From 195986737873cca0a528e130b9da02c362550f51 Mon Sep 17 00:00:00 2001 From: Malte Poll <1780588+malt3@users.noreply.github.com> Date: Mon, 8 Jan 2024 18:13:30 +0100 Subject: [PATCH] logger: use env-aware slog handler for subsystems --- cli/set.go | 7 ++++-- cli/verify.go | 6 +++++- coordinator/coordapi.go | 16 ++++++++++---- coordinator/intercom.go | 16 ++++++++++---- coordinator/main.go | 22 ++++++++++++++----- coordinator/mesh.go | 11 +++++++--- initializer/main.go | 13 +++++++++--- internal/attestation/snp/cachedClient.go | 12 ++++++++--- internal/attestation/snp/issuer.go | 9 ++++++-- internal/attestation/snp/validator.go | 27 ++++++++++++++++++------ tools/parsesnp.go | 7 ++++-- 11 files changed, 110 insertions(+), 36 deletions(-) diff --git a/cli/set.go b/cli/set.go index 2c7795a81e..80698f1dfa 100644 --- a/cli/set.go +++ b/cli/set.go @@ -64,8 +64,11 @@ func runSet(cmd *cobra.Command, args []string) error { } validateOptsGen := newCoordinatorValidateOptsGen() - - dialer := dialer.New(atls.NoIssuer, snp.NewValidator(validateOptsGen, logger), &net.Dialer{}) + validator, err := snp.NewValidator(validateOptsGen, logger) + if err != nil { + return fmt.Errorf("creating validator: %w", err) + } + dialer := dialer.New(atls.NoIssuer, validator, &net.Dialer{}) conn, err := dialer.Dial(cmd.Context(), flags.coordinator) if err != nil { diff --git a/cli/verify.go b/cli/verify.go index f7a8d798d2..d16b0bdbd9 100644 --- a/cli/verify.go +++ b/cli/verify.go @@ -45,7 +45,11 @@ func runVerify(cmd *cobra.Command, _ []string) error { } validateOptsGen := newCoordinatorValidateOptsGen() - dialer := dialer.New(atls.NoIssuer, snp.NewValidator(validateOptsGen, logger), &net.Dialer{}) + validator, err := snp.NewValidator(validateOptsGen, logger) + if err != nil { + return fmt.Errorf("creating validator: %w", err) + } + dialer := dialer.New(atls.NoIssuer, validator, &net.Dialer{}) conn, err := dialer.Dial(cmd.Context(), flags.coordinator) if err != nil { diff --git a/coordinator/coordapi.go b/coordinator/coordapi.go index a9d79ca29c..636af8f122 100644 --- a/coordinator/coordapi.go +++ b/coordinator/coordapi.go @@ -11,6 +11,7 @@ import ( "github.com/edgelesssys/nunki/internal/attestation/snp" "github.com/edgelesssys/nunki/internal/coordapi" "github.com/edgelesssys/nunki/internal/grpc/atlscredentials" + "github.com/edgelesssys/nunki/internal/logger/subsystemlog" "github.com/edgelesssys/nunki/internal/manifest" "github.com/edgelesssys/nunki/internal/memstore" "google.golang.org/grpc" @@ -29,22 +30,29 @@ type coordAPIServer struct { coordapi.UnimplementedCoordAPIServer } -func newCoordAPIServer(mSGetter manifestSetGetter, caGetter certChainGetter, log *slog.Logger) *coordAPIServer { - issuer := snp.NewIssuer(log) +func newCoordAPIServer(mSGetter manifestSetGetter, caGetter certChainGetter, log *slog.Logger) (*coordAPIServer, error) { + issuer, err := snp.NewIssuer(log) + if err != nil { + return nil, fmt.Errorf("creating issuer: %w", err) + } credentials := atlscredentials.New(issuer, nil) grpcServer := grpc.NewServer( grpc.Creds(credentials), grpc.KeepaliveParams(keepalive.ServerParameters{Time: 15 * time.Second}), ) + handler, err := subsystemlog.NewHandler(log.Handler(), "coordapi") + if err != nil { + return nil, fmt.Errorf("creating subsystem log handler: %w", err) + } s := &coordAPIServer{ grpc: grpcServer, policyTextStore: memstore.New[manifest.HexString, manifest.Policy](), manifSetGetter: