17 files changed, 612 insertions, 15 deletions

diff --git a/gluster/swift/common/middleware/gswauth/swauth/middleware.py b/gluster/swift/common/middleware/gswauth/swauth/middleware.py
index 8712350..4cf61cd 100644
--- a/gluster/swift/common/middleware/gswauth/swauth/middleware.py
+++ b/gluster/swift/common/middleware/gswauth/swauth/middleware.py
@@ -92,7 +92,7 @@ class Swauth(object):
                     pass
                 raise ValueError(msg)
         self.swauth_remote_timeout = int(conf.get('swauth_remote_timeout', 10))
-        self.auth_account = '%s.auth' % self.reseller_prefix
+        self.auth_account = '%sgsmetadata' % self.reseller_prefix
         self.default_swift_cluster = conf.get(
             'default_swift_cluster',
             'local#http://127.0.0.1:8080/v1')
@@ -398,7 +398,7 @@ class Swauth(object):
         user_groups = (req.remote_user or '').split(',')
         if '.reseller_admin' in user_groups and \
                 account != self.reseller_prefix and \
-                account[len(self.reseller_prefix)] != '.':
+                account[len(self.reseller_prefix):] != 'gsmetadata':
             req.environ['swift_owner'] = True
             return None
         if account in user_groups and \
diff --git a/glusterfs-openstack-swift.spec b/glusterfs-openstack-swift.spec
index 480f92e..4bec454 100644
--- a/glusterfs-openstack-swift.spec
+++ b/glusterfs-openstack-swift.spec
@@ -89,6 +89,15 @@ rm -rf %{buildroot}
 %{python_sitelib}/gluster_swift-%{version}-*.egg-info
 %{_bindir}/gluster-swift-gen-builders
 %{_bindir}/gluster-swift-print-metadata
+%{_bindir}/swauth-add-account
+%{_bindir}/swauth-add-user
+%{_bindir}/swauth-cleanup-tokens
+%{_bindir}/swauth-delete-account
+%{_bindir}/swauth-delete-user
+%{_bindir}/swauth-list
+%{_bindir}/swauth-prep
+%{_bindir}/swauth-set-account-service
+
 %dir %{_confdir}
 %config %{_confdir}/account-server.conf-gluster
 %config %{_confdir}/container-server.conf-gluster
diff --git a/setup.py b/setup.py
index 4d26888..488f98f 100644
--- a/setup.py
+++ b/setup.py
@@ -48,6 +48,16 @@ setup(
     scripts=[
         'bin/gluster-swift-gen-builders',
         'bin/gluster-swift-print-metadata',
+        'gluster/swift/common/middleware/gswauth/bin/swauth-add-account',
+        'gluster/swift/common/middleware/gswauth/bin/swauth-add-user',
+        'gluster/swift/common/middleware/gswauth/bin/swauth-cleanup-tokens',
+        'gluster/swift/common/middleware/gswauth/bin/swauth-delete-account',
+        'gluster/swift/common/middleware/gswauth/bin/swauth-delete-user',
+        'gluster/swift/common/middleware/gswauth/bin/swauth-list',
+        'gluster/swift/common/middleware/gswauth/bin/swauth-prep',
+        'gluster/swift/common/middleware/gswauth/bin/'
+        'swauth-set-account-service',
+
     ],
     entry_points={
         'paste.app_factory': [
@@ -56,5 +66,9 @@ setup(
             'container=gluster.swift.container.server:app_factory',
             'account=gluster.swift.account.server:app_factory',
         ],
+        'paste.filter_factory': [
+            'swauth=gluster.swift.common.middleware.gswauth.swauth.middleware:'
+            'filter_factory',
+        ],
     },
 )
diff --git a/test/functional_auth/__init__.py b/test/functional_auth/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/test/functional_auth/__init__.py
diff --git a/test/functional_auth/gswauth/__init__.py b/test/functional_auth/gswauth/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/test/functional_auth/gswauth/__init__.py
diff --git a/test/functional_auth/gswauth/conf/account-server.conf b/test/functional_auth/gswauth/conf/account-server.conf
new file mode 100644
index 0000000..4996367
--- /dev/null
+++ b/test/functional_auth/gswauth/conf/account-server.conf
@@ -0,0 +1,32 @@
+[DEFAULT]
+devices = /mnt/gluster-object
+#
+# Once you are confident that your startup processes will always have your
+# gluster volumes properly mounted *before* the account-server workers start,
+# you can *consider* setting this value to "false" to reduce the per-request
+# overhead it can incur.
