diff --git a/attestation-agent/attester/src/sgx_dcap/mod.rs b/attestation-agent/attester/src/sgx_dcap/mod.rs index af2c3270e..712d9e8c2 100644 --- a/attestation-agent/attester/src/sgx_dcap/mod.rs +++ b/attestation-agent/attester/src/sgx_dcap/mod.rs @@ -68,7 +68,7 @@ impl Attester for SgxDcapAttester { report_data.as_ptr() as *const sgx_report_data_t, ) { Ok(_) => occlum_quote, - Err(e) => bail!("generate quote: {e}"), + Err(e) => bail!("generate quote: {e:?}"), } } SgxLibOsType::Gramine => { diff --git a/attestation-agent/coco_keyprovider/src/grpc/mod.rs b/attestation-agent/coco_keyprovider/src/grpc/mod.rs index b68624cff..947d4d29e 100644 --- a/attestation-agent/coco_keyprovider/src/grpc/mod.rs +++ b/attestation-agent/coco_keyprovider/src/grpc/mod.rs @@ -56,14 +56,14 @@ impl KeyProviderService for KeyProvider { ) .map_err(|e| { Status::invalid_argument(format!( - "key_provider_key_wrap_protocol_input is not legal utf8 string: {e}" + "key_provider_key_wrap_protocol_input is not legal utf8 string: {e:?}" )) })?; debug!("WrapKey API Request Input: {}", input_string); let input: KeyProviderInput = serde_json::from_str::(&input_string) .map_err(|e| { - Status::invalid_argument(format!("parse key provider input failed: {e}")) + Status::invalid_argument(format!("parse key provider input failed: {e:?}")) })?; let optsdata = input .keywrapparams @@ -101,7 +101,7 @@ impl KeyProviderService for KeyProvider { params, ) .await - .map_err(|e| Status::internal(format!("encrypt failed: {e}")))?; + .map_err(|e| Status::internal(format!("encrypt failed: {e:?}")))?; let output_struct = KeyWrapOutput { keywrapresults: KeyWrapResults { @@ -109,13 +109,13 @@ impl KeyProviderService for KeyProvider { }, }; let output = serde_json::to_string(&output_struct) - .map_err(|e| Status::internal(format!("serde json failed: {e}")))? + .map_err(|e| Status::internal(format!("serde json failed: {e:?}")))? .as_bytes() .to_vec(); debug!( "WrapKey API output: {}", serde_json::to_string(&output_struct) - .map_err(|e| Status::internal(format!("serde json failed: {e}")))? + .map_err(|e| Status::internal(format!("serde json failed: {e:?}")))? ); let reply = KeyProviderKeyWrapProtocolOutput { key_provider_key_wrap_protocol_output: output, diff --git a/attestation-agent/kbs_protocol/src/builder.rs b/attestation-agent/kbs_protocol/src/builder.rs index e89a72ff6..203ad10dc 100644 --- a/attestation-agent/kbs_protocol/src/builder.rs +++ b/attestation-agent/kbs_protocol/src/builder.rs @@ -80,7 +80,8 @@ impl KbsClientBuilder { .timeout(Duration::from_secs(KBS_REQ_TIMEOUT_SEC)); for customer_root_cert in &self.kbs_certs { - let cert = reqwest::Certificate::from_pem(customer_root_cert.as_bytes())?; + let cert = reqwest::Certificate::from_pem(customer_root_cert.as_bytes()) + .context("read KBS public key cert")?; http_client_builder = http_client_builder.add_root_certificate(cert); } @@ -90,12 +91,12 @@ impl KbsClientBuilder { } let tee_key = match self.tee_key { - Some(key) => TeeKeyPair::from_pkcs1_pem(&key[..])?, + Some(key) => TeeKeyPair::from_pkcs1_pem(&key[..]).context("read tee public key")?, None => TeeKeyPair::new()?, }; let token = match self.token { - Some(t) => Some(Token::new(t)?), + Some(t) => Some(Token::new(t).context("read token")?), None => None, }; diff --git a/attestation-agent/kbs_protocol/src/client/rcar_client.rs b/attestation-agent/kbs_protocol/src/client/rcar_client.rs index 5c779584c..fc160af16 100644 --- a/attestation-agent/kbs_protocol/src/client/rcar_client.rs +++ b/attestation-agent/kbs_protocol/src/client/rcar_client.rs @@ -123,9 +123,9 @@ impl KbsClient> { Ok(_) => break, Err(e) => { if retry_count >= RCAR_MAX_ATTEMPT { - return Err(Error::RcarHandshake(format!("Unable to get token. RCAR handshake retried {RCAR_MAX_ATTEMPT} times. Final attempt failed with: {e}"))); + return Err(Error::RcarHandshake(format!("Unable to get token. RCAR handshake retried {RCAR_MAX_ATTEMPT} times. Final attempt failed with: {e:?}"))); } else { - warn!("RCAR handshake failed: {e}, retry {retry_count}..."); + warn!("RCAR handshake failed: {e:?}, retry {retry_count}..."); retry_count += 1; tokio::time::sleep(Duration::from_secs(RCAR_RETRY_TIMEOUT_SECOND)).await; } @@ -301,7 +301,7 @@ impl KbsClientCapabilities for KbsClient> { .get(&remote_url) .send() .await - .map_err(|e| Error::HttpError(format!("get failed: {e}")))?; + .map_err(|e| Error::HttpError(format!("get failed: {e:?}")))?; match res.status() { reqwest::StatusCode::OK => { diff --git a/attestation-agent/kbs_protocol/src/client/token_client.rs b/attestation-agent/kbs_protocol/src/client/token_client.rs index ea7ca0c81..e99d6842d 100644 --- a/attestation-agent/kbs_protocol/src/client/token_client.rs +++ b/attestation-agent/kbs_protocol/src/client/token_client.rs @@ -53,7 +53,7 @@ impl KbsClientCapabilities for KbsClient> { .bearer_auth(&token.content) .send() .await - .map_err(|e| Error::HttpError(format!("get failed: {e}")))?; + .map_err(|e| Error::HttpError(format!("get failed: {e:?