Replace proxy concat/template with ini provider

Maintains full backward compatibility.
Use swift_proxy_config ini provider to mange proxy-server.conf.
Remove all erb templates. Move all template logic into proxy
middleware classes. To purge proxy.conf of settings that are
not specified set the new paramater "purge_config" to "true".

Change-Id: I0a143cf812043ea0f9a008a6e5c60ec87f9a4e9a

manifests/proxy.pp

@@ -116,7 +116,10 @@
 #    See README for more details.
 #    Defaults to $::swift::params::service_provider.
 #
-# == Examples
+#  [*purge_config*]
+#    (optional) Whether to set only the specified config options
+#    in the proxy config.
+#    Defaults to false.
 #
 # == Authors
 #
@@ -150,7 +153,8 @@ class swift::proxy(
   $manage_service            = true,
   $enabled                   = true,
   $package_ensure            = 'present',
-  $service_provider          = $::swift::params::service_provider
+  $service_provider          = $::swift::params::service_provider,
+  $purge_config              = false,
 ) inherits ::swift::params {
 
   include ::swift::deps
@@ -192,12 +196,62 @@ class swift::proxy(
     tag    => ['openstack', 'swift-package'],
   }
 
-  concat { '/etc/swift/proxy-server.conf':
+  resources { 'swift_proxy_config':
-    owner   => 'swift',
+    purge => $purge_config,
-    group   => 'swift',
-    require => Package['swift-proxy'],
   }
 
+  swift_proxy_config {
+    'DEFAULT/bind_port':                          value => $port;
+    'DEFAULT/bind_ip':                            value => $proxy_local_net_ip;
+    'DEFAULT/workers':                            value => $workers;
+    'DEFAULT/user':                               value => 'swift';
+    'DEFAULT/log_name':                           value => $log_name;
+    'DEFAULT/log_facility':                       value => $log_facility;
+    'DEFAULT/log_level':                          value => $log_level;
+    'DEFAULT/log_headers':                        value => $log_headers;
+    'DEFAULT/log_address':                        value => $log_address;
+    'DEFAULT/log_udp_host':                       value => $log_udp_host;
+    'DEFAULT/log_udp_port':                       value => $log_udp_port;
+    'pipeline:main/pipeline':                     value => join($pipeline, ' ');
+    'app:proxy-server/use':                       value => 'egg:swift#proxy';
+    'app:proxy-server/set log_name':              value => $log_name;
+    'app:proxy-server/set log_facility':          value => $log_facility;
+    'app:proxy-server/set log_level':             value => $log_level;
+    'app:proxy-server/set log_address':           value => $log_address;
+    'app:proxy-server/log_handoffs':              value => $log_handoffs;
+    'app:proxy-server/allow_account_management':  value => $allow_account_management;
+    'app:proxy-server/account_autocreate':        value => $account_autocreate;
+    'app:proxy-server/write_affinity':            value => $write_affinity;
+    'app:proxy-server/write_affinity_node_count': value => $write_affinity_node_count;
+    'app:proxy-server/node_timeout':              value => $node_timeout;
+  }
+
+  if $cors_allow_origin {
+    swift_proxy_config {
+      'DEFAULT/cors_allow_origin': value => $cors_allow_origin;
+      'DEFAULT/strict_cors_mode':  value => $strict_cors_mode;
+    }
+  } else {
+    swift_proxy_config {
+      'DEFAULT/cors_allow_origin': value => $::os_service_default;
+      'DEFAULT/strict_cors_mode':  value => $::os_service_default;
+    }
+  }
+
+  if $read_affinity {
+    swift_proxy_config {
+      'app:proxy-server/sorting_method': value => 'affinity';
+      'app:proxy-server/read_affinity':  value => $read_affinity;
+    }
+  } else {
+    swift_proxy_config {
+      'app:proxy-server/sorting_method': value => $::os_service_default;
+      'app:proxy-server/read_affinity':  value => $::os_service_default;
+    }
+  }
+
+  # Remove 'proxy-server' from the pipeline, convert pipeline elements
+  # into class names then convert '-' to '_'.
   $required_classes = split(
     inline_template(
       "<%=
@@ -206,20 +260,6 @@ class swift::proxy(
           end.join(',')
       %>"), ',')
 
-  # you can now add your custom fragments at the user level
-  concat::fragment { 'swift_proxy':
-    target  => '/etc/swift/proxy-server.conf',
-    content => template('swift/proxy-server.conf.erb'),
-    order   => '00',
-    # require classes for each of the elements of the pipeline
-    # this is to ensure the user gets reasonable elements if he
-    # does not specify the backends for every specified element of
-    # the pipeline
-    before  => Class[$required_classes],
-  }
-
-  Concat['/etc/swift/proxy-server.conf'] -> Swift_proxy_config <||>
-
   if $manage_service {
     if $enabled {
       $service_ensure = 'running'
@@ -228,12 +268,13 @@ class swift::proxy(
     }
   }
 
+  # Require 'swift::proxy::' classes for each of the elements in pipeline.
   swift::service { 'swift-proxy-server':
     os_family_service_name => $::swift::params::proxy_server_service_name,
     service_ensure         => $service_ensure,
     enabled                => $enabled,
     config_file_name       => 'proxy-server.conf',
     service_provider       => $service_provider,
-    subscribe              => Concat['/etc/swift/proxy-server.conf'],
+    require                => Class[$required_classes]
   }
 }

manifests/proxy/account_quotas.pp

@@ -21,9 +21,7 @@ class swift::proxy::account_quotas() {
 
   include ::swift::deps
 
-  concat::fragment { 'swift_account_quotas':
+  swift_proxy_config {
-    target  => '/etc/swift/proxy-server.conf',
+    'filter:account_quotas/use': value => 'egg:swift#account_quotas';
-    content => template('swift/proxy/account_quotas.conf.erb'),
-    order   => '210',
   }
 }

manifests/proxy/authtoken.pp

@@ -125,7 +125,7 @@ class swift::proxy::authtoken(
   }
 
   if $admin_password {
-    warning('admin_password is deprecated and will be removed, please use password isntead')
+    warning('admin_password is deprecated and will be removed, please use password instead')
   }
 
   $auth_url_real = pick($identity_uri, $auth_url)
@@ -143,10 +143,20 @@ class swift::proxy::authtoken(
     before                  => Anchor['swift::config::end'],
   }
 
-  concat::fragment { 'swift_authtoken':
+  swift_proxy_config {
-    target  => '/etc/swift/proxy-server.conf',
+    'filter:authtoken/log_name':                value => 'swift';
-    content => template('swift/proxy/authtoken.conf.erb'),
+    'filter:authtoken/signing_dir':             value => $signing_dir;
-    order   => '170',
+    'filter:authtoken/paste.filter_factory':    value => 'keystonemiddleware.auth_token:filter_factory';
+    'filter:authtoken/auth_uri':                value => $auth_uri;
+    'filter:authtoken/auth_url':                value => $auth_url_real;
+    'filter:authtoken/auth_plugin':             value => $auth_plugin;
+    'filter:authtoken/project_domain_id':       value => $project_domain_id;
+    'filter:authtoken/user_domain_id':          value => $user_domain_id;
+    'filter:authtoken/project_name':            value => $project_name_real;
+    'filter:authtoken/username':                value => $username_real;
+    'filter:authtoken/password':                value => $password_real;
+    'filter:authtoken/delay_auth_decision':     value => $delay_auth_decision;
+    'filter:authtoken/cache':                   value => $cache;
+    'filter:authtoken/include_service_catalog': value => $include_service_catalog;
   }
-
 }

manifests/proxy/bulk.pp

@@ -46,9 +46,11 @@ class swift::proxy::bulk(
 
   include ::swift::deps
 
-  concat::fragment { 'swift_bulk':
+  swift_proxy_config {
-    target  => '/etc/swift/proxy-server.conf',
+    'filter:bulk/use':                           value => 'egg:swift#bulk';
-    content => template('swift/proxy/bulk.conf.erb'),
+    'filter:bulk/max_containers_per_extraction': value => $max_containers_per_extraction;
-    order   => '110',
+    'filter:bulk/max_failed_extractions':        value => $max_failed_extractions;
+    'filter:bulk/max_deletes_per_request':       value => $max_deletes_per_request;
+    'filter:bulk/yield_frequency':               value => $yield_frequency;
   }
 }

manifests/proxy/cache.pp

@@ -29,10 +29,9 @@ class swift::proxy::cache(
     Class['::memcached'] -> Class['::swift::proxy::cache']
   }
 
-  concat::fragment { 'swift_cache':
+  swift_proxy_config {
-    target  => '/etc/swift/proxy-server.conf',
+    'filter:cache/use':              value => 'egg:swift#memcache';
-    content => template('swift/proxy/cache.conf.erb'),
+    'filter:cache/memcache_servers': value => join(any2array($memcache_servers), ',');
-    order   => '50',
   }
 
 }

manifests/proxy/catch_errors.pp

@@ -19,10 +19,7 @@ class swift::proxy::catch_errors() {
 
   include ::swift::deps
 
-  concat::fragment { 'swift_catch_errors':
+  swift_proxy_config {
-    target  => '/etc/swift/proxy-server.conf',
+    'filter:catch_errors/use': value => 'egg:swift#catch_errors';
-    content => template('swift/proxy/catch_errors.conf.erb'),
-    order   => '10',
   }
-
 }

manifests/proxy/ceilometer.pp

@@ -84,6 +84,13 @@ class swift::proxy::ceilometer(
     $rabbit_hosts_with_creds = prefix($rabbit_hosts, "${rabbit_user}:${rabbit_password}@")
   }
 
+  if !$rabbit_hosts {
+    $url = "rabbit://${rabbit_user}:${rabbit_password}@${rabbit_host}:${rabbit_port}/${rabbit_virtual_host}"
+  } else {
+    $hosts = join($rabbit_hosts_with_creds, ',')
+    $url = "rabbit://${hosts}/${rabbit_virtual_host}"
+  }
+
   User['swift'] {
     groups +> $group,
   }
@@ -99,10 +106,12 @@ class swift::proxy::ceilometer(
     group  => 'swift',
   }
 
-  concat::fragment { 'swift_ceilometer':
+  swift_proxy_config {
-    target  => '/etc/swift/proxy-server.conf',
+    'filter:ceilometer/topic':                value => $topic;
-    content => template('swift/proxy/ceilometer.conf.erb'),
+    'filter:ceilometer/driver':               value => $driver;
-    order   => '260',
+    'filter:ceilometer/url':                  value => $url;
+    'filter:ceilometer/control_exchange':     value => $control_exchange;
+    'filter:ceilometer/paste.filter_factory': value => 'ceilometermiddleware.swift:filter_factory';
   }
 
   package { 'python-ceilometermiddleware':

manifests/proxy/container_quotas.pp

@@ -21,9 +21,7 @@ class swift::proxy::container_quotas() {
 
   include ::swift::deps
 
-  concat::fragment { 'swift_container_quotas':
+  swift_proxy_config {
-    target  => '/etc/swift/proxy-server.conf',
+    'filter:container_quotas/use': value => 'egg:swift#container_quotas';
-    content => template('swift/proxy/container_quotas.conf.erb'),
-    order   => '220',
   }
 }

manifests/proxy/container_sync.pp

@@ -6,9 +6,10 @@
 #   Denis Egorenko <degorenko@mirantis.com>
 #
 class swift::proxy::container_sync() {
-  concat::fragment { 'swift_container_sync':
+
-    target  => '/etc/swift/proxy-server.conf',
+  include ::swift::deps
-    content => template('swift/proxy/container_sync.conf.erb'),
+
-    order   => '60',
+  swift_proxy_config {
+    'filter:container_sync/use': value => 'egg:swift#container_sync';
   }
 }

manifests/proxy/copy.pp

@@ -21,10 +21,8 @@ class swift::proxy::copy (
 
   include ::swift::deps
 
-  concat::fragment { 'swift_copy':
+  swift_proxy_config {
-    target  => '/etc/swift/proxy-server.conf',
+    'filter:copy/use':                 value => 'egg:swift#copy';
-    content => template('swift/proxy/copy.conf.erb'),
+    'filter:copy/object_post_as_copy': value => $object_post_as_copy;
-    order   => '140',
   }
-
 }

