Skip to content

Commit

Permalink
logger: use env-aware slog handler for subsystems
Browse files Browse the repository at this point in the history
  • Loading branch information
malt3 committed Jan 9, 2024
1 parent c97d6cc commit 1959867
Show file tree
Hide file tree
Showing 11 changed files with 110 additions and 36 deletions.
7 changes: 5 additions & 2 deletions cli/set.go
Original file line number Diff line number Diff line change
Expand Up @@ -64,8 +64,11 @@ func runSet(cmd *cobra.Command, args []string) error {
}

validateOptsGen := newCoordinatorValidateOptsGen()

dialer := dialer.New(atls.NoIssuer, snp.NewValidator(validateOptsGen, logger), &net.Dialer{})
validator, err := snp.NewValidator(validateOptsGen, logger)
if err != nil {
return fmt.Errorf("creating validator: %w", err)
}
dialer := dialer.New(atls.NoIssuer, validator, &net.Dialer{})

conn, err := dialer.Dial(cmd.Context(), flags.coordinator)
if err != nil {
Expand Down
6 changes: 5 additions & 1 deletion cli/verify.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,11 @@ func runVerify(cmd *cobra.Command, _ []string) error {
}

validateOptsGen := newCoordinatorValidateOptsGen()
dialer := dialer.New(atls.NoIssuer, snp.NewValidator(validateOptsGen, logger), &net.Dialer{})
validator, err := snp.NewValidator(validateOptsGen, logger)
if err != nil {
return fmt.Errorf("creating validator: %w", err)
}
dialer := dialer.New(atls.NoIssuer, validator, &net.Dialer{})

conn, err := dialer.Dial(cmd.Context(), flags.coordinator)
if err != nil {
Expand Down
16 changes: 12 additions & 4 deletions coordinator/coordapi.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import (
"github.com/edgelesssys/nunki/internal/attestation/snp"
"github.com/edgelesssys/nunki/internal/coordapi"
"github.com/edgelesssys/nunki/internal/grpc/atlscredentials"
"github.com/edgelesssys/nunki/internal/logger/subsystemlog"
"github.com/edgelesssys/nunki/internal/manifest"
"github.com/edgelesssys/nunki/internal/memstore"
"google.golang.org/grpc"
Expand All @@ -29,22 +30,29 @@ type coordAPIServer struct {
coordapi.UnimplementedCoordAPIServer
}

func newCoordAPIServer(mSGetter manifestSetGetter, caGetter certChainGetter, log *slog.Logger) *coordAPIServer {
issuer := snp.NewIssuer(log)
func newCoordAPIServer(mSGetter manifestSetGetter, caGetter certChainGetter, log *slog.Logger) (*coordAPIServer, error) {
issuer, err := snp.NewIssuer(log)
if err != nil {
return nil, fmt.Errorf("creating issuer: %w", err)
}
credentials := atlscredentials.New(issuer, nil)
grpcServer := grpc.NewServer(
grpc.Creds(credentials),
grpc.KeepaliveParams(keepalive.ServerParameters{Time: 15 * time.Second}),
)
handler, err := subsystemlog.NewHandler(log.Handler(), "coordapi")
if err != nil {
return nil, fmt.Errorf("creating subsystem log handler: %w", err)
}
s := &coordAPIServer{
grpc: grpcServer,
policyTextStore: memstore.New[manifest.HexString, manifest.Policy](),
manifSetGetter: mSGetter,
caChainGetter: caGetter,
logger: log.WithGroup("coordapi"),
logger: slog.New(handler),
}
coordapi.RegisterCoordAPIServer(s.grpc, s)
return s
return s, nil
}

func (s *coordAPIServer) Serve(endpoint string) error {
Expand Down
16 changes: 12 additions & 4 deletions coordinator/intercom.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import (
"github.com/edgelesssys/nunki/internal/attestation/snp"
"github.com/edgelesssys/nunki/internal/grpc/atlscredentials"
"github.com/edgelesssys/nunki/internal/intercom"
"github.com/edgelesssys/nunki/internal/logger/subsystemlog"
"google.golang.org/grpc"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/keepalive"
Expand All @@ -30,21 +31,28 @@ type certGetter interface {
GetCert(peerPublicKeyHashStr string) ([]byte, error)
}

func newIntercomServer(meshAuth *meshAuthority, caGetter certChainGetter, log *slog.Logger) *intercomServer {
validator := snp.NewValidatorWithCallbacks(meshAuth, log, meshAuth)
func newIntercomServer(meshAuth *meshAuthority, caGetter certChainGetter, log *slog.Logger) (*intercomServer, error) {
validator, err := snp.NewValidatorWithCallbacks(meshAuth, log, meshAuth)
if err != nil {
return nil, fmt.Errorf("creating validator: %w", err)
}
credentials := atlscredentials.New(atls.NoIssuer, []atls.Validator{validator})
grpcServer := grpc.NewServer(
grpc.Creds(credentials),
grpc.KeepaliveParams(keepalive.ServerParameters{Time: 15 * time.Second}),
)
handler, err := subsystemlog.NewHandler(log.Handler(), "intercom")
if err != nil {
return nil, fmt.Errorf("creating subsystem log handler: %w", err)
}
s := &intercomServer{
grpc: grpcServer,
certGet: meshAuth,
caChainGetter: caGetter,
logger: log.WithGroup("intercom"),
logger: slog.New(handler),
}
intercom.RegisterIntercomServer(s.grpc, s)
return s
return s, nil
}

