Replace proxy concat/template with ini provider

Maintains full backward compatibility. Use swift_proxy_config ini provider to mange proxy-server.conf. Remove all erb templates. Move all template logic into proxy middleware classes. To purge proxy.conf of settings that are not specified set the new paramater "purge_config" to "true". Change-Id: I0a143cf812043ea0f9a008a6e5c60ec87f9a4e9a
2016-09-28 18:25:24 +00:00 · 2016-09-28 18:25:24 +00:00 · 60ed2ee79c
commit 60ed2ee79c
parent 3d304a20fe
82 changed files with 493 additions and 757 deletions
--- a/manifests/proxy.pp
+++ b/manifests/proxy.pp
@ -116,7 +116,10 @@
 #    See README for more details.
 #    Defaults to $::swift::params::service_provider.
 #
-# == Examples
+#  [*purge_config*]
+#    (optional) Whether to set only the specified config options
+#    in the proxy config.
+#    Defaults to false.
 #
 # == Authors
 #
@ -150,7 +153,8 @@ class swift::proxy(
  $manage_service            = true,
  $enabled                   = true,
  $package_ensure            = 'present',
-  $service_provider          = $::swift::params::service_provider
+  $service_provider          = $::swift::params::service_provider,
+  $purge_config              = false,
 ) inherits ::swift::params {

  include ::swift::deps
@ -192,12 +196,62 @@ class swift::proxy(
    tag    => ['openstack', 'swift-package'],
  }

-  concat { '/etc/swift/proxy-server.conf':
-    owner   => 'swift',
-    group   => 'swift',
-    require => Package['swift-proxy'],
+  resources { 'swift_proxy_config':
+    purge => $purge_config,
  }

+  swift_proxy_config {
+    'DEFAULT/bind_port':                          value => $port;
+    'DEFAULT/bind_ip':                            value => $proxy_local_net_ip;
+    'DEFAULT/workers':                            value => $workers;
+    'DEFAULT/user':                               value => 'swift';
+    'DEFAULT/log_name':                           value => $log_name;
+    'DEFAULT/log_facility':                       value => $log_facility;
+    'DEFAULT/log_level':                          value => $log_level;
+    'DEFAULT/log_headers':                        value => $log_headers;
+    'DEFAULT/log_address':                        value => $log_address;
+    'DEFAULT/log_udp_host':                       value => $log_udp_host;
+    'DEFAULT/log_udp_port':                       value => $log_udp_port;
+    'pipeline:main/pipeline':                     value => join($pipeline, ' ');
+    'app:proxy-server/use':                       value => 'egg:swift#proxy';
+    'app:proxy-server/set log_name':              value => $log_name;
+    'app:proxy-server/set log_facility':          value => $log_facility;
+    'app:proxy-server/set log_level':             value => $log_level;
+    'app:proxy-server/set log_address':           value => $log_address;
+    'app:proxy-server/log_handoffs':              value => $log_handoffs;
+    'app:proxy-server/allow_account_management':  value => $allow_account_management;
+    'app:proxy-server/account_autocreate':        value => $account_autocreate;
+    'app:proxy-server/write_affinity':            value => $write_affinity;
+    'app:proxy-server/write_affinity_node_count': value => $write_affinity_node_count;
+    'app:proxy-server/node_timeout':              value => $node_timeout;
+  }
+
+  if $cors_allow_origin {
+    swift_proxy_config {
+      'DEFAULT/cors_allow_origin': value => $cors_allow_origin;
+      'DEFAULT/strict_cors_mode':  value => $strict_cors_mode;
+    }
+  } else {
+    swift_proxy_config {
+      'DEFAULT/cors_allow_origin': value => $::os_service_default;
+      'DEFAULT/strict_cors_mode':  value => $::os_service_default;
+    }
+  }
+
+  if $read_affinity {
+    swift_proxy_config {
+      'app:proxy-server/sorting_method': value => 'affinity';
+      'app:proxy-server/read_affinity':  value => $read_affinity;
+    }
+  } else {
+    swift_proxy_config {
+      'app:proxy-server/sorting_method': value => $::os_service_default;
+      'app:proxy-server/read_affinity':  value => $::os_service_default;
+    }
+  }
+
+  # Remove 'proxy-server' from the pipeline, convert pipeline elements
+  # into class names then convert '-' to '_'.
  $required_classes = split(
    inline_template(
      "<%=
@ -206,20 +260,6 @@ class swift::proxy(
          end.join(',')
      %>"), ',')

-  # you can now add your custom fragments at the user level
-  concat::fragment { 'swift_proxy':
-    target  => '/etc/swift/proxy-server.conf',
-    content => template('swift/proxy-server.conf.erb'),
-    order   => '00',
-    # require classes for each of the elements of the pipeline
-    # this is to ensure the user gets reasonable elements if he
-    # does not specify the backends for every specified element of
-    # the pipeline
-    before  => Class[$required_classes],
-  }
-
-  Concat['/etc/swift/proxy-server.conf'] -> Swift_proxy_config <||>
-
  if $manage_service {
    if $enabled {
      $service_ensure = 'running'
@ -228,12 +268,13 @@ class swift::proxy(
    }
  }

+  # Require 'swift::proxy::' classes for each of the elements in pipeline.
  swift::service { 'swift-proxy-server':
    os_family_service_name => $::swift::params::proxy_server_service_name,
    service_ensure         => $service_ensure,
    enabled                => $enabled,
    config_file_name       => 'proxy-server.conf',
    service_provider       => $service_provider,
-    subscribe              => Concat['/etc/swift/proxy-server.conf'],
+    require                => Class[$required_classes]
  }
 }
--- a/manifests/proxy/account_quotas.pp
+++ b/manifests/proxy/account_quotas.pp
@ -21,9 +21,7 @@ class swift::proxy::account_quotas() {

  include ::swift::deps

-  concat::fragment { 'swift_account_quotas':
-    target  => '/etc/swift/proxy-server.conf',
-    content => template('swift/proxy/account_quotas.conf.erb'),
-    order   => '210',
+  swift_proxy_config {
+    'filter:account_quotas/use': value => 'egg:swift#account_quotas';
  }
 }
--- a/manifests/proxy/authtoken.pp
+++ b/manifests/proxy/authtoken.pp
@ -125,7 +125,7 @@ class swift::proxy::authtoken(
  }

  if $admin_password {
-    warning('admin_password is deprecated and will be removed, please use password isntead')
+    warning('admin_password is deprecated and will be removed, please use password instead')
  }

  $auth_url_real = pick($identity_uri, $auth_url)
@ -143,10 +143,20 @@ class swift::proxy::authtoken(
    before                  => Anchor['swift::config::end'],
  }

-  concat::fragment { 'swift_authtoken':
-    target  => '/etc/swift/proxy-server.conf',
-    content => template('swift/proxy/authtoken.conf.erb'),
-    order   => '170',
+  swift_proxy_config {
+    'filter:authtoken/log_name':                value => 'swift';
+    'filter:authtoken/signing_dir':             value => $signing_dir;
+    'filter:authtoken/paste.filter_factory':    value => 'keystonemiddleware.auth_token:filter_factory';
+    'filter:authtoken/auth_uri':                value => $auth_uri;
+    'filter:authtoken/auth_url':                value => $auth_url_real;
+    'filter:authtoken/auth_plugin':             value => $auth_plugin;
+    'filter:authtoken/project_domain_id':       value => $project_domain_id;
+    'filter:authtoken/user_domain_id':          value => $user_domain_id;
+    'filter:authtoken/project_name':            value => $project_name_real;
+    'filter:authtoken/username':                value => $username_real;
+    'filter:authtoken/password':                value => $password_real;
+    'filter:authtoken/delay_auth_decision':     value => $delay_auth_decision;
+    'filter:authtoken/cache':                   value => $cache;
+    'filter:authtoken/include_service_catalog': value => $include_service_catalog;
  }
-
 }
--- a/manifests/proxy/bulk.pp
+++ b/manifests/proxy/bulk.pp
@ -46,9 +46,11 @@ class swift::proxy::bulk(

  include ::swift::deps

-  concat::fragment { 'swift_bulk':
-    target  => '/etc/swift/proxy-server.conf',
-    content => template('swift/proxy/bulk.conf.erb'),
-    order   => '110',
+  swift_proxy_config {
+    'filter:bulk/use':                           value => 'egg:swift#bulk';
+    'filter:bulk/max_containers_per_extraction': value => $max_containers_per_extraction;
+    'filter:bulk/max_failed_extractions':        value => $max_failed_extractions;
+    'filter:bulk/max_deletes_per_request':       value => $max_deletes_per_request;
+    'filter:bulk/yield_frequency':               value => $yield_frequency;
  }
 }
--- a/manifests/proxy/cache.pp
+++ b/manifests/proxy/cache.pp
@ -29,10 +29,9 @@ class swift::proxy::cache(
    Class['::memcached'] -> Class['::swift::proxy::cache']
  }

-  concat::fragment { 'swift_cache':
-    target  => '/etc/swift/proxy-server.conf',
-    content => template('swift/proxy/cache.conf.erb'),
-    order   => '50',
+  swift_proxy_config {
+    'filter:cache/use':              value => 'egg:swift#memcache';
+    'filter:cache/memcache_servers': value => join(any2array($memcache_servers), ',');
  }

 }
--- a/manifests/proxy/catch_errors.pp
+++ b/manifests/proxy/catch_errors.pp
@ -19,10 +19,7 @@ class swift::proxy::catch_errors() {

  include ::swift::deps

-  concat::fragment { 'swift_catch_errors':
-    target  => '/etc/swift/proxy-server.conf',
-    content => template('swift/proxy/catch_errors.conf.erb'),
-    order   => '10',
+  swift_proxy_config {
+    'filter:catch_errors/use': value => 'egg:swift#catch_errors';
  }
-
 }
--- a/manifests/proxy/ceilometer.pp
+++ b/manifests/proxy/ceilometer.pp
@ -84,6 +84,13 @@ class swift::proxy::ceilometer(
    $rabbit_hosts_with_creds = prefix($rabbit_hosts, "${rabbit_user}:${rabbit_password}@")
  }

+  if !$rabbit_hosts {
+    $url = "rabbit://${rabbit_user}:${rabbit_password}@${rabbit_host}:${rabbit_port}/${rabbit_virtual_host}"
+  } else {
+    $hosts = join($rabbit_hosts_with_creds, ',')
+    $url = "rabbit://${hosts}/${rabbit_virtual_host}"
+  }
+
  User['swift'] {
    groups +> $group,
  }
@ -99,10 +106,12 @@ class swift::proxy::ceilometer(
    group  => 'swift',
  }

-  concat::fragment { 'swift_ceilometer':
-    target  => '/etc/swift/proxy-server.conf',
-    content => template('swift/proxy/ceilometer.conf.erb'),
-    order   => '260',
+  swift_proxy_config {
+    'filter:ceilometer/topic':                value => $topic;
+    'filter:ceilometer/driver':               value => $driver;
+    'filter:ceilometer/url':                  value => $url;
+    'filter:ceilometer/control_exchange':     value => $control_exchange;
+    'filter:ceilometer/paste.filter_factory': value => 'ceilometermiddleware.swift:filter_factory';
  }

  package { 'python-ceilometermiddleware':
--- a/manifests/proxy/container_quotas.pp
+++ b/manifests/proxy/container_quotas.pp
@ -21,9 +21,7 @@ class swift::proxy::container_quotas() {

  include ::swift::deps

-  concat::fragment { 'swift_container_quotas':
-    target  => '/etc/swift/proxy-server.conf',
-    content => template('swift/proxy/container_quotas.conf.erb'),
-    order   => '220',
+  swift_proxy_config {
+    'filter:container_quotas/use': value => 'egg:swift#container_quotas';
  }
 }
--- a/manifests/proxy/container_sync.pp
+++ b/manifests/proxy/container_sync.pp
@ -6,9 +6,10 @@
 #   Denis Egorenko <degorenko@mirantis.com>
 #
 class swift::proxy::container_sync() {
-  concat::fragment { 'swift_container_sync':
-    target  => '/etc/swift/proxy-server.conf',
-    content => template('swift/proxy/container_sync.conf.erb'),
-    order   => '60',
+
+  include ::swift::deps
+
+  swift_proxy_config {
+    'filter:container_sync/use': value => 'egg:swift#container_sync';
  }
 }
--- a/manifests/proxy/copy.pp
+++ b/manifests/proxy/copy.pp
@ -21,10 +21,8 @@ class swift::proxy::copy (