manifests/proxy/crossdomain.pp

@@ -17,10 +17,8 @@ class swift::proxy::crossdomain (
 
   include ::swift::deps
 
-  concat::fragment { 'swift_crossdomain':
+  swift_proxy_config {
-    target  => '/etc/swift/proxy-server.conf',
+    'filter:crossdomain/use':                 value => 'egg:swift#crossdomain';
-    content => template('swift/proxy/crossdomain.conf.erb'),
+    'filter:crossdomain/cross_domain_policy': value => $cross_domain_policy;
-    order   => '100',
   }
-
 }

manifests/proxy/dlo.pp

@@ -36,10 +36,10 @@ class swift::proxy::dlo (
 
   include ::swift::deps
 
-  concat::fragment { 'swift_dlo':
+  swift_proxy_config {
-    target  => '/etc/swift/proxy-server.conf',
+    'filter:dlo/use':                         value => 'egg:swift#dlo';
-    content => template('swift/proxy/dlo.conf.erb'),
+    'filter:dlo/rate_limit_after_segment':    value => $rate_limit_after_segment;
-    order   => '240',
+    'filter:dlo/rate_limit_segments_per_sec': value => $rate_limit_segments_per_sec;
+    'filter:dlo/max_get_time':                value => $max_get_time;
   }
-
 }

manifests/proxy/formpost.pp

@@ -19,10 +19,7 @@ class swift::proxy::formpost() {
 
   include ::swift::deps
 
-  concat::fragment { 'swift-proxy-formpost':
+  swift_proxy_config {
-    target  => '/etc/swift/proxy-server.conf',
+    'filter:formpost/use': value => 'egg:swift#formpost';
-    content => template('swift/proxy/formpost.conf.erb'),
-    order   => '130',
   }
-
 }

manifests/proxy/gatekeeper.pp

@@ -45,10 +45,12 @@ class swift::proxy::gatekeeper(
 
   include ::swift::deps
 
-  concat::fragment { 'swift_gatekeeper':
+  swift_proxy_config {
-    target  => '/etc/swift/proxy-server.conf',
+    'filter:gatekeeper/use':              value => 'egg:swift#gatekeeper';
-    content => template('swift/proxy/gatekeeper.conf.erb'),
+    'filter:gatekeeper/set log_name':     value => $log_name;
-    order   => '20',
+    'filter:gatekeeper/set log_facility': value => $log_facility;
+    'filter:gatekeeper/set log_level':    value => $log_level;
+    'filter:gatekeeper/set log_headers':  value => $log_headers;
+    'filter:gatekeeper/set log_address':  value => $log_address;
   }
-
 }

manifests/proxy/healthcheck.pp

@@ -17,10 +17,7 @@ class swift::proxy::healthcheck() {
 
   include ::swift::deps
 
-  concat::fragment { 'swift_healthcheck':
+  swift_proxy_config {
-    target  => '/etc/swift/proxy-server.conf',
+    'filter:healthcheck/use': value => 'egg:swift#healthcheck';
-    content => template('swift/proxy/healthcheck.conf.erb'),
-    order   => '30',
   }
-
 }

manifests/proxy/keystone.pp

@@ -36,10 +36,9 @@ class swift::proxy::keystone(
         warning('is_admin parameter is deprecated, has no effect and will be removed in a future release.')
   }
 
-  concat::fragment { 'swift_keystone':
+  swift_proxy_config {
-    target  => '/etc/swift/proxy-server.conf',
+    'filter:keystone/use':             value => 'egg:swift#keystoneauth';
-    content => template('swift/proxy/keystone.conf.erb'),
+    'filter:keystone/operator_roles':  value => join(any2array($operator_roles), ', ');
-    order   => '180',
+    'filter:keystone/reseller_prefix': value => $reseller_prefix;
   }
-
 }

manifests/proxy/proxy_logging.pp

@@ -9,9 +9,7 @@ class swift::proxy::proxy_logging {
 
   include ::swift::deps
 
-  concat::fragment { 'swift_proxy-logging':
+  swift_proxy_config {
-    target  => '/etc/swift/proxy-server.conf',
+    'filter:proxy-logging/use': value => 'egg:swift#proxy_logging';
-    content => template('swift/proxy/proxy-logging.conf.erb'),
-    order   => '270',
   }
 }

manifests/proxy/ratelimit.pp

@@ -50,10 +50,12 @@ class swift::proxy::ratelimit(
 
   include ::swift::deps
 
-  concat::fragment { 'swift_ratelimit':
+  swift_proxy_config {
-    target  => '/etc/swift/proxy-server.conf',
+    'filter:ratelimit/use':                    value => 'egg:swift#ratelimit';
-    content => template('swift/proxy/ratelimit.conf.erb'),
+    'filter:ratelimit/clock_accuracy':         value => $clock_accuracy;
-    order   => '90',
+    'filter:ratelimit/max_sleep_time_seconds': value => $max_sleep_time_seconds;
+    'filter:ratelimit/log_sleep_time_seconds': value => $log_sleep_time_seconds;
+    'filter:ratelimit/rate_buffer_seconds':    value => $rate_buffer_seconds;
+    'filter:ratelimit/account_ratelimit':      value => $account_ratelimit;
   }
-
 }

manifests/proxy/s3token.pp

@@ -36,9 +36,10 @@ class swift::proxy::s3token(
 
   include ::swift::deps
 
-  concat::fragment { 'swift_s3token':
+  swift_proxy_config {
-    target  => '/etc/swift/proxy-server.conf',
+    'filter:s3token/paste.filter_factory': value => 'keystonemiddleware.s3_token:filter_factory';
-    content => template('swift/proxy/s3token.conf.erb'),
+    'filter:s3token/auth_host':            value => $auth_host;
-    order   => '80',
+    'filter:s3token/auth_port':            value => $auth_port;
+    'filter:s3token/auth_protocol':        value => $auth_protocol;
   }
 }

manifests/proxy/slo.pp

@@ -51,10 +51,13 @@ class swift::proxy::slo (
 
   include ::swift::deps
 
-  concat::fragment { 'swift_slo':
+  swift_proxy_config {
-    target  => '/etc/swift/proxy-server.conf',
+    'filter:slo/use':                         value => 'egg:swift#slo';
-    content => template('swift/proxy/slo.conf.erb'),
+    'filter:slo/max_manifest_segments':       value => $max_manifest_segments;
-    order   => '230',
+    'filter:slo/max_manifest_size':           value => $max_manifest_size;
+    'filter:slo/min_segment_size':            value => $min_segment_size;
+    'filter:slo/rate_limit_after_segment':    value => $rate_limit_after_segment;
+    'filter:slo/rate_limit_segments_per_sec': value => $rate_limit_segments_per_sec;
+    'filter:slo/max_get_time':                value => $max_get_time;
   }
-
 }

manifests/proxy/staticweb.pp

@@ -20,10 +20,7 @@ class swift::proxy::staticweb() {
 
   include ::swift::deps
 
-  concat::fragment { 'swift-proxy-staticweb':
+  swift_proxy_config {
-    target  => '/etc/swift/proxy-server.conf',
+    'filter:staticweb/use':              value => 'egg:swift#staticweb';
-    content => template('swift/proxy/staticweb.conf.erb'),
-    order   => '190',
   }
-
 }

manifests/proxy/swauth.pp

@@ -29,10 +29,9 @@ class swift::proxy::swauth(
     tag    => 'swift-package',
   }
 
-  concat::fragment { 'swift_proxy_swauth':
+  swift_proxy_config {
-    target  => '/etc/swift/proxy-server.conf',
+    'filter:swauth/use':                   value => 'egg:swauth#swauth';
-    content => template('swift/proxy/swauth.conf.erb'),
+    'filter:swauth/default_swift_cluster': value => "local#${swauth_endpoint}";
-    order   => '160',
+    'filter:swauth/super_admin_key':       value => $swauth_super_admin_key;
   }
-
 }

manifests/proxy/swift3.pp

@@ -33,10 +33,7 @@ class swift::proxy::swift3(
     tag    => ['openstack','swift-package']
   }
 
-  concat::fragment { 'swift_swift3':
+  swift_proxy_config {
-    target  => '/etc/swift/proxy-server.conf',
+    'filter:swift3/use': value => 'egg:swift3#swift3';
-    content => template('swift/proxy/swift3.conf.erb'),
-    order   => '70',
   }
-
 }

manifests/proxy/tempauth.pp

@@ -87,6 +87,7 @@ class swift::proxy::tempauth (
 
   if ($reseller_prefix) {
     validate_string($reseller_prefix)
+    $reseller_prefix_upcase = upcase($reseller_prefix)
   }
 
   if ($token_life) {
@@ -105,10 +106,28 @@ class swift::proxy::tempauth (
     validate_re($storage_url_scheme, ['http','https','default'])
   }
 
-  concat::fragment { 'swift-proxy-tempauth':
+
-    target  => '/etc/swift/proxy-server.conf',
+  swift_proxy_config {
-    content => template('swift/proxy/tempauth.conf.erb'),
+    'filter:tempauth/use':                value => 'egg:swift#tempauth';
-    order   => '150',
+    'filter:tempauth/reseller_prefix':    value => $reseller_prefix_upcase;
+    'filter:tempauth/token_life':         value => $token_life;
+    'filter:tempauth/auth_prefix':        value => $auth_prefix;
+    'filter:tempauth/storage_url_scheme': value => $storage_url_scheme;
   }
 
+  # tempauth account_users end up in the following format
+  # user_<account>_<user> = <key> .<group1> .<groupx> 
+  # ex: user_admin_admin=admin .admin .reseller_admin
+  # account_data is an array with each element containing a single account string:
+  # ex [user_<account>_<user>, <key> .<group1> .<groupx>]
+  if $account_user_list {
+    $account_data = split(inline_template(
+      "<% @account_user_list.each do |user| %>\
+      user_<%= user['account'] %>_<%= user['user'] %>,\
+      <%= user['key'] %> <%= user['groups'].map { |g| '.' + g }.join(' ') %> ; <% end %>"),';')
+  
+    # write each temauth account line to file
+    # TODO replace/simplify with iterators once all supported puppet versions support them.
+    swift::proxy::tempauth_account { $account_data: }
+  }
 }

manifests/proxy/tempauth_account.pp

@@ -0,0 +1,25 @@
+# == class: swift::proxy::tempauth_account
+# This class manages tempauth account_users
+#
+#  [*title*]
+#    A string containing account data to write to proxy.conf
+#    Required
+#    Example: "user_<account>_<user>, <key> .<group1> .<groupx>"
+#    Result in proxy.conf: user_<account>_<user> = <key> .<group1> .<groupx>
+#
+# == Authors
+#
+#   Adam Vinsh <adam.vinsh@charter.com>
+#
+define swift::proxy::tempauth_account() {
+
+  include ::swift::deps
+
+  # strip white space and split string into array elements around ','
+  $account_data = strip(split($title,','))
+  if $account_data[0] != '' {
+    swift_proxy_config {
+      "filter:tempauth/${account_data[0]}": value => "${account_data[1]}";
+    }
+  }
+}

manifests/proxy/tempurl.pp

@@ -94,10 +94,13 @@ class swift::proxy::tempurl (
     }
   }
 
-  concat::fragment { 'swift-proxy-tempurl':
-    target  => '/etc/swift/proxy-server.conf',
-    content => template('swift/proxy/tempurl.conf.erb'),
-    order   => '120',
-  }
 
