Reduce number of Fernet log messages
This particular message gets quite repetitive as it's logged per token
creation & validation request. Once max_active_keys is reached, it has
little utility beyond letting you know that the number of active Fernet
keys is (still) correct.
NOTE: Unlike the patch to master, this backport does not change the log
message itself, only whether or not it is logged.
Change-Id: I6f497a5defa3c1da5bda54aa5f9e7303a0352d83
Closes-Bug: 1452418
(cherry picked from commit 207e9783bd
)
This commit is contained in:
parent
6c106e9800
commit
2f580e4adb
|
@ -246,10 +246,16 @@ def load_keys():
|
|||
else:
|
||||
keys[key_id] = key_file.read()
|
||||
|
||||
LOG.info(_LI(
|
||||
'Loaded %(count)s encryption keys from: %(dir)s'), {
|
||||
'count': len(keys),
|
||||
'dir': CONF.fernet_tokens.key_repository})
|
||||
if len(keys) != CONF.fernet_tokens.max_active_keys:
|
||||
# If there haven't been enough key rotations to reach max_active_keys,
|
||||
# or if the configured value of max_active_keys has changed since the
|
||||
# last rotation, then reporting the discrepancy might be useful. Once
|
||||
# the number of keys matches max_active_keys, this log entry is too
|
||||
# repetitive to be useful.
|
||||
LOG.info(_LI(
|
||||
'Loaded %(count)s encryption keys from: %(dir)s'), {
|
||||
'count': len(keys),
|
||||
'dir': CONF.fernet_tokens.key_repository})
|
||||
|
||||
# return the encryption_keys, sorted by key number, descending
|
||||
return [keys[x] for x in sorted(keys.keys(), reverse=True)]
|
||||
|
|
Loading…
Reference in New Issue