keystone fernet key issuance should be redesigned not to use swift tempurls

> keystone fernet keys are uploaded to controllers in the initial deploy through swift tempurls.

That's probably not correct.

Initial configuration of fernet_keys[1] is done with puppet and subsequently rotated using ansible playbooks[2] (earlier with a mistral workflow that used to call the ansible playbook[3])

In the bz you mentioned, customer was using DeployArtifactURLs[4] interface to replace fernet keys (that can pull content from any url accessible, not only with swift temp url[4]). I think that was one of the recommended ways to rotate fernet keys in earlier versions, before the playbooks were added, but not any more.

So, Someone can use the new playbook on master or mistral workflow in older releases to rotate keys. I don't think DeployArtifactsURLs interfaces should be used anymore and anything there to be fixed for this bug.

[1] https://github.com/openstack/puppet-keystone/blob/master/manifests/init.pp#L943-L966
[2] https://github.com/openstack/tripleo-ansible/blob/master/tripleo_ansible/playbooks/rotate-fernet-keys.yaml
[3] https://github.com/openstack/tripleo-common/blob/stable/queens/workbooks/fernet-key-rotate.yaml
[4] https://github.com/openstack/tripleo-heat-templates/blob/master/common/deploy-steps.j2#L146-L150
[5] https://github.com/openstack/tripleo-common/blob/master/scripts/upload-swift-artifacts