+  swift_proxy_config {
+    'filter:tempurl/use':                     value => 'egg:swift#tempurl';
+    'filter:tempurl/methods':                 value => $methods_real;
+    'filter:tempurl/incoming_remove_headers': value => $incoming_remove_headers_real;
+    'filter:tempurl/incoming_allow_headers':  value => $incoming_allow_headers_real;
+    'filter:tempurl/outgoing_remove_headers': value => $outgoing_remove_headers_real;
+    'filter:tempurl/outgoing_allow_headers':  value => $outgoing_allow_headers_real;
+  }
 }

manifests/proxy/versioned_writes.pp

@@ -17,10 +17,8 @@ class swift::proxy::versioned_writes (
 
   include ::swift::deps
 
-  concat::fragment { 'swift_versioned_writes':
+  swift_proxy_config {
-    target  => '/etc/swift/proxy-server.conf',
+    'filter:versioned_writes/use':                    value => 'egg:swift#versioned_writes';
-    content => template('swift/proxy/versioned_writes.conf.erb'),
+    'filter:versioned_writes/allow_versioned_writes': value => $allow_versioned_writes;
-    order   => '250',
   }
-
 }

manifests/service.pp

@@ -55,6 +55,7 @@ define swift::service(
       provider  => $service_provider,
       tag       => 'swift-service',
       subscribe => $subscribe,
+      require   => $require,
     }
   } elsif $service_provider == 'swiftinit' {
     service { $name:
@@ -67,6 +68,7 @@ define swift::service(
       manifest   => $config_file_name,
       tag        => 'swift-service',
       subscribe  => $subscribe,
+      require    => $require,
     }
   }
 }

manifests/storage/filter/healthcheck.pp

@@ -1,15 +1,4 @@
 #
-# Configure swift healthcheck.
-#
-# == Dependencies
-#
-# == Examples
-#
-# == Authors
-#
-#   Dan Bode dan@puppetlabs.com
-#   Francois Charlier fcharlier@ploup.net
-#
 # == Copyright
 #
 # Copyright 2011 Puppetlabs Inc, unless otherwise noted.
@@ -21,8 +10,7 @@ define swift::storage::filter::healthcheck(
 
   concat::fragment { "swift_healthcheck_${name}":
     target  => "/etc/swift/${name}-server.conf",
-    content => template('swift/proxy/healthcheck.conf.erb'),
+    content => template('swift/healthcheck.conf.erb'),
     order   => '25',
   }
-
 }

releasenotes/notes/proxy_template_to_ini-536250b1f409e40f.yaml

@@ -0,0 +1,10 @@
+---
+prelude: >
+ -  swift_proxy_config ini provider is now used to mange
+    all sections in proxy-server.conf. The erb templates
+    and use of concat for proxy.conf sections has been removed.
+    All template logic is moved into proxy middleware classes.
+    To purge proxy.conf of settings that are not specified
+    set the new paramater "purge_config" to "true".
+upgrade:
+  - Maintains backward compatibility.

spec/classes/swift_proxy_account_quotas_spec.rb

@@ -23,6 +23,6 @@ require 'spec_helper'
 describe 'swift::proxy::account_quotas' do
 
   it do
-    is_expected.to contain_concat_fragment('swift_account_quotas').with_content("\n[filter:account_quotas]\nuse = egg:swift#account_quotas\n")
+    is_expected.to contain_swift_proxy_config('filter:account_quotas/use').with_value('egg:swift#account_quotas')
   end
 end

spec/classes/swift_proxy_authtoken_spec.rb

@@ -25,28 +25,21 @@ describe 'swift::proxy::authtoken' do
   end
 
   describe "when using default parameters" do
-    it 'should build the fragment with correct parameters' do
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/log_name').with_value('swift') }
-      is_expected.to contain_concat_fragment('swift_authtoken').with_content('
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/signing_dir').with_value('/var/cache/swift') }
-[filter:authtoken]
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/paste.filter_factory').with_value('keystonemiddleware.auth_token:filter_factory') }
-log_name = swift
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_uri').with_value('http://127.0.0.1:5000') }
-signing_dir = /var/cache/swift
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_url').with_value('http://127.0.0.1:35357') }
-paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_plugin').with_value('password') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/project_domain_id').with_value('default') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/user_domain_id').with_value('default') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/project_name').with_value('services') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/username').with_value('swift') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/password').with_value('password') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/delay_auth_decision').with_value('1') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/cache').with_value('swift.cache') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/include_service_catalog').with_value('false') }
 
-auth_uri = http://127.0.0.1:5000
-auth_url = http://127.0.0.1:35357
-auth_plugin = password
-project_domain_id = default
-user_domain_id = default
-project_name = services
-username = swift
-password = password
-
-delay_auth_decision = 1
-
-cache = swift.cache
-include_service_catalog = false
-')
-    end
   end
 
 
@@ -62,28 +55,21 @@ include_service_catalog = false
       }
     end
 
-    it 'should build the fragment with correct parameters' do
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/log_name').with_value('swift') }
-      is_expected.to contain_concat_fragment('swift_authtoken').with_content('
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/signing_dir').with_value('/home/swift/keystone-signing') }
-[filter:authtoken]
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/paste.filter_factory').with_value('keystonemiddleware.auth_token:filter_factory') }
-log_name = swift
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_uri').with_value('http://127.0.0.1:5000') }
-signing_dir = /home/swift/keystone-signing
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_url').with_value('http://127.0.0.1:35357') }
-paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_plugin').with_value('password') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/project_domain_id').with_value('default') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/user_domain_id').with_value('default') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/project_name').with_value('admin') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/username').with_value('swiftuser') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/password').with_value('swiftpassword') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/delay_auth_decision').with_value('0') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/cache').with_value('foo') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/include_service_catalog').with_value('false') }
 
-auth_uri = http://127.0.0.1:5000
-auth_url = http://127.0.0.1:35357
-auth_plugin = password
-project_domain_id = default
-user_domain_id = default
-project_name = admin
-username = swiftuser
-password = swiftpassword
-
-delay_auth_decision = 0
-
-cache = foo
-include_service_catalog = false
-')
-    end
   end
 
   describe 'when overriding auth_uri' do
@@ -91,7 +77,7 @@ include_service_catalog = false
       { :auth_uri => 'http://public.host/keystone/main' }
     end
 
-    it { is_expected.to contain_concat_fragment('swift_authtoken').with_content(/auth_uri = http:\/\/public\.host\/keystone\/main/)}
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_uri').with_value('http://public.host/keystone/main') }
   end
 
   describe "when identity_uri is set" do
@@ -101,9 +87,7 @@ include_service_catalog = false
       }
     end
 
-    it 'should build the fragment with correct parameters' do
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_url').with_value('https://foo.bar:35357/') }
-      is_expected.to contain_concat_fragment('swift_authtoken').with_content(/auth_url = https:\/\/foo\.bar:35357\//)
-    end
   end
 
   describe "when both auth_uri and identity_uri are set" do
@@ -114,10 +98,8 @@ include_service_catalog = false
       }
     end
 
-    it 'should build the fragment with correct parameters' do
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_uri').with_value('https://foo.bar:5000/v2.0/') }
-      is_expected.to contain_concat_fragment('swift_authtoken').with_content(/auth_uri = https:\/\/foo\.bar:5000\/v2\.0\//)
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_url').with_value('https://foo.bar:35357/') }
-      is_expected.to contain_concat_fragment('swift_authtoken').with_content(/auth_url = https:\/\/foo\.bar:35357\//)
-    end
   end
 
 end

spec/classes/swift_proxy_bulk_spec.rb

@@ -23,16 +23,11 @@ require 'spec_helper'
 describe 'swift::proxy::bulk' do
 
   describe "when using default parameters" do
-    it 'should build the fragment with correct parameters' do
+    it { is_expected.to contain_swift_proxy_config('filter:bulk/use').with_value('egg:swift#bulk') }
-      is_expected.to contain_concat_fragment('swift_bulk').with_content('
+    it { is_expected.to contain_swift_proxy_config('filter:bulk/max_containers_per_extraction').with_value('10000') }
-[filter:bulk]
+    it { is_expected.to contain_swift_proxy_config('filter:bulk/max_failed_extractions').with_value('1000') }
-use = egg:swift#bulk
+    it { is_expected.to contain_swift_proxy_config('filter:bulk/max_deletes_per_request').with_value('10000') }
-max_containers_per_extraction = 10000
+    it { is_expected.to contain_swift_proxy_config('filter:bulk/yield_frequency').with_value('60') }
-max_failed_extractions = 1000
-max_deletes_per_request = 10000
-yield_frequency = 60
-')
-    end
   end
 
   describe "when overriding default parameters" do
@@ -44,16 +39,12 @@ yield_frequency = 60
         :yield_frequency               => 10
       }
     end
-    it 'should build the fragment with correct parameters' do
+
-      is_expected.to contain_concat_fragment('swift_bulk').with_content('
+    it { is_expected.to contain_swift_proxy_config('filter:bulk/use').with_value('egg:swift#bulk') }
-[filter:bulk]
+    it { is_expected.to contain_swift_proxy_config('filter:bulk/max_containers_per_extraction').with_value('5000') }
-use = egg:swift#bulk
+    it { is_expected.to contain_swift_proxy_config('filter:bulk/max_failed_extractions').with_value('500') }
-max_containers_per_extraction = 5000
+    it { is_expected.to contain_swift_proxy_config('filter:bulk/max_deletes_per_request').with_value('5000') }
-max_failed_extractions = 500
+    it { is_expected.to contain_swift_proxy_config('filter:bulk/yield_frequency').with_value('10') }
-max_deletes_per_request = 5000
-yield_frequency = 10
-')
-    end
   end
 
 end

spec/classes/swift_proxy_cache_spec.rb

@@ -19,10 +19,8 @@ describe 'swift::proxy::cache' do
       is_expected.to contain_class('swift::deps')
       is_expected.to contain_class('swift::proxy::cache')
     end
-    it 'should properly configure the swift_cache fragment' do
+    it { is_expected.to contain_swift_proxy_config('filter:cache/use').with_value('egg:swift#memcache') }
-      is_expected.to contain_concat_fragment('swift_cache').with_content(/\[filter:cache\]\nuse = egg:swift#memcache/)
+    it { is_expected.to contain_swift_proxy_config('filter:cache/memcache_servers').with_value('127.0.0.1:11211') }
-      is_expected.to contain_concat_fragment('swift_cache').with_content(/memcache_servers = 127\.0\.0\.1:11211/)
-    end
   end
 
   describe 'without memcached being included' do
@@ -36,10 +34,8 @@ describe 'swift::proxy::cache' do
       {:memcache_servers => '10.0.0.1:1'}
     end
 
-    it 'should properly configure the swift_cache fragment' do
+    it { is_expected.to contain_swift_proxy_config('filter:cache/use').with_value('egg:swift#memcache') }
-      is_expected.to contain_concat_fragment('swift_cache').with_content(/\[filter:cache\]\nuse = egg:swift#memcache/)
+    it { is_expected.to contain_swift_proxy_config('filter:cache/memcache_servers').with_value('10.0.0.1:1') }
-      is_expected.to contain_concat_fragment('swift_cache').with_content(/memcache_servers = 10\.0\.0\.1:1/)
-    end
   end
 
   describe 'with overridden memcache server array' do
@@ -47,10 +43,8 @@ describe 'swift::proxy::cache' do
       {:memcache_servers => ['10.0.0.1:1', '10.0.0.2:2']}
     end
 
-    it 'should properly configure the swift_cache fragment' do
+    it { is_expected.to contain_swift_proxy_config('filter:cache/use').with_value('egg:swift#memcache') }
-      is_expected.to contain_concat_fragment('swift_cache').with_content(/\[filter:cache\]\nuse = egg:swift#memcache/)
+    it { is_expected.to contain_swift_proxy_config('filter:cache/memcache_servers').with_value('10.0.0.1:1,10.0.0.2:2') }
-      is_expected.to contain_concat_fragment('swift_cache').with_content(/memcache_servers = 10\.0\.0\.1:1,10\.0\.0\.2:2/)
-    end
   end
 
 end

spec/classes/swift_proxy_catch_errors_spec.rb

@@ -10,7 +10,6 @@ describe 'swift::proxy::catch_errors' do
     'concat { "/etc/swift/proxy-server.conf": }'
   end
 
