measurements: refactor validation option (#1462)

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>

cli/internal/cloudcmd/upgrade.go

@@ -272,7 +272,9 @@ func (u *Upgrader) updateMeasurements(ctx context.Context, newMeasurements measu
 
 	// don't allow potential security downgrades by setting the warnOnly flag to true
 	for k, newM := range newMeasurements {
-		if currentM, ok := currentMeasurements[k]; ok && !currentM.WarnOnly && newM.WarnOnly {
+		if currentM, ok := currentMeasurements[k]; ok &&
+			currentM.ValidationOpt != measurements.WarnOnly &&
+			newM.ValidationOpt == measurements.WarnOnly {
 			return fmt.Errorf("setting enforced measurement %d to warn only: not allowed", k)
 		}
 	}