AA: add log to configuration

Related to confidential-containers#1324

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>

Author: Xynnn007

attestation-agent/attestation-agent/config.example.json

@@ -11,5 +11,8 @@
     "eventlog_config": {
         "init_pcr": 17,
         "enable_eventlog": false
+    },
+    "log": {
+        "level": "info"
     }
 }

attestation-agent/attestation-agent/config.example.toml

@@ -34,3 +34,6 @@ M9QaC1mzQ/OStg==
 
 init_pcr = 17
 enable_eventlog = false
+
+[log]
+level = "info"

attestation-agent/attestation-agent/src/bin/grpc-aa/main.rs

@@ -6,7 +6,7 @@
 mod server;
 
 use anyhow::*;
-use attestation_agent::{initdata::Initdata, AttestationAPIs, AttestationAgent};
+use attestation_agent::{config::Config, initdata::Initdata, AttestationAPIs, AttestationAgent};
 use base64::Engine;
 use clap::Parser;
 use shadow_rs::shadow;
@@ -69,9 +69,13 @@ struct Cli {
 
 #[tokio::main]
 pub async fn main() -> Result<()> {
+    let cli = Cli::parse();
+    let (config, config_log) = Config::from_file(cli.config_file)?;
+
     let env_filter = match std::env::var_os("RUST_LOG") {
-        Some(_) => EnvFilter::try_from_default_env().expect("RUST_LOG is present but invalid"),
-        None => EnvFilter::new("info"),
+        Some(_) => EnvFilter::try_from_default_env().context("RUST_LOG is present but invalid")?,
+        None => EnvFilter::try_new(&config.log.level)
+            .context(format!("Invalid log level: {}", config.log.level))?,
     };
 
     let version = format!(
@@ -98,11 +102,12 @@ rpc: grpc
     Subscriber::builder().with_env_filter(env_filter).init();
 
     info!("Welcome to Confidential Containers Attestation Agent (gRPC version)!\n\n{version}");
-    let cli = Cli::parse();
+    info!("{config_log}");
+    debug!(config = ?config, "Using config");
 
     let attestation_socket = cli.attestation_sock.parse::<SocketAddr>()?;
 
-    let mut aa = AttestationAgent::new(cli.config_file.as_deref()).context("start AA")?;
+    let mut aa = AttestationAgent::new(config).context("start AA")?;
 
     let mut initdata_digest = None;
     if let Some(initdata_toml_path) = cli.initdata_toml {

attestation-agent/attestation-agent/src/bin/ttrpc-aa.rs

@@ -4,7 +4,7 @@
 //
 
 use anyhow::*;
-use attestation_agent::{initdata::Initdata, AttestationAPIs, AttestationAgent};
+use attestation_agent::{config::Config, initdata::Initdata, AttestationAPIs, AttestationAgent};
 use base64::Engine;
 use clap::Parser;
 use const_format::concatcp;
@@ -87,9 +87,14 @@ pub fn start_ttrpc_service(aa: AttestationAgent) -> Result<HashMap<String, Servi
 
 #[tokio::main]
 pub async fn main() -> Result<()> {
+    let cli = Cli::parse();
+
+    let (config, config_log) = Config::from_file(cli.config_file)?;
+
     let env_filter = match std::env::var_os("RUST_LOG") {
-        Some(_) => EnvFilter::try_from_default_env().expect("RUST_LOG is present but invalid"),
-        None => EnvFilter::new("info"),
+        Some(_) => EnvFilter::try_from_default_env().context("RUST_LOG is present but invalid")?,
+        None => EnvFilter::try_new(&config.log.level)
+            .context(format!("Invalid log level: {}", config.log.level))?,
     };
 
     let version = format!(
@@ -116,7 +121,9 @@ rpc: ttrpc
     Subscriber::builder().with_env_filter(env_filter).init();
 
     info!("Welcome to Confidential Containers Attestation Agent (ttRPC version)!\n\n{version}");
-    let cli = Cli::parse();
+
+    info!("{config_log}");
+    debug!(config = ?config, "Using config");
 
     if !Path::new(DEFAULT_UNIX_SOCKET_DIR).exists() {
         std::fs::create_dir_all(DEFAULT_UNIX_SOCKET_DIR).expect("Create unix socket dir failed");
@@ -125,7 +132,7 @@ rpc: ttrpc
     clean_previous_sock_file(&cli.attestation_sock)
         .context("clean previous attestation socket file")?;
 
