Merge "Use min to avoid checking < 1 max fernet keys"

keystone/conf/fernet_tokens.py

@@ -25,6 +25,7 @@ Directory containing Fernet token keys.
 max_active_keys = cfg.IntOpt(
     'max_active_keys',
     default=3,
+    min=1,
     help=utils.fmt("""
 This controls how many keys are held in rotation by keystone-manage
 fernet_rotate before they are discarded. The default value of 3 means that

keystone/token/providers/fernet/utils.py

@@ -209,12 +209,6 @@ def rotate_keys(keystone_user_id=None, keystone_group_id=None):
     _create_new_key(keystone_user_id, keystone_group_id)
 
     max_active_keys = CONF.fernet_tokens.max_active_keys
-    # check for bad configuration
-    if max_active_keys < 1:
-        LOG.warning(_LW(
-            '[fernet_tokens] max_active_keys must be at least 1 to maintain a '
-            'primary key.'))
-        max_active_keys = 1
 
     # purge excess keys