}")))?; match res.status() { reqwest::StatusCode::OK => { diff --git a/attestation-agent/kbs_protocol/src/evidence_provider/native.rs b/attestation-agent/kbs_protocol/src/evidence_provider/native.rs index acad6c691..bff0a58c0 100644 --- a/attestation-agent/kbs_protocol/src/evidence_provider/native.rs +++ b/attestation-agent/kbs_protocol/src/evidence_provider/native.rs @@ -16,7 +16,7 @@ pub struct NativeEvidenceProvider(BoxedAttester); impl NativeEvidenceProvider { pub fn new() -> Result { let tee = detect_tee_type().try_into().map_err(|e| { - Error::NativeEvidenceProvider(format!("failed to initialize tee driver: {e}")) + Error::NativeEvidenceProvider(format!("failed to initialize tee driver: {e:?}")) })?; Ok(Self(tee)) } diff --git a/attestation-agent/kbs_protocol/src/token_provider/aa/mod.rs b/attestation-agent/kbs_protocol/src/token_provider/aa/mod.rs index b34178ba2..94593fbb3 100644 --- a/attestation-agent/kbs_protocol/src/token_provider/aa/mod.rs +++ b/attestation-agent/kbs_protocol/src/token_provider/aa/mod.rs @@ -38,7 +38,7 @@ struct Message { impl AATokenProvider { pub async fn new() -> Result { let c = ttrpc::r#async::Client::connect(AA_SOCKET_FILE) - .map_err(|e| Error::AATokenProvider(format!("ttrpc connect failed {e}")))?; + .map_err(|e| Error::AATokenProvider(format!("ttrpc connect failed {e:?}")))?; let client = AttestationAgentServiceClient::new(c); Ok(Self { client }) } @@ -55,14 +55,15 @@ impl TokenProvider for AATokenProvider { .client .get_token(context::with_timeout(50 * 1000 * 1000 * 1000), &req) .await - .map_err(|e| Error::AATokenProvider(format!("cal ttrpc failed: {e}")))?; + .map_err(|e| Error::AATokenProvider(format!("cal ttrpc failed: {e:?}")))?; let message: Message = serde_json::from_slice(&bytes.Token).map_err(|e| { - Error::AATokenProvider(format!("deserialize attestation-agent reply failed: {e}")) + Error::AATokenProvider(format!("deserialize attestation-agent reply failed: {e:?}")) })?; let token = Token::new(message.token) - .map_err(|e| Error::AATokenProvider(format!("deserialize token failed: {e}")))?; - let tee_keypair = TeeKeyPair::from_pkcs1_pem(&message.tee_keypair) - .map_err(|e| Error::AATokenProvider(format!("deserialize tee keypair failed: {e}")))?; + .map_err(|e| Error::AATokenProvider(format!("deserialize token failed: {e:?}")))?; + let tee_keypair = TeeKeyPair::from_pkcs1_pem(&message.tee_keypair).map_err(|e| { + Error::AATokenProvider(format!("deserialize tee keypair failed: {e:?}")) + })?; Ok((token, tee_keypair)) } } diff --git a/confidential-data-hub/hub/src/auth/kbs.rs b/confidential-data-hub/hub/src/auth/kbs.rs index 311d686cf..32d2c0410 100644 --- a/confidential-data-hub/hub/src/auth/kbs.rs +++ b/confidential-data-hub/hub/src/auth/kbs.rs @@ -29,9 +29,9 @@ impl Hub { } } - let kbs_client = KbcClient::new() - .await - .map_err(|e| Error::InitializationFailed(format!("kbs client creation failed: {e}")))?; + let kbs_client = KbcClient::new().await.map_err(|e| { + Error::InitializationFailed(format!("kbs client creation failed: {e:?}")) + })?; fs::create_dir_all(KBS_RESOURCE_STORAGE_DIR) .await @@ -46,7 +46,7 @@ impl Hub { .get_secret(v, &Annotations::default()) .await .map_err(|e| { - Error::InitializationFailed(format!("kbs client get resource failed: {e}")) + Error::InitializationFailed(format!("kbs client get resource failed: {e:?}")) })?; let target_path = PathBuf::from(k); diff --git a/confidential-data-hub/hub/src/bin/ttrpc_server/mod.rs b/confidential-data-hub/hub/src/bin/ttrpc_server/mod.rs index 558376036..e7a71e5b4 100644 --- a/confidential-data-hub/hub/src/bin/ttrpc_server/mod.rs +++ b/confidential-data-hub/hub/src/bin/ttrpc_server/mod.rs @@ -117,7 +117,7 @@ impl KeyProviderService for Server { let reader = reader.as_ref().expect("must be initialized"); let key_provider_input: KeyProviderInput = serde_json::from_slice(&req.KeyProviderKeyWrapProtocolInput[..]).map_err(|e| { - error!("[ttRPC CDH] UnwrapKey parse KeyProviderInput failed : {e}"); + error!("[ttRPC CDH] UnwrapKey parse KeyProviderInput failed : {e:?}"); let mut status = Status::new(); status.set_code(Code::INTERNAL); status.set_message("[ERROR] UnwrapKey Parse request failed".into()); @@ -125,7 +125,7 @@ impl KeyProviderService for Server { })?; let annotation_packet = key_provider_input.get_annotation().map_err(|e| { - error!("[ttRPC CDH] UnwrapKey get AnnotationPacket failed: {e}"); + error!("[ttRPC CDH] UnwrapKey get AnnotationPacket failed: {e:?}"); let mut status = Status::new(); status.set_code(Code::INTERNAL); status.set_message("[ERROR] UnwrapKey Parse request failed".to_string()); @@ -152,7 +152,7 @@ impl KeyProviderService for Server { }; let lek = serde_json::to_vec(&output_struct).map_err(|e| { - error!("[ttRPC CDH] UnWrapKey failed to serialize LEK : {e}"); + error!("[ttRPC CDH] UnWrapKey failed to serialize LEK : {e:?