~corey.bryant/charms/trusty/swift-proxy/mitaka-ch-sync : contents of tests/basic

~corey.bryant/charms/trusty/swift-proxy/mitaka-ch-sync : (revision 112)
import amulet
import swiftclient

from charmhelpers.contrib.openstack.amulet.deployment import (
    OpenStackAmuletDeployment
)

from charmhelpers.contrib.openstack.amulet.utils import (
    OpenStackAmuletUtils,
    DEBUG, # flake8: noqa
    ERROR
)

# Use DEBUG to turn on debug logging
u = OpenStackAmuletUtils(DEBUG)


class SwiftProxyBasicDeployment(OpenStackAmuletDeployment):
    """Amulet tests on a basic swift-proxy deployment."""

    def __init__(self, series, openstack=None, source=None, stable=False):
        """Deploy the entire test environment."""
        super(SwiftProxyBasicDeployment, self).__init__(series, openstack,
                                                        source, stable)
        self._add_services()
        self._add_relations()
        self._configure_services()
        self._deploy()
        self._initialize_tests()

    def _add_services(self):
        """Add services

           Add the services that we're testing, where swift-proxy is local,
           and the rest of the service are from lp branches that are
           compatible with the local charm (e.g. stable or next).
           """
        this_service = {'name': 'swift-proxy'}
        other_services = [{'name': 'mysql'}, {'name': 'keystone'},
                          {'name': 'glance'}, {'name': 'swift-storage'}]
        super(SwiftProxyBasicDeployment, self)._add_services(this_service,
                                                             other_services)

    def _add_relations(self):
        """Add all of the relations for the services."""
        relations = {
          'keystone:shared-db': 'mysql:shared-db',
          'swift-proxy:identity-service': 'keystone:identity-service',
          'swift-storage:swift-storage': 'swift-proxy:swift-storage',
          'glance:identity-service': 'keystone:identity-service',
          'glance:shared-db': 'mysql:shared-db',
          'glance:object-store': 'swift-proxy:object-store'
        }
        super(SwiftProxyBasicDeployment, self)._add_relations(relations)

    def _configure_services(self):
        """Configure all of the services."""
        keystone_config = {'admin-password': 'openstack',
                           'admin-token': 'ubuntutesting'}
        swift_proxy_config = {'zone-assignment': 'manual',
                           'replicas': '1',
                           'swift-hash': 'fdfef9d4-8b06-11e2-8ac0-531c923c8fae'}
        swift_storage_config = {'zone': '1',
                                'block-device': 'vdb',
                                'overwrite': 'true'}
        configs = {'keystone': keystone_config,
                   'swift-proxy': swift_proxy_config,
                   'swift-storage': swift_storage_config}
        super(SwiftProxyBasicDeployment, self)._configure_services(configs)

    def _initialize_tests(self):
        """Perform final initialization before tests get run."""
        # Access the sentries for inspecting service units
        self.mysql_sentry = self.d.sentry.unit['mysql/0']
        self.keystone_sentry = self.d.sentry.unit['keystone/0']
        self.glance_sentry = self.d.sentry.unit['glance/0']
        self.swift_proxy_sentry = self.d.sentry.unit['swift-proxy/0']
        self.swift_storage_sentry = self.d.sentry.unit['swift-storage/0']

        # Authenticate admin with keystone
        self.keystone = u.authenticate_keystone_admin(self.keystone_sentry,
                                                      user='admin',
                                                      password='openstack',
                                                      tenant='admin')

        # Authenticate admin with glance endpoint
        self.glance = u.authenticate_glance_admin(self.keystone)

        # Authenticate swift user
        keystone_relation = self.keystone_sentry.relation('identity-service',
                                                 'swift-proxy:identity-service')
        ep = self.keystone.service_catalog.url_for(service_type='identity',
                                                   endpoint_type='publicURL')
        self.swift = swiftclient.Connection(authurl=ep,
                                user=keystone_relation['service_username'],
                                key=keystone_relation['service_password'],
                                tenant_name=keystone_relation['service_tenant'],
                                auth_version='2.0')

        # Create a demo tenant/role/user
        self.demo_tenant = 'demoTenant'
        self.demo_role = 'demoRole'
        self.demo_user = 'demoUser'
        if not u.tenant_exists(self.keystone, self.demo_tenant):
            tenant = self.keystone.tenants.create(tenant_name=self.demo_tenant,
                                                  description='demo tenant',
                                                  enabled=True)
            self.keystone.roles.create(name=self.demo_role)
            self.keystone.users.create(name=self.demo_user,
                                       password='password',
                                       tenant_id=tenant.id,
                                       email='demo@demo.com')

