Reduce number of Fernet log messages

This particular message gets quite repetitive as it's logged per token creation & validation request. Once max_active_keys is reached, it has little utility beyond letting you know that the number of active Fernet keys is (still) correct. Change-Id: I6f497a5defa3c1da5bda54aa5f9e7303a0352d83 Closes-Bug: 1452418
2015-07-29 19:27:50 +00:00 · 2015-07-29 19:27:50 +00:00 · 207e9783bd
parent 7bf9b41ab9
commit 207e9783bd
1 changed files with 12 additions and 4 deletions
--- a/keystone/token/providers/fernet/utils.py
+++ b/keystone/token/providers/fernet/utils.py
@ -238,10 +238,18 @@ def load_keys():
            with open(path, 'r') as key_file:
                keys[int(filename)] = key_file.read()

-    LOG.info(_LI(
-        'Loaded %(count)s encryption keys from: %(dir)s'), {
-            'count': len(keys),
-            'dir': CONF.fernet_tokens.key_repository})
+    if len(keys) != CONF.fernet_tokens.max_active_keys:
+        # If there haven't been enough key rotations to reach max_active_keys,
+        # or if the configured value of max_active_keys has changed since the
+        # last rotation, then reporting the discrepancy might be useful. Once
+        # the number of keys matches max_active_keys, this log entry is too
+        # repetitive to be useful.
+        LOG.info(_LI(
+            'Loaded %(count)d encryption keys (max_active_keys=%(max)d) from: '
+            '%(dir)s'), {
+                'count': len(keys),
+                'max': CONF.fernet_tokens.max_active_keys,
+                'dir': CONF.fernet_tokens.key_repository})

    # return the encryption_keys, sorted by key number, descending
    return [keys[x] for x in sorted(keys.keys(), reverse=True)]