confidential-containers · fitzthum · Sep 26, 2024 · Sep 26, 2024 · Sep 26, 2024
@@ -68,7 +68,7 @@ impl Attester for SgxDcapAttester {
                     report_data.as_ptr() as *const sgx_report_data_t,
                 ) {
                     Ok(_) => occlum_quote,
-                    Err(e) => bail!("generate quote: {e}"),
+                    Err(e) => bail!("generate quote: {e:?}"),
                 }
             }
             SgxLibOsType::Gramine => {

@@ -56,14 +56,14 @@ impl KeyProviderService for KeyProvider {
         )
         .map_err(|e| {
             Status::invalid_argument(format!(
-                "key_provider_key_wrap_protocol_input is not legal utf8 string: {e}"
+                "key_provider_key_wrap_protocol_input is not legal utf8 string: {e:?}"
             ))
         })?;
 
         debug!("WrapKey API Request Input: {}", input_string);
         let input: KeyProviderInput = serde_json::from_str::<KeyProviderInput>(&input_string)
             .map_err(|e| {
-                Status::invalid_argument(format!("parse key provider input failed: {e}"))
+                Status::invalid_argument(format!("parse key provider input failed: {e:?}"))
             })?;
         let optsdata = input
             .keywrapparams
@@ -101,21 +101,21 @@ impl KeyProviderService for KeyProvider {
             params,
         )
         .await
-        .map_err(|e| Status::internal(format!("encrypt failed: {e}")))?;
+        .map_err(|e| Status::internal(format!("encrypt failed: {e:?}")))?;
 
         let output_struct = KeyWrapOutput {
             keywrapresults: KeyWrapResults {
                 annotation: annotation.as_bytes().to_vec(),
             },
         };
         let output = serde_json::to_string(&output_struct)
-            .map_err(|e| Status::internal(format!("serde json failed: {e}")))?
+            .map_err(|e| Status::internal(format!("serde json failed: {e:?}")))?
             .as_bytes()
             .to_vec();
         debug!(
             "WrapKey API output: {}",
             serde_json::to_string(&output_struct)
-                .map_err(|e| Status::internal(format!("serde json failed: {e}")))?
+                .map_err(|e| Status::internal(format!("serde json failed: {e:?}")))?
         );
         let reply = KeyProviderKeyWrapProtocolOutput {
             key_provider_key_wrap_protocol_output: output,

@@ -80,7 +80,8 @@ impl<T> KbsClientBuilder<T> {
             .timeout(Duration::from_secs(KBS_REQ_TIMEOUT_SEC));
 
         for customer_root_cert in &self.kbs_certs {
-            let cert = reqwest::Certificate::from_pem(customer_root_cert.as_bytes())?;
+            let cert = reqwest::Certificate::from_pem(customer_root_cert.as_bytes())
+                .context("read KBS public key cert")?;
             http_client_builder = http_client_builder.add_root_certificate(cert);
         }
 
@@ -90,12 +91,12 @@ impl<T> KbsClientBuilder<T> {
         }
 
         let tee_key = match self.tee_key {
-            Some(key) => TeeKeyPair::from_pkcs1_pem(&key[..])?,
+            Some(key) => TeeKeyPair::from_pkcs1_pem(&key[..]).context("read tee public key")?,
             None => TeeKeyPair::new()?,
         };
 
         let token = match self.token {
-            Some(t) => Some(Token::new(t)?),
+            Some(t) => Some(Token::new(t).context("read token")?),
             None => None,
         };
 

@@ -123,9 +123,9 @@ impl KbsClient<Box<dyn EvidenceProvider>> {
                 Ok(_) => break,
                 Err(e) => {
                     if retry_count >= RCAR_MAX_ATTEMPT {
-                        return Err(Error::RcarHandshake(format!("Unable to get token. RCAR handshake retried {RCAR_MAX_ATTEMPT} times. Final attempt failed with: {e}")));
+                        return Err(Error::RcarHandshake(format!("Unable to get token. RCAR handshake retried {RCAR_MAX_ATTEMPT} times. Final attempt failed with: {e:?}")));
                     } else {
-                        warn!("RCAR handshake failed: {e}, retry {retry_count}...");
+                        warn!("RCAR handshake failed: {e:?}, retry {retry_count}...");
                         retry_count += 1;
                         tokio::time::sleep(Duration::from_secs(RCAR_RETRY_TIMEOUT_SECOND)).await;
                     }
@@ -301,7 +301,7 @@ impl KbsClientCapabilities for KbsClient<Box<dyn EvidenceProvider>> {
                 .get(&remote_url)
                 .send()
                 .await
-                .map_err(|e| Error::HttpError(format!("get failed: {e}")))?;
+                .map_err(|e| Error::HttpError(format!("get failed: {e:?}")))?;
 