        # Authenticate demo user with keystone
        self.keystone_demo = \
            u.authenticate_keystone_user(self.keystone, user=self.demo_user,
                                         password='password',
                                         tenant=self.demo_tenant)

    def test_services(self):
        """Verify the expected services are running on the corresponding
           service units."""
        swift_storage_services = ['status swift-account',
                                  'status swift-account-auditor',
                                  'status swift-account-reaper',
                                  'status swift-account-replicator',
                                  'status swift-container',
                                  'status swift-container-auditor',
                                  'status swift-container-replicator',
                                  'status swift-container-updater',
                                  'status swift-object',
                                  'status swift-object-auditor',
                                  'status swift-object-replicator',
                                  'status swift-object-updater']
        if self._get_openstack_release() >= self.precise_icehouse:
            swift_storage_services.append('status swift-container-sync')

        commands = {
            self.mysql_sentry: ['status mysql'],
            self.keystone_sentry: ['status keystone'],
            self.glance_sentry: ['status glance-registry', 'status glance-api'],
            self.swift_proxy_sentry: ['status swift-proxy'],
            self.swift_storage_sentry: swift_storage_services
        }

        ret = u.validate_services(commands)
        if ret:
            amulet.raise_status(amulet.FAIL, msg=ret)

    def test_users(self):
        """Verify all existing roles."""
        user1 = {'name': 'demoUser',
                 'enabled': True,
                 'tenantId': u.not_null,
                 'id': u.not_null,
                 'email': 'demo@demo.com'}
        user2 = {'name': 'admin',
                 'enabled': True,
                 'tenantId': u.not_null,
                 'id': u.not_null,
                 'email': 'juju@localhost'}
        user3 = {'name': 'glance',
                 'enabled': True,
                 'tenantId': u.not_null,
                 'id': u.not_null,
                 'email': u'juju@localhost'}
        user4 = {'name': 'swift',
                 'enabled': True,
                 'tenantId': u.not_null,
                 'id': u.not_null,
                 'email': u'juju@localhost'}
        expected = [user1, user2, user3, user4]
        actual = self.keystone.users.list()

        ret = u.validate_user_data(expected, actual)
        if ret:
            amulet.raise_status(amulet.FAIL, msg=ret)

    def test_service_catalog(self):
        """Verify that the service catalog endpoint data is valid."""
        endpoint_vol = {'adminURL': u.valid_url,
                        'region': 'RegionOne',
                        'publicURL': u.valid_url,
                        'internalURL': u.valid_url}
        endpoint_id = {'adminURL': u.valid_url,
                       'region': 'RegionOne',
                       'publicURL': u.valid_url,
                       'internalURL': u.valid_url}
        if self._get_openstack_release() >= self.precise_folsom:
            endpoint_vol['id'] = u.not_null
            endpoint_id['id'] = u.not_null
        expected = {'image': [endpoint_id], 'object-store': [endpoint_id],
                    'identity': [endpoint_id]}
        actual = self.keystone_demo.service_catalog.get_endpoints()

        ret = u.validate_svc_catalog_endpoint_data(expected, actual)
        if ret:
            amulet.raise_status(amulet.FAIL, msg=ret)

    def test_openstack_object_store_endpoint(self):
        """Verify the swift object-store endpoint data."""
        endpoints = self.keystone.endpoints.list()
        admin_port = internal_port = public_port = '8080'
        expected = {'id': u.not_null,
                    'region': 'RegionOne',
                    'adminurl': u.valid_url,
                    'internalurl': u.valid_url,
                    'publicurl': u.valid_url,
                    'service_id': u.not_null}

        ret = u.validate_endpoint_data(endpoints, admin_port, internal_port,
                                       public_port, expected)
        if ret:
            message = 'object-store endpoint: {}'.format(ret)
            amulet.raise_status(amulet.FAIL, msg=message)

    def test_swift_proxy_identity_service_relation(self):
        """Verify the swift-proxy to keystone identity-service relation data."""
        unit = self.swift_proxy_sentry
        relation = ['identity-service', 'keystone:identity-service']
        expected = {
            'service': 'swift',
            'region': 'RegionOne',
            'public_url': u.valid_url,
            'internal_url': u.valid_url,
            'private-address': u.valid_ip,
            'requested_roles': 'Member,Admin',
            'admin_url': u.valid_url
        }

        ret = u.validate_relation_data(unit, relation, expected)
        if ret:
            message = u.relation_error('swift-proxy identity-service', ret)
            amulet.raise_status(amulet.FAIL, msg=message)