-  it { is_expected.to contain_concat_fragment('swift_catch_errors').with_content(/[filter:catch_errors]/) }
+  it { is_expected.to contain_swift_proxy_config('filter:catch_errors/use').with_value('egg:swift#catch_errors') }
-  it { is_expected.to contain_concat_fragment('swift_catch_errors').with_content(/use = egg:swift#catch_errors/) }
 
 end

spec/classes/swift_proxy_ceilometer_spec.rb

@@ -14,9 +14,8 @@ describe 'swift::proxy::ceilometer' do
   end
 
   describe "when using default parameters" do
-    it { is_expected.to contain_concat_fragment('swift_ceilometer').with_content(/[filter:ceilometer]/) }
+    it { is_expected.to contain_swift_proxy_config('filter:ceilometer/paste.filter_factory').with_value('ceilometermiddleware.swift:filter_factory') }
-    it { is_expected.to contain_concat_fragment('swift_ceilometer').with_content(/paste.filter_factory = ceilometermiddleware.swift:filter_factory/) }
+    it { is_expected.to contain_swift_proxy_config('filter:ceilometer/url').with_value('rabbit://guest:guest@127.0.0.1:5672//') }
-    it { is_expected.to contain_concat_fragment('swift_ceilometer').with_content(/url = rabbit:\/\/guest:guest@127.0.0.1:5672\//) }
     it { is_expected.to contain_user('swift').with_groups('ceilometer') }
     it { is_expected.to contain_file('/var/log/ceilometer/swift-proxy-server.log').with(:owner => 'swift', :group => 'swift', :mode => '0664') }
   end
@@ -37,12 +36,11 @@ describe 'swift::proxy::ceilometer' do
 
     context 'with single rabbit host' do
       it { is_expected.to contain_user('swift').with_groups('www-data') }
-      it { is_expected.to contain_concat_fragment('swift_ceilometer').with_content(/[filter:ceilometer]/) }
+      it { is_expected.to contain_swift_proxy_config('filter:ceilometer/paste.filter_factory').with_value('ceilometermiddleware.swift:filter_factory') }
-      it { is_expected.to contain_concat_fragment('swift_ceilometer').with_content(/paste.filter_factory = ceilometermiddleware.swift:filter_factory/) }
+      it { is_expected.to contain_swift_proxy_config('filter:ceilometer/url').with_value('rabbit://user_1:user_1_passw@1.1.1.1:5673/rabbit') }
-      it { is_expected.to contain_concat_fragment('swift_ceilometer').with_content(/url = rabbit:\/\/user_1:user_1_passw@1.1.1.1:5673\/rabbit/) }
+      it { is_expected.to contain_swift_proxy_config('filter:ceilometer/driver').with_value('messagingv2') }
-      it { is_expected.to contain_concat_fragment('swift_ceilometer').with_content(/driver = messagingv2/) }
+      it { is_expected.to contain_swift_proxy_config('filter:ceilometer/topic').with_value('notifications') }
-      it { is_expected.to contain_concat_fragment('swift_ceilometer').with_content(/topic = notifications/) }
+      it { is_expected.to contain_swift_proxy_config('filter:ceilometer/control_exchange').with_value('swift') }
-      it { is_expected.to contain_concat_fragment('swift_ceilometer').with_content(/control_exchange = swift/) }
     end
 
     context 'with multiple rabbit hosts' do
@@ -51,12 +49,11 @@ describe 'swift::proxy::ceilometer' do
       end
 
       it { is_expected.to contain_user('swift').with_groups('www-data') }
-      it { is_expected.to contain_concat_fragment('swift_ceilometer').with_content(/[filter:ceilometer]/) }
+      it { is_expected.to contain_swift_proxy_config('filter:ceilometer/paste.filter_factory').with_value('ceilometermiddleware.swift:filter_factory') }
-      it { is_expected.to contain_concat_fragment('swift_ceilometer').with_content(/paste.filter_factory = ceilometermiddleware.swift:filter_factory/) }
+      it { is_expected.to contain_swift_proxy_config('filter:ceilometer/url').with_value('rabbit://user_1:user_1_passw@127.0.0.1:5672,user_1:user_1_passw@127.0.0.2:5672/rabbit') }
-      it { is_expected.to contain_concat_fragment('swift_ceilometer').with_content(/url = rabbit:\/\/user_1:user_1_passw@127.0.0.1:5672,user_1:user_1_passw@127.0.0.2:5672\/rabbit/) }
+      it { is_expected.to contain_swift_proxy_config('filter:ceilometer/driver').with_value('messagingv2') }
-      it { is_expected.to contain_concat_fragment('swift_ceilometer').with_content(/driver = messagingv2/) }
+      it { is_expected.to contain_swift_proxy_config('filter:ceilometer/topic').with_value('notifications') }
-      it { is_expected.to contain_concat_fragment('swift_ceilometer').with_content(/topic = notifications/) }
+      it { is_expected.to contain_swift_proxy_config('filter:ceilometer/control_exchange').with_value('swift') }
-      it { is_expected.to contain_concat_fragment('swift_ceilometer').with_content(/control_exchange = swift/) }
     end
 
   end

spec/classes/swift_proxy_container_quotas_spec.rb

@@ -26,7 +26,6 @@ describe 'swift::proxy::container_quotas' do
     {}
   end
 
-  it { is_expected.to contain_concat_fragment('swift_container_quotas').with_content(/\[filter:container_quotas\]/) }
+  it { is_expected.to contain_swift_proxy_config('filter:container_quotas/use').with_value('egg:swift#container_quotas') }
-  it { is_expected.to contain_concat_fragment('swift_container_quotas').with_content(/use = egg:swift#container_quotas/) }
 
 end

spec/classes/swift_proxy_container_sync_spec.rb

@@ -11,7 +11,6 @@ describe 'swift::proxy::container_sync' do
     {}
   end
 
-  it { is_expected.to contain_concat_fragment('swift_container_sync').with_content(/\[filter:container_sync\]/) }
+  it { is_expected.to contain_swift_proxy_config('filter:container_sync/use').with_value('egg:swift#container_sync') }
-  it { is_expected.to contain_concat_fragment('swift_container_sync').with_content(/use = egg:swift#container_sync/) }
 
 end

spec/classes/swift_proxy_copy_spec.rb

@@ -7,13 +7,9 @@ describe 'swift::proxy::copy' do
   end
 
   describe "when using default parameters" do
-    it 'should build the fragment with correct parameters' do
+    it { is_expected.to contain_swift_proxy_config('filter:copy/use').with_value('egg:swift#copy') }
-      is_expected.to contain_concat_fragment('swift_copy').with_content('
+    it { is_expected.to contain_swift_proxy_config('filter:copy/object_post_as_copy').with_value('true') }
-[filter:copy]
+
-use = egg:swift#copy
-object_post_as_copy = true
-')
-    end
   end
 
   describe "when overriding default parameters" do
@@ -22,9 +18,7 @@ object_post_as_copy = true
         :object_post_as_copy => false,
       }
     end
-    it 'should build the fragment with correct parameters' do
+    it { is_expected.to contain_swift_proxy_config('filter:copy/object_post_as_copy').with_value('false') }
-      is_expected.to contain_concat_fragment('swift_copy').with_content(/object_post_as_copy = false/)
-    end
   end
 
 end

spec/classes/swift_proxy_crossdomain_spec.rb

@@ -7,30 +7,19 @@ describe 'swift::proxy::crossdomain' do
   end
 
   describe "when using default parameters" do
-    it 'should build the fragment with correct parameters' do
+    it { is_expected.to contain_swift_proxy_config('filter:crossdomain/use').with_value('egg:swift#crossdomain') }
-      is_expected.to contain_concat_fragment('swift_crossdomain').with_content('
+    it { is_expected.to contain_swift_proxy_config('filter:crossdomain/cross_domain_policy').with_value('<allow-access-from domain="*" secure="false" />') }
-[filter:crossdomain]
-use = egg:swift#crossdomain
-cross_domain_policy = <allow-access-from domain="*" secure="false" />
-')
-    end
   end
 
   describe "when overriding default parameters" do
     let :params do
       {
-        :cross_domain_policy => '<allow-access-from domain="xml-fragment-in-ini-file.so.wrong" secure="true" />
+        :cross_domain_policy => '<allow-access-from domain="xml-fragment-in-ini-file.so.wrong" secure="true" /><allow-access-from domain="*" secure="false" />',
-<allow-access-from domain="*" secure="false" />',
       }
     end
-    it 'should build the fragment with correct parameters' do
+    it { is_expected.to contain_swift_proxy_config('filter:crossdomain/use').with_value('egg:swift#crossdomain') }
-      is_expected.to contain_concat_fragment('swift_crossdomain').with_content('
+    it { is_expected.to contain_swift_proxy_config('filter:crossdomain/cross_domain_policy').with_value('<allow-access-from domain="xml-fragment-in-ini-file.so.wrong" secure="true" /><allow-access-from domain="*" secure="false" />') }
-[filter:crossdomain]
+
-use = egg:swift#crossdomain
-cross_domain_policy = <allow-access-from domain="xml-fragment-in-ini-file.so.wrong" secure="true" />
-<allow-access-from domain="*" secure="false" />
-')
-    end
   end
 
 end

spec/classes/swift_proxy_dlo_spec.rb

@@ -7,15 +7,10 @@ describe 'swift::proxy::dlo' do
   end
 
   describe "when using default parameters" do
-    it 'should build the fragment with correct parameters' do
+    it { is_expected.to contain_swift_proxy_config('filter:dlo/use').with_value('egg:swift#dlo') }
-      is_expected.to contain_concat_fragment('swift_dlo').with_content('
+    it { is_expected.to contain_swift_proxy_config('filter:dlo/rate_limit_after_segment').with_value('10') }
-[filter:dlo]
+    it { is_expected.to contain_swift_proxy_config('filter:dlo/rate_limit_segments_per_sec').with_value('1') }
-use = egg:swift#dlo
+    it { is_expected.to contain_swift_proxy_config('filter:dlo/max_get_time').with_value('86400') }
-rate_limit_after_segment = 10
-rate_limit_segments_per_sec = 1
-max_get_time = 86400
-')
-    end
   end
 
   describe "when overriding default parameters" do
@@ -26,11 +21,9 @@ max_get_time = 86400
         :max_get_time                => '6400',
       }
     end
-    it 'should build the fragment with correct parameters' do
+    it { is_expected.to contain_swift_proxy_config('filter:dlo/rate_limit_after_segment').with_value('30') }
-      is_expected.to contain_concat_fragment('swift_dlo').with_content(/rate_limit_after_segment = 30/)
+    it { is_expected.to contain_swift_proxy_config('filter:dlo/rate_limit_segments_per_sec').with_value('5') }
-      is_expected.to contain_concat_fragment('swift_dlo').with_content(/rate_limit_segments_per_sec = 5/)
+    it { is_expected.to contain_swift_proxy_config('filter:dlo/max_get_time').with_value('6400') }
-      is_expected.to contain_concat_fragment('swift_dlo').with_content(/max_get_time = 6400/)
-    end
   end
 
 end

spec/classes/swift_proxy_formpost_spec.rb

@@ -6,7 +6,6 @@ describe 'swift::proxy::formpost' do
     {}
   end
 
-  it { is_expected.to contain_concat_fragment('swift-proxy-formpost').with_content(/[filter:formpost]/) }
+  it { is_expected.to contain_swift_proxy_config('filter:formpost/use').with_value('egg:swift#formpost') }
-  it { is_expected.to contain_concat_fragment('swift-proxy-formpost').with_content(/use = egg:swift#formpost/) }
 