}"); let mut status = Status::new(); status.set_code(Code::INTERNAL); status.set_message("[CDH] [ERROR]: UnwrapKey serialize response failed".to_string()); diff --git a/confidential-data-hub/hub/src/config.rs b/confidential-data-hub/hub/src/config.rs index 55984dbe7..341de4fd0 100644 --- a/confidential-data-hub/hub/src/config.rs +++ b/confidential-data-hub/hub/src/config.rs @@ -176,7 +176,6 @@ impl CdhConfig { let c = Config::builder() .set_default("socket", DEFAULT_CDH_SOCKET_ADDR)? .set_default("kbc.url", "")? - .set_default("kbc.kbs_cert", "")? .add_source(File::with_name(config_path)) .build()?; @@ -301,7 +300,7 @@ name = "offline_fs_kbc" kbc: KbsConfig { name: "offline_fs_kbc".to_string(), url: "".to_string(), - kbs_cert: Some("".to_string()), + kbs_cert: None, }, credentials: vec![], image: ImageConfiguration { @@ -328,7 +327,7 @@ some_undefined_field = "unknown value" kbc: KbsConfig { name: "offline_fs_kbc".to_string(), url: "".to_string(), - kbs_cert: Some("".to_string()), + kbs_cert: None, }, credentials: vec![], image: ImageConfiguration { diff --git a/confidential-data-hub/hub/src/hub.rs b/confidential-data-hub/hub/src/hub.rs index 79e56ce13..1254de7f4 100644 --- a/confidential-data-hub/hub/src/hub.rs +++ b/confidential-data-hub/hub/src/hub.rs @@ -61,7 +61,7 @@ impl Hub { // Current the whole process of CDH would be influenced by the HTTPS_PROXY env if let Some(https_proxy) = config.image.image_pull_proxy { match env::var("HTTPS_PROXY") { - Ok(e) => warn!("`image_pull_proxy` is given from config but the current process has a `HTTPS_PROXY` env value {e}, skip override."), + Ok(e) => warn!("`image_pull_proxy` is given from config but the current process has a `HTTPS_PROXY` env value {e:?}, skip override."), Err(env::VarError::NotPresent) => { info!("image_pull_proxy is set to: {}", https_proxy); env::set_var("HTTPS_PROXY", https_proxy); @@ -72,7 +72,7 @@ impl Hub { if let Some(no_proxy) = config.image.skip_proxy_ips { match env::var("NO_PROXY") { - Ok(e) => warn!("`skip_proxy_ips` is given from config but the current process has one `NO_PROXY` env value {e}, skip override."), + Ok(e) => warn!("`skip_proxy_ips` is given from config but the current process has one `NO_PROXY` env value {e:?}, skip override."), Err(env::VarError::NotPresent) => { info!("no_proxy is set to: {}", no_proxy); env::set_var("NO_PROXY", no_proxy); diff --git a/confidential-data-hub/image/src/annotation_packet/v2.rs b/confidential-data-hub/image/src/annotation_packet/v2.rs index 07e60af2b..8695692d0 100644 --- a/confidential-data-hub/image/src/annotation_packet/v2.rs +++ b/confidential-data-hub/image/src/annotation_packet/v2.rs @@ -91,7 +91,7 @@ impl TryInto for AnnotationPacketV2 { let kid = resource_uri::ResourceUri::try_from(&self.kid[..]).map_err(|e| { Error::ParseAnnotationPacket { - source: anyhow!("illegal ResourceUri in `kid` field: {e}"), + source: anyhow!("illegal ResourceUri in `kid` field: {e:?}"), } })?; diff --git a/confidential-data-hub/image/src/lib.rs b/confidential-data-hub/image/src/lib.rs index 25e9c341d..8f13f2bef 100644 --- a/confidential-data-hub/image/src/lib.rs +++ b/confidential-data-hub/image/src/lib.rs @@ -13,7 +13,7 @@ pub use error::*; pub async fn unwrap_key(annotation_packet: &[u8]) -> Result> { let annotation_packet: AnnotationPacket = serde_json::from_slice(annotation_packet).map_err(|e| Error::ParseAnnotationPacket { - source: anyhow!("deserialize failed, {e}"), + source: anyhow!("deserialize failed, {e:?}"), })?; let lek = annotation_packet.unwrap_key().await?; diff --git a/confidential-data-hub/kms/src/plugins/aliyun/client/client_key_client/mod.rs b/confidential-data-hub/kms/src/plugins/aliyun/client/client_key_client/mod.rs index 11ec904b8..c86db6e7f 100644 --- a/confidential-data-hub/kms/src/plugins/aliyun/client/client_key_client/mod.rs +++ b/confidential-data-hub/kms/src/plugins/aliyun/client/client_key_client/mod.rs @@ -47,8 +47,9 @@ pub struct ClientKeyClient { impl ClientKeyClient { fn read_kms_instance_cert(cert_pem: &[u8]) -> Result { - let kms_instance_ca_cert = Certificate::from_pem(cert_pem) - .map_err(|e| Error::AliyunKmsError(format!("read kms instance ca cert failed: {e}")))?; + let kms_instance_ca_cert = Certificate::from_pem(cert_pem).map_err(|e| { + Error::AliyunKmsError(format!("read kms instance ca cert failed: {e:?}")) + })?; Ok(kms_instance_ca_cert) } @@ -60,7 +61,7 @@ impl ClientKeyClient { ) -> Result { let credential = CredentialClientKey::new(client_key, password).map_err(|e| { Error::AliyunKmsError(format!( - "create client_key credential of the kms instance failed: {e}" + "create client_key credential of the kms instance failed: {e:?}" )) })?; @@ -72,7 +73,7 @@ impl ClientKeyClient { .use_rustls_tls() .add_root_certificate(cert) .build() - .map_err(|e| Error::AliyunKmsError(format!("build http client failed: {e}")))?; + .map_err(|e| Error::AliyunKmsError(format!("build http client failed: {e:?}")))?; Ok(Self { credential, @@ -91,7 +92,7 @@ impl ClientKeyClient { let provider_settings: AliClientKeyProviderSettings = serde_json::from_value(Value::Object(provider_settings.clone())).map_err(|e| { - Error::AliyunKmsError(format!("parse client_key provider setting failed: {e}")) + Error::AliyunKmsError(format!("parse client_key provider setting failed: {e:?}")) })?; let cert_path = format!