    def test_keystone_identity_service_relation(self):
        """Verify the keystone to swift-proxy identity-service relation data."""
        unit = self.keystone_sentry
        relation = ['identity-service', 'swift-proxy:identity-service']
        expected = {
            'service_protocol': 'http',
            'service_tenant': 'services',
            'admin_token': 'ubuntutesting',
            'service_password': u.not_null,
            'service_port': '5000',
            'auth_port': '35357',
            'auth_protocol': 'http',
            'private-address': u.valid_ip,
            'auth_host': u.valid_ip,
            'service_username': 'swift',
            'service_tenant_id': u.not_null,
            'service_host': u.valid_ip
        }

        ret = u.validate_relation_data(unit, relation, expected)
        if ret:
            message = u.relation_error('keystone identity-service', ret)
            amulet.raise_status(amulet.FAIL, msg=message)

    def test_swift_storage_swift_storage_relation(self):
        """Verify the swift-storage to swift-proxy swift-storage relation
           data."""
        unit = self.swift_storage_sentry
        relation = ['swift-storage', 'swift-proxy:swift-storage']
        expected = {
            'account_port': '6002',
            'zone': '1',
            'object_port': '6000',
            'container_port': '6001',
            'private-address': u.valid_ip,
            'device': 'vdb'
        }

        ret = u.validate_relation_data(unit, relation, expected)
        if ret:
            message = u.relation_error('swift-storage swift-storage', ret)
            amulet.raise_status(amulet.FAIL, msg=message)

    def test_swift_proxy_swift_storage_relation(self):
        """Verify the swift-proxy to swift-storage swift-storage relation
           data."""
        unit = self.swift_proxy_sentry
        relation = ['swift-storage', 'swift-storage:swift-storage']
        expected = {
            'private-address': u.valid_ip,
            'trigger': u.not_null,
            'rings_url': u.valid_url,
            'swift_hash': u.not_null
        }

        ret = u.validate_relation_data(unit, relation, expected)
        if ret:
            message = u.relation_error('swift-proxy swift-storage', ret)
            amulet.raise_status(amulet.FAIL, msg=message)

    def test_glance_object_store_relation(self):
        """Verify the glance to swift-proxy object-store relation data."""
        unit = self.glance_sentry
        relation = ['object-store', 'swift-proxy:object-store']
        expected = { 'private-address': u.valid_ip }

        ret = u.validate_relation_data(unit, relation, expected)
        if ret:
            message = u.relation_error('glance object-store', ret)
            amulet.raise_status(amulet.FAIL, msg=message)

    def test_swift_proxy_object_store_relation(self):
        """Verify the swift-proxy to glance object-store relation data."""
        unit = self.swift_proxy_sentry
        relation = ['object-store', 'glance:object-store']
        expected = {'private-address': u.valid_ip}
        ret = u.validate_relation_data(unit, relation, expected)
        if ret:
            message = u.relation_error('swift-proxy object-store', ret)
            amulet.raise_status(amulet.FAIL, msg=message)

    def test_z_restart_on_config_change(self):
        """Verify that the specified services are restarted when the config
           is changed.

           Note(coreycb): The method name with the _z_ is a little odd
           but it forces the test to run last.  It just makes things
           easier because restarting services requires re-authorization.
           """
        svc = 'swift-proxy'
        self.d.configure('swift-proxy', {'node-timeout': '90'})

        if not u.service_restarted(self.swift_proxy_sentry, svc,
                                   '/etc/swift/proxy-server.conf'):
            self.d.configure('swift-proxy', {'node-timeout': '60'})
            msg = "service {} didn't restart after config change".format(svc)
            amulet.raise_status(amulet.FAIL, msg=msg)

        self.d.configure('swift-proxy', {'node-timeout': '60'})

    def test_z_no_restart_on_config_change_when_paused(self):
        """Verify that the specified services are not restarted when the config
           is changed and the unit is paused."""
        u.log.info('Checking that system services do not get restarted  '
                   'when charm config changes but unit is paused...')
        sentry = self.swift_proxy_sentry
        juju_service = 'swift-proxy'

        # Expected default and alternate values
        set_default = {'node-timeout': '60'}
        set_alternate = {'node-timeout': '90'}

        services = ['swift-proxy', 'haproxy', 'apache2', 'memcached']