  include ::swift::deps

-  concat::fragment { 'swift_copy':
-    target  => '/etc/swift/proxy-server.conf',
-    content => template('swift/proxy/copy.conf.erb'),
-    order   => '140',
+  swift_proxy_config {
+    'filter:copy/use':                 value => 'egg:swift#copy';
+    'filter:copy/object_post_as_copy': value => $object_post_as_copy;
  }
-
 }
--- a/manifests/proxy/crossdomain.pp
+++ b/manifests/proxy/crossdomain.pp
@ -17,10 +17,8 @@ class swift::proxy::crossdomain (

  include ::swift::deps

-  concat::fragment { 'swift_crossdomain':
-    target  => '/etc/swift/proxy-server.conf',
-    content => template('swift/proxy/crossdomain.conf.erb'),
-    order   => '100',
+  swift_proxy_config {
+    'filter:crossdomain/use':                 value => 'egg:swift#crossdomain';
+    'filter:crossdomain/cross_domain_policy': value => $cross_domain_policy;
  }
-
 }
--- a/manifests/proxy/dlo.pp
+++ b/manifests/proxy/dlo.pp
@ -36,10 +36,10 @@ class swift::proxy::dlo (

  include ::swift::deps

-  concat::fragment { 'swift_dlo':
-    target  => '/etc/swift/proxy-server.conf',
-    content => template('swift/proxy/dlo.conf.erb'),
-    order   => '240',
+  swift_proxy_config {
+    'filter:dlo/use':                         value => 'egg:swift#dlo';
+    'filter:dlo/rate_limit_after_segment':    value => $rate_limit_after_segment;
+    'filter:dlo/rate_limit_segments_per_sec': value => $rate_limit_segments_per_sec;
+    'filter:dlo/max_get_time':                value => $max_get_time;
  }
-
 }
--- a/manifests/proxy/formpost.pp
+++ b/manifests/proxy/formpost.pp
@ -19,10 +19,7 @@ class swift::proxy::formpost() {

  include ::swift::deps

-  concat::fragment { 'swift-proxy-formpost':
-    target  => '/etc/swift/proxy-server.conf',
-    content => template('swift/proxy/formpost.conf.erb'),
-    order   => '130',
+  swift_proxy_config {
+    'filter:formpost/use': value => 'egg:swift#formpost';
  }
-
 }
--- a/manifests/proxy/gatekeeper.pp
+++ b/manifests/proxy/gatekeeper.pp
@ -45,10 +45,12 @@ class swift::proxy::gatekeeper(

  include ::swift::deps

-  concat::fragment { 'swift_gatekeeper':
-    target  => '/etc/swift/proxy-server.conf',
-    content => template('swift/proxy/gatekeeper.conf.erb'),
-    order   => '20',
+  swift_proxy_config {
+    'filter:gatekeeper/use':              value => 'egg:swift#gatekeeper';
+    'filter:gatekeeper/set log_name':     value => $log_name;
+    'filter:gatekeeper/set log_facility': value => $log_facility;
+    'filter:gatekeeper/set log_level':    value => $log_level;
+    'filter:gatekeeper/set log_headers':  value => $log_headers;
+    'filter:gatekeeper/set log_address':  value => $log_address;
  }
-
 }
--- a/manifests/proxy/healthcheck.pp
+++ b/manifests/proxy/healthcheck.pp
@ -17,10 +17,7 @@ class swift::proxy::healthcheck() {

  include ::swift::deps

-  concat::fragment { 'swift_healthcheck':
-    target  => '/etc/swift/proxy-server.conf',
-    content => template('swift/proxy/healthcheck.conf.erb'),
-    order   => '30',
+  swift_proxy_config {
+    'filter:healthcheck/use': value => 'egg:swift#healthcheck';
  }
-
 }
--- a/manifests/proxy/keystone.pp
+++ b/manifests/proxy/keystone.pp
@ -36,10 +36,9 @@ class swift::proxy::keystone(
        warning('is_admin parameter is deprecated, has no effect and will be removed in a future release.')
  }

-  concat::fragment { 'swift_keystone':
-    target  => '/etc/swift/proxy-server.conf',
-    content => template('swift/proxy/keystone.conf.erb'),
-    order   => '180',
+  swift_proxy_config {
+    'filter:keystone/use':             value => 'egg:swift#keystoneauth';
+    'filter:keystone/operator_roles':  value => join(any2array($operator_roles), ', ');
+    'filter:keystone/reseller_prefix': value => $reseller_prefix;
  }
-
 }
--- a/manifests/proxy/proxy_logging.pp
+++ b/manifests/proxy/proxy_logging.pp
@ -9,9 +9,7 @@ class swift::proxy::proxy_logging {

  include ::swift::deps

-  concat::fragment { 'swift_proxy-logging':
-    target  => '/etc/swift/proxy-server.conf',
-    content => template('swift/proxy/proxy-logging.conf.erb'),
-    order   => '270',
+  swift_proxy_config {
+    'filter:proxy-logging/use': value => 'egg:swift#proxy_logging';
  }
 }
--- a/manifests/proxy/ratelimit.pp
+++ b/manifests/proxy/ratelimit.pp
@ -50,10 +50,12 @@ class swift::proxy::ratelimit(

  include ::swift::deps

-  concat::fragment { 'swift_ratelimit':
-    target  => '/etc/swift/proxy-server.conf',
-    content => template('swift/proxy/ratelimit.conf.erb'),
-    order   => '90',
+  swift_proxy_config {
+    'filter:ratelimit/use':                    value => 'egg:swift#ratelimit';
+    'filter:ratelimit/clock_accuracy':         value => $clock_accuracy;
+    'filter:ratelimit/max_sleep_time_seconds': value => $max_sleep_time_seconds;
+    'filter:ratelimit/log_sleep_time_seconds': value => $log_sleep_time_seconds;
+    'filter:ratelimit/rate_buffer_seconds':    value => $rate_buffer_seconds;
+    'filter:ratelimit/account_ratelimit':      value => $account_ratelimit;
  }
-
 }
--- a/manifests/proxy/s3token.pp
+++ b/manifests/proxy/s3token.pp
@ -36,9 +36,10 @@ class swift::proxy::s3token(

  include ::swift::deps

-  concat::fragment { 'swift_s3token':
-    target  => '/etc/swift/proxy-server.conf',
-    content => template('swift/proxy/s3token.conf.erb'),
-    order   => '80',
+  swift_proxy_config {
+    'filter:s3token/paste.filter_factory': value => 'keystonemiddleware.s3_token:filter_factory';
+    'filter:s3token/auth_host':            value => $auth_host;
+    'filter:s3token/auth_port':            value => $auth_port;
+    'filter:s3token/auth_protocol':        value => $auth_protocol;
  }
 }
--- a/manifests/proxy/slo.pp
+++ b/manifests/proxy/slo.pp
@ -51,10 +51,13 @@ class swift::proxy::slo (

  include ::swift::deps

-  concat::fragment { 'swift_slo':
-    target  => '/etc/swift/proxy-server.conf',
-    content => template('swift/proxy/slo.conf.erb'),
-    order   => '230',
+  swift_proxy_config {
+    'filter:slo/use':                         value => 'egg:swift#slo';
+    'filter:slo/max_manifest_segments':       value => $max_manifest_segments;
+    'filter:slo/max_manifest_size':           value => $max_manifest_size;
+    'filter:slo/min_segment_size':            value => $min_segment_size;
+    'filter:slo/rate_limit_after_segment':    value => $rate_limit_after_segment;
+    'filter:slo/rate_limit_segments_per_sec': value => $rate_limit_segments_per_sec;
+    'filter:slo/max_get_time':                value => $max_get_time;
  }
-
 }
--- a/manifests/proxy/staticweb.pp
+++ b/manifests/proxy/staticweb.pp
@ -20,10 +20,7 @@ class swift::proxy::staticweb() {

  include ::swift::deps

-  concat::fragment { 'swift-proxy-staticweb':
-    target  => '/etc/swift/proxy-server.conf',
-    content => template('swift/proxy/staticweb.conf.erb'),
-    order   => '190',
+  swift_proxy_config {
+    'filter:staticweb/use':              value => 'egg:swift#staticweb';
  }
-
 }
--- a/manifests/proxy/swauth.pp
+++ b/manifests/proxy/swauth.pp
@ -29,10 +29,9 @@ class swift::proxy::swauth(
    tag    => 'swift-package',
  }

-  concat::fragment { 'swift_proxy_swauth':
-    target  => '/etc/swift/proxy-server.conf',
-    content => template('swift/proxy/swauth.conf.erb'),
-    order   => '160',
+  swift_proxy_config {
+    'filter:swauth/use':                   value => 'egg:swauth#swauth';
+    'filter:swauth/default_swift_cluster': value => "local#${swauth_endpoint}";
+    'filter:swauth/super_admin_key':       value => $swauth_super_admin_key;
  }
-
 }
--- a/manifests/proxy/swift3.pp
+++ b/manifests/proxy/swift3.pp
@ -33,10 +33,7 @@ class swift::proxy::swift3(
    tag    => ['openstack','swift-package']
  }

-  concat::fragment { 'swift_swift3':
-    target  => '/etc/swift/proxy-server.conf',
-    content => template('swift/proxy/swift3.conf.erb'),
-    order   => '70',
+  swift_proxy_config {
+    'filter:swift3/use': value => 'egg:swift3#swift3';
  }
-
 }
--- a/manifests/proxy/tempauth.pp
+++ b/manifests/proxy/tempauth.pp
@ -87,6 +87,7 @@ class swift::proxy::tempauth (

  if ($reseller_prefix) {
    validate_string($reseller_prefix)
+    $reseller_prefix_upcase = upcase($reseller_prefix)
  }

  if ($token_life) {
@ -105,10 +106,28 @@ class swift::proxy::tempauth (
    validate_re($storage_url_scheme, ['http','https','default'])
  }

-  concat::fragment { 'swift-proxy-tempauth':
-    target  => '/etc/swift/proxy-server.conf',
-    content => template('swift/proxy/tempauth.conf.erb'),
-    order   => '150',
+
+  swift_proxy_config {
+    'filter:tempauth/use':                value => 'egg:swift#tempauth';
+    'filter:tempauth/reseller_prefix':    value => $reseller_prefix_upcase;
+    'filter:tempauth/token_life':         value => $token_life;
+    'filter:tempauth/auth_prefix':        value => $auth_prefix;
+    'filter:tempauth/storage_url_scheme': value => $storage_url_scheme;
  }

+  # tempauth account_users end up in the following format
+  # user_<account>_<user> = <key> .<group1> .<groupx> 
+  # ex: user_admin_admin=admin .admin .reseller_admin
+  # account_data is an array with each element containing a single account string:
+  # ex [user_<account>_<user>, <key> .<group1> .<groupx>]
+  if $account_user_list {
+    $account_data = split(inline_template(
+      "<% @account_user_list.each do |user| %>\
+      user_<%= user['account'] %>_<%= user['user'] %>,\
+      <%= user['key'] %> <%= user['groups'].map { |g| '.' + g }.join(' ') %> ; <% end %>"),';')
+  
+    # write each temauth account line to file
+    # TODO replace/simplify with iterators once all supported puppet versions support them.
+    swift::proxy::tempauth_account { $account_data: }
+  }
 }
--- a/manifests/proxy/tempauth_account.pp
+++ b/manifests/proxy/tempauth_account.pp
@ -0,0 +1,25 @@
+# == class: swift::proxy::tempauth_account
+# This class manages tempauth account_users
+#
+#  [*title*]
+#    A string containing account data to write to proxy.conf
+#    Required
+#    Example: "user_<account>_<user>, <key> .<group1> .<groupx>"
+#    Result in proxy.conf: user_<account>_<user> = <key> .<group1> .<groupx>
+#
+# == Authors
+#
+#   Adam Vinsh <adam.vinsh@charter.com>
+#
+define swift::proxy::tempauth_account() {
+
+  include ::swift::deps
+
+  # strip white space and split string into array elements around ','
+  $account_data = strip(split($title,','))
+  if $account_data[0] != '' {
+    swift_proxy_config {
+      "filter:tempauth/${account_data[0]}": value => "${account_data[1]}";
+    }
+  }
+}
--- a/manifests/proxy/tempurl.pp
+++ b/manifests/proxy/tempurl.pp
@ -94,10 +94,13 @@ class swift::proxy::tempurl (
    }
  }

-  concat::fragment { 'swift-proxy-tempurl':
-    target  => '/etc/swift/proxy-server.conf',
-    content => template('swift/proxy/tempurl.conf.erb'),
-    order   => '120',
-  }

