(logger *log.Logger) experiments.Experiments { +func fetchExperiments(logger *slog.Logger) experiments.Experiments { experimentsFile := path.Join(launcherfile.HostTmpPath, experimentDataFile) args := fmt.Sprintf("-output=%s", experimentsFile) err := exec.Command(binaryPath, args).Run() if err != nil { - logger.Printf("failure during experiment sync: %v\n", err) + logger.Error(fmt.Sprintf("failure during experiment sync: %v\n", err)) } e, err := experiments.New(experimentsFile) if err != nil { - logger.Printf("failed to read experiment file: %v\n", err) + logger.Error(fmt.Sprintf("failed to read experiment file: %v\n", err)) // do not fail if experiment retrieval fails } return e