mSGetter, caChainGetter: caGetter, - logger: log.WithGroup("coordapi"), + logger: slog.New(handler), } coordapi.RegisterCoordAPIServer(s.grpc, s) - return s + return s, nil } func (s *coordAPIServer) Serve(endpoint string) error { diff --git a/coordinator/intercom.go b/coordinator/intercom.go index 3b34459988..5fa28723c3 100644 --- a/coordinator/intercom.go +++ b/coordinator/intercom.go @@ -11,6 +11,7 @@ import ( "github.com/edgelesssys/nunki/internal/attestation/snp" "github.com/edgelesssys/nunki/internal/grpc/atlscredentials" "github.com/edgelesssys/nunki/internal/intercom" + "github.com/edgelesssys/nunki/internal/logger/subsystemlog" "google.golang.org/grpc" "google.golang.org/grpc/codes" "google.golang.org/grpc/keepalive" @@ -30,21 +31,28 @@ type certGetter interface { GetCert(peerPublicKeyHashStr string) ([]byte, error) } -func newIntercomServer(meshAuth *meshAuthority, caGetter certChainGetter, log *slog.Logger) *intercomServer { - validator := snp.NewValidatorWithCallbacks(meshAuth, log, meshAuth) +func newIntercomServer(meshAuth *meshAuthority, caGetter certChainGetter, log *slog.Logger) (*intercomServer, error) { + validator, err := snp.NewValidatorWithCallbacks(meshAuth, log, meshAuth) + if err != nil { + return nil, fmt.Errorf("creating validator: %w", err) + } credentials := atlscredentials.New(atls.NoIssuer, []atls.Validator{validator}) grpcServer := grpc.NewServer( grpc.Creds(credentials), grpc.KeepaliveParams(keepalive.ServerParameters{Time: 15 * time.Second}), ) + handler, err := subsystemlog.NewHandler(log.Handler(), "intercom") + if err != nil { + return nil, fmt.Errorf("creating subsystem log handler: %w", err) + } s := &intercomServer{ grpc: grpcServer, certGet: meshAuth, caChainGetter: caGetter, - logger: log.WithGroup("intercom"), + logger: slog.New(handler), } intercom.RegisterIntercomServer(s.grpc, s) - return s + return s, nil } func (i *intercomServer) Serve(endpoint string) error { diff --git a/coordinator/main.go b/coordinator/main.go index bca49b91c2..6bd465b0f9 100644 --- a/coordinator/main.go +++ b/coordinator/main.go @@ -3,13 +3,13 @@ package main import ( "errors" "fmt" - "log/slog" "net" "os" "github.com/edgelesssys/nunki/internal/ca" "github.com/edgelesssys/nunki/internal/coordapi" "github.com/edgelesssys/nunki/internal/intercom" + "github.com/edgelesssys/nunki/internal/logger" ) func main() { @@ -19,7 +19,10 @@ func main() { } func run() (retErr error) { - logger := slog.Default() + logger, err := logger.Default() + if err != nil { + return fmt.Errorf("creating logger: %w", err) + } defer func() { if retErr != nil { logger.Error(retErr.Error()) @@ -38,9 +41,18 @@ func run() (retErr error) { return fmt.Errorf("creating CA: %w", err) } - meshAuth := newMeshAuthority(caInstance, logger) - coordS := newCoordAPIServer(meshAuth, caInstance, logger) - intercomS := newIntercomServer(meshAuth, caInstance, logger) + meshAuth, err := newMeshAuthority(caInstance, logger) + if err != nil { + return fmt.Errorf("creating mesh authority: %w", err) + } + coordS, err := newCoordAPIServer(meshAuth, caInstance, logger) + if err != nil { + return fmt.Errorf("creating coordinator API server: %w", err) + } + intercomS, err := newIntercomServer(meshAuth, caInstance, logger) + if err != nil { + return fmt.Errorf("creating intercom server: %w", err) + } go func() { logger.Info("Coordinator API listening") diff --git a/coordinator/mesh.go b/coordinator/mesh.go