        # Pause the unit
        u.log.debug('Pausing the unit...')
        pause_action_id = u.run_action(sentry, "pause")
        assert u.wait_on_action(pause_action_id), "Resume action failed."
        # Make config change, check for service restarts
        u.log.debug('Making config change on {}...'.format(juju_service))
        self.d.configure(juju_service, set_alternate)

        for service in services:
            u.log.debug("Checking that service didn't start while "
                        "paused: {}".format(service))
            # No explicit assert because get_process_id_list will do it for us
            u.get_process_id_list(
                sentry, service, expect_success=False)

        self.d.configure(juju_service, set_default)
        resume_action_id = u.run_action(sentry, "resume")
        assert u.wait_on_action(resume_action_id), "Resume action failed."

    def _assert_services(self, should_run):
        swift_proxy_services = ['swift-proxy-server',
                                'haproxy',
                                'apache2',
                                'memcached']
        u.get_unit_process_ids(
            {self.swift_proxy_sentry: swift_proxy_services},
            expect_success=should_run)
        # No point using validate_unit_process_ids, since we don't
        # care about how many PIDs, merely that they're running, so
        # would populate expected with either True or False. This
        # validation is already performed in get_process_id_list

    def _test_pause(self):
        u.log.info("Testing pause action")
        self._assert_services(should_run=True)
        pause_action_id = u.run_action(self.swift_proxy_sentry, "pause")
        assert u.wait_on_action(pause_action_id), "Pause action failed."

        self._assert_services(should_run=False)
        status, message = u.status_get(self.swift_proxy_sentry)
        if status != "maintenance":
            msg = ("Pause action failed to move unit to maintenance "
                   "status (got {} instead)".format(status))
            amulet.raise_status(amulet.FAIL, msg=msg)
        if message != "Paused. Use 'resume' action to resume normal service.":
            msg = ("Pause action failed to set message"
                   " (got {} instead)".format(message))
            amulet.raise_status(amulet.FAIL, msg=msg)

    def _test_resume(self):
        u.log.info("Testing resume action")
        # service is left paused by _test_pause
        self._assert_services(should_run=False)
        resume_action_id = u.run_action(self.swift_proxy_sentry, "resume")
        assert u.wait_on_action(resume_action_id), "Resume action failed."

        self._assert_services(should_run=True)
        status, message = u.status_get(self.swift_proxy_sentry)
        if status != "active":
            msg = ("Resume action failed to move unit to active "
                   "status (got {} instead)".format(status))
            amulet.raise_status(amulet.FAIL, msg=msg)
        if message != "":
            msg = ("Resume action failed to clear message"
                   " (got {} instead)".format(message))
            amulet.raise_status(amulet.FAIL, msg=msg)

    def test_z_pause_resume_actions(self):
        """Pause and then resume swift-proxy."""
        u.log.debug('Checking pause/resume actions...')
        self._test_pause()
        self._test_resume()

    def test_swift_config(self):
        """Verify the data in the swift config file."""
        unit = self.swift_proxy_sentry
        conf = '/etc/swift/swift.conf'
        swift_proxy_relation = unit.relation('swift-storage',
                                             'swift-storage:swift-storage')
        expected = {
            'swift_hash_path_suffix': swift_proxy_relation['swift_hash']
        }

        ret = u.validate_config_data(unit, conf, 'swift-hash', expected)
        if ret:
            message = "swift config error: {}".format(ret)
            amulet.raise_status(amulet.FAIL, msg=message)

    def test_proxy_server_icehouse_config(self):
        """Verify the data in the proxy-server config file."""
        if self._get_openstack_release() < self.precise_icehouse:
            return

        unit = self.swift_proxy_sentry
        conf = '/etc/swift/proxy-server.conf'
        keystone_relation = self.keystone_sentry.relation('identity-service',
                                                 'swift-proxy:identity-service')
        swift_proxy_relation = unit.relation('identity-service',
                                             'keystone:identity-service')
        swift_proxy_ip = swift_proxy_relation['private-address']
        auth_host = keystone_relation['auth_host']
        auth_protocol = keystone_relation['auth_protocol']

