Release 3.8.0 (2024-05-24)

### Features * Add tee-container-log-redirect option in terraform * Create logging library for inference consented logs * Forward per request consented debugging config to roma callback * Support CPU isolation in the inference sidecar ### Bug Fixes * [IsolateBuyerAndSellerCodeExecution] Add a new code wrapper with only scoreAd and reportResult * clean up log verbosity 3 Bug: N/A GitOrigin-RevId: 52b1ca1a4c43e0769bcc74cb09ff6730e8e4c62e Change-Id: Ib016484ad09e88f320e726136adfe2b7a29383a2
privacysandbox · May 28, 2024 · c98a51c · c98a51c
1 parent fa6b006
commit c98a51c
Show file tree

Hide file tree

Showing 57 changed files with 975 additions and 393 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -121,7 +121,7 @@ repos:
 
   - id: ps_vlog_123
     name: Don't use PS_VLOG(0/1/2/3)
-    entry: sh -c '! grep --files-with-matches --recursive -E "PS_VLOG[(][012][,)]" services/'
+    entry: sh -c '! grep --files-with-matches --recursive -E "PS_VLOG[(][0123][,)]" services/'
     language: system
     types_or:
     - c++

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,22 @@
 
 All notable changes to this project will be documented in this file. See [commit-and-tag-version](https://github.com/absolute-version/commit-and-tag-version) for commit guidelines.
 
+## 3.8.0 (2024-05-24)
+
+
+### Features
+
+* Add tee-container-log-redirect option in terraform
+* Create logging library for inference consented logs
+* Forward per request consented debugging config to roma callback
+* Support CPU isolation in the inference sidecar
+
+
+### Bug Fixes
+
+* [IsolateBuyerAndSellerCodeExecution] Add a new code wrapper with only scoreAd and reportResult
+* clean up log verbosity 3
+
 ## 3.7.0 (2024-05-13)
 
 

diff --git a/WORKSPACE b/WORKSPACE
@@ -23,11 +23,11 @@ http_archive(
 
 http_archive(
     name = "google_privacysandbox_servers_common",
-    # 2024-05-06
-    sha256 = "1b0d52c6218fa4db7f4760a7e197c2e656a1408549fee40cdea2cb7496a3f836",
-    strip_prefix = "data-plane-shared-libraries-10be592dd582044a79172d4c0530ce8b7ac39ae4",
+    # 2024-05-24
+    sha256 = "444f76d69afba08dfe7424dae0ff8afb26bd3f4e3396d76b7bf55668d3afd7c6",
+    strip_prefix = "data-plane-shared-libraries-3e09f7993cf6e4ef0fd33360b778f993d3cfd9ef",
     urls = [
-        "https://github.com/privacysandbox/data-plane-shared-libraries/archive/10be592dd582044a79172d4c0530ce8b7ac39ae4.zip",
+        "https://github.com/privacysandbox/data-plane-shared-libraries/archive/3e09f7993cf6e4ef0fd33360b778f993d3cfd9ef.zip",
     ],
 )
 

diff --git a/production/deploy/gcp/terraform/environment/demo/buyer/buyer.tf b/production/deploy/gcp/terraform/environment/demo/buyer/buyer.tf
@@ -173,4 +173,5 @@ module "buyer" {
       }
     }
   }
+  enable_tee_container_log_redirect = false
 }
diff --git a/production/deploy/gcp/terraform/environment/demo/seller/seller.tf b/production/deploy/gcp/terraform/environment/demo/seller/seller.tf
@@ -174,4 +174,5 @@ module "seller" {
       }
     }
   }
+  enable_tee_container_log_redirect = false
 }
diff --git a/production/deploy/gcp/terraform/modules/buyer/service.tf b/production/deploy/gcp/terraform/modules/buyer/service.tf
@@ -62,6 +62,7 @@ module "autoscaling" {
   instance_template_waits_for_instances = var.instance_template_waits_for_instances
   depends_on                            = [module.security, module.networking, resource.google_secret_manager_secret.runtime_flag_secrets, resource.google_secret_manager_secret_version.runtime_flag_secret_values]
   collector_startup_script              = var.collector_startup_script
+  enable_tee_container_log_redirect     = var.enable_tee_container_log_redirect
 }
 