+#
+# *** Keep false for Functional Tests ***
+mount_check = false
+bind_port = 6012
+#
+# Override swift's default behaviour for fallocate.
+disable_fallocate = true
+#
+# One or two workers should be sufficient for almost any installation of
+# Gluster.
+workers = 1
+
+[pipeline:main]
+pipeline = account-server
+
+[app:account-server]
+use = egg:gluster_swift#account
+user = root
+log_facility = LOG_LOCAL2
+log_level = WARN
+#
+# After ensuring things are running in a stable manner, you can turn off
+# normal request logging for the account server to unclutter the log
+# files. Warnings and errors will still be logged.
+log_requests = off
diff --git a/test/functional_auth/gswauth/conf/container-server.conf b/test/functional_auth/gswauth/conf/container-server.conf
new file mode 100644
index 0000000..122d97e
--- /dev/null
+++ b/test/functional_auth/gswauth/conf/container-server.conf
@@ -0,0 +1,35 @@
+[DEFAULT]
+devices = /mnt/gluster-object
+#
+# Once you are confident that your startup processes will always have your
+# gluster volumes properly mounted *before* the container-server workers
+# start, you can *consider* setting this value to "false" to reduce the
+# per-request overhead it can incur.
+#
+# *** Keep false for Functional Tests ***
+mount_check = false
+bind_port = 6011
+#
+# Override swift's default behaviour for fallocate.
+disable_fallocate = true
+#
+# One or two workers should be sufficient for almost any installation of
+# Gluster.
+workers = 1
+
+[pipeline:main]
+pipeline = container-server
+
+[app:container-server]
+use = egg:gluster_swift#container
+user = root
+log_facility = LOG_LOCAL2
+log_level = WARN
+#
+# After ensuring things are running in a stable manner, you can turn off
+# normal request logging for the container server to unclutter the log
+# files. Warnings and errors will still be logged.
+log_requests = off
+
+#enable object versioning for functional test
+allow_versions = on
diff --git a/test/functional_auth/gswauth/conf/fs.conf b/test/functional_auth/gswauth/conf/fs.conf
new file mode 100644
index 0000000..b06a854
--- /dev/null
+++ b/test/functional_auth/gswauth/conf/fs.conf
@@ -0,0 +1,19 @@
+[DEFAULT]
+#
+# IP address of a node in the GlusterFS server cluster hosting the
+# volumes to be served via Swift API.
+mount_ip = localhost
+
+# Performance optimization parameter. When turned off, the filesystem will
+# see a reduced number of stat calls, resulting in substantially faster
+# response time for GET and HEAD container requests on containers with large
+# numbers of objects, at the expense of an accurate count of combined bytes
+# used by all objects in the container. For most installations "off" works
+# fine.
+#
+# *** Keep on for Functional Tests ***
+accurate_size_in_listing = on
+
+# *** Keep on for Functional Tests ***
+container_update_object_count = on
+account_update_container_count = on
diff --git a/test/functional_auth/gswauth/conf/object-expirer.conf b/test/functional_auth/gswauth/conf/object-expirer.conf
new file mode 100644
index 0000000..b75963c
--- /dev/null
+++ b/test/functional_auth/gswauth/conf/object-expirer.conf
@@ -0,0 +1,17 @@
+[DEFAULT]
+
+[object-expirer]
+# auto_create_account_prefix = .
+
+[pipeline:main]
+pipeline = catch_errors cache proxy-server
+
+[app:proxy-server]
+use = egg:swift#proxy
+
+[filter:cache]
+use = egg:swift#memcache
+memcache_servers = 127.0.0.1:11211
+
+[filter:catch_errors]
+use = egg:swift#catch_errors
diff --git a/test/functional_auth/gswauth/conf/object-server.conf b/test/functional_auth/gswauth/conf/object-server.conf
new file mode 100644
index 0000000..3cb9ead
--- /dev/null
+++ b/test/functional_auth/gswauth/conf/object-server.conf
@@ -0,0 +1,48 @@
+[DEFAULT]
+devices = /mnt/gluster-object
+#
+# Once you are confident that your startup processes will always have your
+# gluster volumes properly mounted *before* the object-server workers start,
+# you can *consider* setting this value to "false" to reduce the per-request
+# overhead it can incur.