+  swift_proxy_config {
+    'filter:tempurl/use':                     value => 'egg:swift#tempurl';
+    'filter:tempurl/methods':                 value => $methods_real;
+    'filter:tempurl/incoming_remove_headers': value => $incoming_remove_headers_real;
+    'filter:tempurl/incoming_allow_headers':  value => $incoming_allow_headers_real;
+    'filter:tempurl/outgoing_remove_headers': value => $outgoing_remove_headers_real;
+    'filter:tempurl/outgoing_allow_headers':  value => $outgoing_allow_headers_real;
+  }
 }
--- a/manifests/proxy/versioned_writes.pp
+++ b/manifests/proxy/versioned_writes.pp
@ -17,10 +17,8 @@ class swift::proxy::versioned_writes (

  include ::swift::deps

-  concat::fragment { 'swift_versioned_writes':
-    target  => '/etc/swift/proxy-server.conf',
-    content => template('swift/proxy/versioned_writes.conf.erb'),
-    order   => '250',
+  swift_proxy_config {
+    'filter:versioned_writes/use':                    value => 'egg:swift#versioned_writes';
+    'filter:versioned_writes/allow_versioned_writes': value => $allow_versioned_writes;
  }
-
 }
--- a/manifests/service.pp
+++ b/manifests/service.pp
@ -55,6 +55,7 @@ define swift::service(
      provider  => $service_provider,
      tag       => 'swift-service',
      subscribe => $subscribe,
+      require   => $require,
    }
  } elsif $service_provider == 'swiftinit' {
    service { $name:
@ -67,6 +68,7 @@ define swift::service(
      manifest   => $config_file_name,
      tag        => 'swift-service',
      subscribe  => $subscribe,
+      require    => $require,
    }
  }
 }
--- a/manifests/storage/filter/healthcheck.pp
+++ b/manifests/storage/filter/healthcheck.pp
@ -1,15 +1,4 @@
 #
-# Configure swift healthcheck.
-#
-# == Dependencies
-#
-# == Examples
-#
-# == Authors
-#
-#   Dan Bode dan@puppetlabs.com
-#   Francois Charlier fcharlier@ploup.net
-#
 # == Copyright
 #
 # Copyright 2011 Puppetlabs Inc, unless otherwise noted.
@ -21,8 +10,7 @@ define swift::storage::filter::healthcheck(

  concat::fragment { "swift_healthcheck_${name}":
    target  => "/etc/swift/${name}-server.conf",
-    content => template('swift/proxy/healthcheck.conf.erb'),
+    content => template('swift/healthcheck.conf.erb'),
    order   => '25',
  }
-
 }
--- a/releasenotes/notes/proxy_template_to_ini-536250b1f409e40f.yaml
+++ b/releasenotes/notes/proxy_template_to_ini-536250b1f409e40f.yaml
@ -0,0 +1,10 @@
+---
+prelude: >
+ -  swift_proxy_config ini provider is now used to mange
+    all sections in proxy-server.conf. The erb templates
+    and use of concat for proxy.conf sections has been removed.
+    All template logic is moved into proxy middleware classes.
+    To purge proxy.conf of settings that are not specified
+    set the new paramater "purge_config" to "true".
+upgrade:
+  - Maintains backward compatibility.
--- a/spec/classes/swift_proxy_account_quotas_spec.rb
+++ b/spec/classes/swift_proxy_account_quotas_spec.rb
@ -23,6 +23,6 @@ require 'spec_helper'
 describe 'swift::proxy::account_quotas' do

  it do
-    is_expected.to contain_concat_fragment('swift_account_quotas').with_content("\n[filter:account_quotas]\nuse = egg:swift#account_quotas\n")
+    is_expected.to contain_swift_proxy_config('filter:account_quotas/use').with_value('egg:swift#account_quotas')
  end
 end
--- a/spec/classes/swift_proxy_authtoken_spec.rb
+++ b/spec/classes/swift_proxy_authtoken_spec.rb
@ -25,28 +25,21 @@ describe 'swift::proxy::authtoken' do
  end

  describe "when using default parameters" do
-    it 'should build the fragment with correct parameters' do
-      is_expected.to contain_concat_fragment('swift_authtoken').with_content('
-[filter:authtoken]
-log_name = swift
-signing_dir = /var/cache/swift
-paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/log_name').with_value('swift') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/signing_dir').with_value('/var/cache/swift') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/paste.filter_factory').with_value('keystonemiddleware.auth_token:filter_factory') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_uri').with_value('http://127.0.0.1:5000') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_url').with_value('http://127.0.0.1:35357') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_plugin').with_value('password') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/project_domain_id').with_value('default') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/user_domain_id').with_value('default') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/project_name').with_value('services') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/username').with_value('swift') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/password').with_value('password') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/delay_auth_decision').with_value('1') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/cache').with_value('swift.cache') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/include_service_catalog').with_value('false') }

-auth_uri = http://127.0.0.1:5000
-auth_url = http://127.0.0.1:35357
-auth_plugin = password
-project_domain_id = default
-user_domain_id = default
-project_name = services
-username = swift
-password = password
-
-delay_auth_decision = 1
-
-cache = swift.cache
-include_service_catalog = false
-')
-    end
  end


@ -62,28 +55,21 @@ include_service_catalog = false
      }
    end

-    it 'should build the fragment with correct parameters' do
-      is_expected.to contain_concat_fragment('swift_authtoken').with_content('
-[filter:authtoken]
-log_name = swift
-signing_dir = /home/swift/keystone-signing
-paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/log_name').with_value('swift') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/signing_dir').with_value('/home/swift/keystone-signing') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/paste.filter_factory').with_value('keystonemiddleware.auth_token:filter_factory') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_uri').with_value('http://127.0.0.1:5000') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_url').with_value('http://127.0.0.1:35357') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_plugin').with_value('password') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/project_domain_id').with_value('default') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/user_domain_id').with_value('default') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/project_name').with_value('admin') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/username').with_value('swiftuser') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/password').with_value('swiftpassword') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/delay_auth_decision').with_value('0') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/cache').with_value('foo') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/include_service_catalog').with_value('false') }

-auth_uri = http://127.0.0.1:5000
-auth_url = http://127.0.0.1:35357
-auth_plugin = password
-project_domain_id = default
-user_domain_id = default
-project_name = admin
-username = swiftuser
-password = swiftpassword
-
-delay_auth_decision = 0
-
-cache = foo
-include_service_catalog = false
-')
-    end
  end

  describe 'when overriding auth_uri' do
@ -91,7 +77,7 @@ include_service_catalog = false
      { :auth_uri => 'http://public.host/keystone/main' }
    end

-    it { is_expected.to contain_concat_fragment('swift_authtoken').with_content(/auth_uri = http:\/\/public\.host\/keystone\/main/)}
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_uri').with_value('http://public.host/keystone/main') }
  end

  describe "when identity_uri is set" do
@ -101,9 +87,7 @@ include_service_catalog = false
      }
    end

-    it 'should build the fragment with correct parameters' do
-      is_expected.to contain_concat_fragment('swift_authtoken').with_content(/auth_url = https:\/\/foo\.bar:35357\//)
-    end
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_url').with_value('https://foo.bar:35357/') }
  end

  describe "when both auth_uri and identity_uri are set" do
@ -114,10 +98,8 @@ include_service_catalog = false
      }
    end

-    it 'should build the fragment with correct parameters' do
-      is_expected.to contain_concat_fragment('swift_authtoken').with_content(/auth_uri = https:\/\/foo\.bar:5000\/v2\.0\//)
-      is_expected.to contain_concat_fragment('swift_authtoken').with_content(/auth_url = https:\/\/foo\.bar:35357\//)
-    end
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_uri').with_value('https://foo.bar:5000/v2.0/') }
+    it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_url').with_value('https://foo.bar:35357/') }
  end

 end
--- a/spec/classes/swift_proxy_bulk_spec.rb
+++ b/spec/classes/swift_proxy_bulk_spec.rb
@ -23,16 +23,11 @@ require 'spec_helper'
 describe 'swift::proxy::bulk' do

  describe "when using default parameters" do
-    it 'should build the fragment with correct parameters' do
-      is_expected.to contain_concat_fragment('swift_bulk').with_content('
-[filter:bulk]
-use = egg:swift#bulk
-max_containers_per_extraction = 10000
-max_failed_extractions = 1000
-max_deletes_per_request = 10000
-yield_frequency = 60
-')
-    end
+    it { is_expected.to contain_swift_proxy_config('filter:bulk/use').with_value('egg:swift#bulk') }
+    it { is_expected.to contain_swift_proxy_config('filter:bulk/max_containers_per_extraction').with_value('10000') }
+    it { is_expected.to contain_swift_proxy_config('filter:bulk/max_failed_extractions').with_value('1000') }
+    it { is_expected.to contain_swift_proxy_config('filter:bulk/max_deletes_per_request').with_value('10000') }
+    it { is_expected.to contain_swift_proxy_config('filter:bulk/yield_frequency').with_value('60') }
  end

  describe "when overriding default parameters" do
@ -44,16 +39,12 @@ yield_frequency = 60
        :yield_frequency               => 10
      }
    end
-    it 'should build the fragment with correct parameters' do
-      is_expected.to contain_concat_fragment('swift_bulk').with_content('
-[filter:bulk]
-use = egg:swift#bulk
-max_containers_per_extraction = 5000
-max_failed_extractions = 500
-max_deletes_per_request = 5000
-yield_frequency = 10
-')
-    end
+
+    it { is_expected.to contain_swift_proxy_config('filter:bulk/use').with_value('egg:swift#bulk') }
+    it { is_expected.to contain_swift_proxy_config('filter:bulk/max_containers_per_extraction').with_value('5000') }
+    it { is_expected.to contain_swift_proxy_config('filter:bulk/max_failed_extractions').with_value('500') }
+    it { is_expected.to contain_swift_proxy_config('filter:bulk/max_deletes_per_request').with_value('5000') }
+    it { is_expected.to contain_swift_proxy_config('filter:bulk/yield_frequency').with_value('10') }
  end

 end
--- a/spec/classes/swift_proxy_cache_spec.rb
+++ b/spec/classes/swift_proxy_cache_spec.rb
@ -19,10 +19,8 @@ describe 'swift::proxy::cache' do
      is_expected.to contain_class('swift::deps')
      is_expected.to contain_class('swift::proxy::cache')
    end
-    it 'should properly configure the swift_cache fragment' do
-      is_expected.to contain_concat_fragment('swift_cache').with_content(/\[filter:cache\]\nuse = egg:swift#memcache/)
-      is_expected.to contain_concat_fragment('swift_cache').with_content(/memcache_servers = 127\.0\.0\.1:11211/)
-    end
+    it { is_expected.to contain_swift_proxy_config('filter:cache/use').with_value('egg:swift#memcache') }
+    it { is_expected.to contain_swift_proxy_config('filter:cache/memcache_servers').with_value('127.0.0.1:11211') }
  end

  describe 'without memcached being included' do
@ -36,10 +34,8 @@ describe 'swift::proxy::cache' do
      {:memcache_servers => '10.0.0.1:1'}
    end

-    it 'should properly configure the swift_cache fragment' do
-      is_expected.to contain_concat_fragment('swift_cache').with_content(/\[filter:cache\]\nuse = egg:swift#memcache/)
-      is_expected.to contain_concat_fragment('swift_cache').with_content(/memcache_servers = 10\.0\.0\.1:1/)
-    end
+    it { is_expected.to contain_swift_proxy_config('filter:cache/use').with_value('egg:swift#memcache') }
+    it { is_expected.to contain_swift_proxy_config('filter:cache/memcache_servers').with_value('10.0.0.1:1') }
  end

  describe 'with overridden memcache server array' do
@ -47,10 +43,8 @@ describe 'swift::proxy::cache' do
      {:memcache_servers => ['10.0.0.1:1', '10.0.0.2:2']}
    end

-    it 'should properly configure the swift_cache fragment' do
-      is_expected.to contain_concat_fragment('swift_cache').with_content(/\[filter:cache\]\nuse = egg:swift#memcache/)
-      is_expected.to contain_concat_fragment('swift_cache').with_content(/memcache_servers = 10\.0\.0\.1:1,10\.0\.0\.2:2/)
-    end
+    it { is_expected.to contain_swift_proxy_config('filter:cache/use').with_value('egg:swift#memcache') }
+    it { is_expected.to contain_swift_proxy_config('filter:cache/memcache_servers').with_value('10.0.0.1:1,10.0.0.2:2') }
  end

 end
--- a/spec/classes/swift_proxy_catch_errors_spec.rb
+++ b/spec/classes/swift_proxy_catch_errors_spec.rb
@ -10,7 +10,6 @@ describe 'swift::proxy::catch_errors' do
    'concat { "/etc/swift/proxy-server.conf": }'
  end

