config: enable azure snp version fetcher again + minimum age for latest version (#1899)

* fetch latest version when older than 2 weeks * extend hack upload tool to pass an upload date * Revert "config: disable user-facing version Azure SEV SNP fetch for v2.8 (#1882)" This reverts commit c7b22d314a. * fix tests * use NewAzureSEVSNPVersionList for type guarantees * Revert "use NewAzureSEVSNPVersionList for type guarantees" This reverts commit 942566453f4b4a2b6dc16f8689248abf1dc47db4. * assure list is sorted * improve root.go style * daniel feedback
2025-05-06 08:15:48 -04:00 · 2023-06-09 12:48:12 +02:00 · 2023-06-09 12:48:12 +02:00 · 3fde118b33
commit 3fde118b33
parent 72e168e653
13 changed files with 239 additions and 189 deletions
--- a/hack/configapi/cmd/root.go
+++ b/hack/configapi/cmd/root.go
@ -56,6 +56,7 @@ func newRootCmd() *cobra.Command {
 	}
 	rootCmd.Flags().StringVarP(&versionFilePath, "version-file", "f", "", "File path to the version json file.")
 	rootCmd.Flags().BoolVar(&force, "force", false, "force to upload version regardless of comparison to latest API value.")
+	rootCmd.Flags().StringP("upload-date", "d", "", "upload a version with this date as version name. Setting it implies --force.")
 	must(enforceRequiredFlags(rootCmd, "version-file"))
 	rootCmd.AddCommand(newDeleteCmd())
 	return rootCmd
@ -85,21 +86,40 @@ func runCmd(cmd *cobra.Command, _ []string) error {
 		return fmt.Errorf("unmarshalling version file: %w", err)
 	}

-	latestAPIVersion, err := attestationconfigapi.NewFetcher().FetchAzureSEVSNPVersionLatest(ctx)
+	dateStr, err := cmd.Flags().GetString("upload-date")
 	if err != nil {
-		return fmt.Errorf("fetching latest version: %w", err)
+		return fmt.Errorf("getting upload date: %w", err)
+	}
+	var uploadDate time.Time
+	if dateStr != "" {
+		uploadDate, err = time.Parse("2006-01-01-01-01", dateStr)
+		if err != nil {
+			return fmt.Errorf("parsing date: %w", err)
+		}
+	} else {
+		uploadDate = time.Now()
+		force = true
 	}

-	isNewer, err := isInputNewerThanLatestAPI(inputVersion, latestAPIVersion.AzureSEVSNPVersion)
-	if err != nil {
-		return fmt.Errorf("comparing versions: %w", err)
-	}
-	if isNewer || force {
-		if force {
-			cmd.Println("Forcing upload of new version")
-		} else {
-			cmd.Printf("Input version: %+v is newer than latest API version: %+v\n", inputVersion, latestAPIVersion)
+	doUpload := false
+	if !force {
+		latestAPIVersion, err := attestationconfigapi.NewFetcher().FetchAzureSEVSNPVersionLatest(ctx, time.Now())
+		if err != nil {
+			return fmt.Errorf("fetching latest version: %w", err)
 		}
+
+		isNewer, err := isInputNewerThanLatestAPI(inputVersion, latestAPIVersion.AzureSEVSNPVersion)
+		if err != nil {
+			return fmt.Errorf("comparing versions: %w", err)
+		}
+		cmd.Print(versionComparisonInformation(isNewer, inputVersion, latestAPIVersion.AzureSEVSNPVersion))
+		doUpload = isNewer
+	} else {
+		doUpload = true
+		cmd.Println("Forcing upload of new version")
+	}
+
+	if doUpload {
 		sut, sutClose, err := attestationconfigapi.NewClient(ctx, cfg, []byte(cosignPwd), []byte(privateKey), false, log())
 		defer func() {
 			if err := sutClose(ctx); err != nil {
@ -110,16 +130,21 @@ func runCmd(cmd *cobra.Command, _ []string) error {
 			return fmt.Errorf("creating repo: %w", err)
 		}

-		if err := sut.UploadAzureSEVSNP(ctx, inputVersion, time.Now()); err != nil {
+		if err := sut.UploadAzureSEVSNP(ctx, inputVersion, uploadDate); err != nil {
 			return fmt.Errorf("uploading version: %w", err)
 		}
 		cmd.Printf("Successfully uploaded new Azure SEV-SNP version: %+v\n", inputVersion)
-	} else {
-		cmd.Printf("Input version: %+v is not newer than latest API version: %+v\n", inputVersion, latestAPIVersion)
 	}
 	return nil
 }

+func versionComparisonInformation(isNewer bool, inputVersion attestationconfigapi.AzureSEVSNPVersion, latestAPIVersion attestationconfigapi.AzureSEVSNPVersion) string {
+	if isNewer {
+		return fmt.Sprintf("Input version: %+v is newer than latest API version: %+v\n", inputVersion, latestAPIVersion)
+	}
+	return fmt.Sprintf("Input version: %+v is not newer than latest API version: %+v\n", inputVersion, latestAPIVersion)
+}
+
 // isInputNewerThanLatestAPI compares all version fields with the latest API version and returns true if any input field is newer.
 func isInputNewerThanLatestAPI(input, latest attestationconfigapi.AzureSEVSNPVersion) (bool, error) {
 	inputValues := reflect.ValueOf(input)