             match res.status() {
                 reqwest::StatusCode::OK => {

@@ -53,7 +53,7 @@ impl KbsClientCapabilities for KbsClient<Box<dyn TokenProvider>> {
                 .bearer_auth(&token.content)
                 .send()
                 .await
-                .map_err(|e| Error::HttpError(format!("get failed: {e}")))?;
+                .map_err(|e| Error::HttpError(format!("get failed: {e:?}")))?;
 
             match res.status() {
                 reqwest::StatusCode::OK => {

@@ -16,7 +16,7 @@ pub struct NativeEvidenceProvider(BoxedAttester);
 impl NativeEvidenceProvider {
     pub fn new() -> Result<Self> {
         let tee = detect_tee_type().try_into().map_err(|e| {
-            Error::NativeEvidenceProvider(format!("failed to initialize tee driver: {e}"))
+            Error::NativeEvidenceProvider(format!("failed to initialize tee driver: {e:?}"))
         })?;
         Ok(Self(tee))
     }

@@ -38,7 +38,7 @@ struct Message {
 impl AATokenProvider {
     pub async fn new() -> Result<Self> {
         let c = ttrpc::r#async::Client::connect(AA_SOCKET_FILE)
-            .map_err(|e| Error::AATokenProvider(format!("ttrpc connect failed {e}")))?;
+            .map_err(|e| Error::AATokenProvider(format!("ttrpc connect failed {e:?}")))?;
         let client = AttestationAgentServiceClient::new(c);
         Ok(Self { client })
     }
@@ -55,14 +55,15 @@ impl TokenProvider for AATokenProvider {
             .client
             .get_token(context::with_timeout(50 * 1000 * 1000 * 1000), &req)
             .await
-            .map_err(|e| Error::AATokenProvider(format!("cal ttrpc failed: {e}")))?;
+            .map_err(|e| Error::AATokenProvider(format!("cal ttrpc failed: {e:?}")))?;
         let message: Message = serde_json::from_slice(&bytes.Token).map_err(|e| {
-            Error::AATokenProvider(format!("deserialize attestation-agent reply failed: {e}"))
+            Error::AATokenProvider(format!("deserialize attestation-agent reply failed: {e:?}"))
         })?;
         let token = Token::new(message.token)
-            .map_err(|e| Error::AATokenProvider(format!("deserialize token failed: {e}")))?;
-        let tee_keypair = TeeKeyPair::from_pkcs1_pem(&message.tee_keypair)
-            .map_err(|e| Error::AATokenProvider(format!("deserialize tee keypair failed: {e}")))?;
+            .map_err(|e| Error::AATokenProvider(format!("deserialize token failed: {e:?}")))?;
+        let tee_keypair = TeeKeyPair::from_pkcs1_pem(&message.tee_keypair).map_err(|e| {
+            Error::AATokenProvider(format!("deserialize tee keypair failed: {e:?}"))
+        })?;
         Ok((token, tee_keypair))
     }
 }
@@ -29,9 +29,9 @@ impl Hub {
             }
         }
 
-        let kbs_client = KbcClient::new()
-            .await
-            .map_err(|e| Error::InitializationFailed(format!("kbs client creation failed: {e}")))?;
+        let kbs_client = KbcClient::new().await.map_err(|e| {
+            Error::InitializationFailed(format!("kbs client creation failed: {e:?}"))
+        })?;
 
         fs::create_dir_all(KBS_RESOURCE_STORAGE_DIR)
             .await
@@ -46,7 +46,7 @@ impl Hub {
                 .get_secret(v, &Annotations::default())
                 .await
                 .map_err(|e| {
-                    Error::InitializationFailed(format!("kbs client get resource failed: {e}"))
+                    Error::InitializationFailed(format!("kbs client get resource failed: {e:?}"))
                 })?;
 
             let target_path = PathBuf::from(k);