 end

spec/classes/swift_proxy_gatekeeper_spec.rb

@@ -7,17 +7,12 @@ describe 'swift::proxy::gatekeeper' do
   end
 
   describe "when using default parameters" do
-    it 'should build the fragment with correct parameters' do
+    it { is_expected.to contain_swift_proxy_config('filter:gatekeeper/use').with_value('egg:swift#gatekeeper') }
-      is_expected.to contain_concat_fragment('swift_gatekeeper').with_content('
+    it { is_expected.to contain_swift_proxy_config('filter:gatekeeper/set log_name').with_value('gatekeeper') }
-[filter:gatekeeper]
+    it { is_expected.to contain_swift_proxy_config('filter:gatekeeper/set log_facility').with_value('LOG_LOCAL0') }
-use = egg:swift#gatekeeper
+    it { is_expected.to contain_swift_proxy_config('filter:gatekeeper/set log_level').with_value('INFO') }
-set log_name = gatekeeper
+    it { is_expected.to contain_swift_proxy_config('filter:gatekeeper/set log_headers').with_value('false') }
-set log_facility = LOG_LOCAL0
+    it { is_expected.to contain_swift_proxy_config('filter:gatekeeper/set log_address').with_value('/dev/log') }
-set log_level = INFO
-set log_headers = false
-set log_address = /dev/log
-')
-    end
   end
 
   describe "when overriding default parameters" do
@@ -28,11 +23,9 @@ set log_address = /dev/log
         :log_level        => 'WARN',
       }
     end
-    it 'should build the fragment with correct parameters' do
+    it { is_expected.to contain_swift_proxy_config('filter:gatekeeper/set log_name').with_value('newgatekeeper') }
-      is_expected.to contain_concat_fragment('swift_gatekeeper').with_content(/set log_name = newgatekeeper/)
+    it { is_expected.to contain_swift_proxy_config('filter:gatekeeper/set log_facility').with_value('LOG_LOCAL2') }
-      is_expected.to contain_concat_fragment('swift_gatekeeper').with_content(/set log_facility = LOG_LOCAL2/)
+    it { is_expected.to contain_swift_proxy_config('filter:gatekeeper/set log_level').with_value('WARN') }
-      is_expected.to contain_concat_fragment('swift_gatekeeper').with_content(/set log_level = WARN/)
-    end
   end
 
 end

spec/classes/swift_proxy_healthcheck_spec.rb

@@ -6,7 +6,6 @@ describe 'swift::proxy::healthcheck' do
     {}
   end
 
-  it { is_expected.to contain_concat_fragment('swift_healthcheck').with_content(/[filter:healthcheck]/) }
+  it { is_expected.to contain_swift_proxy_config('filter:healthcheck/use').with_value('egg:swift#healthcheck') }
-  it { is_expected.to contain_concat_fragment('swift_healthcheck').with_content(/use = egg:swift#healthcheck/) }
 
 end

spec/classes/swift_proxy_keystone_spec.rb

@@ -10,12 +10,12 @@ describe 'swift::proxy::keystone' do
     'concat { "/etc/swift/proxy-server.conf": }'
   end
 
-  it { is_expected.to contain_concat_fragment('swift_keystone').with_content(/\[filter:keystone\]\nuse = egg:swift#keystoneauth/) }
+  it { is_expected.to contain_swift_proxy_config('filter:keystone/use').with_value('egg:swift#keystoneauth') }
 
   describe 'with defaults' do
 
-    it { is_expected.to contain_concat_fragment('swift_keystone').with_content(/operator_roles = admin, SwiftOperator/) }
+    it { is_expected.to contain_swift_proxy_config('filter:keystone/operator_roles').with_value('admin, SwiftOperator') }
-    it { is_expected.to contain_concat_fragment('swift_keystone').with_content(/reseller_prefix = AUTH_/) }
+    it { is_expected.to contain_swift_proxy_config('filter:keystone/reseller_prefix').with_value('AUTH_') }
 
   end
 
@@ -27,8 +27,8 @@ describe 'swift::proxy::keystone' do
         :reseller_prefix => 'SWIFT_'
       }
 
-      it { is_expected.to contain_concat_fragment('swift_keystone').with_content(/operator_roles = foo/) }
+      it { is_expected.to contain_swift_proxy_config('filter:keystone/operator_roles').with_value('foo') }
-      it { is_expected.to contain_concat_fragment('swift_keystone').with_content(/reseller_prefix = SWIFT_/) }
+      it { is_expected.to contain_swift_proxy_config('filter:keystone/reseller_prefix').with_value('SWIFT_') }
 
     end
 

spec/classes/swift_proxy_ratelimit_spec.rb

@@ -7,17 +7,12 @@ describe 'swift::proxy::ratelimit' do
   end
 
   describe "when using default parameters" do
-    it 'should build the fragment with correct parameters' do
+    it { is_expected.to contain_swift_proxy_config('filter:ratelimit/use').with_value('egg:swift#ratelimit') }
-      is_expected.to contain_concat_fragment('swift_ratelimit').with_content('
+    it { is_expected.to contain_swift_proxy_config('filter:ratelimit/clock_accuracy').with_value('1000') }
-[filter:ratelimit]
+    it { is_expected.to contain_swift_proxy_config('filter:ratelimit/max_sleep_time_seconds').with_value('60') }
-use = egg:swift#ratelimit
+    it { is_expected.to contain_swift_proxy_config('filter:ratelimit/log_sleep_time_seconds').with_value('0') }
-clock_accuracy = 1000
+    it { is_expected.to contain_swift_proxy_config('filter:ratelimit/rate_buffer_seconds').with_value('5') }
-max_sleep_time_seconds = 60
+    it { is_expected.to contain_swift_proxy_config('filter:ratelimit/account_ratelimit').with_value('0') }
-log_sleep_time_seconds = 0
-rate_buffer_seconds = 5
-account_ratelimit = 0
-')
-    end
   end
 
   describe "when overriding default parameters" do
@@ -30,13 +25,11 @@ account_ratelimit = 0
         :account_ratelimit      => 69
       }
     end
-    it 'should build the fragment with correct parameters' do
+    it { is_expected.to contain_swift_proxy_config('filter:ratelimit/clock_accuracy').with_value('9436') }
-      is_expected.to contain_concat_fragment('swift_ratelimit').with_content(/clock_accuracy = 9436/)
+    it { is_expected.to contain_swift_proxy_config('filter:ratelimit/max_sleep_time_seconds').with_value('3600') }
-      is_expected.to contain_concat_fragment('swift_ratelimit').with_content(/max_sleep_time_seconds = 3600/)
+    it { is_expected.to contain_swift_proxy_config('filter:ratelimit/log_sleep_time_seconds').with_value('42') }
-      is_expected.to contain_concat_fragment('swift_ratelimit').with_content(/log_sleep_time_seconds = 42/)
+    it { is_expected.to contain_swift_proxy_config('filter:ratelimit/rate_buffer_seconds').with_value('51') }
-      is_expected.to contain_concat_fragment('swift_ratelimit').with_content(/rate_buffer_seconds = 51/)
+    it { is_expected.to contain_swift_proxy_config('filter:ratelimit/account_ratelimit').with_value('69') }
-      is_expected.to contain_concat_fragment('swift_ratelimit').with_content(/account_ratelimit = 69/)
-    end
   end
 
 end

spec/classes/swift_proxy_s3token_spec.rb

@@ -7,15 +7,10 @@ describe 'swift::proxy::s3token' do
   end
 
   describe "when using default parameters" do
-    it 'should build the fragment with correct parameters' do
+    it { is_expected.to contain_swift_proxy_config('filter:s3token/paste.filter_factory').with_value('keystonemiddleware.s3_token:filter_factory') }
-      is_expected.to contain_concat_fragment('swift_s3token').with_content('
+    it { is_expected.to contain_swift_proxy_config('filter:s3token/auth_port').with_value('35357') }
-[filter:s3token]
+    it { is_expected.to contain_swift_proxy_config('filter:s3token/auth_protocol').with_value('http') }
-paste.filter_factory = keystonemiddleware.s3_token:filter_factory
+    it { is_expected.to contain_swift_proxy_config('filter:s3token/auth_host').with_value('127.0.0.1') }
-auth_port = 35357
-auth_protocol = http
-auth_host = 127.0.0.1
-')
-    end
   end
 
   describe "when overriding default parameters" do
@@ -26,11 +21,9 @@ auth_host = 127.0.0.1
           :auth_host     => '1.2.3.4'
       }
     end
-    it 'should build the fragment with correct parameters' do
+    it { is_expected.to contain_swift_proxy_config('filter:s3token/auth_port').with_value('4212') }
-      is_expected.to contain_concat_fragment('swift_s3token').with_content(/auth_port = 4212/)
+    it { is_expected.to contain_swift_proxy_config('filter:s3token/auth_protocol').with_value('https') }
-      is_expected.to contain_concat_fragment('swift_s3token').with_content(/auth_protocol = https/)
+    it { is_expected.to contain_swift_proxy_config('filter:s3token/auth_host').with_value('1.2.3.4') }
-      is_expected.to contain_concat_fragment('swift_s3token').with_content(/auth_host = 1.2.3.4/)
-    end
   end
 
 end

spec/classes/swift_proxy_slo_spec.rb

@@ -7,18 +7,13 @@ describe 'swift::proxy::slo' do
   end
 
   describe "when using default parameters" do
-    it 'should build the fragment with correct parameters' do
+    it { is_expected.to contain_swift_proxy_config('filter:slo/use').with_value('egg:swift#slo') }
-      is_expected.to contain_concat_fragment('swift_slo').with_content('
+    it { is_expected.to contain_swift_proxy_config('filter:slo/max_manifest_segments').with_value('1000') }
-[filter:slo]
+    it { is_expected.to contain_swift_proxy_config('filter:slo/max_manifest_size').with_value('2097152') }
-use = egg:swift#slo
+    it { is_expected.to contain_swift_proxy_config('filter:slo/min_segment_size').with_value('1048576') }
-max_manifest_segments = 1000
+    it { is_expected.to contain_swift_proxy_config('filter:slo/rate_limit_after_segment').with_value('10') }
-max_manifest_size = 2097152
+    it { is_expected.to contain_swift_proxy_config('filter:slo/rate_limit_segments_per_sec').with_value('0') }
-min_segment_size = 1048576
+    it { is_expected.to contain_swift_proxy_config('filter:slo/max_get_time').with_value('86400') }
-rate_limit_after_segment = 10
-rate_limit_segments_per_sec = 0
-max_get_time = 86400
-')
-    end
   end
 
   describe "when overriding default parameters" do
@@ -30,12 +25,10 @@ max_get_time = 86400
         :max_get_time              => '6400',
       }
     end
-    it 'should build the fragment with correct parameters' do
+    it { is_expected.to contain_swift_proxy_config('filter:slo/max_manifest_segments').with_value('2000') }
-      is_expected.to contain_concat_fragment('swift_slo').with_content(/max_manifest_segments = 2000/)
+    it { is_expected.to contain_swift_proxy_config('filter:slo/max_manifest_size').with_value('500000') }
-      is_expected.to contain_concat_fragment('swift_slo').with_content(/max_manifest_size = 500000/)
+    it { is_expected.to contain_swift_proxy_config('filter:slo/rate_limit_after_segment').with_value('30') }
-      is_expected.to contain_concat_fragment('swift_slo').with_content(/rate_limit_after_segment = 30/)
+    it { is_expected.to contain_swift_proxy_config('filter:slo/max_get_time').with_value('6400') }
-      is_expected.to contain_concat_fragment('swift_slo').with_content(/max_get_time = 6400/)
-    end
   end
 
 end

spec/classes/swift_proxy_spec.rb

@@ -38,6 +38,12 @@ describe 'swift::proxy' do
         {:proxy_local_net_ip => '127.0.0.1'}
       end
 
+      it 'passes purge to swift_proxy_config resource' do
+        is_expected.to contain_resources('swift_proxy_config').with({
+          :purge => false
+        })
+      end
+
       it { is_expected.to contain_package('swift-proxy').that_requires('Anchor[swift::install::begin]')
            is_expected.to contain_package('swift-proxy').that_notifies('Anchor[swift::install::end]') }
 