-  it { is_expected.to contain_concat_fragment('swift_catch_errors').with_content(/[filter:catch_errors]/) }
-  it { is_expected.to contain_concat_fragment('swift_catch_errors').with_content(/use = egg:swift#catch_errors/) }
+  it { is_expected.to contain_swift_proxy_config('filter:catch_errors/use').with_value('egg:swift#catch_errors') }

 end
--- a/spec/classes/swift_proxy_ceilometer_spec.rb
+++ b/spec/classes/swift_proxy_ceilometer_spec.rb
@ -14,9 +14,8 @@ describe 'swift::proxy::ceilometer' do
  end

  describe "when using default parameters" do
-    it { is_expected.to contain_concat_fragment('swift_ceilometer').with_content(/[filter:ceilometer]/) }
-    it { is_expected.to contain_concat_fragment('swift_ceilometer').with_content(/paste.filter_factory = ceilometermiddleware.swift:filter_factory/) }
-    it { is_expected.to contain_concat_fragment('swift_ceilometer').with_content(/url = rabbit:\/\/guest:guest@127.0.0.1:5672\//) }
+    it { is_expected.to contain_swift_proxy_config('filter:ceilometer/paste.filter_factory').with_value('ceilometermiddleware.swift:filter_factory') }
+    it { is_expected.to contain_swift_proxy_config('filter:ceilometer/url').with_value('rabbit://guest:guest@127.0.0.1:5672//') }
    it { is_expected.to contain_user('swift').with_groups('ceilometer') }
    it { is_expected.to contain_file('/var/log/ceilometer/swift-proxy-server.log').with(:owner => 'swift', :group => 'swift', :mode => '0664') }
  end
@ -37,12 +36,11 @@ describe 'swift::proxy::ceilometer' do

    context 'with single rabbit host' do
      it { is_expected.to contain_user('swift').with_groups('www-data') }
-      it { is_expected.to contain_concat_fragment('swift_ceilometer').with_content(/[filter:ceilometer]/) }
-      it { is_expected.to contain_concat_fragment('swift_ceilometer').with_content(/paste.filter_factory = ceilometermiddleware.swift:filter_factory/) }
-      it { is_expected.to contain_concat_fragment('swift_ceilometer').with_content(/url = rabbit:\/\/user_1:user_1_passw@1.1.1.1:5673\/rabbit/) }
-      it { is_expected.to contain_concat_fragment('swift_ceilometer').with_content(/driver = messagingv2/) }
-      it { is_expected.to contain_concat_fragment('swift_ceilometer').with_content(/topic = notifications/) }
-      it { is_expected.to contain_concat_fragment('swift_ceilometer').with_content(/control_exchange = swift/) }
+      it { is_expected.to contain_swift_proxy_config('filter:ceilometer/paste.filter_factory').with_value('ceilometermiddleware.swift:filter_factory') }
+      it { is_expected.to contain_swift_proxy_config('filter:ceilometer/url').with_value('rabbit://user_1:user_1_passw@1.1.1.1:5673/rabbit') }
+      it { is_expected.to contain_swift_proxy_config('filter:ceilometer/driver').with_value('messagingv2') }
+      it { is_expected.to contain_swift_proxy_config('filter:ceilometer/topic').with_value('notifications') }
+      it { is_expected.to contain_swift_proxy_config('filter:ceilometer/control_exchange').with_value('swift') }
    end

    context 'with multiple rabbit hosts' do
@ -51,12 +49,11 @@ describe 'swift::proxy::ceilometer' do
      end

      it { is_expected.to contain_user('swift').with_groups('www-data') }
-      it { is_expected.to contain_concat_fragment('swift_ceilometer').with_content(/[filter:ceilometer]/) }
-      it { is_expected.to contain_concat_fragment('swift_ceilometer').with_content(/paste.filter_factory = ceilometermiddleware.swift:filter_factory/) }
-      it { is_expected.to contain_concat_fragment('swift_ceilometer').with_content(/url = rabbit:\/\/user_1:user_1_passw@127.0.0.1:5672,user_1:user_1_passw@127.0.0.2:5672\/rabbit/) }
-      it { is_expected.to contain_concat_fragment('swift_ceilometer').with_content(/driver = messagingv2/) }
-      it { is_expected.to contain_concat_fragment('swift_ceilometer').with_content(/topic = notifications/) }
-      it { is_expected.to contain_concat_fragment('swift_ceilometer').with_content(/control_exchange = swift/) }
+      it { is_expected.to contain_swift_proxy_config('filter:ceilometer/paste.filter_factory').with_value('ceilometermiddleware.swift:filter_factory') }
+      it { is_expected.to contain_swift_proxy_config('filter:ceilometer/url').with_value('rabbit://user_1:user_1_passw@127.0.0.1:5672,user_1:user_1_passw@127.0.0.2:5672/rabbit') }
+      it { is_expected.to contain_swift_proxy_config('filter:ceilometer/driver').with_value('messagingv2') }
+      it { is_expected.to contain_swift_proxy_config('filter:ceilometer/topic').with_value('notifications') }
+      it { is_expected.to contain_swift_proxy_config('filter:ceilometer/control_exchange').with_value('swift') }
    end

  end
--- a/spec/classes/swift_proxy_container_quotas_spec.rb
+++ b/spec/classes/swift_proxy_container_quotas_spec.rb
@ -26,7 +26,6 @@ describe 'swift::proxy::container_quotas' do
    {}
  end

-  it { is_expected.to contain_concat_fragment('swift_container_quotas').with_content(/\[filter:container_quotas\]/) }
-  it { is_expected.to contain_concat_fragment('swift_container_quotas').with_content(/use = egg:swift#container_quotas/) }
+  it { is_expected.to contain_swift_proxy_config('filter:container_quotas/use').with_value('egg:swift#container_quotas') }

 end
--- a/spec/classes/swift_proxy_container_sync_spec.rb
+++ b/spec/classes/swift_proxy_container_sync_spec.rb
@ -11,7 +11,6 @@ describe 'swift::proxy::container_sync' do
    {}
  end

-  it { is_expected.to contain_concat_fragment('swift_container_sync').with_content(/\[filter:container_sync\]/) }
-  it { is_expected.to contain_concat_fragment('swift_container_sync').with_content(/use = egg:swift#container_sync/) }
+  it { is_expected.to contain_swift_proxy_config('filter:container_sync/use').with_value('egg:swift#container_sync') }

 end
--- a/spec/classes/swift_proxy_copy_spec.rb
+++ b/spec/classes/swift_proxy_copy_spec.rb
@ -7,13 +7,9 @@ describe 'swift::proxy::copy' do
  end

  describe "when using default parameters" do
-    it 'should build the fragment with correct parameters' do
-      is_expected.to contain_concat_fragment('swift_copy').with_content('
-[filter:copy]
-use = egg:swift#copy
-object_post_as_copy = true
-')
-    end
+    it { is_expected.to contain_swift_proxy_config('filter:copy/use').with_value('egg:swift#copy') }
+    it { is_expected.to contain_swift_proxy_config('filter:copy/object_post_as_copy').with_value('true') }
+
  end

  describe "when overriding default parameters" do
@ -22,9 +18,7 @@ object_post_as_copy = true
        :object_post_as_copy => false,
      }
    end
-    it 'should build the fragment with correct parameters' do
-      is_expected.to contain_concat_fragment('swift_copy').with_content(/object_post_as_copy = false/)
-    end
+    it { is_expected.to contain_swift_proxy_config('filter:copy/object_post_as_copy').with_value('false') }
  end

 end
--- a/spec/classes/swift_proxy_crossdomain_spec.rb
+++ b/spec/classes/swift_proxy_crossdomain_spec.rb
@ -7,30 +7,19 @@ describe 'swift::proxy::crossdomain' do
  end

  describe "when using default parameters" do
-    it 'should build the fragment with correct parameters' do
-      is_expected.to contain_concat_fragment('swift_crossdomain').with_content('
-[filter:crossdomain]
-use = egg:swift#crossdomain
-cross_domain_policy = <allow-access-from domain="*" secure="false" />
-')
-    end
+    it { is_expected.to contain_swift_proxy_config('filter:crossdomain/use').with_value('egg:swift#crossdomain') }
+    it { is_expected.to contain_swift_proxy_config('filter:crossdomain/cross_domain_policy').with_value('<allow-access-from domain="*" secure="false" />') }
  end

  describe "when overriding default parameters" do
    let :params do
      {
-        :cross_domain_policy => '<allow-access-from domain="xml-fragment-in-ini-file.so.wrong" secure="true" />
-<allow-access-from domain="*" secure="false" />',
+        :cross_domain_policy => '<allow-access-from domain="xml-fragment-in-ini-file.so.wrong" secure="true" /><allow-access-from domain="*" secure="false" />',
      }
    end
-    it 'should build the fragment with correct parameters' do
-      is_expected.to contain_concat_fragment('swift_crossdomain').with_content('
-[filter:crossdomain]
-use = egg:swift#crossdomain
-cross_domain_policy = <allow-access-from domain="xml-fragment-in-ini-file.so.wrong" secure="true" />
-<allow-access-from domain="*" secure="false" />
-')
-    end
+    it { is_expected.to contain_swift_proxy_config('filter:crossdomain/use').with_value('egg:swift#crossdomain') }
+    it { is_expected.to contain_swift_proxy_config('filter:crossdomain/cross_domain_policy').with_value('<allow-access-from domain="xml-fragment-in-ini-file.so.wrong" secure="true" /><allow-access-from domain="*" secure="false" />') }
+
  end

 end
--- a/spec/classes/swift_proxy_dlo_spec.rb
+++ b/spec/classes/swift_proxy_dlo_spec.rb
@ -7,15 +7,10 @@ describe 'swift::proxy::dlo' do
  end

  describe "when using default parameters" do
-    it 'should build the fragment with correct parameters' do
-      is_expected.to contain_concat_fragment('swift_dlo').with_content('
-[filter:dlo]
-use = egg:swift#dlo
-rate_limit_after_segment = 10
-rate_limit_segments_per_sec = 1
-max_get_time = 86400
-')
-    end
+    it { is_expected.to contain_swift_proxy_config('filter:dlo/use').with_value('egg:swift#dlo') }
+    it { is_expected.to contain_swift_proxy_config('filter:dlo/rate_limit_after_segment').with_value('10') }
+    it { is_expected.to contain_swift_proxy_config('filter:dlo/rate_limit_segments_per_sec').with_value('1') }
+    it { is_expected.to contain_swift_proxy_config('filter:dlo/max_get_time').with_value('86400') }
  end

  describe "when overriding default parameters" do
@ -26,11 +21,9 @@ max_get_time = 86400
        :max_get_time                => '6400',
      }
    end
-    it 'should build the fragment with correct parameters' do
-      is_expected.to contain_concat_fragment('swift_dlo').with_content(/rate_limit_after_segment = 30/)
-      is_expected.to contain_concat_fragment('swift_dlo').with_content(/rate_limit_segments_per_sec = 5/)
-      is_expected.to contain_concat_fragment('swift_dlo').with_content(/max_get_time = 6400/)
-    end
+    it { is_expected.to contain_swift_proxy_config('filter:dlo/rate_limit_after_segment').with_value('30') }
+    it { is_expected.to contain_swift_proxy_config('filter:dlo/rate_limit_segments_per_sec').with_value('5') }
+    it { is_expected.to contain_swift_proxy_config('filter:dlo/max_get_time').with_value('6400') }
  end

 end
--- a/spec/classes/swift_proxy_formpost_spec.rb
+++ b/spec/classes/swift_proxy_formpost_spec.rb
@ -6,7 +6,6 @@ describe 'swift::proxy::formpost' do
    {}
  end

