Merge pull request #12430 from vespa-engine/andreer/do-not-fail-if-secret-versions-not-yet-available

do not fail if secret version not yet available

1 files changed, 7 insertions, 4 deletions

diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificateManager.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificateManager.java
index d9f7d5f36b4..a3d90e423f8 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificateManager.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificateManager.java
@@ -187,10 +187,13 @@ public class EndpointCertificateManager {
     }
 
     private OptionalInt latestVersionInSecretStore(EndpointCertificateMetadata originalCertificateMetadata) {
-        var certVersions = new HashSet<>(secretStore.listSecretVersions(originalCertificateMetadata.certName()));
-        var keyVersions = new HashSet<>(secretStore.listSecretVersions(originalCertificateMetadata.keyName()));
-
-        return Sets.intersection(certVersions, keyVersions).stream().mapToInt(Integer::intValue).max();
+        try {
+            var certVersions = new HashSet<>(secretStore.listSecretVersions(originalCertificateMetadata.certName()));
+            var keyVersions = new HashSet<>(secretStore.listSecretVersions(originalCertificateMetadata.keyName()));
+            return Sets.intersection(certVersions, keyVersions).stream().mapToInt(Integer::intValue).max();
+        } catch (SecretNotFoundException s) {
+            return OptionalInt.empty(); // Likely because the certificate is very recently provisioned - keep current version
+        }
     }
 
     private EndpointCertificateMetadata provisionEndpointCertificate(Instance instance, Optional<EndpointCertificateMetadata> currentMetadata) {