        expected = {
            'DEFAULT': {
                'bind_port': '8070',
                'user': 'swift',
                'log_name': 'swift',
                'log_facility': 'LOG_LOCAL0',
                'log_level': 'INFO',
                'log_headers': 'False',
                'log_address': '/dev/log'
            },
            'pipeline:main': {
                'pipeline': 'gatekeeper healthcheck proxy-logging cache swift3 '
                            's3token container_sync bulk tempurl slo dlo '
                            'formpost authtoken keystoneauth staticweb '
                            'container-quotas account-quotas proxy-logging '
                            'proxy-server'
            },
            'app:proxy-server': {
                'use': 'egg:swift#proxy',
                'allow_account_management': 'true',
                'account_autocreate': 'true',
                'node_timeout': '60',
                'recoverable_node_timeout': '30'
            },
            'filter:tempauth': {
                'use': 'egg:swift#tempauth',
                'user_system_root': 'testpass .admin https://{}:8080/v1/'
                                    'AUTH_system'.format(swift_proxy_ip)
            },
            'filter:healthcheck': {'use': 'egg:swift#healthcheck'},
            'filter:cache': {
                'use': 'egg:swift#memcache',
                'memcache_servers': '{}:11211'.format(swift_proxy_ip)
            },
            'filter:account-quotas': {'use': 'egg:swift#account_quotas'},
            'filter:container-quotas': {'use': 'egg:swift#container_quotas'},
            'filter:proxy-logging': {'use': 'egg:swift#proxy_logging'},
            'filter:staticweb': {'use': 'egg:swift#staticweb'},
            'filter:bulk': {'use': 'egg:swift#bulk'},
            'filter:slo': {'use': 'egg:swift#slo'},
            'filter:dlo': {'use': 'egg:swift#dlo'},
            'filter:formpost': {'use': 'egg:swift#formpost'},
            'filter:tempurl': {'use': 'egg:swift#tempurl'},
            'filter:container_sync': {'use': 'egg:swift#container_sync'},
            'filter:gatekeeper': {'use': 'egg:swift#gatekeeper'},
            'filter:keystoneauth': {
                'use': 'egg:swift#keystoneauth',
                'operator_roles': 'Member,Admin'
            },
            'filter:authtoken': {
                'paste.filter_factory': 'keystoneclient.middleware.'
                                        'auth_token:filter_factory',
                'auth_host': auth_host,
                'auth_port': keystone_relation['auth_port'],
                'auth_protocol': auth_protocol,
                'auth_uri': '{}://{}:{}'.format(auth_protocol, auth_host,
                                             keystone_relation['service_port']),
                'admin_tenant_name': keystone_relation['service_tenant'],
                'admin_user': keystone_relation['service_username'],
                'admin_password': keystone_relation['service_password'],
                'delay_auth_decision': 'true',
                'signing_dir': '/var/cache/swift',
                'cache': 'swift.cache'
            },
            'filter:s3token': {
                'paste.filter_factory': 'keystoneclient.middleware.'
                                        's3_token:filter_factory',
                'service_host': keystone_relation['service_host'],
                'service_port': keystone_relation['service_port'],
                'auth_port': keystone_relation['auth_port'],
                'auth_host': keystone_relation['auth_host'],
                'auth_protocol': keystone_relation['auth_protocol'],
                'auth_token': keystone_relation['admin_token'],
                'admin_token': keystone_relation['admin_token']
            },
            'filter:swift3': {'use': 'egg:swift3#swift3'}
        }

        for section, pairs in expected.iteritems():
            ret = u.validate_config_data(unit, conf, section, pairs)
            if ret:
                message = "proxy-server config error: {}".format(ret)
                amulet.raise_status(amulet.FAIL, msg=message)

    def test_proxy_server_havana_config(self):
        """Verify the data in the proxy-server config file."""
        if self._get_openstack_release() != self.precise_havana:
            return

        unit = self.swift_proxy_sentry
        conf = '/etc/swift/proxy-server.conf'
        keystone_relation = self.keystone_sentry.relation('identity-service',
                                                 'swift-proxy:identity-service')
        swift_proxy_relation = unit.relation('identity-service',
                                             'keystone:identity-service')
        swift_proxy_ip = swift_proxy_relation['private-address']
        auth_host = keystone_relation['auth_host']
        auth_protocol = keystone_relation['auth_protocol']