-  it { is_expected.to contain_concat_fragment('swift-proxy-formpost').with_content(/[filter:formpost]/) }
-  it { is_expected.to contain_concat_fragment('swift-proxy-formpost').with_content(/use = egg:swift#formpost/) }
+  it { is_expected.to contain_swift_proxy_config('filter:formpost/use').with_value('egg:swift#formpost') }

 end
--- a/spec/classes/swift_proxy_gatekeeper_spec.rb
+++ b/spec/classes/swift_proxy_gatekeeper_spec.rb
@ -7,17 +7,12 @@ describe 'swift::proxy::gatekeeper' do
  end

  describe "when using default parameters" do
-    it 'should build the fragment with correct parameters' do
-      is_expected.to contain_concat_fragment('swift_gatekeeper').with_content('
-[filter:gatekeeper]
-use = egg:swift#gatekeeper
-set log_name = gatekeeper
-set log_facility = LOG_LOCAL0
-set log_level = INFO
-set log_headers = false
-set log_address = /dev/log
-')
-    end
+    it { is_expected.to contain_swift_proxy_config('filter:gatekeeper/use').with_value('egg:swift#gatekeeper') }
+    it { is_expected.to contain_swift_proxy_config('filter:gatekeeper/set log_name').with_value('gatekeeper') }
+    it { is_expected.to contain_swift_proxy_config('filter:gatekeeper/set log_facility').with_value('LOG_LOCAL0') }
+    it { is_expected.to contain_swift_proxy_config('filter:gatekeeper/set log_level').with_value('INFO') }
+    it { is_expected.to contain_swift_proxy_config('filter:gatekeeper/set log_headers').with_value('false') }
+    it { is_expected.to contain_swift_proxy_config('filter:gatekeeper/set log_address').with_value('/dev/log') }
  end

  describe "when overriding default parameters" do
@ -28,11 +23,9 @@ set log_address = /dev/log
        :log_level        => 'WARN',
      }
    end
-    it 'should build the fragment with correct parameters' do
-      is_expected.to contain_concat_fragment('swift_gatekeeper').with_content(/set log_name = newgatekeeper/)
-      is_expected.to contain_concat_fragment('swift_gatekeeper').with_content(/set log_facility = LOG_LOCAL2/)
-      is_expected.to contain_concat_fragment('swift_gatekeeper').with_content(/set log_level = WARN/)
-    end
+    it { is_expected.to contain_swift_proxy_config('filter:gatekeeper/set log_name').with_value('newgatekeeper') }
+    it { is_expected.to contain_swift_proxy_config('filter:gatekeeper/set log_facility').with_value('LOG_LOCAL2') }
+    it { is_expected.to contain_swift_proxy_config('filter:gatekeeper/set log_level').with_value('WARN') }
  end

 end
--- a/spec/classes/swift_proxy_healthcheck_spec.rb
+++ b/spec/classes/swift_proxy_healthcheck_spec.rb
@ -6,7 +6,6 @@ describe 'swift::proxy::healthcheck' do
    {}
  end

-  it { is_expected.to contain_concat_fragment('swift_healthcheck').with_content(/[filter:healthcheck]/) }
-  it { is_expected.to contain_concat_fragment('swift_healthcheck').with_content(/use = egg:swift#healthcheck/) }
+  it { is_expected.to contain_swift_proxy_config('filter:healthcheck/use').with_value('egg:swift#healthcheck') }

 end
--- a/spec/classes/swift_proxy_keystone_spec.rb
+++ b/spec/classes/swift_proxy_keystone_spec.rb
@ -10,12 +10,12 @@ describe 'swift::proxy::keystone' do
    'concat { "/etc/swift/proxy-server.conf": }'
  end

-  it { is_expected.to contain_concat_fragment('swift_keystone').with_content(/\[filter:keystone\]\nuse = egg:swift#keystoneauth/) }
+  it { is_expected.to contain_swift_proxy_config('filter:keystone/use').with_value('egg:swift#keystoneauth') }

  describe 'with defaults' do

-    it { is_expected.to contain_concat_fragment('swift_keystone').with_content(/operator_roles = admin, SwiftOperator/) }
-    it { is_expected.to contain_concat_fragment('swift_keystone').with_content(/reseller_prefix = AUTH_/) }
+    it { is_expected.to contain_swift_proxy_config('filter:keystone/operator_roles').with_value('admin, SwiftOperator') }
+    it { is_expected.to contain_swift_proxy_config('filter:keystone/reseller_prefix').with_value('AUTH_') }

  end

@ -27,8 +27,8 @@ describe 'swift::proxy::keystone' do
        :reseller_prefix => 'SWIFT_'
      }

-      it { is_expected.to contain_concat_fragment('swift_keystone').with_content(/operator_roles = foo/) }
-      it { is_expected.to contain_concat_fragment('swift_keystone').with_content(/reseller_prefix = SWIFT_/) }
+      it { is_expected.to contain_swift_proxy_config('filter:keystone/operator_roles').with_value('foo') }
+      it { is_expected.to contain_swift_proxy_config('filter:keystone/reseller_prefix').with_value('SWIFT_') }

    end

--- a/spec/classes/swift_proxy_ratelimit_spec.rb
+++ b/spec/classes/swift_proxy_ratelimit_spec.rb
@ -7,17 +7,12 @@ describe 'swift::proxy::ratelimit' do
  end

  describe "when using default parameters" do
-    it 'should build the fragment with correct parameters' do
-      is_expected.to contain_concat_fragment('swift_ratelimit').with_content('
-[filter:ratelimit]
-use = egg:swift#ratelimit
-clock_accuracy = 1000
-max_sleep_time_seconds = 60
-log_sleep_time_seconds = 0
-rate_buffer_seconds = 5
-account_ratelimit = 0
-')
-    end
+    it { is_expected.to contain_swift_proxy_config('filter:ratelimit/use').with_value('egg:swift#ratelimit') }
+    it { is_expected.to contain_swift_proxy_config('filter:ratelimit/clock_accuracy').with_value('1000') }
+    it { is_expected.to contain_swift_proxy_config('filter:ratelimit/max_sleep_time_seconds').with_value('60') }
+    it { is_expected.to contain_swift_proxy_config('filter:ratelimit/log_sleep_time_seconds').with_value('0') }
+    it { is_expected.to contain_swift_proxy_config('filter:ratelimit/rate_buffer_seconds').with_value('5') }
+    it { is_expected.to contain_swift_proxy_config('filter:ratelimit/account_ratelimit').with_value('0') }
  end

  describe "when overriding default parameters" do
@ -30,13 +25,11 @@ account_ratelimit = 0
        :account_ratelimit      => 69
      }
    end
-    it 'should build the fragment with correct parameters' do
-      is_expected.to contain_concat_fragment('swift_ratelimit').with_content(/clock_accuracy = 9436/)
-      is_expected.to contain_concat_fragment('swift_ratelimit').with_content(/max_sleep_time_seconds = 3600/)
-      is_expected.to contain_concat_fragment('swift_ratelimit').with_content(/log_sleep_time_seconds = 42/)
-      is_expected.to contain_concat_fragment('swift_ratelimit').with_content(/rate_buffer_seconds = 51/)
-      is_expected.to contain_concat_fragment('swift_ratelimit').with_content(/account_ratelimit = 69/)
-    end
+    it { is_expected.to contain_swift_proxy_config('filter:ratelimit/clock_accuracy').with_value('9436') }
+    it { is_expected.to contain_swift_proxy_config('filter:ratelimit/max_sleep_time_seconds').with_value('3600') }
+    it { is_expected.to contain_swift_proxy_config('filter:ratelimit/log_sleep_time_seconds').with_value('42') }
+    it { is_expected.to contain_swift_proxy_config('filter:ratelimit/rate_buffer_seconds').with_value('51') }
+    it { is_expected.to contain_swift_proxy_config('filter:ratelimit/account_ratelimit').with_value('69') }
  end

 end
--- a/spec/classes/swift_proxy_s3token_spec.rb
+++ b/spec/classes/swift_proxy_s3token_spec.rb
@ -7,15 +7,10 @@ describe 'swift::proxy::s3token' do
  end

  describe "when using default parameters" do
-    it 'should build the fragment with correct parameters' do
-      is_expected.to contain_concat_fragment('swift_s3token').with_content('
-[filter:s3token]
-paste.filter_factory = keystonemiddleware.s3_token:filter_factory
-auth_port = 35357
-auth_protocol = http
-auth_host = 127.0.0.1
-')
-    end
+    it { is_expected.to contain_swift_proxy_config('filter:s3token/paste.filter_factory').with_value('keystonemiddleware.s3_token:filter_factory') }
+    it { is_expected.to contain_swift_proxy_config('filter:s3token/auth_port').with_value('35357') }
+    it { is_expected.to contain_swift_proxy_config('filter:s3token/auth_protocol').with_value('http') }
+    it { is_expected.to contain_swift_proxy_config('filter:s3token/auth_host').with_value('127.0.0.1') }
  end

  describe "when overriding default parameters" do
@ -26,11 +21,9 @@ auth_host = 127.0.0.1
          :auth_host     => '1.2.3.4'
      }
    end
-    it 'should build the fragment with correct parameters' do
-      is_expected.to contain_concat_fragment('swift_s3token').with_content(/auth_port = 4212/)
-      is_expected.to contain_concat_fragment('swift_s3token').with_content(/auth_protocol = https/)
-      is_expected.to contain_concat_fragment('swift_s3token').with_content(/auth_host = 1.2.3.4/)
-    end
+    it { is_expected.to contain_swift_proxy_config('filter:s3token/auth_port').with_value('4212') }
+    it { is_expected.to contain_swift_proxy_config('filter:s3token/auth_protocol').with_value('https') }
+    it { is_expected.to contain_swift_proxy_config('filter:s3token/auth_host').with_value('1.2.3.4') }
  end

 end
--- a/spec/classes/swift_proxy_slo_spec.rb
+++ b/spec/classes/swift_proxy_slo_spec.rb
@ -7,18 +7,13 @@ describe 'swift::proxy::slo' do
  end

  describe "when using default parameters" do
-    it 'should build the fragment with correct parameters' do
-      is_expected.to contain_concat_fragment('swift_slo').with_content('
-[filter:slo]
-use = egg:swift#slo
-max_manifest_segments = 1000
-max_manifest_size = 2097152
-min_segment_size = 1048576
-rate_limit_after_segment = 10
-rate_limit_segments_per_sec = 0
-max_get_time = 86400
-')
-    end
+    it { is_expected.to contain_swift_proxy_config('filter:slo/use').with_value('egg:swift#slo') }
+    it { is_expected.to contain_swift_proxy_config('filter:slo/max_manifest_segments').with_value('1000') }
+    it { is_expected.to contain_swift_proxy_config('filter:slo/max_manifest_size').with_value('2097152') }
+    it { is_expected.to contain_swift_proxy_config('filter:slo/min_segment_size').with_value('1048576') }
+    it { is_expected.to contain_swift_proxy_config('filter:slo/rate_limit_after_segment').with_value('10') }
+    it { is_expected.to contain_swift_proxy_config('filter:slo/rate_limit_segments_per_sec').with_value('0') }
+    it { is_expected.to contain_swift_proxy_config('filter:slo/max_get_time').with_value('86400') }
  end

  describe "when overriding default parameters" do
@ -30,12 +25,10 @@ max_get_time = 86400
        :max_get_time              => '6400',
      }
    end
-    it 'should build the fragment with correct parameters' do
-      is_expected.to contain_concat_fragment('swift_slo').with_content(/max_manifest_segments = 2000/)
-      is_expected.to contain_concat_fragment('swift_slo').with_content(/max_manifest_size = 500000/)
-      is_expected.to contain_concat_fragment('swift_slo').with_content(/rate_limit_after_segment = 30/)
-      is_expected.to contain_concat_fragment('swift_slo').with_content(/max_get_time = 6400/)
-    end
+    it { is_expected.to contain_swift_proxy_config('filter:slo/max_manifest_segments').with_value('2000') }
+    it { is_expected.to contain_swift_proxy_config('filter:slo/max_manifest_size').with_value('500000') }
+    it { is_expected.to contain_swift_proxy_config('filter:slo/rate_limit_after_segment').with_value('30') }
+    it { is_expected.to contain_swift_proxy_config('filter:slo/max_get_time').with_value('6400') }
  end

 end
--- a/spec/classes/swift_proxy_spec.rb
+++ b/spec/classes/swift_proxy_spec.rb
@ -38,6 +38,12 @@ describe 'swift::proxy' do
        {:proxy_local_net_ip => '127.0.0.1'}
      end

+      it 'passes purge to swift_proxy_config resource' do
+        is_expected.to contain_resources('swift_proxy_config').with({
+          :purge => false
+        })
+      end
+
      it { is_expected.to contain_package('swift-proxy').that_requires('Anchor[swift::install::begin]')
           is_expected.to contain_package('swift-proxy').that_notifies('Anchor[swift::install::end]') }

@ -46,47 +52,33 @@ describe 'swift::proxy' do
         :provider   => nil,
         :enable     => true,
         :hasstatus  => true,
-         :subscribe  => 'Concat[/etc/swift/proxy-server.conf]',
         :tag        => 'swift-service',
        }
      )}
-      it { is_expected.to contain_concat('/etc/swift/proxy-server.conf').with(
-        {:ensure  => 'present',
-         :owner   => 'swift',
-         :group   => 'swift',
-        }
-      )}

