From a59aa8b5c6c9b22cc88754c6ecc3123e9ba18c7f Mon Sep 17 00:00:00 2001 From: Eric Brown Date: Thu, 30 Jun 2016 00:50:41 -0700 Subject: [PATCH] Use min to avoid checking < 1 max fernet keys If the IntOpt that represents max_active_keys for fernet tokens has a minimum set to 1, then there is no need to have additional code to check for this case. It also helps deployers avoid misconfiguration. Change-Id: I767cc6bb0e6de93c570ee61f0ea5ef83953f5044 --- keystone/conf/fernet_tokens.py | 1 + keystone/token/providers/fernet/utils.py | 6 ------ 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/keystone/conf/fernet_tokens.py b/keystone/conf/fernet_tokens.py index 0ddfcf79a9..932f70a30d 100644 --- a/keystone/conf/fernet_tokens.py +++ b/keystone/conf/fernet_tokens.py @@ -25,6 +25,7 @@ Directory containing Fernet token keys. max_active_keys = cfg.IntOpt( 'max_active_keys', default=3, + min=1, help=utils.fmt(""" This controls how many keys are held in rotation by keystone-manage fernet_rotate before they are discarded. The default value of 3 means that diff --git a/keystone/token/providers/fernet/utils.py b/keystone/token/providers/fernet/utils.py index ddff1307ea..eb22c10443 100644 --- a/keystone/token/providers/fernet/utils.py +++ b/keystone/token/providers/fernet/utils.py @@ -209,12 +209,6 @@ def rotate_keys(keystone_user_id=None, keystone_group_id=None): _create_new_key(keystone_user_id, keystone_group_id) max_active_keys = CONF.fernet_tokens.max_active_keys - # check for bad configuration - if max_active_keys < 1: - LOG.warning(_LW( - '[fernet_tokens] max_active_keys must be at least 1 to maintain a ' - 'primary key.')) - max_active_keys = 1 # purge excess keys