( @@ -108,13 +109,13 @@ impl ClientKeyClient { ); let cert_pem = fs::read_to_string(cert_path).await.map_err(|e| { - Error::AliyunKmsError(format!("read kms instance pem cert failed: {e}")) + Error::AliyunKmsError(format!("read kms instance pem cert failed: {e:?}")) })?; let pswd = fs::read_to_string(pswd_path).await.map_err(|e| { - Error::AliyunKmsError(format!("read password of the credential failed: {e}")) + Error::AliyunKmsError(format!("read password of the credential failed: {e:?}")) })?; let client_key = fs::read_to_string(client_key_path).await.map_err(|e| { - Error::AliyunKmsError(format!("read client key of the credential failed: {e}")) + Error::AliyunKmsError(format!("read client key of the credential failed: {e:?}")) })?; Self::new( @@ -135,7 +136,9 @@ impl ClientKeyClient { }; let provider_settings = serde_json::to_value(client_key_provider_settings) - .map_err(|e| Error::AliyunKmsError(format!("serialize ProviderSettings failed: {e}")))? + .map_err(|e| { + Error::AliyunKmsError(format!("serialize ProviderSettings failed: {e:?}")) + })? .as_object() .expect("must be an object") .to_owned(); @@ -159,29 +162,29 @@ impl Encrypter for ClientKeyClient { let mut body = Vec::new(); encrypt_request.encode(&mut body).map_err(|e| { Error::AliyunKmsError(format!( - "encode encrypt request body using protobuf failed: {e}" + "encode encrypt request body using protobuf failed: {e:?}" )) })?; let headers = self.build_headers("Encrypt", &body).map_err(|e| { - Error::AliyunKmsError(format!("build encrypt request http header failed: {e}")) + Error::AliyunKmsError(format!("build encrypt request http header failed: {e:?}")) })?; - let res = self - .do_request(body, headers) - .await - .map_err(|e| Error::AliyunKmsError(format!("do request to kms server failed: {e}")))?; + let res = self.do_request(body, headers).await.map_err(|e| { + Error::AliyunKmsError(format!("do request to kms server failed: {e:?}")) + })?; let encrypt_response = dkms_api::EncryptResponse::decode(&res[..]).map_err(|e| { Error::AliyunKmsError(format!( - "decrypt encrypt response using protobuf failed: {e}" + "decrypt encrypt response using protobuf failed: {e:?}" )) })?; let annotations = AliCryptAnnotations { iv: STANDARD.encode(encrypt_response.iv), }; - let annotations = serde_json::to_value(annotations) - .map_err(|e| Error::AliyunKmsError(format!("serialize SecretSettings failed: {e}")))?; + let annotations = serde_json::to_value(annotations).map_err(|e| { + Error::AliyunKmsError(format!("serialize SecretSettings failed: {e:?}")) + })?; let annotations = annotations .as_object() .expect("must be an object") @@ -201,13 +204,13 @@ impl Decrypter for ClientKeyClient { let secret_settings: AliCryptAnnotations = serde_json::from_value(Value::Object(annotations.clone())).map_err(|e| { Error::AliyunKmsError(format!( - "deserialize SecretSettings for decryption failed: {e}" + "deserialize SecretSettings for decryption failed: {e:?}" )) })?; - let iv = STANDARD - .decode(secret_settings.iv) - .map_err(|e| Error::AliyunKmsError(format!("decode iv for decryption failed: {e}")))?; + let iv = STANDARD.decode(secret_settings.iv).map_err(|e| { + Error::AliyunKmsError(format!("decode iv for decryption failed: {e:?}")) + })?; let decrypt_request = dkms_api::DecryptRequest { aad: vec![], iv, @@ -218,20 +221,21 @@ impl Decrypter for ClientKeyClient { }; let mut body = Vec::new(); decrypt_request.encode(&mut body).map_err(|e| { - Error::AliyunKmsError(format!("encode decrypt request using protobuf failed: {e}")) + Error::AliyunKmsError(format!( + "encode decrypt request using protobuf failed: {e:?}" + )) })?; let headers = self.build_headers("Decrypt", &body).map_err(|e| { - Error::AliyunKmsError(format!("build decrypt request http header failed: {e}")) + Error::AliyunKmsError(format!("build decrypt request http header failed: {e:?}")) })?; - let res = self - .do_request(body, headers) - .await - .map_err(|e| Error::AliyunKmsError(format!("do request to kms server failed: {e}")))?; + let res = self.do_request(body, headers).await.map_err(|e| { + Error::AliyunKmsError(format!("do request to kms server failed: {e:?}")) + })?; let decrypt_response = dkms_api::DecryptResponse::decode(&res[..]).map_err(|e| { Error::AliyunKmsError(format!( - "decode decrypt response using protobuf failed: {e}" + "decode decrypt response using protobuf failed: {e:?}" )) })?; Ok(decrypt_response.plaintext) @@ -243,7 +247,7 @@ impl ClientKeyClient { let secret_settings: AliSecretAnnotations = serde_json::from_value(Value::Object(annotations.clone())).map_err(|e| { Error::AliyunKmsError(format!( - "deserialize SecretSettings for get_secret failed: {e}" + "deserialize SecretSettings for get_secret failed: {e:?}" )) })?; @@ -256,22 +260,23 @@ impl ClientKeyClient { }; get_secret_request.encode(&mut body).map_err(|e| { Error::AliyunKmsError(format!( - "encode get_secret request using protobuf failed: {e}" + "encode get_secret request using protobuf failed: {e:?}" )) })?; let headers = self.build_headers("GetSecretValue", &body).map_err(|e| { - Error::AliyunKmsError(format!("build get_secret request http header failed: {e}")) + Error::AliyunKmsError(format!