@@ -46,47 +52,33 @@ describe 'swift::proxy' do
          :provider   => nil,
          :enable     => true,
          :hasstatus  => true,
-         :subscribe  => 'Concat[/etc/swift/proxy-server.conf]',
          :tag        => 'swift-service',
         }
       )}
-      it { is_expected.to contain_concat('/etc/swift/proxy-server.conf').with(
-        {:ensure  => 'present',
-         :owner   => 'swift',
-         :group   => 'swift',
-        }
-      )}
 
-      it 'should build the header file with all of the default contents' do
+      it { is_expected.to contain_service('swift-proxy-server').that_subscribes_to('Anchor[swift::service::begin]')}
-        is_expected.to contain_concat_fragment('swift_proxy').with_content('# This file is managed by puppet.  Do not edit
+      it { is_expected.to contain_service('swift-proxy-server').that_notifies('Anchor[swift::service::end]')}
-#
+      it { is_expected.to contain_swift_proxy_config('DEFAULT/bind_port').with_value('8080')}
-[DEFAULT]
+      it { is_expected.to contain_swift_proxy_config('DEFAULT/bind_ip').with_value('127.0.0.1')}
-bind_port = 8080
+      it { is_expected.to contain_swift_proxy_config('DEFAULT/workers').with_value('1')}
-bind_ip = 127.0.0.1
+      it { is_expected.to contain_swift_proxy_config('DEFAULT/user').with_value('swift')}
-workers = 1
+      it { is_expected.to contain_swift_proxy_config('DEFAULT/log_name').with_value('proxy-server')}
-user = swift
+      it { is_expected.to contain_swift_proxy_config('DEFAULT/log_facility').with_value('LOG_LOCAL1')}
-log_name = proxy-server
+      it { is_expected.to contain_swift_proxy_config('DEFAULT/log_level').with_value('INFO')}
-log_facility = LOG_LOCAL1
+      it { is_expected.to contain_swift_proxy_config('DEFAULT/log_headers').with_value('False')}
-log_level = INFO
+      it { is_expected.to contain_swift_proxy_config('DEFAULT/log_address').with_value('/dev/log')}
-log_headers = False
+      it { is_expected.to contain_swift_proxy_config('pipeline:main/pipeline').with_value('healthcheck cache tempauth proxy-server')}
-log_address = /dev/log
+      it { is_expected.to contain_swift_proxy_config('app:proxy-server/use').with_value('egg:swift#proxy')}
+      it { is_expected.to contain_swift_proxy_config('app:proxy-server/set log_name').with_value('proxy-server')}
+      it { is_expected.to contain_swift_proxy_config('app:proxy-server/set log_facility').with_value('LOG_LOCAL1')}
+      it { is_expected.to contain_swift_proxy_config('app:proxy-server/set log_level').with_value('INFO')}
+      it { is_expected.to contain_swift_proxy_config('app:proxy-server/set log_address').with_value('/dev/log')}
+      it { is_expected.to contain_swift_proxy_config('app:proxy-server/log_handoffs').with_value('true')}
+      it { is_expected.to contain_swift_proxy_config('app:proxy-server/allow_account_management').with_value('true')}
+      it { is_expected.to contain_swift_proxy_config('app:proxy-server/account_autocreate').with_value('true')}
 
-[pipeline:main]
-pipeline = healthcheck cache tempauth proxy-server
 
-[app:proxy-server]
+      it { is_expected.to contain_service('swift-proxy-server').with_require(
-use = egg:swift#proxy
-set log_name = proxy-server
-set log_facility = LOG_LOCAL1
-set log_level = INFO
-set log_address = /dev/log
-log_handoffs = true
-allow_account_management = true
-account_autocreate = true
-')
-      end
-
-      it { is_expected.to contain_concat__fragment('swift_proxy').with_before(
         [
           'Class[Swift::Proxy::Healthcheck]',
           'Class[Swift::Proxy::Cache]',
@@ -102,7 +94,7 @@ account_autocreate = true
             swift_proxy_config { 'foo/bar': value => 'foo' }
           "
         end
-        it { is_expected.to contain_concat("/etc/swift/proxy-server.conf").that_comes_before("Swift_proxy_config[foo/bar]") }
+        it { is_expected.to contain_swift_proxy_config('foo/bar').with_value('foo').that_notifies('Anchor[swift::config::end]')}
       end
 
       describe 'when more parameters are set' do
@@ -123,47 +115,32 @@ account_autocreate = true
            :cors_allow_origin         => 'http://foo.bar:1234,https://foo.bar',
           }
         end
-        it 'should build the header file with provided values' do
+        it { is_expected.to contain_swift_proxy_config('DEFAULT/bind_port').with_value('80')}
-          is_expected.to contain_concat_fragment('swift_proxy').with_content('# This file is managed by puppet.  Do not edit
+        it { is_expected.to contain_swift_proxy_config('DEFAULT/bind_ip').with_value('10.0.0.2')}
-#
+        it { is_expected.to contain_swift_proxy_config('DEFAULT/workers').with_value('3')}
-[DEFAULT]
+        it { is_expected.to contain_swift_proxy_config('DEFAULT/user').with_value('swift')}
-bind_port = 80
+        it { is_expected.to contain_swift_proxy_config('DEFAULT/log_name').with_value('swift-proxy-server')}
-bind_ip = 10.0.0.2
+        it { is_expected.to contain_swift_proxy_config('DEFAULT/log_facility').with_value('LOG_LOCAL1')}
-workers = 3
+        it { is_expected.to contain_swift_proxy_config('DEFAULT/log_level').with_value('DEBUG')}
-user = swift
+        it { is_expected.to contain_swift_proxy_config('DEFAULT/log_headers').with_value('False')}
-log_name = swift-proxy-server
+        it { is_expected.to contain_swift_proxy_config('DEFAULT/log_address').with_value('/dev/log')}
-log_facility = LOG_LOCAL1
+        it { is_expected.to contain_swift_proxy_config('DEFAULT/cors_allow_origin').with_value('http://foo.bar:1234,https://foo.bar')}
-log_level = DEBUG
+        it { is_expected.to contain_swift_proxy_config('DEFAULT/strict_cors_mode').with_value('true')}
-log_headers = False
+        it { is_expected.to contain_swift_proxy_config('pipeline:main/pipeline').with_value('swauth proxy-server')}
-log_address = /dev/log
+        it { is_expected.to contain_swift_proxy_config('app:proxy-server/use').with_value('egg:swift#proxy')}
-cors_allow_origin = http://foo.bar:1234,https://foo.bar
+        it { is_expected.to contain_swift_proxy_config('app:proxy-server/set log_name').with_value('swift-proxy-server')}
-strict_cors_mode = true
+        it { is_expected.to contain_swift_proxy_config('app:proxy-server/set log_facility').with_value('LOG_LOCAL1')}
-
+        it { is_expected.to contain_swift_proxy_config('app:proxy-server/set log_level').with_value('DEBUG')}
-[pipeline:main]
+        it { is_expected.to contain_swift_proxy_config('app:proxy-server/set log_address').with_value('/dev/log')}
-pipeline = swauth proxy-server
+        it { is_expected.to contain_swift_proxy_config('app:proxy-server/log_handoffs').with_value('true')}
-
+        it { is_expected.to contain_swift_proxy_config('app:proxy-server/allow_account_management').with_value('false')}
-[app:proxy-server]
+        it { is_expected.to contain_swift_proxy_config('app:proxy-server/account_autocreate').with_value('false')}
-use = egg:swift#proxy
+        it { is_expected.to contain_swift_proxy_config('app:proxy-server/sorting_method').with_value('affinity')}
-set log_name = swift-proxy-server
+        it { is_expected.to contain_swift_proxy_config('app:proxy-server/read_affinity').with_value('r1z1=100, r1=200')}
-set log_facility = LOG_LOCAL1
+        it { is_expected.to contain_swift_proxy_config('app:proxy-server/write_affinity').with_value('r1')}
-set log_level = DEBUG
+        it { is_expected.to contain_swift_proxy_config('app:proxy-server/write_affinity_node_count').with_value('2 * replicas')}
-set log_address = /dev/log
+        it { is_expected.to contain_swift_proxy_config('app:proxy-server/node_timeout').with_value('20')}
-log_handoffs = true
+      end
-allow_account_management = false
-account_autocreate = false
-sorting_method = affinity
-read_affinity = r1z1=100, r1=200
-write_affinity = r1
-write_affinity_node_count = 2 * replicas
-node_timeout = 20
-')
-        end
-        if Puppet.version.to_f < 4.0
-          it { is_expected.to contain_concat__fragment('swift_proxy').with_before('Class[Swift::Proxy::Swauth]')}
-        else
-          it { is_expected.to contain_concat__fragment('swift_proxy').with_before(['Class[Swift::Proxy::Swauth]'])}
-        end
-       end
       describe "when log udp port is set" do
         context 'and log_udp_host is not set' do
           let :params do
@@ -204,47 +181,36 @@ node_timeout = 20
              :write_affinity_node_count => '2 * replicas',
              :node_timeout              => '20',
              :cors_allow_origin         => 'http://foo.bar:1234,https://foo.bar',
-          }
+            }
           end
-        it 'should build the header file with provided values' do
+          it { is_expected.to contain_swift_proxy_config('DEFAULT/bind_port').with_value('80')}
-          is_expected.to contain_concat_fragment('swift_proxy').with_content('# This file is managed by puppet.  Do not edit
+          it { is_expected.to contain_swift_proxy_config('DEFAULT/bind_ip').with_value('10.0.0.2')}
-#
+          it { is_expected.to contain_swift_proxy_config('DEFAULT/workers').with_value('3')}
-[DEFAULT]
+          it { is_expected.to contain_swift_proxy_config('DEFAULT/user').with_value('swift')}
-bind_port = 80
+          it { is_expected.to contain_swift_proxy_config('DEFAULT/log_name').with_value('swift-proxy-server')}
-bind_ip = 10.0.0.2
+          it { is_expected.to contain_swift_proxy_config('DEFAULT/log_facility').with_value('LOG_LOCAL1')}
-workers = 3
+          it { is_expected.to contain_swift_proxy_config('DEFAULT/log_level').with_value('DEBUG')}
-user = swift
+          it { is_expected.to contain_swift_proxy_config('DEFAULT/log_headers').with_value('False')}
-log_name = swift-proxy-server
+          it { is_expected.to contain_swift_proxy_config('DEFAULT/log_address').with_value('/dev/log')}
-log_facility = LOG_LOCAL1
+          it { is_expected.to contain_swift_proxy_config('DEFAULT/log_udp_host').with_value('127.0.0.1')}
-log_level = DEBUG
+          it { is_expected.to contain_swift_proxy_config('DEFAULT/log_udp_port').with_value('514')}
-log_headers = False
+          it { is_expected.to contain_swift_proxy_config('DEFAULT/cors_allow_origin').with_value('http://foo.bar:1234,https://foo.bar')}
-log_address = /dev/log
+          it { is_expected.to contain_swift_proxy_config('DEFAULT/strict_cors_mode').with_value('true')}
-# If set, log_udp_host will override log_address
+          it { is_expected.to contain_swift_proxy_config('pipeline:main/pipeline').with_value('swauth proxy-server')}
-log_udp_host = 127.0.0.1
+          it { is_expected.to contain_swift_proxy_config('app:proxy-server/use').with_value('egg:swift#proxy')}
-log_udp_port = 514
+          it { is_expected.to contain_swift_proxy_config('app:proxy-server/set log_name').with_value('swift-proxy-server')}
-cors_allow_origin = http://foo.bar:1234,https://foo.bar
+          it { is_expected.to contain_swift_proxy_config('app:proxy-server/set log_facility').with_value('LOG_LOCAL1')}
-strict_cors_mode = true
+          it { is_expected.to contain_swift_proxy_config('app:proxy-server/set log_level').with_value('DEBUG')}
-
+          it { is_expected.to contain_swift_proxy_config('app:proxy-server/set log_address').with_value('/dev/log')}
-[pipeline:main]
+          it { is_expected.to contain_swift_proxy_config('app:proxy-server/log_handoffs').with_value('true')}
-pipeline = swauth proxy-server
+          it { is_expected.to contain_swift_proxy_config('app:proxy-server/allow_account_management').with_value('false')}
-
+          it { is_expected.to contain_swift_proxy_config('app:proxy-server/account_autocreate').with_value('false')}
-[app:proxy-server]
+          it { is_expected.to contain_swift_proxy_config('app:proxy-server/sorting_method').with_value('affinity')}
-use = egg:swift#proxy
+          it { is_expected.to contain_swift_proxy_config('app:proxy-server/read_affinity').with_value('r1z1=100, r1=200')}
-set log_name = swift-proxy-server
+          it { is_expected.to contain_swift_proxy_config('app:proxy-server/write_affinity').with_value('r1')}
-set log_facility = LOG_LOCAL1
+          it { is_expected.to contain_swift_proxy_config('app:proxy-server/write_affinity_node_count').with_value('2 * replicas')}
-set log_level = DEBUG
+          it { is_expected.to contain_swift_proxy_config('app:proxy-server/node_timeout').with_value('20')}
-set log_address = /dev/log
-log_handoffs = true
-allow_account_management = false
-account_autocreate = false
-sorting_method = affinity
-read_affinity = r1z1=100, r1=200
-write_affinity = r1
-write_affinity_node_count = 2 * replicas
-node_timeout = 20
-')
         end
-      end
     end
 
