Use min to avoid checking < 1 max fernet keys
If the IntOpt that represents max_active_keys for fernet tokens has a minimum set to 1, then there is no need to have additional code to check for this case. It also helps deployers avoid misconfiguration. Change-Id: I767cc6bb0e6de93c570ee61f0ea5ef83953f5044
This commit is contained in:
parent
7460877945
commit
a59aa8b5c6
@ -25,6 +25,7 @@ Directory containing Fernet token keys.
|
|||||||
max_active_keys = cfg.IntOpt(
|
max_active_keys = cfg.IntOpt(
|
||||||
'max_active_keys',
|
'max_active_keys',
|
||||||
default=3,
|
default=3,
|
||||||
|
min=1,
|
||||||
help=utils.fmt("""
|
help=utils.fmt("""
|
||||||
This controls how many keys are held in rotation by keystone-manage
|
This controls how many keys are held in rotation by keystone-manage
|
||||||
fernet_rotate before they are discarded. The default value of 3 means that
|
fernet_rotate before they are discarded. The default value of 3 means that
|
||||||
|
@ -209,12 +209,6 @@ def rotate_keys(keystone_user_id=None, keystone_group_id=None):
|
|||||||
_create_new_key(keystone_user_id, keystone_group_id)
|
_create_new_key(keystone_user_id, keystone_group_id)
|
||||||
|
|
||||||
max_active_keys = CONF.fernet_tokens.max_active_keys
|
max_active_keys = CONF.fernet_tokens.max_active_keys
|
||||||
# check for bad configuration
|
|
||||||
if max_active_keys < 1:
|
|
||||||
LOG.warning(_LW(
|
|
||||||
'[fernet_tokens] max_active_keys must be at least 1 to maintain a '
|
|
||||||
'primary key.'))
|
|
||||||
max_active_keys = 1
|
|
||||||
|
|
||||||
# purge excess keys
|
# purge excess keys
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user