From 7d22b8df7ad97c2e91eab09ff3cdee3fa87e8ede Mon Sep 17 00:00:00 2001
From: stephengaudet <32783698+stephengaudet@users.noreply.github.com>
Date: Mon, 3 Jul 2023 08:40:32 -0700
Subject: [PATCH] Fix-383 destroyed key gcp (#384)

* fix-383 destroyed key gcp - only fetch pk for enabled version

* remove unreachable code
---
 pkg/vault/cloudkms/cloudkms.go | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/pkg/vault/cloudkms/cloudkms.go b/pkg/vault/cloudkms/cloudkms.go
index 3e252860..c838d950 100644
--- a/pkg/vault/cloudkms/cloudkms.go
+++ b/pkg/vault/cloudkms/cloudkms.go
@@ -131,19 +131,16 @@ func (c *cloudKMSIterator) Next() (vault.StoredKey, error) {
 			// get key versions
 			c.verIter = c.vault.client.ListCryptoKeyVersions(c.ctx, &kmspb.ListCryptoKeyVersionsRequest{Parent: key.Name})
 		} else {
-			pub, err := c.vault.getPublicKey(c.ctx, ver.Name)
-			if err != nil {
-				return nil, fmt.Errorf("(CloudKMS/%s) getPublicKey: %w", c.vault.config.keyRingName(), err)
-			}
-			if err != nil {
-				if err != crypt.ErrUnsupportedKeyType {
+			if ver.State == kmspb.CryptoKeyVersion_ENABLED {
+				pub, err := c.vault.getPublicKey(c.ctx, ver.Name)
+				if err != nil {
 					return nil, fmt.Errorf("(CloudKMS/%s) getPublicKey: %w", c.vault.config.keyRingName(), err)
+				} else {
+					return &cloudKMSKey{
+						key: ver,
+						pub: pub,
+					}, nil
 				}
-			} else {
-				return &cloudKMSKey{
-					key: ver,
-					pub: pub,
-				}, nil
 			}
 		}
 	}