( + "build get_secret request http header failed: {e:?}" + )) })?; - let res = self - .do_request(body, headers) - .await - .map_err(|e| Error::AliyunKmsError(format!("do request to kms server failed: {e}")))?; + let res = self.do_request(body, headers).await.map_err(|e| { + Error::AliyunKmsError(format!("do request to kms server failed: {e:?}")) + })?; let get_secret_response = dkms_api::GetSecretValueResponse::decode(&res[..]).map_err(|e| { Error::AliyunKmsError(format!( - "decode get_secret response using protobuf failed: {e}" + "decode get_secret response using protobuf failed: {e:?}" )) })?; let secret_data = get_secret_response.secret_data.as_bytes().to_vec(); diff --git a/confidential-data-hub/kms/src/plugins/aliyun/client/ecs_ram_role_client/mod.rs b/confidential-data-hub/kms/src/plugins/aliyun/client/ecs_ram_role_client/mod.rs index 97d11c12a..376ffb6b0 100644 --- a/confidential-data-hub/kms/src/plugins/aliyun/client/ecs_ram_role_client/mod.rs +++ b/confidential-data-hub/kms/src/plugins/aliyun/client/ecs_ram_role_client/mod.rs @@ -53,13 +53,13 @@ impl EcsRamRoleClient { let ecs_ram_role_str = fs::read_to_string(ecs_ram_role_path).await.map_err(|e| { Error::AliyunKmsError(format!( - "read ecs_ram_role with `fs::read_to_string()` failed: {e}" + "read ecs_ram_role with `fs::read_to_string()` failed: {e:?}" )) })?; let ecs_ram_role_json: EcsRamRoleJson = serde_json::from_str(&ecs_ram_role_str).map_err(|e| { - Error::AliyunKmsError(format!("parse ecs_ram_role JSON file failed: {e}")) + Error::AliyunKmsError(format!("parse ecs_ram_role JSON file failed: {e:?}")) })?; Ok(Self::new( @@ -102,7 +102,7 @@ impl EcsRamRoleClient { let sts_credential = self .get_session_credential() .await - .map_err(|e| Error::AliyunKmsError(format!("Get sts token from IMDS failed: {e}")))?; + .map_err(|e| Error::AliyunKmsError(format!("Get sts token from IMDS failed: {e:?}")))?; let client = StsTokenClient::from_sts_token( sts_credential, @@ -110,7 +110,7 @@ impl EcsRamRoleClient { self.region_id.clone(), ) .map_err(|e| { - Error::AliyunKmsError(format!("Failed to create HTTP client to get secret: {e}")) + Error::AliyunKmsError(format!("Failed to create HTTP client to get secret: {e:?}")) })?; client.get_secret(name, annotations).await diff --git a/confidential-data-hub/kms/src/plugins/aliyun/client/mod.rs b/confidential-data-hub/kms/src/plugins/aliyun/client/mod.rs index 89270cd8a..419f456f1 100644 --- a/confidential-data-hub/kms/src/plugins/aliyun/client/mod.rs +++ b/confidential-data-hub/kms/src/plugins/aliyun/client/mod.rs @@ -87,7 +87,7 @@ impl AliyunKmsClient { .await .map_err(|e| { Error::AliyunKmsError(format!( - "build ClientKeyClient with `from_provider_settings()` failed: {e}" + "build ClientKeyClient with `from_provider_settings()` failed: {e:?}" )) })?, }, @@ -96,7 +96,7 @@ impl AliyunKmsClient { .await .map_err(|e| { Error::AliyunKmsError(format!( - "build EcsRamRoleClient with `from_provider_settings()` failed: {e}" + "build EcsRamRoleClient with `from_provider_settings()` failed: {e:?}" )) })?, }, @@ -105,7 +105,7 @@ impl AliyunKmsClient { .await .map_err(|e| { Error::AliyunKmsError(format!( - "build EcsRamRoleClient with `from_provider_settings()` failed: {e}" + "build EcsRamRoleClient with `from_provider_settings()` failed: {e:?}" )) })?, }, @@ -123,7 +123,7 @@ impl AliyunKmsClient { AliyunKmsClient::ClientKey { inner } => { let mut provider_settings = inner.export_provider_settings().map_err(|e| { Error::AliyunKmsError(format!( - "ClientKeyClient `export_provider_settings()` failed: {e}" + "ClientKeyClient `export_provider_settings()` failed: {e:?}" )) })?; diff --git a/confidential-data-hub/kms/src/plugins/aliyun/client/sts_token_client/mod.rs b/confidential-data-hub/kms/src/plugins/aliyun/client/sts_token_client/mod.rs index 28e2ee984..0216aa613 100644 --- a/confidential-data-hub/kms/src/plugins/aliyun/client/sts_token_client/mod.rs +++ b/confidential-data-hub/kms/src/plugins/aliyun/client/sts_token_client/mod.rs @@ -47,7 +47,7 @@ impl StsTokenClient { let http_client = ClientBuilder::new() .use_rustls_tls() .build() - .map_err(|e| Error::AliyunKmsError(format!("build http client failed: {e}")))?; + .map_err(|e| Error::AliyunKmsError(format!("build http client failed: {e:?}")))?; Ok(Self { ak: sts.ak, sk: sts.sk, @@ -83,7 +83,7 @@ impl StsTokenClient { let http_client = ClientBuilder::new() .use_rustls_tls() .build() - .map_err(|e| Error::AliyunKmsError(format!("build http client failed: {e}")))?; + .map_err(|e| Error::AliyunKmsError(format!("build http client failed: {e:?}")))?; Ok(Self { ak: sections[0].to_string(), @@ -108,27 +108,30 @@ impl StsTokenClient { ]); let headers = self.build_headers("GetSecretValue").map_err(|e| { - Error::AliyunKmsError(format!("build get_secret request http header failed: {e}")) + Error::AliyunKmsError(format!( + "build get_secret request http header failed: {e:?}" + )) })?; let params = self .build_params("GetSecretValue", get_secret_request) .await .map_err(|e| { - Error::AliyunKmsError(format!