@@ -117,15 +117,15 @@ impl KeyProviderService for Server {
         let reader = reader.as_ref().expect("must be initialized");
         let key_provider_input: KeyProviderInput =
             serde_json::from_slice(&req.KeyProviderKeyWrapProtocolInput[..]).map_err(|e| {
-                error!("[ttRPC CDH] UnwrapKey parse KeyProviderInput failed : {e}");
+                error!("[ttRPC CDH] UnwrapKey parse KeyProviderInput failed : {e:?}");
                 let mut status = Status::new();
                 status.set_code(Code::INTERNAL);
                 status.set_message("[ERROR] UnwrapKey Parse request failed".into());
                 Error::RpcStatus(status)
             })?;
 
         let annotation_packet = key_provider_input.get_annotation().map_err(|e| {
-            error!("[ttRPC CDH] UnwrapKey get AnnotationPacket failed: {e}");
+            error!("[ttRPC CDH] UnwrapKey get AnnotationPacket failed: {e:?}");
             let mut status = Status::new();
             status.set_code(Code::INTERNAL);
             status.set_message("[ERROR] UnwrapKey Parse request failed".to_string());
@@ -152,7 +152,7 @@ impl KeyProviderService for Server {
         };
 
         let lek = serde_json::to_vec(&output_struct).map_err(|e| {
-            error!("[ttRPC CDH] UnWrapKey failed to serialize LEK : {e}");
+            error!("[ttRPC CDH] UnWrapKey failed to serialize LEK : {e:?}");
             let mut status = Status::new();
             status.set_code(Code::INTERNAL);
             status.set_message("[CDH] [ERROR]: UnwrapKey serialize response failed".to_string());

@@ -176,7 +176,6 @@ impl CdhConfig {
         let c = Config::builder()
             .set_default("socket", DEFAULT_CDH_SOCKET_ADDR)?
             .set_default("kbc.url", "")?
-            .set_default("kbc.kbs_cert", "")?
             .add_source(File::with_name(config_path))
             .build()?;
 
@@ -301,7 +300,7 @@ name = "offline_fs_kbc"
         kbc: KbsConfig {
             name: "offline_fs_kbc".to_string(),
             url: "".to_string(),
-            kbs_cert: Some("".to_string()),
+            kbs_cert: None,
         },
         credentials: vec![],
         image: ImageConfiguration {
@@ -328,7 +327,7 @@ some_undefined_field = "unknown value"
         kbc: KbsConfig {
             name: "offline_fs_kbc".to_string(),
             url: "".to_string(),
-            kbs_cert: Some("".to_string()),
+            kbs_cert: None,
         },
         credentials: vec![],
         image: ImageConfiguration {

@@ -61,7 +61,7 @@ impl Hub {
         // Current the whole process of CDH would be influenced by the HTTPS_PROXY env
         if let Some(https_proxy) = config.image.image_pull_proxy {
             match env::var("HTTPS_PROXY") {
-                Ok(e) => warn!("`image_pull_proxy` is given from config but the current process has a `HTTPS_PROXY` env value {e}, skip override."),
+                Ok(e) => warn!("`image_pull_proxy` is given from config but the current process has a `HTTPS_PROXY` env value {e:?}, skip override."),
                 Err(env::VarError::NotPresent) => {
                     info!("image_pull_proxy is set to: {}", https_proxy);
                     env::set_var("HTTPS_PROXY", https_proxy);
@@ -72,7 +72,7 @@ impl Hub {
 
         if let Some(no_proxy) = config.image.skip_proxy_ips {
             match env::var("NO_PROXY") {
-                Ok(e) => warn!("`skip_proxy_ips` is given from config but the current process has one `NO_PROXY` env value {e}, skip override."),
+                Ok(e) => warn!("`skip_proxy_ips` is given from config but the current process has one `NO_PROXY` env value {e:?}, skip override."),
                 Err(env::VarError::NotPresent) => {
                     info!("no_proxy is set to: {}", no_proxy);
                     env::set_var("NO_PROXY", no_proxy);

@@ -91,7 +91,7 @@ impl TryInto<super::v1::AnnotationPacket> for AnnotationPacketV2 {
 
         let kid = resource_uri::ResourceUri::try_from(&self.kid[..]).map_err(|e| {
             Error::ParseAnnotationPacket {
-                source: anyhow!("illegal ResourceUri in `kid` field: {e}"),
+                source: anyhow!("illegal ResourceUri in `kid` field: {e:?}"),
             }
         })?;
 

@@ -13,7 +13,7 @@ pub use error::*;
 pub async fn unwrap_key(annotation_packet: &[u8]) -> Result<Vec<u8>> {
     let annotation_packet: AnnotationPacket =
         serde_json::from_slice(annotation_packet).map_err(|e| Error::ParseAnnotationPacket {
-            source: anyhow!("deserialize failed, {e}"),
+            source: anyhow!("deserialize failed, {e:?}"),
         })?;
     let lek = annotation_packet.unwrap_key().await?;