config: sign Azure versions on upload & verify on fetch (#1836)

* add SignContent() + integrate into configAPI * use static client for upload versions tool; fix staticupload calleeReference bug * use version to get proper cosign pub key. * mock fetcher in CLI tests * only provide config.New constructor with fetcher Co-authored-by: Otto Bittner <cobittner@posteo.net> Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2025-05-03 14:54:53 -04:00 · 2023-06-01 13:55:46 +02:00 · 2023-06-01 13:55:46 +02:00 · b51cc52945
commit b51cc52945
parent e0285c122e
55 changed files with 752 additions and 308 deletions
--- a/internal/config/azure.go
+++ b/internal/config/azure.go
@ -13,6 +13,7 @@ import (

 	"github.com/edgelesssys/constellation/v2/internal/api/configapi"
 	"github.com/edgelesssys/constellation/v2/internal/api/fetcher"
+	"github.com/edgelesssys/constellation/v2/internal/api/versionsapi"
 	"github.com/edgelesssys/constellation/v2/internal/attestation/idkeydigest"
 	"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
 	"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
@ -96,9 +97,8 @@ func (c AzureSEVSNP) EqualTo(old AttestationCfg) (bool, error) {
 }

 // FetchAndSetLatestVersionNumbers fetches the latest version numbers from the configapi and sets them.
-func (c *AzureSEVSNP) FetchAndSetLatestVersionNumbers(client fetcher.HTTPClient) error {
-	fetcher := fetcher.NewConfigAPIFetcherWithClient(client)
-	versions, err := fetcher.FetchLatestAzureSEVSNPVersion(context.Background())
+func (c *AzureSEVSNP) FetchAndSetLatestVersionNumbers(fetcher fetcher.ConfigAPIFetcher, version versionsapi.Version) error {
+	versions, err := fetcher.FetchLatestAzureSEVSNPVersion(context.Background(), version)
 	if err != nil {
 		return err
 	}