fix: get latest versions of secrets instead of oldest

duffney · Nov 26, 2024 · aadd7f0 · aadd7f0
1 parent 935681c
commit aadd7f0
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/pkg/keymanagementprovider/azurekeyvault/provider.go b/pkg/keymanagementprovider/azurekeyvault/provider.go
@@ -217,8 +217,10 @@ func (s *akvKMProvider) GetCertificates(ctx context.Context) (map[keymanagementp
 				versionHistory = append(versionHistory, cert.ID.Version())
 			}
 		}
+		//TODO: check if versionHistory not greater than versionHistoryLimit to avoid runtime error
 
-		for _, version := range versionHistory[:keyVaultCert.VersionHistoryLimit] {
+		// get the latest version of the certificate up to the limit
+		for _, version := range versionHistory[len(versionHistory)-keyVaultCert.VersionHistoryLimit:] {
 			secretReponse, err := s.secretKVClient.GetSecret(ctx, keyVaultCert.Name, version)
 			if err != nil {
 				if isSecretDisabledError(err) {
@@ -277,7 +279,7 @@ func (s *akvKMProvider) GetKeys(ctx context.Context) (map[keymanagementprovider.
 			}
 		}
 
-		for _, version := range versionHistory[:keyVaultKey.VersionHistoryLimit] {
+		for _, version := range versionHistory[len(versionHistory)-keyVaultKey.VersionHistoryLimit:] {
 			keyResponse, err := s.keyKVClient.GetKey(ctx, keyVaultKey.Name, version)
 			if err != nil {
 				return nil, nil, fmt.Errorf("failed to get key objectName:%s, objectVersion:%s, error: %w", keyVaultKey.Name, version, err)