       describe 'when supplying bad values for parameters' do
@@ -308,7 +274,6 @@ node_timeout = 20
           :provider   => platform_params['service_provider'],
           :enable     => false,
           :hasstatus  => true,
-          :subscribe  => 'Concat[/etc/swift/proxy-server.conf]'
         )
       end
     end

spec/classes/swift_proxy_staticweb_spec.rb

@@ -6,7 +6,6 @@ describe 'swift::proxy::staticweb' do
     {}
   end
 
-  it { is_expected.to contain_concat_fragment('swift-proxy-staticweb').with_content(/[filter:staticweb]/) }
+  it { is_expected.to contain_swift_proxy_config('filter:staticweb/use').with_value('egg:swift#staticweb') }
-  it { is_expected.to contain_concat_fragment('swift-proxy-staticweb').with_content(/use = egg:swift#staticweb/) }
 
 end

spec/classes/swift_proxy_swauth_spec.rb

@@ -8,13 +8,12 @@ describe 'swift::proxy::swauth' do
 
   it { is_expected.to contain_package('python-swauth').with_ensure('present') }
 
-  it { is_expected.to contain_concat_fragment('swift_proxy_swauth').with_content(/[filter:swauth]/) }
+  it { is_expected.to contain_swift_proxy_config('filter:swauth/use').with_value('egg:swauth#swauth') }
-  it { is_expected.to contain_concat_fragment('swift_proxy_swauth').with_content(/use = egg:swauth#swauth/) }
 
   describe 'with defaults' do
 
-    it { is_expected.to contain_concat_fragment('swift_proxy_swauth').with_content(/default_swift_cluster = local#127\.0\.0\.1/) }
+    it { is_expected.to contain_swift_proxy_config('filter:swauth/default_swift_cluster').with_value('local#127.0.0.1') }
-    it { is_expected.to contain_concat_fragment('swift_proxy_swauth').with_content(/super_admin_key = swauthkey/) }
+    it { is_expected.to contain_swift_proxy_config('filter:swauth/super_admin_key').with_value('swauthkey') }
 
   end
 
@@ -26,8 +25,9 @@ describe 'swift::proxy::swauth' do
        :package_ensure => 'latest' }
     end
 
-    it { is_expected.to contain_concat_fragment('swift_proxy_swauth').with_content(/default_swift_cluster = local#10\.0\.0\.1/) }
+    it { is_expected.to contain_swift_proxy_config('filter:swauth/default_swift_cluster').with_value('local#10.0.0.1') }
-    it { is_expected.to contain_concat_fragment('swift_proxy_swauth').with_content(/super_admin_key = foo/) }
+    it { is_expected.to contain_swift_proxy_config('filter:swauth/super_admin_key').with_value('foo') }
+
     it { is_expected.to contain_package('python-swauth').with_ensure('latest') }
 
   end

spec/classes/swift_proxy_swift3_spec.rb

@@ -17,7 +17,6 @@ describe 'swift::proxy::swift3' do
     "/var/lib/puppet/concat/_etc_swift_proxy-server.conf/fragments/27_swift_swift3"
   end
 
-  it { is_expected.to contain_concat_fragment('swift_swift3').with_content(/[filter:swift3]/) }
+  it { is_expected.to contain_swift_proxy_config('filter:swift3/use').with_value('egg:swift3#swift3') }
-  it { is_expected.to contain_concat_fragment('swift_swift3').with_content(/use = egg:swift3#swift3/) }
 
 end

spec/classes/swift_proxy_tempauth_spec.rb

@@ -19,13 +19,13 @@ describe 'swift::proxy::tempauth' do
     'concat { "/etc/swift/proxy-server.conf": }'
   end
 
-  it { is_expected.to contain_concat_fragment('swift-proxy-tempauth').with_content(/\[filter:tempauth\]\nuse = egg:swift#tempauth/) }
+  it { is_expected.to contain_swift_proxy_config('filter:tempauth/use').with_value('egg:swift#tempauth') }
-  it { is_expected.to contain_concat_fragment('swift-proxy-tempauth').with_content(/user_admin_admin = admin \.admin \.reseller_admin/) }
+  it { is_expected.to contain_swift_proxy_config('filter:tempauth/user_admin_admin').with_value('admin .admin .reseller_admin') }
 
-  it { is_expected.to_not contain_concat_fragment('swift-proxy-tempauth').with_content(/reseller_prefix/) }
+  it { is_expected.to_not contain_swift_proxy_config('filter:tempauth/reseller_prefix').with_value('') }
-  it { is_expected.to_not contain_concat_fragment('swift-proxy-tempauth').with_content(/token_life/) }
+  it { is_expected.to_not contain_swift_proxy_config('filter:tempauth/token_life').with_value('') }
-  it { is_expected.to_not contain_concat_fragment('swift-proxy-tempauth').with_content(/auth_prefix/) }
+  it { is_expected.to_not contain_swift_proxy_config('filter:tempauth/auth_prefix').with_value('') }
-  it { is_expected.to_not contain_concat_fragment('swift-proxy-tempauth').with_content(/storage_url_scheme/) }
+  it { is_expected.to_not contain_swift_proxy_config('filter:tempauth/storage_url_scheme').with_value('') }
 
   context 'declaring two users' do
     let :params do {
@@ -44,12 +44,8 @@ describe 'swift::proxy::tempauth' do
         },
       ]
     } end
-    it { is_expected.to contain_concat_fragment('swift-proxy-tempauth').with_content(
+    it { is_expected.to contain_swift_proxy_config('filter:tempauth/user_admin_admin').with_value('admin .admin .reseller_admin') }
-      /user_admin_admin = admin \.admin \.reseller_admin/
+    it { is_expected.to contain_swift_proxy_config('filter:tempauth/user_bar_foo').with_value('pass .reseller_admin') }
-    ) }
-    it { is_expected.to contain_concat_fragment('swift-proxy-tempauth').with_content(
-      /user_bar_foo = pass \.reseller_admin/
-    ) }
   end
 
   context 'when group is empty' do
@@ -63,7 +59,7 @@ describe 'swift::proxy::tempauth' do
         },
       ]
     } end
-    it { is_expected.to contain_concat_fragment('swift-proxy-tempauth').with_content(/user_admin_admin = admin $/) }
+    it { is_expected.to contain_swift_proxy_config('filter:tempauth/user_admin_admin').with_value('admin') }
   end
 
 
@@ -76,10 +72,10 @@ describe 'swift::proxy::tempauth' do
     }.merge(default_params)
     end
 
-    it { is_expected.to contain_concat_fragment('swift-proxy-tempauth').with_content(/reseller_prefix = AUTH/) }
+    it { is_expected.to contain_swift_proxy_config('filter:tempauth/reseller_prefix').with_value('AUTH') }
-    it { is_expected.to contain_concat_fragment('swift-proxy-tempauth').with_content(/token_life = 81600/) }
+    it { is_expected.to contain_swift_proxy_config('filter:tempauth/token_life').with_value('81600') }
-    it { is_expected.to contain_concat_fragment('swift-proxy-tempauth').with_content(/auth_prefix = \/auth\//) }
+    it { is_expected.to contain_swift_proxy_config('filter:tempauth/auth_prefix').with_value('/auth/') }
-    it { is_expected.to contain_concat_fragment('swift-proxy-tempauth').with_content(/storage_url_scheme = http/) }
+    it { is_expected.to contain_swift_proxy_config('filter:tempauth/storage_url_scheme').with_value('http') }
 
     describe "invalid params" do
       ['account_user_list', 'token_life', 'auth_prefix', 'storage_url_scheme'].each do |param|

spec/classes/swift_proxy_tempurl_spec.rb

@@ -10,14 +10,14 @@ describe 'swift::proxy::tempurl' do
     'concat { "/etc/swift/proxy-server.conf": }'
   end
 
-  it { is_expected.to contain_concat_fragment('swift-proxy-tempurl').with_content(/\[filter:tempurl\]\nuse = egg:swift#tempurl/) }
+  it { is_expected.to contain_swift_proxy_config('filter:tempurl/use').with_value('egg:swift#tempurl') }
 
   ['methods',
    'incoming_remove_headers',
    'incoming_allow_headers',
    'outgoing_remove_headers',
    'outgoing_allow_headers' ].each do |h|
-     it { is_expected.to_not contain_concat_fragment('swift-proxy-tempurl').with_content(/#{h}/) }
+     it { is_expected.to_not contain_swift_proxy_config("filter:tempurl/#{h}").with_value('') }
    end
 
    context "when params are set" do
@@ -29,12 +29,12 @@ describe 'swift::proxy::tempurl' do
        'outgoing_allow_headers'  => ['x-foo','x-bar-*'],
      } end
 
-     it { is_expected.to contain_concat_fragment('swift-proxy-tempurl').with_content(/methods = GET HEAD PUT/) }
+     it { is_expected.to contain_swift_proxy_config('filter:tempurl/methods').with_value('GET HEAD PUT') }
      ['incoming_remove_headers',
       'incoming_allow_headers',
       'outgoing_remove_headers',
       'outgoing_allow_headers' ].each do |h|
-        it { is_expected.to contain_concat_fragment('swift-proxy-tempurl').with_content(/#{h} = x-foo x-bar-*/) }
+        it { is_expected.to contain_swift_proxy_config("filter:tempurl/#{h}").with_value('x-foo x-bar-*') }
       end
 
       describe 'when params are not array' do
@@ -46,12 +46,12 @@ describe 'swift::proxy::tempurl' do
           'outgoing_allow_headers'  => 'x-foo x-bar-*',
         } end
 