        expected = {
            'DEFAULT': {
                'bind_port': '8070',
                'user': 'swift'
            },
            'pipeline:main': {
                'pipeline': 'healthcheck cache swift3 authtoken '
                            'keystoneauth container-quotas account-quotas '
                            'proxy-server'
            },
            'app:proxy-server': {
                'use': 'egg:swift#proxy',
                'allow_account_management': 'true',
                'account_autocreate': 'true',
                'node_timeout': '60',
                'recoverable_node_timeout': '30'
            },
            'filter:tempauth': {
                'use': 'egg:swift#tempauth',
                'user_system_root': 'testpass .admin https://{}:8080/v1/'
                                    'AUTH_system'.format(swift_proxy_ip)
            },
            'filter:healthcheck': {'use': 'egg:swift#healthcheck'},
            'filter:cache': {
                'use': 'egg:swift#memcache',
                'memcache_servers': '{}:11211'.format(swift_proxy_ip)
            },
            'filter:account-quotas': {'use': 'egg:swift#account_quotas'},
            'filter:container-quotas': {'use': 'egg:swift#container_quotas'},
            'filter:keystoneauth': {
                'use': 'egg:swift#keystoneauth',
                'operator_roles': 'Member,Admin'
            },
            'filter:authtoken': {
                'paste.filter_factory': 'keystoneclient.middleware.'
                                        'auth_token:filter_factory',
                'auth_host': auth_host,
                'auth_port': keystone_relation['auth_port'],
                'auth_protocol': auth_protocol,
                'auth_uri': '{}://{}:{}'.format(auth_protocol, auth_host,
                                             keystone_relation['service_port']),
                'admin_tenant_name': keystone_relation['service_tenant'],
                'admin_user': keystone_relation['service_username'],
                'admin_password': keystone_relation['service_password'],
                'delay_auth_decision': 'true',
                'signing_dir': '/var/cache/swift',
                'cache': 'swift.cache'
            },
            'filter:s3token': {
                'paste.filter_factory': 'keystone.middleware.s3_token:'
                                        'filter_factory',
                'service_host': keystone_relation['service_host'],
                'service_port': keystone_relation['service_port'],
                'auth_port': keystone_relation['auth_port'],
                'auth_host': keystone_relation['auth_host'],
                'auth_protocol': keystone_relation['auth_protocol'],
                'auth_token': keystone_relation['admin_token'],
                'admin_token': keystone_relation['admin_token'],
                'service_protocol': keystone_relation['service_protocol']
            },
            'filter:swift3': {'use': 'egg:swift3#swift3'}
        }

        for section, pairs in expected.iteritems():
            ret = u.validate_config_data(unit, conf, section, pairs)
            if ret:
                message = "proxy-server config error: {}".format(ret)
                amulet.raise_status(amulet.FAIL, msg=message)

    def test_proxy_server_grizzly_config(self):
        """Verify the data in the proxy-server config file."""
        if self._get_openstack_release() != self.precise_grizzly:
            return

        unit = self.swift_proxy_sentry
        conf = '/etc/swift/proxy-server.conf'
        keystone_relation = self.keystone_sentry.relation('identity-service',
                                                 'swift-proxy:identity-service')
        swift_proxy_relation = unit.relation('identity-service',
                                             'keystone:identity-service')
        swift_proxy_ip = swift_proxy_relation['private-address']
        auth_host = keystone_relation['auth_host']
        auth_protocol = keystone_relation['auth_protocol']

        expected = {
            'DEFAULT': {
                'bind_port': '8070',
                'user': 'swift'
            },
            'pipeline:main': {
                'pipeline': 'healthcheck cache swift3 s3token authtoken '
                            'keystone container-quotas account-quotas '
                            'proxy-server'
            },
            'app:proxy-server': {
                'use': 'egg:swift#proxy',
                'allow_account_management': 'true',
                'account_autocreate': 'true',
                'node_timeout': '60',
                'recoverable_node_timeout': '30'
            },
            'filter:tempauth': {
                'use': 'egg:swift#tempauth',
                'user_system_root': 'testpass .admin https://{}:8080/v1/'
                                    'AUTH_system'.format(swift_proxy_ip)
            },
            'filter:healthcheck': {'use': 'egg:swift#healthcheck'},
            'filter:cache': {
                'use': 'egg:swift#memcache',
                'memcache_servers': '{}:11211'.format(swift_proxy_ip)
            },
            'filter:account-quotas': {'use': 'egg:swift#account_quotas'},
            'filter:container-quotas': {'use': 'egg:swift#container_quotas'},
            'filter:keystone': {
                'paste.filter_factory': 'swift.common.middleware.'
                                        'keystoneauth:filter_factory',
                'operator_roles': 'Member,Admin'
            },
            'filter:authtoken': {
                'paste.filter_factory': 'keystone.middleware.auth_token:'
                                        'filter_factory',
                'auth_host': auth_host,
                'auth_port': keystone_relation['auth_port'],
                'auth_protocol': auth_protocol,
                'auth_uri': '{}://{}:{}'.format(auth_protocol, auth_host,
                                             keystone_relation['service_port']),
                'admin_tenant_name': keystone_relation['service_tenant'],
                'admin_user': keystone_relation['service_username'],
                'admin_password': keystone_relation['service_password'],
                'delay_auth_decision': 'true',
                'signing_dir': '/var/cache/swift'
            },
            'filter:s3token': {
                'paste.filter_factory': 'keystone.middleware.s3_token:'
                                        'filter_factory',
                'service_host': keystone_relation['service_host'],
                'service_port': keystone_relation['service_port'],
                'auth_port': keystone_relation['auth_port'],
                'auth_host': keystone_relation['auth_host'],
                'auth_protocol': keystone_relation['auth_protocol'],
                'auth_token': keystone_relation['admin_token'],
                'admin_token': keystone_relation['admin_token'],
                'service_protocol': keystone_relation['service_protocol']
            },
            'filter:swift3': {'use': 'egg:swift3#swift3'}
        }