 module "load_balancing" {

diff --git a/production/deploy/gcp/terraform/modules/buyer/service_vars.tf b/production/deploy/gcp/terraform/modules/buyer/service_vars.tf
@@ -139,3 +139,9 @@ variable "fast_nat" {
   type        = bool
   default     = false
 }
+
+variable "enable_tee_container_log_redirect" {
+  description = "If true, redirect the TEE container logs to the VM's serial port."
+  type        = bool
+  default     = true
+}
diff --git a/production/deploy/gcp/terraform/modules/seller/service.tf b/production/deploy/gcp/terraform/modules/seller/service.tf
@@ -60,6 +60,7 @@ module "autoscaling" {
   instance_template_waits_for_instances = var.instance_template_waits_for_instances
   depends_on                            = [module.security, module.networking, resource.google_secret_manager_secret.runtime_flag_secrets, resource.google_secret_manager_secret_version.runtime_flag_secret_values]
   collector_startup_script              = var.collector_startup_script
+  enable_tee_container_log_redirect     = var.enable_tee_container_log_redirect
 }
 
 module "load_balancing" {

diff --git a/production/deploy/gcp/terraform/modules/seller/service_vars.tf b/production/deploy/gcp/terraform/modules/seller/service_vars.tf
@@ -144,3 +144,9 @@ variable "fast_nat" {
   type        = bool
   default     = false
 }
+
+variable "enable_tee_container_log_redirect" {
+  description = "If true, redirect the TEE container logs to the VM's serial port."
+  type        = bool
+  default     = true
+}
diff --git a/production/deploy/gcp/terraform/services/autoscaling/main.tf b/production/deploy/gcp/terraform/services/autoscaling/main.tf
@@ -91,7 +91,7 @@ resource "google_compute_instance_template" "frontends" {
   }
   metadata = {
     tee-image-reference              = var.frontend_tee_image
-    tee-container-log-redirect       = true
+    tee-container-log-redirect       = var.enable_tee_container_log_redirect
     tee-impersonate-service-accounts = var.tee_impersonate_service_accounts
     mesh-name                        = var.mesh_name
     environment                      = var.environment
@@ -248,7 +248,7 @@ resource "google_compute_instance_template" "backends" {
   metadata = {
     mesh-name                        = var.mesh_name
     tee-image-reference              = var.backend_tee_image
-    tee-container-log-redirect       = true
+    tee-container-log-redirect       = var.enable_tee_container_log_redirect
     tee-impersonate-service-accounts = var.tee_impersonate_service_accounts
     operator                         = var.operator
   }