-    let mut aa = AttestationAgent::new(cli.config_file.as_deref()).context("start AA")?;
+    let mut aa = AttestationAgent::new(config).context("start AA")?;
 
     let mut initdata_digest = None;
     if let Some(initdata_toml_path) = cli.initdata_toml {

attestation-agent/attestation-agent/src/config/mod.rs

@@ -23,6 +23,27 @@ pub const DEFAULT_AA_CONFIG_PATH: &str = "/etc/attestation-agent.conf";
 
 pub const DEFAULT_EVENTLOG_HASH: &str = "sha384";
 
+pub const DEFAULT_LOG_LEVEL: &str = "info";
+
+fn default_log_level() -> String {
+    DEFAULT_LOG_LEVEL.to_string()
+}
+
+#[derive(Clone, Debug, Deserialize, PartialEq)]
+pub struct LogConfig {
+    /// log level
+    #[serde(default = "default_log_level")]
+    pub level: String,
+}
+
+impl Default for LogConfig {
+    fn default() -> Self {
+        Self {
+            level: DEFAULT_LOG_LEVEL.to_string(),
+        }
+    }
+}
+
 #[derive(Clone, Debug, Deserialize, PartialEq, Default)]
 pub struct Config {
     /// configs about token
@@ -31,15 +52,36 @@ pub struct Config {
 
     /// configs about eventlog
     pub eventlog_config: EventlogConfig,
+
+    /// log configuration
+    #[serde(default)]
+    pub log: LogConfig,
 }
 
 impl Config {
     pub fn default_with_kernel_cmdline() -> Self {
         Config {
             token_configs: TokenConfigs::from_kernel_cmdline(),
             eventlog_config: EventlogConfig::default(),
+            log: LogConfig::default(),
         }
     }
+
+    pub fn from_file(config_path: Option<String>) -> Result<(Self, String)> {
+        let (config, config_log) = match config_path {
+            Some(config_path) => {
+                let config = Self::try_from(&config_path[..])?;
+                let log = format!("Using config file: {config_path}");
+                (config, log)
+            }
+            None => {
+                let config = Self::default_with_kernel_cmdline();
+                let log = "No AA config file specified. Using default configuration and the kbs address will be read from kernel cmdline.".to_string();
+                (config, log)
+            }
+        };
+        Ok((config, config_log))
+    }
 }
 
 #[derive(Clone, Debug, Deserialize, PartialEq)]
@@ -101,7 +143,7 @@ impl TryFrom<&str> for Config {
 
 #[cfg(test)]
 mod tests {
-    use crate::config::{EventlogConfig, TokenConfigs};
+    use crate::config::{EventlogConfig, LogConfig, TokenConfigs};
 
     use super::Config;
 