-      it 'should build the header file with all of the default contents' do
-        is_expected.to contain_concat_fragment('swift_proxy').with_content('# This file is managed by puppet.  Do not edit
-#
-[DEFAULT]
-bind_port = 8080
-bind_ip = 127.0.0.1
-workers = 1
-user = swift
-log_name = proxy-server
-log_facility = LOG_LOCAL1
-log_level = INFO
-log_headers = False
-log_address = /dev/log
+      it { is_expected.to contain_service('swift-proxy-server').that_subscribes_to('Anchor[swift::service::begin]')}
+      it { is_expected.to contain_service('swift-proxy-server').that_notifies('Anchor[swift::service::end]')}
+      it { is_expected.to contain_swift_proxy_config('DEFAULT/bind_port').with_value('8080')}
+      it { is_expected.to contain_swift_proxy_config('DEFAULT/bind_ip').with_value('127.0.0.1')}
+      it { is_expected.to contain_swift_proxy_config('DEFAULT/workers').with_value('1')}
+      it { is_expected.to contain_swift_proxy_config('DEFAULT/user').with_value('swift')}
+      it { is_expected.to contain_swift_proxy_config('DEFAULT/log_name').with_value('proxy-server')}
+      it { is_expected.to contain_swift_proxy_config('DEFAULT/log_facility').with_value('LOG_LOCAL1')}
+      it { is_expected.to contain_swift_proxy_config('DEFAULT/log_level').with_value('INFO')}
+      it { is_expected.to contain_swift_proxy_config('DEFAULT/log_headers').with_value('False')}
+      it { is_expected.to contain_swift_proxy_config('DEFAULT/log_address').with_value('/dev/log')}
+      it { is_expected.to contain_swift_proxy_config('pipeline:main/pipeline').with_value('healthcheck cache tempauth proxy-server')}
+      it { is_expected.to contain_swift_proxy_config('app:proxy-server/use').with_value('egg:swift#proxy')}
+      it { is_expected.to contain_swift_proxy_config('app:proxy-server/set log_name').with_value('proxy-server')}
+      it { is_expected.to contain_swift_proxy_config('app:proxy-server/set log_facility').with_value('LOG_LOCAL1')}
+      it { is_expected.to contain_swift_proxy_config('app:proxy-server/set log_level').with_value('INFO')}
+      it { is_expected.to contain_swift_proxy_config('app:proxy-server/set log_address').with_value('/dev/log')}
+      it { is_expected.to contain_swift_proxy_config('app:proxy-server/log_handoffs').with_value('true')}
+      it { is_expected.to contain_swift_proxy_config('app:proxy-server/allow_account_management').with_value('true')}
+      it { is_expected.to contain_swift_proxy_config('app:proxy-server/account_autocreate').with_value('true')}

-[pipeline:main]
-pipeline = healthcheck cache tempauth proxy-server

-[app:proxy-server]
-use = egg:swift#proxy
-set log_name = proxy-server
-set log_facility = LOG_LOCAL1
-set log_level = INFO
-set log_address = /dev/log
-log_handoffs = true
-allow_account_management = true
-account_autocreate = true
-')
-      end
-
-      it { is_expected.to contain_concat__fragment('swift_proxy').with_before(
+      it { is_expected.to contain_service('swift-proxy-server').with_require(
        [
          'Class[Swift::Proxy::Healthcheck]',
          'Class[Swift::Proxy::Cache]',
@ -102,7 +94,7 @@ account_autocreate = true
            swift_proxy_config { 'foo/bar': value => 'foo' }
          "
        end
-        it { is_expected.to contain_concat("/etc/swift/proxy-server.conf").that_comes_before("Swift_proxy_config[foo/bar]") }
+        it { is_expected.to contain_swift_proxy_config('foo/bar').with_value('foo').that_notifies('Anchor[swift::config::end]')}
      end

      describe 'when more parameters are set' do
@ -123,47 +115,32 @@ account_autocreate = true
           :cors_allow_origin         => 'http://foo.bar:1234,https://foo.bar',
          }
        end
-        it 'should build the header file with provided values' do
-          is_expected.to contain_concat_fragment('swift_proxy').with_content('# This file is managed by puppet.  Do not edit
-#
-[DEFAULT]
-bind_port = 80
-bind_ip = 10.0.0.2
-workers = 3
-user = swift
-log_name = swift-proxy-server
-log_facility = LOG_LOCAL1
-log_level = DEBUG
-log_headers = False
-log_address = /dev/log
-cors_allow_origin = http://foo.bar:1234,https://foo.bar
-strict_cors_mode = true
-
-[pipeline:main]
-pipeline = swauth proxy-server
-
-[app:proxy-server]
-use = egg:swift#proxy
-set log_name = swift-proxy-server
-set log_facility = LOG_LOCAL1
-set log_level = DEBUG
-set log_address = /dev/log
-log_handoffs = true
-allow_account_management = false
-account_autocreate = false
-sorting_method = affinity
-read_affinity = r1z1=100, r1=200
-write_affinity = r1
-write_affinity_node_count = 2 * replicas
-node_timeout = 20
-')
-        end
-        if Puppet.version.to_f < 4.0
-          it { is_expected.to contain_concat__fragment('swift_proxy').with_before('Class[Swift::Proxy::Swauth]')}
-        else
-          it { is_expected.to contain_concat__fragment('swift_proxy').with_before(['Class[Swift::Proxy::Swauth]'])}
-        end
-       end
+        it { is_expected.to contain_swift_proxy_config('DEFAULT/bind_port').with_value('80')}
+        it { is_expected.to contain_swift_proxy_config('DEFAULT/bind_ip').with_value('10.0.0.2')}
+        it { is_expected.to contain_swift_proxy_config('DEFAULT/workers').with_value('3')}
+        it { is_expected.to contain_swift_proxy_config('DEFAULT/user').with_value('swift')}
+        it { is_expected.to contain_swift_proxy_config('DEFAULT/log_name').with_value('swift-proxy-server')}
+        it { is_expected.to contain_swift_proxy_config('DEFAULT/log_facility').with_value('LOG_LOCAL1')}
+        it { is_expected.to contain_swift_proxy_config('DEFAULT/log_level').with_value('DEBUG')}
+        it { is_expected.to contain_swift_proxy_config('DEFAULT/log_headers').with_value('False')}
+        it { is_expected.to contain_swift_proxy_config('DEFAULT/log_address').with_value('/dev/log')}
+        it { is_expected.to contain_swift_proxy_config('DEFAULT/cors_allow_origin').with_value('http://foo.bar:1234,https://foo.bar')}
+        it { is_expected.to contain_swift_proxy_config('DEFAULT/strict_cors_mode').with_value('true')}
+        it { is_expected.to contain_swift_proxy_config('pipeline:main/pipeline').with_value('swauth proxy-server')}
+        it { is_expected.to contain_swift_proxy_config('app:proxy-server/use').with_value('egg:swift#proxy')}
+        it { is_expected.to contain_swift_proxy_config('app:proxy-server/set log_name').with_value('swift-proxy-server')}
+        it { is_expected.to contain_swift_proxy_config('app:proxy-server/set log_facility').with_value('LOG_LOCAL1')}
+        it { is_expected.to contain_swift_proxy_config('app:proxy-server/set log_level').with_value('DEBUG')}
+        it { is_expected.to contain_swift_proxy_config('app:proxy-server/set log_address').with_value('/dev/log')}
+        it { is_expected.to contain_swift_proxy_config('app:proxy-server/log_handoffs').with_value('true')}
+        it { is_expected.to contain_swift_proxy_config('app:proxy-server/allow_account_management').with_value('false')}
+        it { is_expected.to contain_swift_proxy_config('app:proxy-server/account_autocreate').with_value('false')}
+        it { is_expected.to contain_swift_proxy_config('app:proxy-server/sorting_method').with_value('affinity')}
+        it { is_expected.to contain_swift_proxy_config('app:proxy-server/read_affinity').with_value('r1z1=100, r1=200')}
+        it { is_expected.to contain_swift_proxy_config('app:proxy-server/write_affinity').with_value('r1')}
+        it { is_expected.to contain_swift_proxy_config('app:proxy-server/write_affinity_node_count').with_value('2 * replicas')}
+        it { is_expected.to contain_swift_proxy_config('app:proxy-server/node_timeout').with_value('20')}
+      end
      describe "when log udp port is set" do
        context 'and log_udp_host is not set' do
          let :params do
@ -204,47 +181,36 @@ node_timeout = 20
             :write_affinity_node_count => '2 * replicas',
             :node_timeout              => '20',
             :cors_allow_origin         => 'http://foo.bar:1234,https://foo.bar',
-          }
+            }
          end
-        it 'should build the header file with provided values' do
-          is_expected.to contain_concat_fragment('swift_proxy').with_content('# This file is managed by puppet.  Do not edit
-#
-[DEFAULT]
-bind_port = 80
-bind_ip = 10.0.0.2
-workers = 3
-user = swift
-log_name = swift-proxy-server
-log_facility = LOG_LOCAL1
-log_level = DEBUG
-log_headers = False
-log_address = /dev/log
-# If set, log_udp_host will override log_address
-log_udp_host = 127.0.0.1
-log_udp_port = 514
-cors_allow_origin = http://foo.bar:1234,https://foo.bar
-strict_cors_mode = true
-
-[pipeline:main]
-pipeline = swauth proxy-server
-
-[app:proxy-server]
-use = egg:swift#proxy
-set log_name = swift-proxy-server
-set log_facility = LOG_LOCAL1
-set log_level = DEBUG
-set log_address = /dev/log
-log_handoffs = true
-allow_account_management = false
-account_autocreate = false
-sorting_method = affinity
-read_affinity = r1z1=100, r1=200
-write_affinity = r1
-write_affinity_node_count = 2 * replicas
-node_timeout = 20
-')
+          it { is_expected.to contain_swift_proxy_config('DEFAULT/bind_port').with_value('80')}
+          it { is_expected.to contain_swift_proxy_config('DEFAULT/bind_ip').with_value('10.0.0.2')}
+          it { is_expected.to contain_swift_proxy_config('DEFAULT/workers').with_value('3')}
+          it { is_expected.to contain_swift_proxy_config('DEFAULT/user').with_value('swift')}
+          it { is_expected.to contain_swift_proxy_config('DEFAULT/log_name').with_value('swift-proxy-server')}
+          it { is_expected.to contain_swift_proxy_config('DEFAULT/log_facility').with_value('LOG_LOCAL1')}
+          it { is_expected.to contain_swift_proxy_config('DEFAULT/log_level').with_value('DEBUG')}
+          it { is_expected.to contain_swift_proxy_config('DEFAULT/log_headers').with_value('False')}
+          it { is_expected.to contain_swift_proxy_config('DEFAULT/log_address').with_value('/dev/log')}
+          it { is_expected.to contain_swift_proxy_config('DEFAULT/log_udp_host').with_value('127.0.0.1')}
+          it { is_expected.to contain_swift_proxy_config('DEFAULT/log_udp_port').with_value('514')}
+          it { is_expected.to contain_swift_proxy_config('DEFAULT/cors_allow_origin').with_value('http://foo.bar:1234,https://foo.bar')}
+          it { is_expected.to contain_swift_proxy_config('DEFAULT/strict_cors_mode').with_value('true')}
+          it { is_expected.to contain_swift_proxy_config('pipeline:main/pipeline').with_value('swauth proxy-server')}
+          it { is_expected.to contain_swift_proxy_config('app:proxy-server/use').with_value('egg:swift#proxy')}
+          it { is_expected.to contain_swift_proxy_config('app:proxy-server/set log_name').with_value('swift-proxy-server')}
+          it { is_expected.to contain_swift_proxy_config('app:proxy-server/set log_facility').with_value('LOG_LOCAL1')}
+          it { is_expected.to contain_swift_proxy_config('app:proxy-server/set log_level').with_value('DEBUG')}
+          it { is_expected.to contain_swift_proxy_config('app:proxy-server/set log_address').with_value('/dev/log')}
+          it { is_expected.to contain_swift_proxy_config('app:proxy-server/log_handoffs').with_value('true')}
+          it { is_expected.to contain_swift_proxy_config('app:proxy-server/allow_account_management').with_value('false')}
+          it { is_expected.to contain_swift_proxy_config('app:proxy-server/account_autocreate').with_value('false')}
+          it { is_expected.to contain_swift_proxy_config('app:proxy-server/sorting_method').with_value('affinity')}
+          it { is_expected.to contain_swift_proxy_config('app:proxy-server/read_affinity').with_value('r1z1=100, r1=200')}
+          it { is_expected.to contain_swift_proxy_config('app:proxy-server/write_affinity').with_value('r1')}
+          it { is_expected.to contain_swift_proxy_config('app:proxy-server/write_affinity_node_count').with_value('2 * replicas')}
+          it { is_expected.to contain_swift_proxy_config('app:proxy-server/node_timeout').with_value('20')}
        end
-      end
    end

      describe 'when supplying bad values for parameters' do
@ -308,7 +274,6 @@ node_timeout = 20
          :provider   => platform_params['service_provider'],
          :enable     => false,
          :hasstatus  => true,
-          :subscribe  => 'Concat[/etc/swift/proxy-server.conf]'
        )
      end
    end
--- a/spec/classes/swift_proxy_staticweb_spec.rb
+++ b/spec/classes/swift_proxy_staticweb_spec.rb
@ -6,7 +6,6 @@ describe 'swift::proxy::staticweb' do
    {}
  end