index 1dad23b68d..1066c94122 100644 --- a/coordinator/mesh.go +++ b/coordinator/mesh.go @@ -13,6 +13,7 @@ import ( "github.com/edgelesssys/nunki/internal/appendable" "github.com/edgelesssys/nunki/internal/ca" + "github.com/edgelesssys/nunki/internal/logger/subsystemlog" "github.com/edgelesssys/nunki/internal/manifest" "github.com/google/go-sev-guest/abi" "github.com/google/go-sev-guest/kds" @@ -28,13 +29,17 @@ type meshAuthority struct { logger *slog.Logger } -func newMeshAuthority(ca *ca.CA, log *slog.Logger) *meshAuthority { +func newMeshAuthority(ca *ca.CA, log *slog.Logger) (*meshAuthority, error) { + handler, err := subsystemlog.NewHandler(log.Handler(), "mesh-authority") + if err != nil { + return nil, fmt.Errorf("creating subsystem log handler: %w", err) + } return &meshAuthority{ ca: ca, certs: make(map[string][]byte), manifests: new(appendable.Appendable[manifest.Manifest]), - logger: log.WithGroup("mesh-authority"), - } + logger: slog.New(handler), + }, nil } func (m *meshAuthority) SNPValidateOpts(report *sevsnp.Report) (*validate.Options, error) { diff --git a/initializer/main.go b/initializer/main.go index f1b727e184..b23a542caa 100644 --- a/initializer/main.go +++ b/initializer/main.go @@ -11,7 +11,6 @@ import ( "encoding/pem" "errors" "fmt" - "log/slog" "net" "os" "time" @@ -20,6 +19,7 @@ import ( "github.com/edgelesssys/nunki/internal/attestation/snp" "github.com/edgelesssys/nunki/internal/grpc/dialer" "github.com/edgelesssys/nunki/internal/intercom" + "github.com/edgelesssys/nunki/internal/logger" ) func main() { @@ -29,7 +29,10 @@ func main() { } func run() (retErr error) { - logger := slog.Default() + logger, err := logger.Default() + if err != nil { + return fmt.Errorf("creating logger: %w", err) + } defer func() { if retErr != nil { logger.Error(retErr.Error()) @@ -59,7 +62,11 @@ func run() (retErr error) { logger.Info("Deriving public key", "pubKeyHash", pubKeyHashStr) requestCert := func() (*intercom.NewMeshCertResponse, error) { - dial := dialer.NewWithKey(snp.NewIssuer(logger), atls.NoValidator, &net.Dialer{}, privKey) + issuer, err := snp.NewIssuer(logger) + if err != nil { + return nil, fmt.Errorf("creating issuer: %w", err) + } + dial := dialer.NewWithKey(issuer, atls.NoValidator, &net.Dialer{}, privKey) conn, err := dial.Dial(ctx, net.JoinHostPort(coordinatorHostname, intercom.Port)) if err != nil { return nil, fmt.Errorf("dialing: %w", err) diff --git a/internal/attestation/snp/cachedClient.go b/internal/attestation/snp/cachedClient.go index 2695d77170..bc1ce00be0 100644 --- a/internal/attestation/snp/cachedClient.go +++ b/internal/attestation/snp/cachedClient.go @@ -1,8 +1,10 @@ package snp import ( + "fmt" "log/slog" + "github.com/edgelesssys/nunki/internal/logger/subsystemlog" "github.com/edgelesssys/nunki/internal/memstore" "github.com/google/go-sev-guest/verify/trust" ) @@ -14,13 +16,17 @@ type cachedKDSHTTPClient struct { cache *memstore.Store[string, cacheEntry] } -func newCachedKDSHTTPClient(log *slog.Logger) *cachedKDSHTTPClient { +func newCachedKDSHTTPClient(log *slog.Logger) (*cachedKDSHTTPClient, error) { trust.DefaultHTTPSGetter() + handler, err := subsystemlog.NewHandler(log.Handler(), "cached-kds-http-client") + if err != nil { + return nil, fmt.Errorf("creating subsystem log handler: %w", err) + } return &cachedKDSHTTPClient{ HTTPSGetter: trust.DefaultHTTPSGetter(), - logger: log.WithGroup("cached-kds-http-client"), + logger: