[Bug]: Primary CryptoKey not being updated with new CryptoKey version

[AnaisUrlichs]

Is there an existing issue for this?

• I have searched the existing issues

Affected Resource(s)

• kms.gcp.upbound.io/v1beta1 - CryptoKey and CryptoKeyVersion

Resource MRs required to reproduce the bug

KeyRing, CryptoKey and CryptoKeyVersion

https://marketplace.upbound.io/providers/upbound/provider-gcp-kms/v1.5.0/resources/kms.gcp.upbound.io/CryptoKey/v1beta1
https://marketplace.upbound.io/providers/upbound/provider-gcp-kms/v1.5.0/resources/kms.gcp.upbound.io/CryptoKeyVersion/v1beta1
https://marketplace.upbound.io/providers/upbound/provider-gcp-kms/v1.5.0/resources/kms.gcp.upbound.io/KeyRing/v1beta1

Steps to Reproduce

I have deployed a KeyRing and a CryptoKey. Once the CryptoKey is deployed, it will by default create the first key version (if skipInitialVersionCreation is not set to true) and set the first key as the primary key & update the status.atProvider.primary field with the primary key version path in gcp.

Next, I deployed a new CryptoKeyVersion referencing the original CryptoKey.

What happened?

A new KeyVersion is indeed created on GCP (Version 2 if Version 1 has been created with the CryptoKey Resource). However, it is not automatically set as the primary Key.

So my questions is:
- How do I set a new CryptoKeyVersion as the Primary Key?

I have also tried importing the CryptoKeyVersion using the KeyRingImportJob. However, then it just creates the new CryptoKey Version without setting the first nor the second as the Primary Key and the status of the Key in GCP remains Not available.

Any help is highly appreciated.

Relevant Error Output Snippet

No response

Crossplane Version

1.16.0

Provider Version

1.5.0

Kubernetes Version

No response

Kubernetes Distribution

GKE

Additional Info

No response

[Sijoma]

Plus 1 here. In addition to setting a Key as primary: I'm also wondering how to restore a specific CryptoKey if it was deleted in GCP by mistake.