-  it { is_expected.to contain_concat_fragment('swift-proxy-staticweb').with_content(/[filter:staticweb]/) }
-  it { is_expected.to contain_concat_fragment('swift-proxy-staticweb').with_content(/use = egg:swift#staticweb/) }
+  it { is_expected.to contain_swift_proxy_config('filter:staticweb/use').with_value('egg:swift#staticweb') }

 end
--- a/spec/classes/swift_proxy_swauth_spec.rb
+++ b/spec/classes/swift_proxy_swauth_spec.rb
@ -8,13 +8,12 @@ describe 'swift::proxy::swauth' do

  it { is_expected.to contain_package('python-swauth').with_ensure('present') }

-  it { is_expected.to contain_concat_fragment('swift_proxy_swauth').with_content(/[filter:swauth]/) }
-  it { is_expected.to contain_concat_fragment('swift_proxy_swauth').with_content(/use = egg:swauth#swauth/) }
+  it { is_expected.to contain_swift_proxy_config('filter:swauth/use').with_value('egg:swauth#swauth') }

  describe 'with defaults' do

-    it { is_expected.to contain_concat_fragment('swift_proxy_swauth').with_content(/default_swift_cluster = local#127\.0\.0\.1/) }
-    it { is_expected.to contain_concat_fragment('swift_proxy_swauth').with_content(/super_admin_key = swauthkey/) }
+    it { is_expected.to contain_swift_proxy_config('filter:swauth/default_swift_cluster').with_value('local#127.0.0.1') }
+    it { is_expected.to contain_swift_proxy_config('filter:swauth/super_admin_key').with_value('swauthkey') }

  end

@ -26,8 +25,9 @@ describe 'swift::proxy::swauth' do
       :package_ensure => 'latest' }
    end

-    it { is_expected.to contain_concat_fragment('swift_proxy_swauth').with_content(/default_swift_cluster = local#10\.0\.0\.1/) }
-    it { is_expected.to contain_concat_fragment('swift_proxy_swauth').with_content(/super_admin_key = foo/) }
+    it { is_expected.to contain_swift_proxy_config('filter:swauth/default_swift_cluster').with_value('local#10.0.0.1') }
+    it { is_expected.to contain_swift_proxy_config('filter:swauth/super_admin_key').with_value('foo') }
+
    it { is_expected.to contain_package('python-swauth').with_ensure('latest') }

  end
--- a/spec/classes/swift_proxy_swift3_spec.rb
+++ b/spec/classes/swift_proxy_swift3_spec.rb
@ -17,7 +17,6 @@ describe 'swift::proxy::swift3' do
    "/var/lib/puppet/concat/_etc_swift_proxy-server.conf/fragments/27_swift_swift3"
  end

-  it { is_expected.to contain_concat_fragment('swift_swift3').with_content(/[filter:swift3]/) }
-  it { is_expected.to contain_concat_fragment('swift_swift3').with_content(/use = egg:swift3#swift3/) }
+  it { is_expected.to contain_swift_proxy_config('filter:swift3/use').with_value('egg:swift3#swift3') }

 end
--- a/spec/classes/swift_proxy_tempauth_spec.rb
+++ b/spec/classes/swift_proxy_tempauth_spec.rb
@ -19,13 +19,13 @@ describe 'swift::proxy::tempauth' do
    'concat { "/etc/swift/proxy-server.conf": }'
  end

-  it { is_expected.to contain_concat_fragment('swift-proxy-tempauth').with_content(/\[filter:tempauth\]\nuse = egg:swift#tempauth/) }
-  it { is_expected.to contain_concat_fragment('swift-proxy-tempauth').with_content(/user_admin_admin = admin \.admin \.reseller_admin/) }
+  it { is_expected.to contain_swift_proxy_config('filter:tempauth/use').with_value('egg:swift#tempauth') }
+  it { is_expected.to contain_swift_proxy_config('filter:tempauth/user_admin_admin').with_value('admin .admin .reseller_admin') }

-  it { is_expected.to_not contain_concat_fragment('swift-proxy-tempauth').with_content(/reseller_prefix/) }
-  it { is_expected.to_not contain_concat_fragment('swift-proxy-tempauth').with_content(/token_life/) }
-  it { is_expected.to_not contain_concat_fragment('swift-proxy-tempauth').with_content(/auth_prefix/) }
-  it { is_expected.to_not contain_concat_fragment('swift-proxy-tempauth').with_content(/storage_url_scheme/) }
+  it { is_expected.to_not contain_swift_proxy_config('filter:tempauth/reseller_prefix').with_value('') }
+  it { is_expected.to_not contain_swift_proxy_config('filter:tempauth/token_life').with_value('') }
+  it { is_expected.to_not contain_swift_proxy_config('filter:tempauth/auth_prefix').with_value('') }
+  it { is_expected.to_not contain_swift_proxy_config('filter:tempauth/storage_url_scheme').with_value('') }

  context 'declaring two users' do
    let :params do {
@ -44,12 +44,8 @@ describe 'swift::proxy::tempauth' do
        },
      ]
    } end
-    it { is_expected.to contain_concat_fragment('swift-proxy-tempauth').with_content(
-      /user_admin_admin = admin \.admin \.reseller_admin/
-    ) }
-    it { is_expected.to contain_concat_fragment('swift-proxy-tempauth').with_content(
-      /user_bar_foo = pass \.reseller_admin/
-    ) }
+    it { is_expected.to contain_swift_proxy_config('filter:tempauth/user_admin_admin').with_value('admin .admin .reseller_admin') }
+    it { is_expected.to contain_swift_proxy_config('filter:tempauth/user_bar_foo').with_value('pass .reseller_admin') }
  end

  context 'when group is empty' do
@ -63,7 +59,7 @@ describe 'swift::proxy::tempauth' do
        },
      ]
    } end
-    it { is_expected.to contain_concat_fragment('swift-proxy-tempauth').with_content(/user_admin_admin = admin $/) }
+    it { is_expected.to contain_swift_proxy_config('filter:tempauth/user_admin_admin').with_value('admin') }
  end


@ -76,10 +72,10 @@ describe 'swift::proxy::tempauth' do
    }.merge(default_params)
    end

-    it { is_expected.to contain_concat_fragment('swift-proxy-tempauth').with_content(/reseller_prefix = AUTH/) }
-    it { is_expected.to contain_concat_fragment('swift-proxy-tempauth').with_content(/token_life = 81600/) }
-    it { is_expected.to contain_concat_fragment('swift-proxy-tempauth').with_content(/auth_prefix = \/auth\//) }
-    it { is_expected.to contain_concat_fragment('swift-proxy-tempauth').with_content(/storage_url_scheme = http/) }
+    it { is_expected.to contain_swift_proxy_config('filter:tempauth/reseller_prefix').with_value('AUTH') }
+    it { is_expected.to contain_swift_proxy_config('filter:tempauth/token_life').with_value('81600') }
+    it { is_expected.to contain_swift_proxy_config('filter:tempauth/auth_prefix').with_value('/auth/') }
+    it { is_expected.to contain_swift_proxy_config('filter:tempauth/storage_url_scheme').with_value('http') }

    describe "invalid params" do
      ['account_user_list', 'token_life', 'auth_prefix', 'storage_url_scheme'].each do |param|
--- a/spec/classes/swift_proxy_tempurl_spec.rb
+++ b/spec/classes/swift_proxy_tempurl_spec.rb
@ -10,14 +10,14 @@ describe 'swift::proxy::tempurl' do
    'concat { "/etc/swift/proxy-server.conf": }'
  end

-  it { is_expected.to contain_concat_fragment('swift-proxy-tempurl').with_content(/\[filter:tempurl\]\nuse = egg:swift#tempurl/) }
+  it { is_expected.to contain_swift_proxy_config('filter:tempurl/use').with_value('egg:swift#tempurl') }

  ['methods',
   'incoming_remove_headers',
   'incoming_allow_headers',
   'outgoing_remove_headers',
   'outgoing_allow_headers' ].each do |h|
-     it { is_expected.to_not contain_concat_fragment('swift-proxy-tempurl').with_content(/#{h}/) }
+     it { is_expected.to_not contain_swift_proxy_config("filter:tempurl/#{h}").with_value('') }
   end

   context "when params are set" do
@ -29,12 +29,12 @@ describe 'swift::proxy::tempurl' do
       'outgoing_allow_headers'  => ['x-foo','x-bar-*'],
     } end

-     it { is_expected.to contain_concat_fragment('swift-proxy-tempurl').with_content(/methods = GET HEAD PUT/) }
+     it { is_expected.to contain_swift_proxy_config('filter:tempurl/methods').with_value('GET HEAD PUT') }
     ['incoming_remove_headers',
      'incoming_allow_headers',
      'outgoing_remove_headers',
      'outgoing_allow_headers' ].each do |h|
-        it { is_expected.to contain_concat_fragment('swift-proxy-tempurl').with_content(/#{h} = x-foo x-bar-*/) }
+        it { is_expected.to contain_swift_proxy_config("filter:tempurl/#{h}").with_value('x-foo x-bar-*') }
      end

      describe 'when params are not array' do
@ -46,12 +46,12 @@ describe 'swift::proxy::tempurl' do
          'outgoing_allow_headers'  => 'x-foo x-bar-*',
        } end

-        it { is_expected.to contain_concat_fragment('swift-proxy-tempurl').with_content(/methods = GET HEAD PUT/) }
+        it { is_expected.to contain_swift_proxy_config('filter:tempurl/methods').with_value('GET HEAD PUT') }
        ['incoming_remove_headers',
         'incoming_allow_headers',
         'outgoing_remove_headers',
         'outgoing_allow_headers' ].each do |h|
-           it { is_expected.to contain_concat_fragment('swift-proxy-tempurl').with_content(/#{h} = x-foo x-bar-*/) }
+           it { is_expected.to contain_swift_proxy_config("filter:tempurl/#{h}").with_value('x-foo x-bar-*') }
         end
      end
   end
--- a/spec/classes/swift_proxy_versioned_writes_spec.rb
+++ b/spec/classes/swift_proxy_versioned_writes_spec.rb
@ -7,13 +7,8 @@ describe 'swift::proxy::versioned_writes' do
  end

  describe "when using default parameters" do
-    it 'should build the fragment with correct parameters' do
-      is_expected.to contain_concat_fragment('swift_versioned_writes').with_content('
-[filter:versioned_writes]
-use = egg:swift#versioned_writes
-allow_versioned_writes = false
-')
-    end
+    it { is_expected.to contain_swift_proxy_config('filter:versioned_writes/use').with_value('egg:swift#versioned_writes') }
+    it { is_expected.to contain_swift_proxy_config('filter:versioned_writes/allow_versioned_writes').with_value('false') }
  end

  describe "when overriding default parameters" do
@ -22,9 +17,7 @@ allow_versioned_writes = false
        :allow_versioned_writes => true,
      }
    end
-    it 'should build the fragment with correct parameters' do
-      is_expected.to contain_concat_fragment('swift_versioned_writes').with_content(/allow_versioned_writes = true/)
-    end
+    it { is_expected.to contain_swift_proxy_config('filter:versioned_writes/allow_versioned_writes').with_value('true') }
  end