slog.New(handler), cache: memstore.New[string, cacheEntry](), - } + }, nil } func (c *cachedKDSHTTPClient) Get(url string) ([]byte, error) { diff --git a/internal/attestation/snp/issuer.go b/internal/attestation/snp/issuer.go index cfebb98e2d..ba4df9a351 100644 --- a/internal/attestation/snp/issuer.go +++ b/internal/attestation/snp/issuer.go @@ -14,6 +14,7 @@ import ( "fmt" "log/slog" + "github.com/edgelesssys/nunki/internal/logger/subsystemlog" "github.com/google/go-sev-guest/client" ) @@ -23,8 +24,12 @@ type Issuer struct { } // NewIssuer returns a new Issuer. -func NewIssuer(log *slog.Logger) *Issuer { - return &Issuer{logger: log.WithGroup("snp-issuer")} +func NewIssuer(log *slog.Logger) (*Issuer, error) { + handler, err := subsystemlog.NewHandler(log.Handler(), "snp-issuer") + if err != nil { + return nil, fmt.Errorf("creating subsystem log handler: %w", err) + } + return &Issuer{logger: slog.New(handler)}, nil } // OID returns the OID of the issuer. diff --git a/internal/attestation/snp/validator.go b/internal/attestation/snp/validator.go index 4c4cd1ff17..e2bec6ef62 100644 --- a/internal/attestation/snp/validator.go +++ b/internal/attestation/snp/validator.go @@ -14,6 +14,7 @@ import ( "fmt" "log/slog" + "github.com/edgelesssys/nunki/internal/logger/subsystemlog" "github.com/google/go-sev-guest/abi" "github.com/google/go-sev-guest/proto/sevsnp" "github.com/google/go-sev-guest/validate" @@ -50,21 +51,33 @@ func (v *StaticValidateOptsGenerator) SNPValidateOpts(_ *sevsnp.Report) (*valida } // NewValidator returns a new Validator. -func NewValidator(optsGen validateOptsGenerator, log *slog.Logger) *Validator { +func NewValidator(optsGen validateOptsGenerator, log *slog.Logger) (*Validator, error) { + handler, err := subsystemlog.NewHandler(log.Handler(), "snp-validator") + if err != nil { + return nil, fmt.Errorf("creating subsystem log handler: %w", err) + } return &Validator{ validateOptsGen: optsGen, - logger: log.WithGroup("snp-validator"), - } + logger: slog.New(handler), + }, nil } // NewValidatorWithCallbacks returns a new Validator with callbacks. -func NewValidatorWithCallbacks(optsGen validateOptsGenerator, log *slog.Logger, callbacks ...validateCallbacker) *Validator { +func NewValidatorWithCallbacks(optsGen validateOptsGenerator, log *slog.Logger, callbacks ...validateCallbacker) (*Validator, error) { + handler, err := subsystemlog.NewHandler(log.Handler(), "snp-validator") + if err != nil { + return nil, fmt.Errorf("creating subsystem log handler: %w", err) + } + kdsGetter, err := newCachedKDSHTTPClient(log) + if err != nil { + return nil, err + } return &Validator{ validateOptsGen: optsGen, callbackers: callbacks, - kdsGetter: newCachedKDSHTTPClient(log), - logger: log.WithGroup("snp-validator"), - } + kdsGetter: kdsGetter, + logger: slog.New(handler), + }, nil } // OID returns the OID of the validator. diff --git a/tools/parsesnp.go b/tools/parsesnp.go index 2e06be43de..7fd9caf202 100644 --- a/tools/parsesnp.go +++ b/tools/parsesnp.go @@ -5,9 +5,9 @@ import ( "encoding/hex" "fmt" "io" - "log/slog" "os" + "github.com/edgelesssys/nunki/internal/logger" "github.com/google/go-sev-guest/abi" ) @@ -51,7 +51,10 @@ func main() { } func run() (retErr error) { - logger := slog.Default() + logger, err := logger.Default() + if err != nil { + return fmt.Errorf("creating logger: %w", err) + } defer func() { if retErr != nil { logger.Error(retErr.Error())