diff --git a/production/deploy/gcp/terraform/services/autoscaling/variables.tf b/production/deploy/gcp/terraform/services/autoscaling/variables.tf
@@ -168,3 +168,9 @@ variable "collector_startup_script" {
   description = "Script to configure and start the otel collector."
   type        = string
 }
+
+variable "enable_tee_container_log_redirect" {
+  description = "If true, redirect the TEE container logs to the VM's serial port."
+  type        = bool
+  default     = true
+}
diff --git a/production/deploy/gcp/terraform/services/dashboards/buyer_dashboard/main.tf b/production/deploy/gcp/terraform/services/dashboards/buyer_dashboard/main.tf
@@ -314,7 +314,7 @@ resource "google_monitoring_dashboard" "environment_dashboard" {
                 "timeSeriesQuery": {
                   "timeSeriesFilter": {
                     "aggregation": {
-                      "alignmentPeriod": "60s",
+                      "alignmentPeriod": "300s",
                       "crossSeriesReducer": "REDUCE_PERCENTILE_95",
                       "groupByFields": [
                         "metric.label.\"service_name\"",
@@ -353,12 +353,12 @@ resource "google_monitoring_dashboard" "environment_dashboard" {
                 "timeSeriesQuery": {
                   "timeSeriesFilter": {
                     "aggregation": {
-                      "alignmentPeriod": "60s",
+                      "alignmentPeriod": "300s",
                       "perSeriesAligner": "ALIGN_RATE"
                     },
                     "filter": "metric.type=\"workload.googleapis.com/bfe.initiated_request.to_bidding.errors_count\" resource.type=\"generic_task\" metric.label.\"deployment_environment\"=\"${var.environment}\"",
                     "secondaryAggregation": {
-                      "alignmentPeriod": "60s",
+                      "alignmentPeriod": "300s",
                       "crossSeriesReducer": "REDUCE_MEAN",
                       "groupByFields": [
                         "metric.label.\"status_code\"",
@@ -398,12 +398,12 @@ resource "google_monitoring_dashboard" "environment_dashboard" {
                 "timeSeriesQuery": {
                   "timeSeriesFilter": {
                     "aggregation": {
-                      "alignmentPeriod": "60s",
+                      "alignmentPeriod": "300s",
                       "perSeriesAligner": "ALIGN_RATE"
                     },
                     "filter": "metric.type=\"workload.googleapis.com/js_execution.errors_count\" resource.type=\"generic_task\" metric.label.\"deployment_environment\"=\"${var.environment}\"",
                     "secondaryAggregation": {
-                      "alignmentPeriod": "60s",
+                      "alignmentPeriod": "300s",
                       "crossSeriesReducer": "REDUCE_MEAN",
                       "groupByFields": [
                         "metric.label.\"service_name\"",
@@ -442,12 +442,12 @@ resource "google_monitoring_dashboard" "environment_dashboard" {
                 "timeSeriesQuery": {
                   "timeSeriesFilter": {
                     "aggregation": {
-                      "alignmentPeriod": "60s",
+                      "alignmentPeriod": "300s",
                       "perSeriesAligner": "ALIGN_RATE"
                     },
                     "filter": "metric.type=\"workload.googleapis.com/bidding.business_logic.bids_count\" resource.type=\"generic_task\" metric.label.\"deployment_environment\"=\"${var.environment}\"",
                     "secondaryAggregation": {
-                      "alignmentPeriod": "60s",
+                      "alignmentPeriod": "300s",
                       "crossSeriesReducer": "REDUCE_MEAN",
                       "groupByFields": [
                         "metric.label.\"service_name\"",
@@ -485,12 +485,12 @@ resource "google_monitoring_dashboard" "environment_dashboard" {
                 "timeSeriesQuery": {
                   "timeSeriesFilter": {
                     "aggregation": {
-                      "alignmentPeriod": "60s",
+                      "alignmentPeriod": "300s",
                       "perSeriesAligner": "ALIGN_RATE"
                     },
                     "filter": "metric.type=\"workload.googleapis.com/bidding.business_logic.zero_bid_count\" resource.type=\"generic_task\" metric.label.\"deployment_environment\"=\"${var.environment}\"",
                     "secondaryAggregation": {
-                      "alignmentPeriod": "60s",
+                      "alignmentPeriod": "300s",
                       "crossSeriesReducer": "REDUCE_MEAN",
                       "groupByFields": [
                         "metric.label.\"service_name\"",
@@ -529,7 +529,7 @@ resource "google_monitoring_dashboard" "environment_dashboard" {
                 "timeSeriesQuery": {
                   "timeSeriesFilter": {
                     "aggregation": {
-                      "alignmentPeriod": "60s",
+                      "alignmentPeriod": "300s",
                       "crossSeriesReducer": "REDUCE_PERCENTILE_95",
                       "groupByFields": [
                         "metric.label.\"service_name\"",
@@ -569,12 +569,12 @@ resource "google_monitoring_dashboard" "environment_dashboard" {
                 "timeSeriesQuery": {
                   "timeSeriesFilter": {
                     "aggregation": {
-                      "alignmentPeriod": "60s",
+                      "alignmentPeriod": "300s",
                       "perSeriesAligner": "ALIGN_RATE"
                     },
                     "filter": "metric.type=\"workload.googleapis.com/initiated_request.count\" resource.type=\"generic_task\" metric.label.\"deployment_environment\"=\"${var.environment}\"",