+#
+# *** Keep false for Functional Tests ***
+mount_check = false
+bind_port = 6010
+#
+# Maximum number of clients one worker can process simultaneously (it will
+# actually accept N + 1). Setting this to one (1) will only handle one request
+# at a time, without accepting another request concurrently. By increasing the
+# number of workers to a much higher value, one can prevent slow file system
+# operations for one request from starving other requests.
+max_clients = 1024
+#
+# If not doing the above, setting this value initially to match the number of
+# CPUs is a good starting point for determining the right value.
+workers = 1
+# Override swift's default behaviour for fallocate.
+disable_fallocate = true
+
+[pipeline:main]
+pipeline = object-server
+
+[app:object-server]
+use = egg:gluster_swift#object
+user = root
+log_facility = LOG_LOCAL2
+log_level = WARN
+#
+# For performance, after ensuring things are running in a stable manner, you
+# can turn off normal request logging for the object server to reduce the
+# per-request overhead and unclutter the log files. Warnings and errors will
+# still be logged.
+log_requests = off
+#
+# Adjust this value to match the stripe width of the underlying storage array
+# (not the stripe element size). This will provide a reasonable starting point
+# for tuning this value.
+disk_chunk_size = 65536
+#
+# Adjust this value match whatever is set for the disk_chunk_size initially.
+# This will provide a reasonable starting point for tuning this value.
+network_chunk_size = 65556
diff --git a/test/functional_auth/gswauth/conf/proxy-server.conf b/test/functional_auth/gswauth/conf/proxy-server.conf
new file mode 100644
index 0000000..ddb0290
--- /dev/null
+++ b/test/functional_auth/gswauth/conf/proxy-server.conf
@@ -0,0 +1,72 @@
+[DEFAULT]
+bind_port = 8080
+user = root
+# Consider using 1 worker per CPU
+workers = 1
+
+[pipeline:main]
+pipeline = catch_errors healthcheck proxy-logging cache swauth proxy-logging proxy-server
+
+[app:proxy-server]
+use = egg:gluster_swift#proxy
+log_facility = LOG_LOCAL1
+log_level = WARN
+# The API allows for account creation and deletion, but since Gluster/Swift
+# automounts a Gluster volume for a given account, there is no way to create
+# or delete an account. So leave this off.
+allow_account_management = true
+account_autocreate = true
+# Only need to recheck the account exists once a day
+recheck_account_existence = 86400
+# May want to consider bumping this up if containers are created and destroyed
+# infrequently.
+recheck_container_existence = 60
+# Timeout clients that don't read or write to the proxy server after 5
+# seconds.
+client_timeout = 5
+# Give more time to connect to the object, container or account servers in
+# cases of high load.
+conn_timeout = 5
+# For high load situations, once connected to an object, container or account
+# server, allow for delays communicating with them.
+node_timeout = 60
+# May want to consider bumping up this value to 1 - 4 MB depending on how much
+# traffic is for multi-megabyte or gigabyte requests; perhaps matching the
+# stripe width (not stripe element size) of your storage volume is a good
+# starting point. See below for sizing information.
+object_chunk_size = 65536
+# If you do decide to increase the object_chunk_size, then consider lowering
+# this value to one. Up to "put_queue_length" object_chunk_size'd buffers can
+# be queued to the object server for processing. Given one proxy server worker
+# can handle up to 1,024 connections, by default, it will consume 10 * 65,536
+# * 1,024 bytes of memory in the worse case (default values). Be sure the
+# amount of memory available on the system can accommodate increased values
+# for object_chunk_size.
+put_queue_depth = 10
+
+[filter:catch_errors]
+use = egg:swift#catch_errors
+
+[filter:proxy-logging]
+use = egg:swift#proxy_logging
+
+[filter:healthcheck]
+use = egg:swift#healthcheck
+
+[filter:tempauth]
+use = egg:swift#tempauth
+user_admin_admin = admin .admin .reseller_admin
+user_test_tester = testing .admin
+user_test2_tester2 = testing2 .admin
+user_test_tester3 = testing3
+
+[filter:swauth]
+use = egg:gluster_swift#swauth
+set log_name = swauth
+super_admin_key = swauthkey
+
+[filter:cache]
+use = egg:swift#memcache
+# Update this line to contain a comma separated list of memcache servers
+# shared by all nodes running the proxy-server service.
