config: enable azure snp version fetcher again + minimum age for latest version (#1899)

* fetch latest version when older than 2 weeks * extend hack upload tool to pass an upload date * Revert "config: disable user-facing version Azure SEV SNP fetch for v2.8 (#1882)" This reverts commit c7b22d314a. * fix tests * use NewAzureSEVSNPVersionList for type guarantees * Revert "use NewAzureSEVSNPVersionList for type guarantees" This reverts commit 942566453f4b4a2b6dc16f8689248abf1dc47db4. * assure list is sorted * improve root.go style * daniel feedback
2025-08-06 05:54:28 -04:00 · 2023-06-09 12:48:12 +02:00 · 2023-06-09 12:48:12 +02:00 · 3fde118b33
commit 3fde118b33
parent 72e168e653
13 changed files with 239 additions and 189 deletions
--- a/rfc/attestation-config.md
+++ b/rfc/attestation-config.md
@ -129,6 +129,9 @@ While this API should stay compatible with old release, extensive changes to our
 In this case a new API version will be used to retrieve the config in the updated format, e.g. `/constellation/v2/attestation/<ATTESTATION_VARIANT>/`.
 The old API will still receive updates for at least the next release cycle, during this time this API version will also return a deprecation warning when requesting `list`.

+### Azure SEV-SNP
+IMPORTANT: Since the current version fetches from the Azure SEV-SNP report are not guaranteed to be globally rolled out at the time of the report, we introduce a minimum age (2 weeks) of the version to consider it a valid latest version.
+This validation is only enforced on the fetcher side! This means that the HTTP endpoints contain all versions, even those that do not yet have the minimum age.
 ### AWS

 AWS provides a way to precalculate launch-measurements for their firmware in SEV-SNP CVMs.