 end
--- a/spec/defines/swift_proxy_tempauth_account.rb
+++ b/spec/defines/swift_proxy_tempauth_account.rb
@ -0,0 +1,15 @@
+require 'spec_helper'
+
+describe 'swift::proxy::tempauth_account' do
+
+  let :title do
+    '    user_admin_admin,    admin .admin .reseller_admin'
+  end
+
+  describe 'when passing in a string containing "user_<account>_<user>, <key> .<group1> .<groupx>"' do
+
+    it { is_expected.to contain_swift_proxy_config('filter:tempauth/user_admin_admin').with_value('admin .admin .reseller_admin') }
+
+  end
+
+end
--- a/templates/proxy/healthcheck.conf.erb
+++ b/templates/proxy/healthcheck.conf.erb
--- a/templates/proxy-server.conf.erb
+++ b/templates/proxy-server.conf.erb
@ -1,58 +0,0 @@
-# This file is managed by puppet.  Do not edit
-#
-[DEFAULT]
-bind_port = <%= @port %>
-<% if @proxy_local_net_ip -%>
-bind_ip = <%= @proxy_local_net_ip %>
-<% end -%>
-workers = <%= @workers %>
-user = swift
-log_name = <%= @log_name %>
-log_facility = <%= @log_facility %>
-log_level = <%= @log_level %>
-log_headers = <%= @log_headers %>
-log_address = <%= @log_address %>
-<% if @log_udp_host -%>
-# If set, log_udp_host will override log_address
-log_udp_host = <%= @log_udp_host %>
-<% end -%>
-<% if @log_udp_host and @log_udp_port -%>
-log_udp_port = <%= @log_udp_port %>
-<% end -%>
-<% if @cors_allow_origin -%>
-cors_allow_origin = <%= @cors_allow_origin %>
-strict_cors_mode = <%= @strict_cors_mode %>
-<% end -%>
-<%- if @statsd_enabled -%>
-log_statsd_host = <%=@log_statsd_host%>
-log_statsd_port = <%=@log_statsd_port%>
-log_statsd_default_sample_rate = <%=@log_statsd_default_sample_rate%>
-log_statsd_sample_rate_factor = <%=@log_statsd_sample_rate_factor%>
-log_statsd_metric_prefix = <%=@log_statsd_metric_prefix%>
-<%- end -%>
-
-[pipeline:main]
-pipeline = <%= @pipeline.to_a.join(' ') %>
-
-[app:proxy-server]
-use = egg:swift#proxy
-set log_name = <%= @log_name %>
-set log_facility = <%= @log_facility %>
-set log_level = <%= @log_level %>
-set log_address = <%= @log_address %>
-log_handoffs = <%= @log_handoffs %>
-allow_account_management = <%= @allow_account_management %>
-account_autocreate = <%= @account_autocreate %>
-<% if @read_affinity -%>
-sorting_method = affinity
-read_affinity = <%= @read_affinity %>
-<% end -%>
-<% if @write_affinity -%>
-write_affinity = <%= @write_affinity %>
-<% end -%>
-<% if @write_affinity_node_count -%>
-write_affinity_node_count = <%= @write_affinity_node_count %>
-<% end -%>
-<% if @node_timeout -%>
-node_timeout = <%= @node_timeout %>
-<% end -%>
--- a/templates/proxy/account_quotas.conf.erb
+++ b/templates/proxy/account_quotas.conf.erb
@ -1,3 +0,0 @@
-
-[filter:account_quotas]
-use = egg:swift#account_quotas
--- a/templates/proxy/authtoken.conf.erb
+++ b/templates/proxy/authtoken.conf.erb
@ -1,19 +0,0 @@
-
-[filter:authtoken]
-log_name = swift
-signing_dir = <%= @signing_dir %>
-paste.filter_factory = keystonemiddleware.auth_token:filter_factory
-
-auth_uri = <%= @auth_uri %>
-auth_url = <%= @auth_url_real %>
-auth_plugin = <%= @auth_plugin %>
-project_domain_id = <%= @project_domain_id %>
-user_domain_id = <%= @user_domain_id %>
-project_name = <%= @project_name_real %>
-username = <%= @username_real %>
-password = <%= @password_real %>
-
-delay_auth_decision = <%= @delay_auth_decision %>
-
-cache = <%= @cache %>
-include_service_catalog = <%= @include_service_catalog %>
--- a/templates/proxy/bulk.conf.erb
+++ b/templates/proxy/bulk.conf.erb
@ -1,7 +0,0 @@
-
-[filter:bulk]
-use = egg:swift#bulk
-max_containers_per_extraction = <%= @max_containers_per_extraction %>
-max_failed_extractions = <%= @max_failed_extractions %>
-max_deletes_per_request = <%= @max_deletes_per_request %>
-yield_frequency = <%= @yield_frequency %>
--- a/templates/proxy/cache.conf.erb
+++ b/templates/proxy/cache.conf.erb
@ -1,4 +0,0 @@
-
-[filter:cache]
-use = egg:swift#memcache
-memcache_servers = <%= [@memcache_servers].flatten.join(',') %>
--- a/templates/proxy/catch_errors.conf.erb
+++ b/templates/proxy/catch_errors.conf.erb
@ -1,3 +0,0 @@
-
-[filter:catch_errors]
-use = egg:swift#catch_errors
--- a/templates/proxy/ceilometer.conf.erb
+++ b/templates/proxy/ceilometer.conf.erb
@ -1,18 +0,0 @@
-
-[filter:ceilometer]
-paste.filter_factory = ceilometermiddleware.swift:filter_factory
-<% if @rabbit_hosts.nil? %>
-url = rabbit://<%= @rabbit_user %>:<%= @rabbit_password %>@<%= @rabbit_host %>:<%= @rabbit_port %>/<%= @rabbit_virtual_host %>
-<% else %>
-<% hosts=Array(@rabbit_hosts_with_creds).join(",") -%>
-url = rabbit://<%= hosts %>/<%= @rabbit_virtual_host %>
-<% end %>
-<% if @driver %>
-driver = <%= @driver %>
-<% end %>
-<% if @topic %>
-topic = <%= @topic %>
-<% end %>
-<% if @control_exchange %>
-control_exchange = <%= @control_exchange %>
-<% end %>
--- a/templates/proxy/container_quotas.conf.erb
+++ b/templates/proxy/container_quotas.conf.erb
@ -1,3 +0,0 @@
-
-[filter:container_quotas]
-use = egg:swift#container_quotas
--- a/templates/proxy/container_sync.conf.erb
+++ b/templates/proxy/container_sync.conf.erb
@ -1,3 +0,0 @@
-
-[filter:container_sync]
-use = egg:swift#container_sync
--- a/templates/proxy/copy.conf.erb
+++ b/templates/proxy/copy.conf.erb
@ -1,4 +0,0 @@
-
-[filter:copy]
-use = egg:swift#copy
-object_post_as_copy = <%= @object_post_as_copy %>
--- a/templates/proxy/crossdomain.conf.erb
+++ b/templates/proxy/crossdomain.conf.erb
@ -1,4 +0,0 @@
-
-[filter:crossdomain]
-use = egg:swift#crossdomain
-cross_domain_policy = <%= @cross_domain_policy %>
--- a/templates/proxy/dlo.conf.erb
+++ b/templates/proxy/dlo.conf.erb
@ -1,6 +0,0 @@
-
-[filter:dlo]
-use = egg:swift#dlo
-rate_limit_after_segment = <%= @rate_limit_after_segment %>
-rate_limit_segments_per_sec = <%= @rate_limit_segments_per_sec %>
-max_get_time = <%= @max_get_time %>
--- a/templates/proxy/formpost.conf.erb
+++ b/templates/proxy/formpost.conf.erb
@ -1,3 +0,0 @@
-
-[filter:formpost]
-use = egg:swift#formpost
--- a/templates/proxy/gatekeeper.conf.erb
+++ b/templates/proxy/gatekeeper.conf.erb
@ -1,8 +0,0 @@
-
-[filter:gatekeeper]
-use = egg:swift#gatekeeper
-set log_name = <%= @log_name %>
-set log_facility = <%= @log_facility %>
-set log_level = <%= @log_level %>
-set log_headers = <%= @log_headers %>
-set log_address = <%= @log_address %>
--- a/templates/proxy/keystone.conf.erb
+++ b/templates/proxy/keystone.conf.erb
@ -1,5 +0,0 @@
-
-[filter:keystone]
-use = egg:swift#keystoneauth
-operator_roles = <%= @operator_roles.to_a.join(', ') %>
-reseller_prefix = <%= @reseller_prefix %>
--- a/templates/proxy/proxy-logging.conf.erb
+++ b/templates/proxy/proxy-logging.conf.erb
@ -1,3 +0,0 @@
-
-[filter:proxy-logging]
-use = egg:swift#proxy_logging
--- a/templates/proxy/ratelimit.conf.erb
+++ b/templates/proxy/ratelimit.conf.erb
@ -1,8 +0,0 @@
-
-[filter:ratelimit]
-use = egg:swift#ratelimit
-clock_accuracy = <%= @clock_accuracy %>
-max_sleep_time_seconds = <%= @max_sleep_time_seconds %>
-log_sleep_time_seconds = <%= @log_sleep_time_seconds %>
-rate_buffer_seconds = <%= @rate_buffer_seconds %>
-account_ratelimit = <%= @account_ratelimit %>
--- a/templates/proxy/s3token.conf.erb
+++ b/templates/proxy/s3token.conf.erb
@ -1,6 +0,0 @@
-
-[filter:s3token]
-paste.filter_factory = keystonemiddleware.s3_token:filter_factory
-auth_port = <%= @auth_port %>
-auth_protocol = <%= @auth_protocol %>
-auth_host = <%= @auth_host %>
--- a/templates/proxy/slo.conf.erb
+++ b/templates/proxy/slo.conf.erb
@ -1,9 +0,0 @@
-
-[filter:slo]
-use = egg:swift#slo
-max_manifest_segments = <%= @max_manifest_segments %>
-max_manifest_size = <%= @max_manifest_size %>
-min_segment_size = <%= @min_segment_size %>
-rate_limit_after_segment = <%= @rate_limit_after_segment %>
-rate_limit_segments_per_sec = <%= @rate_limit_segments_per_sec %>
-max_get_time = <%= @max_get_time %>
--- a/templates/proxy/staticweb.conf.erb
+++ b/templates/proxy/staticweb.conf.erb
@ -1,3 +0,0 @@
-
-[filter:staticweb]
-use = egg:swift#staticweb
--- a/templates/proxy/swauth.conf.erb
+++ b/templates/proxy/swauth.conf.erb
@ -1,6 +0,0 @@
-
-[filter:swauth]
-use = egg:swauth#swauth
-# this line is not in the install docs?
-default_swift_cluster = local#<%= @swauth_endpoint %>
-super_admin_key = <%= @swauth_super_admin_key %>
--- a/templates/proxy/swift3.conf.erb
+++ b/templates/proxy/swift3.conf.erb
@ -1,3 +0,0 @@
-
-[filter:swift3]
-use = egg:swift3#swift3
--- a/templates/proxy/tempauth.conf.erb
+++ b/templates/proxy/tempauth.conf.erb
@ -1,18 +0,0 @@
-
-[filter:tempauth]
-use = egg:swift#tempauth
-<% if @reseller_prefix -%>
-reseller_prefix = <%= @reseller_prefix.upcase %>
-<%end -%>
-<% if @token_life -%>
-token_life = <%= @token_life %>
-<%end -%>
-<% if @auth_prefix -%>
-auth_prefix = <%= @auth_prefix %>
-<%end -%>
-<% if @storage_url_scheme -%>
-storage_url_scheme = <%= @storage_url_scheme %>
-<%end -%>
-<% @account_user_list.each do |user| %>
-user_<%= user['account'] %>_<%= user['user'] %> = <%= user['key'] %> <%= user['groups'].map { |g| '.' + g }.join(' ') %>
-<% end %>
--- a/templates/proxy/tempurl.conf.erb
+++ b/templates/proxy/tempurl.conf.erb
@ -1,18 +0,0 @@
-
-[filter:tempurl]
-use = egg:swift#tempurl
-<% if @methods_real-%>
-methods = <%= @methods_real %>
-<% end -%>
-<% if @incoming_remove_headers_real-%>
-incoming_remove_headers = <%= @incoming_remove_headers_real %>
-<% end -%>
-<% if @incoming_allow_headers_real-%>
-incoming_allow_headers = <%= @incoming_allow_headers_real %>
-<% end -%>
-<% if @outgoing_remove_headers_real-%>
-outgoing_remove_headers = <%= @outgoing_remove_headers_real %>
-<% end -%>
-<% if @outgoing_allow_headers_real-%>
-outgoing_allow_headers = <%= @outgoing_allow_headers_real %>
-<% end -%>
--- a/templates/proxy/versioned_writes.conf.erb
+++ b/templates/proxy/versioned_writes.conf.erb
@ -1,4 +0,0 @@
-
-[filter:versioned_writes]
-use = egg:swift#versioned_writes
-allow_versioned_writes = <%= @allow_versioned_writes %>