("build get_secret request http param failed: {e}")) + Error::AliyunKmsError(format!("build get_secret request http param failed: {e:?}")) })?; - let res = self - .do_request(headers, params) - .await - .map_err(|e| Error::AliyunKmsError(format!("do request to kms server failed: {e}")))?; + let res = self.do_request(headers, params).await.map_err(|e| { + Error::AliyunKmsError(format!("do request to kms server failed: {e:?}")) + })?; let res_string: String = String::from_utf8(res).map_err(|e| { - Error::AliyunKmsError(format!("get_secret response using `from_utf8` failed: {e}")) + Error::AliyunKmsError(format!( + "get_secret response using `from_utf8` failed: {e:?}" + )) })?; let get_secret_response: Value = serde_json::from_str(&res_string).map_err(|e| { Error::AliyunKmsError(format!( - "get_secret response using `serde_json` failed: {e}" + "get_secret response using `serde_json` failed: {e:?}" )) })?; let secret_data = if let Some(secret_data_str) = get_secret_response["SecretData"].as_str() diff --git a/confidential-data-hub/kms/src/plugins/ehsm/client.rs b/confidential-data-hub/kms/src/plugins/ehsm/client.rs index 87e66d9f3..4aa632840 100644 --- a/confidential-data-hub/kms/src/plugins/ehsm/client.rs +++ b/confidential-data-hub/kms/src/plugins/ehsm/client.rs @@ -55,17 +55,18 @@ impl EhsmKmsClient { info!("EHSM_IN_GUEST_KEY_PATH = {}", key_path); let provider_settings: EhsmProviderSettings = - serde_json::from_value(Value::Object(provider_settings.clone())) - .map_err(|e| Error::EhsmKmsError(format!("parse provider setting failed: {e}")))?; + serde_json::from_value(Value::Object(provider_settings.clone())).map_err(|e| { + Error::EhsmKmsError(format!("parse provider setting failed: {e:?}")) + })?; let credential_path = format!("{}/credential_{}.json", key_path, provider_settings.app_id); let api_key = { let cred = fs::read_to_string(credential_path) .await - .map_err(|e| Error::EhsmKmsError(format!("read credential failed: {e}")))?; + .map_err(|e| Error::EhsmKmsError(format!("read credential failed: {e:?}")))?; let cred: Credential = serde_json::from_str(&cred) - .map_err(|e| Error::EhsmKmsError(format!("serialize credential failed: {e}")))?; + .map_err(|e| Error::EhsmKmsError(format!("serialize credential failed: {e:?}")))?; cred.api_key }; @@ -86,7 +87,7 @@ impl EhsmKmsClient { }; let provider_settings = serde_json::to_value(provider_settings) - .map_err(|e| Error::EhsmKmsError(format!("serialize ProviderSettings failed: {e}")))? + .map_err(|e| Error::EhsmKmsError(format!("serialize ProviderSettings failed: {e:?}")))? .as_object() .expect("must be an object") .to_owned(); @@ -102,7 +103,7 @@ impl Encrypter for EhsmKmsClient { .client .encrypt(key_id, &STANDARD.encode(data), None) .await - .map_err(|e| Error::EhsmKmsError(format!("EHSM-KMS encrypt failed: {e}")))?; + .map_err(|e| Error::EhsmKmsError(format!("EHSM-KMS encrypt failed: {e:?}")))?; let annotations = Annotations::new(); @@ -123,14 +124,14 @@ impl Decrypter for EhsmKmsClient { .decrypt( key_id, std::str::from_utf8(ciphertext).map_err(|e| { - Error::EhsmKmsError(format!("decrypt &[u8] to &str failed: {e}")) + Error::EhsmKmsError(format!("decrypt &[u8] to &str failed: {e:?}")) })?, None, ) .await - .map_err(|e| Error::EhsmKmsError(format!("EHSM-KMS decrypt failed: {e}")))?; + .map_err(|e| Error::EhsmKmsError(format!("EHSM-KMS decrypt failed: {e:?}")))?; let plaintext = STANDARD.decode(plaintext_b64).map_err(|e| { - Error::EhsmKmsError(format!("decode plaintext for decryption failed: {e}")) + Error::EhsmKmsError(format!("decode plaintext for decryption failed: {e:?}")) })?; Ok(plaintext) @@ -145,7 +146,7 @@ impl EhsmKmsClient { .client .create_key(key_spec, origin, keyusage) .await - .map_err(|e| Error::EhsmKmsError(format!("EHSM-KMS create key failed: {e}")))?; + .map_err(|e| Error::EhsmKmsError(format!("EHSM-KMS create key failed: {e:?}")))?; Ok(key_id) } diff --git a/confidential-data-hub/kms/src/plugins/kbs/cc_kbc.rs b/confidential-data-hub/kms/src/plugins/kbs/cc_kbc.rs index 1c0720dd0..222edd03f 100644 --- a/confidential-data-hub/kms/src/plugins/kbs/cc_kbc.rs +++ b/confidential-data-hub/kms/src/plugins/kbs/cc_kbc.rs @@ -23,9 +23,9 @@ pub struct CcKbc { impl CcKbc { pub async fn new(kbs_host_url: &str) -> Result { - let token_provider = AATokenProvider::new() - .await - .map_err(|e| Error::KbsClientError(format!("create AA token provider failed: {e}")))?; + let token_provider = AATokenProvider::new().await.map_err(|e| { + Error::KbsClientError(format!("create AA token provider failed: {e:?}")) + })?; let client = kbs_protocol::KbsClientBuilder::with_token_provider( Box::new(token_provider), kbs_host_url, @@ -44,7 +44,7 @@ impl CcKbc { let client = client .build() - .map_err(|e| Error::KbsClientError(format!("create kbs client failed: {e}")))?; + .map_err(|e| Error::KbsClientError(format!("create kbs client failed: {e:?}")))?; Ok(Self { client }) } @@ -57,7 +57,7 @@ impl Kbc for CcKbc { .client .get_resource(rid) .await - .map_err(|e| Error::KbsClientError(format!("get resource failed: {e}")))?; + .map_err(|e| Error::KbsClientError(format!("get resource failed: {e:?