func (i *intercomServer) Serve(endpoint string) error {
Expand Down
22 changes: 17 additions & 5 deletions coordinator/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,13 @@ package main
import (
"errors"
"fmt"
"log/slog"
"net"
"os"

"github.com/edgelesssys/nunki/internal/ca"
"github.com/edgelesssys/nunki/internal/coordapi"
"github.com/edgelesssys/nunki/internal/intercom"
"github.com/edgelesssys/nunki/internal/logger"
)

func main() {
Expand All @@ -19,7 +19,10 @@ func main() {
}

func run() (retErr error) {
logger := slog.Default()
logger, err := logger.Default()
if err != nil {
return fmt.Errorf("creating logger: %w", err)
}
defer func() {
if retErr != nil {
logger.Error(retErr.Error())
Expand All @@ -38,9 +41,18 @@ func run() (retErr error) {
return fmt.Errorf("creating CA: %w", err)
}

meshAuth := newMeshAuthority(caInstance, logger)
coordS := newCoordAPIServer(meshAuth, caInstance, logger)
intercomS := newIntercomServer(meshAuth, caInstance, logger)
meshAuth, err := newMeshAuthority(caInstance, logger)
if err != nil {
return fmt.Errorf("creating mesh authority: %w", err)
}
coordS, err := newCoordAPIServer(meshAuth, caInstance, logger)
if err != nil {
return fmt.Errorf("creating coordinator API server: %w", err)
}
intercomS, err := newIntercomServer(meshAuth, caInstance, logger)
if err != nil {
return fmt.Errorf("creating intercom server: %w", err)
}

go func() {
logger.Info("Coordinator API listening")
Expand Down
11 changes: 8 additions & 3 deletions coordinator/mesh.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (

"github.com/edgelesssys/nunki/internal/appendable"
"github.com/edgelesssys/nunki/internal/ca"
"github.com/edgelesssys/nunki/internal/logger/subsystemlog"
"github.com/edgelesssys/nunki/internal/manifest"
"github.com/google/go-sev-guest/abi"
"github.com/google/go-sev-guest/kds"
Expand All @@ -28,13 +29,17 @@ type meshAuthority struct {
logger *slog.Logger
}

func newMeshAuthority(ca *ca.CA, log *slog.Logger) *meshAuthority {
func newMeshAuthority(ca *ca.CA, log *slog.Logger) (*meshAuthority, error) {
handler, err := subsystemlog.NewHandler(log.Handler(), "mesh-authority")
if err != nil {
return nil, fmt.Errorf("creating subsystem log handler: %w", err)
}
return &meshAuthority{
ca: ca,
certs: make(map[string][]byte),
manifests: new(appendable.Appendable[manifest.Manifest]),
logger: log.WithGroup("mesh-authority"),
}
logger: slog.New(handler),
}, nil
}

func (m *meshAuthority) SNPValidateOpts(report *sevsnp.Report) (*validate.Options, error) {
Expand Down
13 changes: 10 additions & 3 deletions initializer/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ import (
"encoding/pem"
"errors"
"fmt"
"log/slog"
"net"
"os"
"time"
Expand All @@ -20,6 +19,7 @@ import (
"github.com/edgelesssys/nunki/internal/attestation/snp"
"github.com/edgelesssys/nunki/internal/grpc/dialer"
"github.com/edgelesssys/nunki/internal/intercom"
"github.com/edgelesssys/nunki/internal/logger"
)

func main() {
Expand All @@ -29,7 +29,10 @@ func main() {
}

func run() (retErr error) {
logger := slog.Default()
logger, err := logger.Default()
if err != nil {
return fmt.Errorf("creating logger: %w", err)
}
defer func() {
if retErr != nil {
logger.Error(retErr.Error())
Expand Down Expand Up @@ -59,7 +62,11 @@ func run() (retErr error) {
logger.Info("Deriving public key", "pubKeyHash", pubKeyHashStr)

requestCert := func() (*intercom.NewMeshCertResponse, error) {
dial := dialer.NewWithKey(snp.NewIssuer(logger), atls.NoValidator, &net.Dialer{}, privKey)
issuer, err := snp.NewIssuer(logger)
if err != nil {
return nil, fmt.Errorf("creating issuer: %w", err)
}
dial := dialer.NewWithKey(issuer, atls.NoValidator, &net.Dialer{}, privKey)
conn, err := dial.Dial(ctx, net.JoinHostPort(coordinatorHostname, intercom.Port))
if err != nil {
return nil, fmt.Errorf("dialing: %w", err)
Expand Down
12 changes: 9 additions & 3 deletions internal/attestation/snp/cachedClient.go
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
package snp

import (
"fmt"
"log/slog"

