From eadd11d98d19c0783e30c4a3a72d29bb7ae8bd95 Mon Sep 17 00:00:00 2001
From: Katherine Chen <katherine.chen@thetradedesk.com>
Date: Thu, 11 Apr 2024 15:39:17 +1000
Subject: [PATCH] Enable log redirect

---
 .github/workflows/test.js          | 0
 scripts/gcp-oidc/Dockerfile        | 1 +
 scripts/gcp-oidc/README.md         | 4 ++--
 scripts/gcp-oidc/terraform/main.tf | 2 +-
 4 files changed, 4 insertions(+), 3 deletions(-)
 create mode 100644 .github/workflows/test.js

diff --git a/.github/workflows/test.js b/.github/workflows/test.js
new file mode 100644
index 000000000..e69de29bb
diff --git a/scripts/gcp-oidc/Dockerfile b/scripts/gcp-oidc/Dockerfile
index 82c7d1d9c..b8fa9c54a 100644
--- a/scripts/gcp-oidc/Dockerfile
+++ b/scripts/gcp-oidc/Dockerfile
@@ -2,6 +2,7 @@
 FROM eclipse-temurin@sha256:564eb67091b2cda82952299b4be52bf1b039289234b52f46057fe1286c173b71
 
 LABEL "tee.launch_policy.allow_env_override"="API_TOKEN_SECRET_NAME,DEPLOYMENT_ENVIRONMENT,CORE_BASE_URL,OPTOUT_BASE_URL"
+LABEL "tee.launch_policy.log_redirect"="always"
 
 # Install Packages
 RUN apk update && apk add jq
diff --git a/scripts/gcp-oidc/README.md b/scripts/gcp-oidc/README.md
index 4dcc3256b..1a6e35c0c 100644
--- a/scripts/gcp-oidc/README.md
+++ b/scripts/gcp-oidc/README.md
@@ -185,7 +185,7 @@ $ gcloud compute instances create {INSTANCE_NAME} \
   --image-project confidential-space-images \
   --image-family confidential-space \
   --service-account {SERVICE_ACCOUNT} \
-  --metadata ^~^tee-image-reference={OPERATOR_IMAGE}~tee-restart-policy=Never~tee-env-DEPLOYMENT_ENVIRONMENT=integ~tee-env-API_TOKEN_SECRET_NAME={OPERATOR_KEY_SECRET_FULL_NAME}
+  --metadata ^~^tee-image-reference={OPERATOR_IMAGE}~tee-restart-policy=Never~tee-container-log-redirect=true~tee-env-DEPLOYMENT_ENVIRONMENT=integ~tee-env-API_TOKEN_SECRET_NAME={OPERATOR_KEY_SECRET_FULL_NAME}
 ```
 
 ## Production Deployment
@@ -212,7 +212,7 @@ $ gcloud compute instances create {INSTANCE_NAME} \
   --image-project confidential-space-images \
   --image-family confidential-space \
   --service-account {SERVICE_ACCOUNT} \
-  --metadata ^~^tee-image-reference={OPERATOR_IMAGE}~tee-restart-policy=Never~tee-env-DEPLOYMENT_ENVIRONMENT=prod~tee-env-API_TOKEN_SECRET_NAME={OPERATOR_KEY_SECRET_FULL_NAME}
+  --metadata ^~^tee-image-reference={OPERATOR_IMAGE}~tee-restart-policy=Never~tee-container-log-redirect=true~tee-env-DEPLOYMENT_ENVIRONMENT=prod~tee-env-API_TOKEN_SECRET_NAME={OPERATOR_KEY_SECRET_FULL_NAME}
 ```
 
 Note that compared to the `gcloud` command used in the prior section, parameter `--machine-type n2d-standard-16` is set to ensure production deployment of UID2 Operator runs on the recommended machine type for production.
diff --git a/scripts/gcp-oidc/terraform/main.tf b/scripts/gcp-oidc/terraform/main.tf
index 73fafc076..c32d6eb77 100644
--- a/scripts/gcp-oidc/terraform/main.tf
+++ b/scripts/gcp-oidc/terraform/main.tf
@@ -104,7 +104,7 @@ resource "google_compute_instance_template" "uid_operator" {
 
   metadata = {
     tee-image-reference            = var.uid_operator_image
-    tee-container-log-redirect     = var.debug_mode
+    tee-container-log-redirect     = true
     tee-restart-policy             = "Never"
     tee-env-DEPLOYMENT_ENVIRONMENT = var.uid_deployment_env
     tee-env-API_TOKEN_SECRET_NAME  = module.secret-manager.secret_versions[0]