Use min to avoid checking < 1 max fernet keys

If the IntOpt that represents max_active_keys for fernet tokens
has a minimum set to 1, then there is no need to have additional
code to check for this case. It also helps deployers avoid
misconfiguration.

Change-Id: I767cc6bb0e6de93c570ee61f0ea5ef83953f5044
This commit is contained in:
Eric Brown 2016-06-30 00:50:41 -07:00
parent 7460877945
commit a59aa8b5c6
2 changed files with 1 additions and 6 deletions

View File

@ -25,6 +25,7 @@ Directory containing Fernet token keys.
max_active_keys = cfg.IntOpt( max_active_keys = cfg.IntOpt(
'max_active_keys', 'max_active_keys',
default=3, default=3,
min=1,
help=utils.fmt(""" help=utils.fmt("""
This controls how many keys are held in rotation by keystone-manage This controls how many keys are held in rotation by keystone-manage
fernet_rotate before they are discarded. The default value of 3 means that fernet_rotate before they are discarded. The default value of 3 means that

View File

@ -209,12 +209,6 @@ def rotate_keys(keystone_user_id=None, keystone_group_id=None):
_create_new_key(keystone_user_id, keystone_group_id) _create_new_key(keystone_user_id, keystone_group_id)
max_active_keys = CONF.fernet_tokens.max_active_keys max_active_keys = CONF.fernet_tokens.max_active_keys
# check for bad configuration
if max_active_keys < 1:
LOG.warning(_LW(
'[fernet_tokens] max_active_keys must be at least 1 to maintain a '
'primary key.'))
max_active_keys = 1
# purge excess keys # purge excess keys