Reduce number of Fernet log messages

This particular message gets quite repetitive as it's logged per token
creation & validation request. Once max_active_keys is reached, it has
little utility beyond letting you know that the number of active Fernet
keys is (still) correct.

NOTE: Unlike the patch to master, this backport does not change the log
message itself, only whether or not it is logged.

Change-Id: I6f497a5defa3c1da5bda54aa5f9e7303a0352d83
Closes-Bug: 1452418
(cherry picked from commit 207e9783bdc5ae6200a77f3307197777634da951)

1 files changed, 10 insertions, 4 deletions

diff --git a/keystone/token/providers/fernet/utils.py b/keystone/token/providers/fernet/utils.py
index ab5859da8..823fc3b17 100644
--- a/keystone/token/providers/fernet/utils.py
+++ b/keystone/token/providers/fernet/utils.py
@@ -246,10 +246,16 @@ def load_keys():
                 else:
                     keys[key_id] = key_file.read()
 
-    LOG.info(_LI(
-        'Loaded %(count)s encryption keys from: %(dir)s'), {
-            'count': len(keys),
-            'dir': CONF.fernet_tokens.key_repository})
+    if len(keys) != CONF.fernet_tokens.max_active_keys:
+        # If there haven't been enough key rotations to reach max_active_keys,
+        # or if the configured value of max_active_keys has changed since the
+        # last rotation, then reporting the discrepancy might be useful. Once
+        # the number of keys matches max_active_keys, this log entry is too
+        # repetitive to be useful.
+        LOG.info(_LI(
+            'Loaded %(count)s encryption keys from: %(dir)s'), {
+                'count': len(keys),
+                'dir': CONF.fernet_tokens.key_repository})
 
     # return the encryption_keys, sorted by key number, descending
     return [keys[x] for x in sorted(keys.keys(), reverse=True)]