"github.com/edgelesssys/nunki/internal/logger/subsystemlog"
"github.com/edgelesssys/nunki/internal/memstore"
"github.com/google/go-sev-guest/verify/trust"
)
Expand All @@ -14,13 +16,17 @@ type cachedKDSHTTPClient struct {
cache *memstore.Store[string, cacheEntry]
}

func newCachedKDSHTTPClient(log *slog.Logger) *cachedKDSHTTPClient {
func newCachedKDSHTTPClient(log *slog.Logger) (*cachedKDSHTTPClient, error) {
trust.DefaultHTTPSGetter()
handler, err := subsystemlog.NewHandler(log.Handler(), "cached-kds-http-client")
if err != nil {
return nil, fmt.Errorf("creating subsystem log handler: %w", err)
}
return &cachedKDSHTTPClient{
HTTPSGetter: trust.DefaultHTTPSGetter(),
logger: log.WithGroup("cached-kds-http-client"),
logger: slog.New(handler),
cache: memstore.New[string, cacheEntry](),
}
}, nil
}

func (c *cachedKDSHTTPClient) Get(url string) ([]byte, error) {
Expand Down
9 changes: 7 additions & 2 deletions internal/attestation/snp/issuer.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import (
"fmt"
"log/slog"

"github.com/edgelesssys/nunki/internal/logger/subsystemlog"
"github.com/google/go-sev-guest/client"
)

Expand All @@ -23,8 +24,12 @@ type Issuer struct {
}

// NewIssuer returns a new Issuer.
func NewIssuer(log *slog.Logger) *Issuer {
return &Issuer{logger: log.WithGroup("snp-issuer")}
func NewIssuer(log *slog.Logger) (*Issuer, error) {
handler, err := subsystemlog.NewHandler(log.Handler(), "snp-issuer")
if err != nil {
return nil, fmt.Errorf("creating subsystem log handler: %w", err)
}
return &Issuer{logger: slog.New(handler)}, nil
}

// OID returns the OID of the issuer.
Expand Down
27 changes: 20 additions & 7 deletions internal/attestation/snp/validator.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import (
"fmt"
"log/slog"

"github.com/edgelesssys/nunki/internal/logger/subsystemlog"
"github.com/google/go-sev-guest/abi"
"github.com/google/go-sev-guest/proto/sevsnp"
"github.com/google/go-sev-guest/validate"
Expand Down Expand Up @@ -50,21 +51,33 @@ func (v *StaticValidateOptsGenerator) SNPValidateOpts(_ *sevsnp.Report) (*valida
}

// NewValidator returns a new Validator.
func NewValidator(optsGen validateOptsGenerator, log *slog.Logger) *Validator {
func NewValidator(optsGen validateOptsGenerator, log *slog.Logger) (*Validator, error) {
handler, err := subsystemlog.NewHandler(log.Handler(), "snp-validator")
if err != nil {
return nil, fmt.Errorf("creating subsystem log handler: %w", err)
}
return &Validator{
validateOptsGen: optsGen,
logger: log.WithGroup("snp-validator"),
}
logger: slog.New(handler),
}, nil
}

// NewValidatorWithCallbacks returns a new Validator with callbacks.
func NewValidatorWithCallbacks(optsGen validateOptsGenerator, log *slog.Logger, callbacks ...validateCallbacker) *Validator {
func NewValidatorWithCallbacks(optsGen validateOptsGenerator, log *slog.Logger, callbacks ...validateCallbacker) (*Validator, error) {
handler, err := subsystemlog.NewHandler(log.Handler(), "snp-validator")
if err != nil {
return nil, fmt.Errorf("creating subsystem log handler: %w", err)
}
kdsGetter, err := newCachedKDSHTTPClient(log)
if err != nil {
return nil, err
}
return &Validator{
validateOptsGen: optsGen,
callbackers: callbacks,
kdsGetter: newCachedKDSHTTPClient(log),
logger: log.WithGroup("snp-validator"),
}
kdsGetter: kdsGetter,
logger: slog.New(handler),
}, nil
}

// OID returns the OID of the validator.
Expand Down
7 changes: 5 additions & 2 deletions tools/parsesnp.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,9 @@ import (
"encoding/hex"
"fmt"
"io"
"log/slog"
"os"

"github.com/edgelesssys/nunki/internal/logger"
"github.com/google/go-sev-guest/abi"
)

Expand Down Expand Up @@ -51,7 +51,10 @@ func main() {
}

func run() (retErr error) {
logger := slog.Default()
logger, err := logger.Default()
if err != nil {
return fmt.Errorf("creating logger: %w", err)
}
defer func() {
if retErr != nil {
logger.Error(retErr.Error())
Expand Down

0 comments on commit 1959867

Please sign in to comment.