+memcache_servers = localhost:11211
diff --git a/test/functional_auth/gswauth/conf/swift.conf b/test/functional_auth/gswauth/conf/swift.conf
new file mode 100644
index 0000000..f64ba5a
--- /dev/null
+++ b/test/functional_auth/gswauth/conf/swift.conf
@@ -0,0 +1,85 @@
+[DEFAULT]
+
+
+[swift-hash]
+# random unique string that can never change (DO NOT LOSE)
+swift_hash_path_suffix = gluster
+
+
+# The swift-constraints section sets the basic constraints on data
+# saved in the swift cluster.
+
+[swift-constraints]
+
+# max_file_size is the largest "normal" object that can be saved in
+# the cluster. This is also the limit on the size of each segment of
+# a "large" object when using the large object manifest support.
+# This value is set in bytes. Setting it to lower than 1MiB will cause
+# some tests to fail.
+# Default is 1 TiB = 2**30*1024
+max_file_size = 1099511627776
+
+
+# max_meta_name_length is the max number of bytes in the utf8 encoding
+# of the name portion of a metadata header.
+
+#max_meta_name_length = 128
+
+
+# max_meta_value_length is the max number of bytes in the utf8 encoding
+# of a metadata value
+
+#max_meta_value_length = 256
+
+
+# max_meta_count is the max number of metadata keys that can be stored
+# on a single account, container, or object
+
+#max_meta_count = 90
+
+
+# max_meta_overall_size is the max number of bytes in the utf8 encoding
+# of the metadata (keys + values)
+
+#max_meta_overall_size = 4096
+
+
+# max_object_name_length is the max number of bytes in the utf8 encoding of an
+# object name: Gluster FS can handle much longer file names, but the length
+# between the slashes of the URL is handled below. Remember that most web
+# clients can't handle anything greater than 2048, and those that do are
+# rather clumsy.
+
+max_object_name_length = 2048
+
+# max_object_name_component_length (GlusterFS) is the max number of bytes in
+# the utf8 encoding of an object name component (the part between the
+# slashes); this is a limit imposed by the underlying file system (for XFS it
+# is 255 bytes).
+
+max_object_name_component_length = 255
+
+# container_listing_limit is the default (and max) number of items
+# returned for a container listing request
+
+#container_listing_limit = 10000
+
+
+# account_listing_limit is the default (and max) number of items returned
+# for an account listing request
+
+#account_listing_limit = 10000
+
+
+# max_account_name_length is the max number of bytes in the utf8 encoding of
+# an account name: Gluster FS Filename limit (XFS limit?), must be the same
+# size as max_object_name_component_length above.
+
+max_account_name_length = 255
+
+
+# max_container_name_length is the max number of bytes in the utf8 encoding
+# of a container name: Gluster FS Filename limit (XFS limit?), must be the same
+# size as max_object_name_component_length above.
+
+max_container_name_length = 255
diff --git a/test/functional_auth/gswauth/conf/test.conf b/test/functional_auth/gswauth/conf/test.conf
new file mode 100644
index 0000000..7f7f5cf
--- /dev/null
+++ b/test/functional_auth/gswauth/conf/test.conf
@@ -0,0 +1,54 @@
+[func_test]
+# sample config
+auth_host = 127.0.0.1
+auth_port = 8080
+auth_ssl = no
+auth_prefix = /auth/
+## sample config for Swift with Keystone
+#auth_version = 2
+#auth_host = localhost
+#auth_port = 5000
+#auth_ssl = no
+#auth_prefix = /v2.0/
+
+# GSWauth internal admin user configuration information
+admin_key = swauthkey
+admin_user = .super_admin
+
+# Primary functional test account (needs admin access to the account)
+account = test
+username = tester
+password = testing
+
+# User on a second account (needs admin access to the account)
+account2 = test2
+username2 = tester2
+password2 = testing2
+
+# User on same account as first, but without admin access
+username3 = tester3
+password3 = testing3
+
+# Default constraints if not defined here, the test runner will try
+# to set them from /etc/swift/swift.conf. If that file isn't found,
+# the test runner will skip tests that depend on these values.
+# Note that the cluster must have "sane" values for the test suite to pass.