        for section, pairs in expected.iteritems():
            ret = u.validate_config_data(unit, conf, section, pairs)
            if ret:
                message = "proxy-server config error: {}".format(ret)
                amulet.raise_status(amulet.FAIL, msg=message)

    def test_proxy_server_folsom_config(self):
        """Verify the data in the proxy-server config file."""
        if self._get_openstack_release() != self.precise_folsom:
            return

        unit = self.swift_proxy_sentry
        conf = '/etc/swift/proxy-server.conf'
        keystone_relation = self.keystone_sentry.relation('identity-service',
                                                 'swift-proxy:identity-service')
        swift_proxy_relation = unit.relation('identity-service',
                                             'keystone:identity-service')
        swift_proxy_ip = swift_proxy_relation['private-address']
        auth_host = keystone_relation['auth_host']
        auth_protocol = keystone_relation['auth_protocol']

        expected = {
            'DEFAULT': {
                'bind_port': '8070',
                'user': 'swift'
            },
            'pipeline:main': {
                'pipeline': 'healthcheck cache swift3 s3token authtoken '
                            'keystone proxy-server'
            },
            'app:proxy-server': {
                'use': 'egg:swift#proxy',
                'allow_account_management': 'true',
                'account_autocreate': 'true',
                'node_timeout': '60',
                'recoverable_node_timeout': '30'
            },
            'filter:tempauth': {
                'use': 'egg:swift#tempauth',
                'user_system_root': 'testpass .admin https://{}:8080/v1/'
                                    'AUTH_system'.format(swift_proxy_ip)
            },
            'filter:healthcheck': {'use': 'egg:swift#healthcheck'},
            'filter:cache': {
                'use': 'egg:swift#memcache',
                'memcache_servers': '{}:11211'.format(swift_proxy_ip)
            },
            'filter:keystone': {
                'paste.filter_factory': 'keystone.middleware.swift_auth:'
                                        'filter_factory',
                'operator_roles': 'Member,Admin'
            },
            'filter:authtoken': {
                'paste.filter_factory': 'keystone.middleware.auth_token:'
                                        'filter_factory',
                'auth_host': auth_host,
                'auth_port': keystone_relation['auth_port'],
                'auth_protocol': auth_protocol,
                'auth_uri': '{}://{}:{}'.format(auth_protocol, auth_host,
                                             keystone_relation['service_port']),
                'admin_tenant_name': keystone_relation['service_tenant'],
                'admin_user': keystone_relation['service_username'],
                'admin_password': keystone_relation['service_password'],
                'delay_auth_decision': '1'
            },
            'filter:s3token': {
                'paste.filter_factory': 'keystone.middleware.s3_token:'
                                        'filter_factory',
                'service_host': keystone_relation['service_host'],
                'service_port': keystone_relation['service_port'],
                'auth_port': keystone_relation['auth_port'],
                'auth_host': keystone_relation['auth_host'],
                'auth_protocol': keystone_relation['auth_protocol'],
                'auth_token': keystone_relation['admin_token'],
                'admin_token': keystone_relation['admin_token'],
                'service_protocol': keystone_relation['service_protocol']
            },
            'filter:swift3': {'use': 'egg:swift#swift3'}
        }

        for section, pairs in expected.iteritems():
            ret = u.validate_config_data(unit, conf, section, pairs)
            if ret:
                message = "proxy-server config error: {}".format(ret)
                amulet.raise_status(amulet.FAIL, msg=message)

    def test_proxy_server_essex_config(self):
        """Verify the data in the proxy-server config file."""
        if self._get_openstack_release() != self.precise_essex:
            return

        unit = self.swift_proxy_sentry
        conf = '/etc/swift/proxy-server.conf'
        keystone_relation = self.keystone_sentry.relation('identity-service',
                                                 'swift-proxy:identity-service')
        swift_proxy_relation = unit.relation('identity-service',
                                             'keystone:identity-service')
        swift_proxy_ip = swift_proxy_relation['private-address']
        auth_host = keystone_relation['auth_host']
        auth_protocol = keystone_relation['auth_protocol']

