[WIP] Allow using test logs from all_log_list.json for SCTs, in non-prod environments
#8157
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mcpherrinm
changed the title
test logs from all_log_list.json for SCTs, in non-prod environments
|
I think I'd prefer a boolean "SubmitToTestLogs: true". And then only care about the value of that boolean and the status of the log when constructing the list of SCTLogs -- the sets of InfoLogs and FinalLogs can submit to whatever logs we list, regardless of state and test status. |
|
I agree a "Submit to test logs" boolean is probably better. One thing about Google's log list schema is that they don't explicitly enumerate the set of log types, and recently added one ("monitoring_only") that we might want to submit to, so I wasn't eager to either accept all types or hardcode the current two |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This was a quick idea, not complete. Just opening for early feedback and CI run right now.
Chrome's all_logs_list has test logs marked as such. It would be good to restrict them to non-production environments to prevent configuration mistakes. Those logs don't have a status ("Qualified"/"Usable", etc), so that shouldn't be checked.
It's only handling Issuance right now, and may not be quite the right configuration scheme.
I'm also considering that the entire
subsetlogicmight not be the right thing to do - Should this just validate that the list of logs are configured properly, and return an error if they aren't? If at startup/config validation time, that would probably be more robust to configuration mistakes without silent unexpected behaviour.