fix: get latest key version ID from DB for system events

[minh-nghia]

What this PR does / why we need it:
Event reconciler has no access to managers and its logic to derive provider config, so calling plugin's GetKey - which requires authenticating to key provider to update key metadata - is not possible.
This PR simplifies it by getting the version ID from the DB.

Summary by CodeRabbit

• Refactor

  • Updated internal key version information retrieval to source from database records instead of plugin queries.

• Tests

  • Modified test setup to validate key version data originates from database persistence.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 8f079325-a6d8-46a8-9a8e-a252f42c055e

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

Walkthrough

This change refactors the key-version information retrieval flow from plugin-based to database-based. A new helper function getNewestKeyVersionNativeID queries the database for the newest key version record by creation timestamp. The fetchAndPopulateVersionInfo method is updated to call this new helper instead of invoking the key management plugin's GetKey method. The test TestVersionInfoPropagation is modified to persist key-version metadata directly to the database via model.KeyVersion rows rather than configuring plugin handlers. Version identifier population is now sourced from database records, with graceful handling for missing version records.

🚥 Pre-merge checks | ✅ 1

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately reflects the main change: retrieving the latest key version ID from the database instead of the plugin, which is the core fix across all modified files.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[minh-nghia]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

internal/event-processor/reconciler_test.go (1)

802-810: Drive the freshness regression through SYSTEM_KEY_ROTATE.

This subtest still proves the refreshed version on SYSTEM_SWITCH, but the reported bug is in SYSTEM_KEY_ROTATE. Since rotate has its own key-ID validation/selection path, I’d run this assertion with JobTypeSystemKeyRotate and KeyIDFrom == KeyIDTo so the exact failing flow is covered end-to-end.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: c81fc228-828b-46d3-9e12-b8f7175b3829

📥 Commits

Reviewing files that changed from the base of the PR and between 5fbde21 and 957d963.

📒 Files selected for processing (3)

• internal/event-processor/reconciler_test.go
• internal/event-processor/repo.go
• internal/event-processor/resolvers.go