-        it { is_expected.to contain_concat_fragment('swift-proxy-tempurl').with_content(/methods = GET HEAD PUT/) }
+        it { is_expected.to contain_swift_proxy_config('filter:tempurl/methods').with_value('GET HEAD PUT') }
         ['incoming_remove_headers',
          'incoming_allow_headers',
          'outgoing_remove_headers',
          'outgoing_allow_headers' ].each do |h|
-           it { is_expected.to contain_concat_fragment('swift-proxy-tempurl').with_content(/#{h} = x-foo x-bar-*/) }
+           it { is_expected.to contain_swift_proxy_config("filter:tempurl/#{h}").with_value('x-foo x-bar-*') }
          end
       end
    end

spec/classes/swift_proxy_versioned_writes_spec.rb

@@ -7,13 +7,8 @@ describe 'swift::proxy::versioned_writes' do
   end
 
   describe "when using default parameters" do
-    it 'should build the fragment with correct parameters' do
+    it { is_expected.to contain_swift_proxy_config('filter:versioned_writes/use').with_value('egg:swift#versioned_writes') }
-      is_expected.to contain_concat_fragment('swift_versioned_writes').with_content('
+    it { is_expected.to contain_swift_proxy_config('filter:versioned_writes/allow_versioned_writes').with_value('false') }
-[filter:versioned_writes]
-use = egg:swift#versioned_writes
-allow_versioned_writes = false
-')
-    end
   end
 
   describe "when overriding default parameters" do
@@ -22,9 +17,7 @@ allow_versioned_writes = false
         :allow_versioned_writes => true,
       }
     end
-    it 'should build the fragment with correct parameters' do
+    it { is_expected.to contain_swift_proxy_config('filter:versioned_writes/allow_versioned_writes').with_value('true') }
-      is_expected.to contain_concat_fragment('swift_versioned_writes').with_content(/allow_versioned_writes = true/)
-    end
   end
 
 end

spec/defines/swift_proxy_tempauth_account.rb

@@ -0,0 +1,15 @@
+require 'spec_helper'
+
+describe 'swift::proxy::tempauth_account' do
+
+  let :title do
+    '    user_admin_admin,    admin .admin .reseller_admin'
+  end
+
+  describe 'when passing in a string containing "user_<account>_<user>, <key> .<group1> .<groupx>"' do
+
+    it { is_expected.to contain_swift_proxy_config('filter:tempauth/user_admin_admin').with_value('admin .admin .reseller_admin') }
+
+  end
+
+end

templates/proxy-server.conf.erb

@@ -1,58 +0,0 @@
-# This file is managed by puppet.  Do not edit
-#
-[DEFAULT]
-bind_port = <%= @port %>
-<% if @proxy_local_net_ip -%>
-bind_ip = <%= @proxy_local_net_ip %>
-<% end -%>
-workers = <%= @workers %>
-user = swift
-log_name = <%= @log_name %>
-log_facility = <%= @log_facility %>
-log_level = <%= @log_level %>
-log_headers = <%= @log_headers %>
-log_address = <%= @log_address %>
-<% if @log_udp_host -%>
-# If set, log_udp_host will override log_address
-log_udp_host = <%= @log_udp_host %>
-<% end -%>
-<% if @log_udp_host and @log_udp_port -%>
-log_udp_port = <%= @log_udp_port %>
-<% end -%>
-<% if @cors_allow_origin -%>
-cors_allow_origin = <%= @cors_allow_origin %>
-strict_cors_mode = <%= @strict_cors_mode %>
-<% end -%>
-<%- if @statsd_enabled -%>
-log_statsd_host = <%=@log_statsd_host%>
-log_statsd_port = <%=@log_statsd_port%>
-log_statsd_default_sample_rate = <%=@log_statsd_default_sample_rate%>
-log_statsd_sample_rate_factor = <%=@log_statsd_sample_rate_factor%>
-log_statsd_metric_prefix = <%=@log_statsd_metric_prefix%>
-<%- end -%>
-
-[pipeline:main]
-pipeline = <%= @pipeline.to_a.join(' ') %>
-
-[app:proxy-server]
-use = egg:swift#proxy
-set log_name = <%= @log_name %>
-set log_facility = <%= @log_facility %>
-set log_level = <%= @log_level %>
-set log_address = <%= @log_address %>
-log_handoffs = <%= @log_handoffs %>
-allow_account_management = <%= @allow_account_management %>
-account_autocreate = <%= @account_autocreate %>
-<% if @read_affinity -%>
-sorting_method = affinity
-read_affinity = <%= @read_affinity %>
-<% end -%>
-<% if @write_affinity -%>
-write_affinity = <%= @write_affinity %>
-<% end -%>
-<% if @write_affinity_node_count -%>
-write_affinity_node_count = <%= @write_affinity_node_count %>
-<% end -%>
-<% if @node_timeout -%>
-node_timeout = <%= @node_timeout %>
-<% end -%>

templates/proxy/account_quotas.conf.erb

@@ -1,3 +0,0 @@
-
-[filter:account_quotas]
-use = egg:swift#account_quotas

templates/proxy/authtoken.conf.erb

@@ -1,19 +0,0 @@
-
-[filter:authtoken]
-log_name = swift
-signing_dir = <%= @signing_dir %>
-paste.filter_factory = keystonemiddleware.auth_token:filter_factory
-
-auth_uri = <%= @auth_uri %>
-auth_url = <%= @auth_url_real %>
-auth_plugin = <%= @auth_plugin %>
-project_domain_id = <%= @project_domain_id %>
-user_domain_id = <%= @user_domain_id %>
-project_name = <%= @project_name_real %>
-username = <%= @username_real %>
-password = <%= @password_real %>
-
-delay_auth_decision = <%= @delay_auth_decision %>
-
-cache = <%= @cache %>
-include_service_catalog = <%= @include_service_catalog %>

templates/proxy/bulk.conf.erb

@@ -1,7 +0,0 @@
-
-[filter:bulk]
-use = egg:swift#bulk
-max_containers_per_extraction = <%= @max_containers_per_extraction %>
-max_failed_extractions = <%= @max_failed_extractions %>
-max_deletes_per_request = <%= @max_deletes_per_request %>
-yield_frequency = <%= @yield_frequency %>

templates/proxy/cache.conf.erb

@@ -1,4 +0,0 @@
-
-[filter:cache]
-use = egg:swift#memcache
-memcache_servers = <%= [@memcache_servers].flatten.join(',') %>

templates/proxy/catch_errors.conf.erb

@@ -1,3 +0,0 @@
-
-[filter:catch_errors]
-use = egg:swift#catch_errors

templates/proxy/ceilometer.conf.erb

@@ -1,18 +0,0 @@
-
-[filter:ceilometer]
-paste.filter_factory = ceilometermiddleware.swift:filter_factory
-<% if @rabbit_hosts.nil? %>
-url = rabbit://<%= @rabbit_user %>:<%= @rabbit_password %>@<%= @rabbit_host %>:<%= @rabbit_port %>/<%= @rabbit_virtual_host %>
-<% else %>
-<% hosts=Array(@rabbit_hosts_with_creds).join(",") -%>
-url = rabbit://<%= hosts %>/<%= @rabbit_virtual_host %>
-<% end %>
-<% if @driver %>
-driver = <%= @driver %>
-<% end %>
-<% if @topic %>
-topic = <%= @topic %>
-<% end %>
-<% if @control_exchange %>
-control_exchange = <%= @control_exchange %>
-<% end %>

templates/proxy/container_quotas.conf.erb

@@ -1,3 +0,0 @@
-
-[filter:container_quotas]
-use = egg:swift#container_quotas

templates/proxy/container_sync.conf.erb

@@ -1,3 +0,0 @@
-
-[filter:container_sync]
-use = egg:swift#container_sync

templates/proxy/copy.conf.erb

@@ -1,4 +0,0 @@
-
-[filter:copy]
-use = egg:swift#copy
-object_post_as_copy = <%= @object_post_as_copy %>

templates/proxy/crossdomain.conf.erb

@@ -1,4 +0,0 @@
-
-[filter:crossdomain]
-use = egg:swift#crossdomain
-cross_domain_policy = <%= @cross_domain_policy %>

templates/proxy/dlo.conf.erb

@@ -1,6 +0,0 @@
-
-[filter:dlo]
-use = egg:swift#dlo
-rate_limit_after_segment = <%= @rate_limit_after_segment %>
-rate_limit_segments_per_sec = <%= @rate_limit_segments_per_sec %>
-max_get_time = <%= @max_get_time %>

templates/proxy/formpost.conf.erb

@@ -1,3 +0,0 @@
-
-[filter:formpost]
-use = egg:swift#formpost

templates/proxy/gatekeeper.conf.erb

@@ -1,8 +0,0 @@
-
-[filter:gatekeeper]
-use = egg:swift#gatekeeper
-set log_name = <%= @log_name %>
-set log_facility = <%= @log_facility %>
-set log_level = <%= @log_level %>
-set log_headers = <%= @log_headers %>
-set log_address = <%= @log_address %>

templates/proxy/keystone.conf.erb

@@ -1,5 +0,0 @@
-
-[filter:keystone]
-use = egg:swift#keystoneauth
-operator_roles = <%= @operator_roles.to_a.join(', ') %>
-reseller_prefix = <%= @reseller_prefix %>

templates/proxy/proxy-logging.conf.erb

@@ -1,3 +0,0 @@
-
-[filter:proxy-logging]
-use = egg:swift#proxy_logging

templates/proxy/ratelimit.conf.erb

@@ -1,8 +0,0 @@
-
-[filter:ratelimit]
-use = egg:swift#ratelimit
-clock_accuracy = <%= @clock_accuracy %>
-max_sleep_time_seconds = <%= @max_sleep_time_seconds %>
-log_sleep_time_seconds = <%= @log_sleep_time_seconds %>
-rate_buffer_seconds = <%= @rate_buffer_seconds %>
-account_ratelimit = <%= @account_ratelimit %>

templates/proxy/s3token.conf.erb

@@ -1,6 +0,0 @@
-
-[filter:s3token]
-paste.filter_factory = keystonemiddleware.s3_token:filter_factory
-auth_port = <%= @auth_port %>
-auth_protocol = <%= @auth_protocol %>
-auth_host = <%= @auth_host %>

templates/proxy/slo.conf.erb

@@ -1,9 +0,0 @@
-
-[filter:slo]
-use = egg:swift#slo
-max_manifest_segments = <%= @max_manifest_segments %>
-max_manifest_size = <%= @max_manifest_size %>
-min_segment_size = <%= @min_segment_size %>
-rate_limit_after_segment = <%= @rate_limit_after_segment %>
-rate_limit_segments_per_sec = <%= @rate_limit_segments_per_sec %>
-max_get_time = <%= @max_get_time %>

templates/proxy/staticweb.conf.erb

@@ -1,3 +0,0 @@
-
-[filter:staticweb]
-use = egg:swift#staticweb

templates/proxy/swauth.conf.erb

@@ -1,6 +0,0 @@
-
-[filter:swauth]
-use = egg:swauth#swauth
-# this line is not in the install docs?
-default_swift_cluster = local#<%= @swauth_endpoint %>
-super_admin_key = <%= @swauth_super_admin_key %>

templates/proxy/swift3.conf.erb

@@ -1,3 +0,0 @@
-
-[filter:swift3]
-use = egg:swift3#swift3

templates/proxy/tempauth.conf.erb

@@ -1,18 +0,0 @@
-
-[filter:tempauth]
-use = egg:swift#tempauth
-<% if @reseller_prefix -%>
-reseller_prefix = <%= @reseller_prefix.upcase %>
-<%end -%>
-<% if @token_life -%>
-token_life = <%= @token_life %>
-<%end -%>
-<% if @auth_prefix -%>
-auth_prefix = <%= @auth_prefix %>
-<%end -%>
-<% if @storage_url_scheme -%>
-storage_url_scheme = <%= @storage_url_scheme %>
-<%end -%>
-<% @account_user_list.each do |user| %>
-user_<%= user['account'] %>_<%= user['user'] %> = <%= user['key'] %> <%= user['groups'].map { |g| '.' + g }.join(' ') %>
-<% end %>

templates/proxy/tempurl.conf.erb

@@ -1,18 +0,0 @@
-
-[filter:tempurl]
-use = egg:swift#tempurl
-<% if @methods_real-%>
-methods = <%= @methods_real %>
-<% end -%>
-<% if @incoming_remove_headers_real-%>
-incoming_remove_headers = <%= @incoming_remove_headers_real %>
-<% end -%>
-<% if @incoming_allow_headers_real-%>
-incoming_allow_headers = <%= @incoming_allow_headers_real %>
-<% end -%>
-<% if @outgoing_remove_headers_real-%>
-outgoing_remove_headers = <%= @outgoing_remove_headers_real %>
-<% end -%>
-<% if @outgoing_allow_headers_real-%>
-outgoing_allow_headers = <%= @outgoing_allow_headers_real %>
-<% end -%>

templates/proxy/versioned_writes.conf.erb

@@ -1,4 +0,0 @@
-
-[filter:versioned_writes]
-use = egg:swift#versioned_writes
-allow_versioned_writes = <%= @allow_versioned_writes %>