From 2f580e4adbafbe6530bd8ab9eff4c085bbb53909 Mon Sep 17 00:00:00 2001 From: Dolph Mathews Date: Wed, 29 Jul 2015 19:27:50 +0000 Subject: Reduce number of Fernet log messages This particular message gets quite repetitive as it's logged per token creation & validation request. Once max_active_keys is reached, it has little utility beyond letting you know that the number of active Fernet keys is (still) correct. NOTE: Unlike the patch to master, this backport does not change the log message itself, only whether or not it is logged. Change-Id: I6f497a5defa3c1da5bda54aa5f9e7303a0352d83 Closes-Bug: 1452418 (cherry picked from commit 207e9783bdc5ae6200a77f3307197777634da951) --- keystone/token/providers/fernet/utils.py | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/keystone/token/providers/fernet/utils.py b/keystone/token/providers/fernet/utils.py index ab5859da8..823fc3b17 100644 --- a/keystone/token/providers/fernet/utils.py +++ b/keystone/token/providers/fernet/utils.py @@ -246,10 +246,16 @@ def load_keys(): else: keys[key_id] = key_file.read() - LOG.info(_LI( - 'Loaded %(count)s encryption keys from: %(dir)s'), { - 'count': len(keys), - 'dir': CONF.fernet_tokens.key_repository}) + if len(keys) != CONF.fernet_tokens.max_active_keys: + # If there haven't been enough key rotations to reach max_active_keys, + # or if the configured value of max_active_keys has changed since the + # last rotation, then reporting the discrepancy might be useful. Once + # the number of keys matches max_active_keys, this log entry is too + # repetitive to be useful. + LOG.info(_LI( + 'Loaded %(count)s encryption keys from: %(dir)s'), { + 'count': len(keys), + 'dir': CONF.fernet_tokens.key_repository}) # return the encryption_keys, sorted by key number, descending return [keys[x] for x in sorted(keys.keys(), reverse=True)] -- cgit v1.2.1