Merge "Reduce number of Fernet log messages" into stable/kilo

1 files changed, 10 insertions, 4 deletions

diff --git a/keystone/token/providers/fernet/utils.py b/keystone/token/providers/fernet/utils.py
index ab5859da8..823fc3b17 100644
--- a/keystone/token/providers/fernet/utils.py
+++ b/keystone/token/providers/fernet/utils.py
@@ -246,10 +246,16 @@ def load_keys():
                 else:
                     keys[key_id] = key_file.read()
 
-    LOG.info(_LI(
-        'Loaded %(count)s encryption keys from: %(dir)s'), {
-            'count': len(keys),
-            'dir': CONF.fernet_tokens.key_repository})
+    if len(keys) != CONF.fernet_tokens.max_active_keys:
+        # If there haven't been enough key rotations to reach max_active_keys,
+        # or if the configured value of max_active_keys has changed since the
+        # last rotation, then reporting the discrepancy might be useful. Once
+        # the number of keys matches max_active_keys, this log entry is too
+        # repetitive to be useful.
+        LOG.info(_LI(
+            'Loaded %(count)s encryption keys from: %(dir)s'), {
+                'count': len(keys),
+                'dir': CONF.fernet_tokens.key_repository})
 
     # return the encryption_keys, sorted by key number, descending
     return [keys[x] for x in sorted(keys.keys(), reverse=True)]