}")))?; Ok(secret) } } diff --git a/confidential-data-hub/kms/src/plugins/kbs/mod.rs b/confidential-data-hub/kms/src/plugins/kbs/mod.rs index bb09aa813..d3d0c17c1 100644 --- a/confidential-data-hub/kms/src/plugins/kbs/mod.rs +++ b/confidential-data-hub/kms/src/plugins/kbs/mod.rs @@ -35,7 +35,7 @@ impl RealClient { async fn new() -> Result { let params = env::var("AA_KBC_PARAMS").expect("must be initialized"); let params = AaKbcParams::try_from(params) - .map_err(|e| Error::KbsClientError(format!("Failed to parse aa_kbc_params: {e}")))?; + .map_err(|e| Error::KbsClientError(format!("Failed to parse aa_kbc_params: {e:?}")))?; let c = match ¶ms.kbc[..] { #[cfg(feature = "kbs")] diff --git a/confidential-data-hub/kms/src/plugins/kbs/offline_fs.rs b/confidential-data-hub/kms/src/plugins/kbs/offline_fs.rs index 0a35aff22..6e7907908 100644 --- a/confidential-data-hub/kms/src/plugins/kbs/offline_fs.rs +++ b/confidential-data-hub/kms/src/plugins/kbs/offline_fs.rs @@ -53,18 +53,20 @@ impl OfflineFsKbc { let file = match fs::read(path).await { Ok(f) => f, Err(e) => { - warn!("Failed to read file {path} to init offline-fs-kbc: {e}"); + warn!("Failed to read file {path} to init offline-fs-kbc: {e:?}"); return Ok(()); } }; let map: HashMap = serde_json::from_slice(&file).map_err(|e| { - Error::KbsClientError(format!("offline-fs-kbc: illegal resource file {path}: {e}")) + Error::KbsClientError(format!( + "offline-fs-kbc: illegal resource file {path}: {e:?}" + )) })?; for (k, v) in &map { let value = STANDARD.decode(v).map_err(|e| { Error::KbsClientError(format!( - "offline-fs-kbc: decode value from file {path} failed: {e}" + "offline-fs-kbc: decode value from file {path} failed: {e:?}" )) })?; if self.resources.insert(k.to_owned(), value).is_some() { diff --git a/confidential-data-hub/kms/src/plugins/kbs/sev/client.rs b/confidential-data-hub/kms/src/plugins/kbs/sev/client.rs index 527fc0599..914627e53 100644 --- a/confidential-data-hub/kms/src/plugins/kbs/sev/client.rs +++ b/confidential-data-hub/kms/src/plugins/kbs/sev/client.rs @@ -44,33 +44,33 @@ struct RealKbc { impl RealKbc { async fn new(kbs_uri: &str) -> Result { sev::mount_security_fs().map_err(|e| { - Error::KbsClientError(format!("online-sev-kbc: mount security fs failed: {e}")) + Error::KbsClientError(format!("online-sev-kbc: mount security fs failed: {e:?}")) })?; let _secret_module = sev::SecretKernelModule::new().map_err(|e| { Error::KbsClientError(format!( - "online-sev-kbc: create SecretKernelModule failed: {e}" + "online-sev-kbc: create SecretKernelModule failed: {e:?}" )) })?; - let connection_json = fs::read_to_string(KEYS_PATH) - .await - .map_err(|e| Error::KbsClientError(format!("online-sev-kbc: Read keys failed: {e}")))?; + let connection_json = fs::read_to_string(KEYS_PATH).await.map_err(|e| { + Error::KbsClientError(format!("online-sev-kbc: Read keys failed: {e:?}")) + })?; fs::remove_file(KEYS_PATH) .await .expect("Failed to remove secret file"); let connection: Connection = serde_json::from_str(&connection_json).map_err(|e| { - Error::KbsClientError(format!("online-sev-kbc: deserialze keys failed: {e}")) + Error::KbsClientError(format!("online-sev-kbc: deserialze keys failed: {e:?}")) })?; let key = STANDARD.decode(connection.key).map_err(|e| { Error::KbsClientError(format!( - "online-sev-kbc: base64 decode connection key failed: {e}" + "online-sev-kbc: base64 decode connection key failed: {e:?}" )) })?; let kbs_uri = format!("http://{kbs_uri}").parse::().map_err(|e| { - Error::KbsClientError(format!("online-sev-kbc: parse kbs uri failed: {e}")) + Error::KbsClientError(format!("online-sev-kbc: parse kbs uri failed: {e:?}")) })?; let kbc = RealKbc { client_id: connection.client_id, @@ -122,31 +122,33 @@ impl OnlineSevKbc { .get_online_secret(request) .await .map_err(|e| { - Error::KbsClientError(format!("online-sev-kbc: sev get online secret failed: {e}")) + Error::KbsClientError(format!( + "online-sev-kbc: sev get online secret failed: {e:?}" + )) })? .into_inner(); let decrypted_payload = crypto::decrypt( Zeroizing::new(kbc.key.clone()), STANDARD.decode(response.payload).map_err(|e| { Error::KbsClientError(format!( - "online-sev-kbc: base64 decode response.payload failed: {e}" + "online-sev-kbc: base64 decode response.payload failed: {e:?}" )) })?, STANDARD.decode(response.iv).map_err(|e| { Error::KbsClientError(format!( - "online-sev-kbc: base64 decode response.iv failed: {e}" + "online-sev-kbc: base64 decode response.iv failed: {e:?}" )) })?, WrapType::Aes256Gcm, ) .map_err(|e| { - Error::KbsClientError(format!("online-sev-kbc: decrypt payload failed: {e}")) + Error::KbsClientError(format!("online-sev-kbc: decrypt payload failed: {e:?}")) })?; let payload_dict: HashMap> = bincode::deserialize(&decrypted_payload) .map_err(|e| { Error::KbsClientError(format!( - "online-sev-kbc: deserailize payload dictionary failed: {e}" + "online-sev-kbc: deserailize payload dictionary failed: {e:?