Use min to avoid checking < 1 max fernet keys
If the IntOpt that represents max_active_keys for fernet tokens has a minimum set to 1, then there is no need to have additional code to check for this case. It also helps deployers avoid misconfiguration. Change-Id: I767cc6bb0e6de93c570ee61f0ea5ef83953f5044
This commit is contained in:
Eric Brown
parent
7460877945
commit
a59aa8b5c6
@ -25,6 +25,7 @@ Directory containing Fernet token keys.
|
||||
max_active_keys = cfg.IntOpt(
|
||||
'max_active_keys',
|
||||
default=3,
|
||||
min=1,
|
||||
help=utils.fmt("""
|
||||
This controls how many keys are held in rotation by keystone-manage
|
||||
fernet_rotate before they are discarded. The default value of 3 means that
|
||||
|
||||
@ -209,12 +209,6 @@ def rotate_keys(keystone_user_id=None, keystone_group_id=None):
|
||||
_create_new_key(keystone_user_id, keystone_group_id)
|
||||
|
||||
max_active_keys = CONF.fernet_tokens.max_active_keys
|
||||
# check for bad configuration
|
||||
if max_active_keys < 1:
|
||||
LOG.warning(_LW(
|
||||
'[fernet_tokens] max_active_keys must be at least 1 to maintain a '
|
||||
'primary key.'))
|
||||
max_active_keys = 1
|
||||
|
||||
# purge excess keys
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user