Enable log redirect

IABTechLab · Apr 11, 2024 · eadd11d · eadd11d
1 parent e7df681
commit eadd11d
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 3 deletions.
diff --git a/.github/workflows/test.js b/.github/workflows/test.js
diff --git a/scripts/gcp-oidc/Dockerfile b/scripts/gcp-oidc/Dockerfile
@@ -2,6 +2,7 @@
 FROM eclipse-temurin@sha256:564eb67091b2cda82952299b4be52bf1b039289234b52f46057fe1286c173b71
 
 LABEL "tee.launch_policy.allow_env_override"="API_TOKEN_SECRET_NAME,DEPLOYMENT_ENVIRONMENT,CORE_BASE_URL,OPTOUT_BASE_URL"
+LABEL "tee.launch_policy.log_redirect"="always"
 
 # Install Packages
 RUN apk update && apk add jq

diff --git a/scripts/gcp-oidc/README.md b/scripts/gcp-oidc/README.md
@@ -185,7 +185,7 @@ $ gcloud compute instances create {INSTANCE_NAME} \
   --image-project confidential-space-images \
   --image-family confidential-space \
   --service-account {SERVICE_ACCOUNT} \
-  --metadata ^~^tee-image-reference={OPERATOR_IMAGE}~tee-restart-policy=Never~tee-env-DEPLOYMENT_ENVIRONMENT=integ~tee-env-API_TOKEN_SECRET_NAME={OPERATOR_KEY_SECRET_FULL_NAME}
+  --metadata ^~^tee-image-reference={OPERATOR_IMAGE}~tee-restart-policy=Never~tee-container-log-redirect=true~tee-env-DEPLOYMENT_ENVIRONMENT=integ~tee-env-API_TOKEN_SECRET_NAME={OPERATOR_KEY_SECRET_FULL_NAME}
 ```
 
 ## Production Deployment
@@ -212,7 +212,7 @@ $ gcloud compute instances create {INSTANCE_NAME} \
   --image-project confidential-space-images \
   --image-family confidential-space \
   --service-account {SERVICE_ACCOUNT} \
-  --metadata ^~^tee-image-reference={OPERATOR_IMAGE}~tee-restart-policy=Never~tee-env-DEPLOYMENT_ENVIRONMENT=prod~tee-env-API_TOKEN_SECRET_NAME={OPERATOR_KEY_SECRET_FULL_NAME}
+  --metadata ^~^tee-image-reference={OPERATOR_IMAGE}~tee-restart-policy=Never~tee-container-log-redirect=true~tee-env-DEPLOYMENT_ENVIRONMENT=prod~tee-env-API_TOKEN_SECRET_NAME={OPERATOR_KEY_SECRET_FULL_NAME}
 ```
 
 Note that compared to the `gcloud` command used in the prior section, parameter `--machine-type n2d-standard-16` is set to ensure production deployment of UID2 Operator runs on the recommended machine type for production.

diff --git a/scripts/gcp-oidc/terraform/main.tf b/scripts/gcp-oidc/terraform/main.tf
@@ -104,7 +104,7 @@ resource "google_compute_instance_template" "uid_operator" {
 
   metadata = {
     tee-image-reference            = var.uid_operator_image
-    tee-container-log-redirect     = var.debug_mode
+    tee-container-log-redirect     = true
     tee-restart-policy             = "Never"
     tee-env-DEPLOYMENT_ENVIRONMENT = var.uid_deployment_env
     tee-env-API_TOKEN_SECRET_NAME  = module.secret-manager.secret_versions[0]