}" )) })?; let res = payload_dict diff --git a/confidential-data-hub/storage/src/volume_type/aliyun/mod.rs b/confidential-data-hub/storage/src/volume_type/aliyun/mod.rs index 18ed47071..e4b44547b 100644 --- a/confidential-data-hub/storage/src/volume_type/aliyun/mod.rs +++ b/confidential-data-hub/storage/src/volume_type/aliyun/mod.rs @@ -151,7 +151,7 @@ impl Oss { .args(parameters) .spawn() .map_err(|e| { - error!("oss cmd fork failed: {e}"); + error!("oss cmd fork failed: {e:?}"); AliyunError::OssfsMountFailed })?; let oss_res = oss.wait().await?; @@ -222,7 +222,7 @@ impl Oss { .args(parameters) .spawn() .map_err(|e| { - error!("oss cmd fork failed: {e}"); + error!("oss cmd fork failed: {e:?}"); AliyunError::OssfsMountFailed })?; let oss_res = oss.wait().await?; diff --git a/confidential-data-hub/storage/src/volume_type/blockdevice/mod.rs b/confidential-data-hub/storage/src/volume_type/blockdevice/mod.rs index 4d89aae77..c8f14ccb0 100644 --- a/confidential-data-hub/storage/src/volume_type/blockdevice/mod.rs +++ b/confidential-data-hub/storage/src/volume_type/blockdevice/mod.rs @@ -62,7 +62,7 @@ async fn get_plaintext_key(resource: &str) -> anyhow::Result> { .get_secret(resource, &Annotations::default()) .await .map_err(|e| { - error!("get keys from kbs failed: {e}"); + error!("get keys from kbs failed: {e:?}"); BlockDeviceError::GetKeysFailure(e.into()) })?; return Ok(secret); diff --git a/image-rs/src/resource/kbs/native.rs b/image-rs/src/resource/kbs/native.rs index f9b2cfc3f..f29cce858 100644 --- a/image-rs/src/resource/kbs/native.rs +++ b/image-rs/src/resource/kbs/native.rs @@ -54,8 +54,8 @@ impl Native { #[async_trait] impl Client for Native { async fn get_resource(&mut self, resource_path: &str) -> Result> { - let url = - ResourceUri::try_from(resource_path).map_err(|e| anyhow!("parse ResourceUri: {e}"))?; + let url = ResourceUri::try_from(resource_path) + .map_err(|e| anyhow!("parse ResourceUri: {e:?}"))?; let resource = match &mut self.inner { Kbc::Sample(ref mut inner) => inner.get_resource(url).await?, Kbc::Cc(ref mut inner) => inner.get_resource(url).await?, diff --git a/image-rs/src/unpack.rs b/image-rs/src/unpack.rs index 3583cfcf5..047dccd6e 100644 --- a/image-rs/src/unpack.rs +++ b/image-rs/src/unpack.rs @@ -35,7 +35,7 @@ fn is_attr_available(path: &Path) -> Result { Ok(true) } Err(e) => { - debug!("xattrs is not supported for {path:?}, because {e}"); + debug!("xattrs is not supported for {path:?}, because {e:?}"); Ok(false) } } diff --git a/ocicrypt-rs/src/keywrap/keyprovider/mod.rs b/ocicrypt-rs/src/keywrap/keyprovider/mod.rs index 464670cde..374a816d6 100644 --- a/ocicrypt-rs/src/keywrap/keyprovider/mod.rs +++ b/ocicrypt-rs/src/keywrap/keyprovider/mod.rs @@ -86,7 +86,7 @@ impl KeyProviderKeyWrapProtocolOutput { let channel = tonic::transport::Channel::builder(uri) .connect() .await - .map_err(|e| anyhow!("keyprovider: error while creating channel: {e}"))?; + .map_err(|e| anyhow!("keyprovider: error while creating channel: {e:?}"))?; let mut client = crate::utils::grpc::keyprovider::key_provider_service_client::KeyProviderServiceClient::new( @@ -257,7 +257,7 @@ impl KeyProviderKeyWrapper { ) .map_err(|e| { anyhow!( - "keyprovider: error from binary provider for {} operation: {e}", + "keyprovider: error from binary provider for {} operation: {e:?}", OpKey::Wrap, ) })?; @@ -287,7 +287,7 @@ impl KeyProviderKeyWrapper { create_async_runtime()?.block_on(async { KeyProviderKeyWrapProtocolOutput::from_grpc(_input, &grpc, OpKey::Wrap) .await - .map_err(|e| format!("{e}")) + .map_err(|e| format!("{e:?}")) }) }); let protocol_output = match handler.join() { @@ -350,7 +350,7 @@ impl KeyProviderKeyWrapper { { KeyProviderKeyWrapProtocolOutput::from_command(_input, _cmd, _runner).map_err(|e| { anyhow!( - "keyprovider: error from binary provider for {} operation: {e}", + "keyprovider: error from binary provider for {} operation: {e:?}", OpKey::Unwrap, ) }) @@ -379,7 +379,7 @@ impl KeyProviderKeyWrapper { .await .map_err(|e| { format!( - "keyprovider: grpc provider failed to execute {} operation: {e}", + "keyprovider: grpc provider failed to execute {} operation: {e:?}", OpKey::Wrap, ) }) @@ -387,7 +387,7 @@ impl KeyProviderKeyWrapper { }); match handler.join() { Ok(Ok(v)) => Ok(v), - Ok(Err(e)) => bail!("failed to unwrap key by gRPC, {e}"), + Ok(Err(e)) => bail!("failed to unwrap key by gRPC, {e:?}"), Err(e) => bail!("failed to unwrap key by gRPC, {e:?}"), } } @@ -425,7 +425,7 @@ impl KeyProviderKeyWrapper { let content = String::from_utf8(_json_string.to_vec())?; KeyProviderKeyWrapProtocolOutput::from_native(&content, _dc_config).map_err(|e| { anyhow!( - "keyprovider: error from crate provider for {} operation: {e}", + "keyprovider: error from crate provider for {} operation: {e:?}", OpKey::Unwrap, ) }) @@ -542,7 +542,9 @@ fn create_async_runtime() -> std::result::Result Err(format!("keyprovider: failed to create async runtime, {e}")), + Err(e) => Err(format!( + "keyprovider: failed to create async runtime, {e:?}" + )), Ok(rt) => Ok(rt), } } @@ -709,7 +711,7 @@ mod tests { tokio::spawn(async move { if let Err(e) = serve.await { - eprintln!("Error = {e}"); + eprintln!("Error = {e:?}"); } tx.send(()).unwrap();