                     "secondaryAggregation": {
-                      "alignmentPeriod": "60s",
+                      "alignmentPeriod": "300s",
                       "crossSeriesReducer": "REDUCE_MEAN",
                       "groupByFields": [
                         "metric.label.\"server_name\"",
@@ -613,7 +613,7 @@ resource "google_monitoring_dashboard" "environment_dashboard" {
                 "timeSeriesQuery": {
                   "timeSeriesFilter": {
                     "aggregation": {
-                      "alignmentPeriod": "60s",
+                      "alignmentPeriod": "300s",
                       "crossSeriesReducer": "REDUCE_PERCENTILE_95",
                       "groupByFields": [
                         "metric.label.\"service_name\"",
@@ -652,7 +652,7 @@ resource "google_monitoring_dashboard" "environment_dashboard" {
                 "timeSeriesQuery": {
                   "timeSeriesFilter": {
                     "aggregation": {
-                      "alignmentPeriod": "60s",
+                      "alignmentPeriod": "300s",
                       "crossSeriesReducer": "REDUCE_PERCENTILE_95",
                       "groupByFields": [
                         "metric.label.\"service_name\"",
@@ -691,7 +691,7 @@ resource "google_monitoring_dashboard" "environment_dashboard" {
                 "timeSeriesQuery": {
                   "timeSeriesFilter": {
                     "aggregation": {
-                      "alignmentPeriod": "60s",
+                      "alignmentPeriod": "300s",
                       "crossSeriesReducer": "REDUCE_PERCENTILE_95",
                       "groupByFields": [
                         "metric.label.\"service_name\"",
@@ -730,7 +730,7 @@ resource "google_monitoring_dashboard" "environment_dashboard" {
                 "timeSeriesQuery": {
                   "timeSeriesFilter": {
                     "aggregation": {
-                      "alignmentPeriod": "60s",
+                      "alignmentPeriod": "300s",
                       "crossSeriesReducer": "REDUCE_PERCENTILE_95",
                       "groupByFields": [
                         "metric.label.\"service_name\"",
@@ -770,7 +770,7 @@ resource "google_monitoring_dashboard" "environment_dashboard" {
                 "timeSeriesQuery": {
                   "timeSeriesFilter": {
                     "aggregation": {
-                      "alignmentPeriod": "60s",
+                      "alignmentPeriod": "300s",
                       "crossSeriesReducer": "REDUCE_PERCENTILE_95",
                       "groupByFields": [
                         "metric.label.\"service_name\"",
@@ -810,12 +810,12 @@ resource "google_monitoring_dashboard" "environment_dashboard" {
                 "timeSeriesQuery": {
                   "timeSeriesFilter": {
                     "aggregation": {
-                      "alignmentPeriod": "60s",
+                      "alignmentPeriod": "300s",
                       "perSeriesAligner": "ALIGN_RATE"
                     },
                     "filter": "metric.type=\"workload.googleapis.com/bfe.errors_count\" resource.type=\"generic_task\" metric.label.\"deployment_environment\"=\"${var.environment}\"",
                     "secondaryAggregation": {
-                      "alignmentPeriod": "60s",
+                      "alignmentPeriod": "300s",
                       "crossSeriesReducer": "REDUCE_MEAN",
                       "groupByFields": [
                         "metric.label.\"error_code\"",
@@ -854,12 +854,12 @@ resource "google_monitoring_dashboard" "environment_dashboard" {
                 "timeSeriesQuery": {
                   "timeSeriesFilter": {
                     "aggregation": {
-                      "alignmentPeriod": "60s",
+                      "alignmentPeriod": "300s",
                       "perSeriesAligner": "ALIGN_RATE"
                     },
                     "filter": "metric.type=\"workload.googleapis.com/bidding.errors_count\" resource.type=\"generic_task\" metric.label.\"deployment_environment\"=\"${var.environment}\"",
                     "secondaryAggregation": {
-                      "alignmentPeriod": "60s",
+                      "alignmentPeriod": "300s",
                       "crossSeriesReducer": "REDUCE_MEAN",
                       "groupByFields": [
                         "metric.label.\"error_code\"",
@@ -899,12 +899,12 @@ resource "google_monitoring_dashboard" "environment_dashboard" {
                 "timeSeriesQuery": {
                   "timeSeriesFilter": {
                     "aggregation": {
-                      "alignmentPeriod": "60s",
+                      "alignmentPeriod": "300s",
                       "perSeriesAligner": "ALIGN_RATE"
                     },
                     "filter": "metric.type=\"workload.googleapis.com/initiated_request.to_kv.errors_count\" resource.type=\"generic_task\" metric.label.\"deployment_environment\"=\"${var.environment}\"",
                     "secondaryAggregation": {
-                      "alignmentPeriod": "60s",
+                      "alignmentPeriod": "300s",
                       "crossSeriesReducer": "REDUCE_MEAN",
                       "groupByFields": [
                         "metric.label.\"status_code\"",
@@ -987,7 +987,7 @@ resource "google_monitoring_dashboard" "environment_dashboard" {
                 "timeSeriesQuery": {
                   "timeSeriesFilter": {
                     "aggregation": {
-                      "alignmentPeriod": "60s",
+                      "alignmentPeriod": "300s",
                       "crossSeriesReducer": "REDUCE_PERCENTILE_95",
                       "groupByFields": [
                         "metric.label.\"service_name\"",