        expected = {
            'DEFAULT': {
                'bind_port': '8070',
                'user': 'swift'
            },
            'pipeline:main': {
                'pipeline': 'healthcheck cache swift3 s3token authtoken '
                            'keystone proxy-server'
            },
            'app:proxy-server': {
                'use': 'egg:swift#proxy',
                'allow_account_management': 'true',
                'account_autocreate': 'true',
                'node_timeout': '60',
                'recoverable_node_timeout': '30'
            },
            'filter:tempauth': {
                'use': 'egg:swift#tempauth',
                'user_system_root': 'testpass .admin https://{}:8080/v1/'
                                    'AUTH_system'.format(swift_proxy_ip)
            },
            'filter:healthcheck': {'use': 'egg:swift#healthcheck'},
            'filter:cache': {
                'use': 'egg:swift#memcache',
                'memcache_servers': '{}:11211'.format(swift_proxy_ip)
            },
            'filter:keystone': {
                'paste.filter_factory': 'keystone.middleware.swift_auth:'
                                        'filter_factory',
                'operator_roles': 'Member,Admin'
            },
            'filter:authtoken': {
                'paste.filter_factory': 'keystone.middleware.auth_token:'
                                        'filter_factory',
                'auth_host': auth_host,
                'auth_port': keystone_relation['auth_port'],
                'auth_protocol': auth_protocol,
                'auth_uri': '{}://{}:{}'.format(auth_protocol, auth_host,
                                         keystone_relation['service_port']),
                'admin_tenant_name': keystone_relation['service_tenant'],
                'admin_user': keystone_relation['service_username'],
                'admin_password': keystone_relation['service_password'],
                'delay_auth_decision': '1'
            },
            'filter:s3token': {
                'paste.filter_factory': 'keystone.middleware.s3_token:'
                                        'filter_factory',
                'service_host': keystone_relation['service_host'],
                'service_port': keystone_relation['service_port'],
                'auth_port': keystone_relation['auth_port'],
                'auth_host': keystone_relation['auth_host'],
                'auth_protocol': keystone_relation['auth_protocol'],
                'auth_token': keystone_relation['admin_token'],
                'admin_token': keystone_relation['admin_token'],
                'service_protocol': keystone_relation['service_protocol']
            },
            'filter:swift3': {'use': 'egg:swift#swift3'}
        }

        for section, pairs in expected.iteritems():
            ret = u.validate_config_data(unit, conf, section, pairs)
            if ret:
                message = "proxy-server config error: {}".format(ret)
                amulet.raise_status(amulet.FAIL, msg=message)

    def test_image_create(self):
        """Create an instance in glance, which is backed by swift, and validate
           that some of the metadata for the image match in glance and swift."""
        # NOTE(coreycb): Skipping failing test on folsom until resolved. On
        #                folsom only, uploading an image to glance gets 400 Bad
        #                Request - Error uploading image: (error): [Errno 111]
        #                ECONNREFUSED (HTTP 400)
        if self._get_openstack_release() == self.precise_folsom:
            u.log.error("Skipping failing test until resolved")
            return

        # Create glance image
        image = u.create_cirros_image(self.glance, "cirros-image")
        if not image:
            amulet.raise_status(amulet.FAIL, msg="Image create failed")

        # Validate that cirros image exists in glance and get its checksum/size
        images = list(self.glance.images.list())
        if len(images) != 1:
            msg = "Expected 1 glance image, found {}".format(len(images))
            amulet.raise_status(amulet.FAIL, msg=msg)

        if images[0].name != 'cirros-image':
            message = "cirros image does not exist"
            amulet.raise_status(amulet.FAIL, msg=message)

        glance_image_md5 = image.checksum
        glance_image_size = image.size

        # Validate that swift object's checksum/size match that from glance
        headers, containers = self.swift.get_account()
        if len(containers) != 1:
            msg = "Expected 1 swift container, found {}".format(len(containers))
            amulet.raise_status(amulet.FAIL, msg=msg)

        container_name = containers[0].get('name')

        headers, objects = self.swift.get_container(container_name)
        if len(objects) != 1:
            msg = "Expected 1 swift object, found {}".format(len(objects))
            amulet.raise_status(amulet.FAIL, msg=msg)

        swift_object_size = objects[0].get('bytes')
        swift_object_md5 = objects[0].get('hash')

        if glance_image_size != swift_object_size:
            msg = "Glance image size {} != swift object size {}".format( \
                                           glance_image_size, swift_object_size)
            amulet.raise_status(amulet.FAIL, msg=msg)

        if glance_image_md5 != swift_object_md5:
            msg = "Glance image hash {} != swift object hash {}".format( \
                                             glance_image_md5, swift_object_md5)
            amulet.raise_status(amulet.FAIL, msg=msg)

        # Cleanup
        u.delete_image(self.glance, image)