adding to log traces, set env SKR_TRACE_ON for failed cases (#1853)

pankajosh · web-flow · commit f3fdc658fc19 · 2024-03-25T00:32:38.000+05:30
* adding to log traces, set env SKR_TRACE_ON for failed cases

* update the log message
diff --git a/VMEncryption/main/check_util.py b/VMEncryption/main/check_util.py
@@ -401,17 +401,25 @@ def validate_skr_release_rsa_or_ec_key(self,public_settings,check_release_rsa_or
             return
         manage_id = public_settings.get(CommonVariables.EncryptionManagedIdentity)
         KeyEncryptionKeyUrl=public_settings.get(CommonVariables.KeyEncryptionKeyURLKey)
-        if manage_id:
-            ret = self._update_imds_managed_id_env_variable(manage_id)
-            if not ret:
-                raise Exception(msg)
+        #checking if managed_id and KeyEncryptionKeyUrl is present. mandatory for DDE. 
+        if not manage_id:
+            raise Exception('managed identity is not provided. Managed Identity is a mandatory field.')
+        if not KeyEncryptionKeyUrl:
+            raise Exception('KEK URL is not provided. Key encryption key URL is a mandatory field.')
+        ret = self._update_imds_managed_id_env_variable(manage_id)
+        if not ret:
+            raise Exception(msg)
         cmd = './AzureAttestSKR -n 123456 -k {0} -c imds -r'.format(KeyEncryptionKeyUrl)
         executor = CommandExecutor(self.logger)
         result = executor.Execute(cmd)
         if result != CommonVariables.process_success:
-            if manage_id:
-                raise Exception ('{0} Encryption managed identity: {1}'.format(msg,manage_id))
-            raise Exception(msg)
+            #SKR is failed trace the logs.
+            self.logger.log('SKR has failed. Turn on tracing and log the output.')
+            os.environ["SKR_TRACE_ON"]="1"
+            result = executor.Execute(cmd)
+            #re-check, to ensure the SKR. 
+            if result != CommonVariables.process_success:
+                raise Exception(msg)
         return
 
     def precheck_for_fatal_failures(self, public_settings, encryption_status, DistroPatcher, existing_volume_type,check_release_rsa_or_ec_key=False):
