How to get the latest key version in Google Cloud KMS?

Assuming you have a key name what is the best way to find the latest version of that key?

I had assumed:

    masterKeyVersionIterator := client.ListCryptoKeyVersions(ctx, &kmspb.ListCryptoKeyVersionsRequest{
        Parent:   masterKeyName,
        PageSize: 1,
        OrderBy:  "createTime desc", // Can't order by "name desc" because it is probably string sort
    })

But it seems like only ordering by name is allowed.

So, is the only solution something like this?

    masterKeyVersionIterator := client.ListCryptoKeyVersions(ctx, &kmspb.ListCryptoKeyVersionsRequest{
        Parent:   masterKeyName,
        PageSize: 2147483647, // int32 max
    })

    masterKeyLatest := &kmspb.CryptoKeyVersion{CreateTime: timestamppb.New(time.Time{})}
    for {
        versionCursor, err := masterKeyVersionIterator.Next()
        if err == iterator.Done {
            break
        }
        if err != nil {
            log.Fatalln(err)
        }
        if versionCursor.CreateTime.AsTime().After(masterKeyLatest.CreateTime.AsTime()) {
            masterKeyLatest = versionCursor
        }
    }

(But I believe that is actually not totally correct either because there is a maximum page size that gcloud will send I believe, meaning that you would need to wrap this in another loop iterating the page token)

This is a very inelegant approach, is there no better way?

// Can't order by "name desc" because it is probably string sort

This isn't true. name is an output only field (documentation) and it's always set to an increasing number.

When sorted, it's done numerically.

An example:

        listCryptoKeyVersionsReq := &kmspb.ListCryptoKeyVersionsRequest{
                Parent: cryptoKey,
                OrderBy: "name desc",
        }

        it := client.ListCryptoKeyVersions(ctx, listCryptoKeyVersionsReq)

        for {
                resp, err := it.Next()
                if err == iterator.Done {
                        break
                }   
                if err != nil {
                        log.Fatalf("Failed to list key rings: %v", err)
                }   

                version, _ := strings.CutPrefix(resp.Name, cryptoKey)
                fmt.Printf("key version: %s\n", version)
        }

Output:

$ go run main.go 
key version: /cryptoKeyVersions/10
key version: /cryptoKeyVersions/9
key version: /cryptoKeyVersions/8
key version: /cryptoKeyVersions/7
key version: /cryptoKeyVersions/6
key version: /cryptoKeyVersions/5
key version: /cryptoKeyVersions/4
key version: /cryptoKeyVersions/3
key version: /cryptoKeyVersions/2
key version: /cryptoKeyVersions/1