@@ -144,7 +186,8 @@ M9QaC1mzQ/OStg==
         eventlog_config: EventlogConfig {
             init_pcr: 17,
             enable_eventlog: false,
-        }
+        },
+        log: LogConfig::default(),
     })]
     #[case("config.example.json",
     Config {
@@ -184,7 +227,8 @@ M9QaC1mzQ/OStg==
         eventlog_config: EventlogConfig {
             init_pcr: 17,
             enable_eventlog: false,
-        }
+        },
+        log: LogConfig::default(),
     })]
     #[case(
     "test/config1.toml",
@@ -203,7 +247,8 @@ M9QaC1mzQ/OStg==
         eventlog_config: EventlogConfig {
             init_pcr: 17,
             enable_eventlog: false,
-        }
+        },
+        log: LogConfig { level: "warn".to_string() },
     })]
     #[case(
     "test/config2.toml",
@@ -220,26 +265,8 @@ M9QaC1mzQ/OStg==
         eventlog_config: EventlogConfig {
             init_pcr: 17,
             enable_eventlog: false,
-        }
-    })]
-    #[case(
-    "test/config3.toml", 
-    Config {
-        token_configs: TokenConfigs {
-            #[cfg(feature = "coco_as")]
-            coco_as: Some(crate::config::coco_as::CoCoASConfig {
-                url: "http://127.0.0.1:8000".to_string(),
-            }),
-            #[cfg(feature = "kbs")]
-            kbs: Some(crate::config::kbs::KbsConfig {
-                url: "https://127.0.0.1:8080".to_string(),
-                cert: None,
-            })
         },
-        eventlog_config: EventlogConfig {
-            init_pcr: 17,
-            enable_eventlog: false,
-        }
+        log: LogConfig { level: "warn".to_string() },
     })]
     #[case(
     "test/config4.toml", 
@@ -253,7 +280,8 @@ M9QaC1mzQ/OStg==
         eventlog_config: EventlogConfig {
             init_pcr: 17,
             enable_eventlog: false,
-        }
+        },
+        log: LogConfig { level: "warn".to_string() },
     })]
     #[case(
     "test/config5.toml", 
@@ -267,7 +295,8 @@ M9QaC1mzQ/OStg==
         eventlog_config: EventlogConfig {
             init_pcr: 17,
             enable_eventlog: false,
-        }
+        },
+        log: LogConfig::default(),
     })]
     #[case(
         "test/config6.toml", 
@@ -281,7 +310,8 @@ M9QaC1mzQ/OStg==
             eventlog_config: EventlogConfig {
                 init_pcr: 17,
                 enable_eventlog: false,
-            }
+            },
+            log: LogConfig::default(),
         })]
     fn parse_configs(#[case] config: &str, #[case] expected: Config) {
         let _config = Config::try_from(config).expect("failed to parse config file");

attestation-agent/attestation-agent/src/lib.rs

@@ -21,7 +21,7 @@ pub mod token;
 
 use eventlog::EventLog;
 use token::*;
-use tracing::{debug, info, warn};
+use tracing::{debug, info};
 
 use crate::{config::Config, eventlog::Event};
 
@@ -55,9 +55,10 @@ pub enum RuntimeMeasurement {
 /// ```no_run
 /// use attestation_agent::AttestationAgent;
 /// use attestation_agent::AttestationAPIs;
+/// use attestation_agent::config::Config;
 ///
 /// // initialize with empty config
-/// let mut aa = AttestationAgent::new(None).unwrap();
+/// let mut aa = AttestationAgent::new(Config::default()).unwrap();
 ///
 /// let _quote = aa.get_evidence(&[0;64]);
 /// ```
@@ -123,18 +124,7 @@ impl AttestationAgent {
     }
 
     /// Create a new instance of [AttestationAgent].
-    pub fn new(config_path: Option<&str>) -> Result<Self> {
-        let config = match config_path {
-            Some(config_path) => {
-                info!("Using AA config file: {config_path}");
-                Config::try_from(config_path)?
-            }
-            None => {
-                warn!("No AA config file specified. Using a default configuration and the kbs address will be read from kernel cmdline.");
-                Config::default_with_kernel_cmdline()
-            }
-        };
-        debug!("Using config: {config:#?}");
+    pub fn new(config: Config) -> Result<Self> {
         let config = RwLock::new(config);
 
         let primary_tee = detect_tee_type();

attestation-agent/attestation-agent/test/config1.toml

@@ -1,3 +1,6 @@
+[log]
+level = "warn"
+
 [token_configs]
 [token_configs.coco_as]
 url = "http://127.0.0.1:8000"

attestation-agent/attestation-agent/test/config2.toml

@@ -1,3 +1,6 @@
+[log]
+level = "warn"
+
 [token_configs]
 [token_configs.kbs]
 url = "https://127.0.0.1:8080"

attestation-agent/attestation-agent/test/config3.toml

@@ -1,3 +1,6 @@
+[log]
+level = "warn"
+
 [token_configs]
 [token_configs.coco_as]
 url = "http://127.0.0.1:8000"

attestation-agent/attestation-agent/test/config4.toml

@@ -1,3 +1,6 @@
+[log]
+level = "warn"
+
 [token_configs]
 
 [eventlog_config]