+#max_file_size = 5368709122
+#max_meta_name_length = 128
+#max_meta_value_length = 256
+#max_meta_count = 90
+#max_meta_overall_size = 4096
+#max_object_name_length = 1024
+#container_listing_limit = 10000
+#account_listing_limit = 10000
+#max_account_name_length = 256
+#max_container_name_length = 256
+normalized_urls = True
+
+collate = C
+
+[unit_test]
+fake_syslog = False
+
+[probe_test]
+# check_server_timeout = 30
diff --git a/test/functional_auth/gswauth/test_gswauth.py b/test/functional_auth/gswauth/test_gswauth.py
new file mode 100644
index 0000000..069270e
--- /dev/null
+++ b/test/functional_auth/gswauth/test_gswauth.py
@@ -0,0 +1,95 @@
+#!/usr/bin/python
+
+# Copyright (c) 2010-2012 OpenStack Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import unittest
+from nose import SkipTest
+from swift.common.bufferedhttp import http_connect_raw as http_connect
+from test import get_config
+
+config = get_config('func_test')
+
+class TestGSWauth(unittest.TestCase):
+
+    def setUp(self):
+        #TODO
+        None
+
+    def tearDown(self):
+        #TODO
+        None
+
+    def _get_admin_headers(self):
+        return {'X-Auth-Admin-User': config['admin_user'],
+                'X-Auth-Admin-Key': config['admin_key']}
+
+    def _check_test_account_does_not_exist(self):
+        # check account exists
+        path = '%sv2/%s' % (config['auth_prefix'], config['account'])
+
+        headers = self._get_admin_headers()
+        headers.update({'Content-Length': '0'})
+        conn = http_connect(config['auth_host'], config['auth_port'], 'GET',
+                path, headers)
+        resp = conn.getresponse()
+        self.assertTrue(resp.status == 404)
+
+    def _create_test_account(self):
+        # create account in swauth (not a swift account)
+        # This current version only supports one account per volume
+        # and the account name is the same as the volume name
+        # still an account must be created with swauth to map
+        # swauth accounts with swift accounts
+        path = '%sv2/%s' % (config['auth_prefix'], config['account'])
+        headers = self._get_admin_headers()
+        headers.update({'Content-Length': '0'})
+        conn = http_connect(config['auth_host'], config['auth_port'], 'PUT',
+                path, headers)
+        resp = conn.getresponse()
+        self.assertTrue(resp.status == 201)
+
+    def _delete_test_account(self):
+        # delete account in swauth (not a swift account)
+        # @see _create_test_account
+        path = '%sv2/%s' % (config['auth_prefix'], config['account'])
+        headers = self._get_admin_headers()
+        headers.update({'Content-Length': '0'})
+        conn = http_connect(config['auth_host'], config['auth_port'],
+                'DELETE', path, headers)
+        resp = conn.getresponse()
+        self.assertTrue(resp.status == 204)
+
+    def test_add_account(self):
+        self._check_test_account_does_not_exist()
+        self._create_test_account()
+        self._delete_test_account()
+
+    def test_add_user(self):
+        # check and create account
+        self._check_test_account_does_not_exist()
+        self._create_test_account()
+
+        # create user
+        path = '%sv2/%s/%s' % (config['auth_prefix'], config['account'],
+                config['username'])
+        headers = self._get_admin_headers()
+        headers.update({'X-Auth-User-Key': config['password'],
+                        'Content-Length': '0',
+                        'X-Auth-User-Admin': 'true'})
+        conn = http_connect(config['auth_host'], config['auth_port'], 'PUT',
+                path, headers)
+        resp = conn.getresponse()
+        self.assertTrue(resp.status == 201)
diff --git a/test/unit/common/middleware/gswauth/swauth/test_middleware.py b/test/unit/common/middleware/gswauth/swauth/test_middleware.py
index 6cd0b36..71c57ab 100644
--- a/test/unit/common/middleware/gswauth/swauth/test_middleware.py
+++ b/test/unit/common/middleware/gswauth/swauth/test_middleware.py
@@ -1180,7 +1180,7 @@ class TestAuth(unittest.TestCase):
 
     def test_prep_success(self):
         list_to_iter = [
-            # PUT of .auth account
+            # PUT of gsmetadata account
             ('201 Created', {}, ''),
             # PUT of .account_id container
             ('201 Created', {}, '')]
@@ -1266,7 +1266,7 @@ class TestAuth(unittest.TestCase):
 
     def test_prep_fail_account_create(self):
         self.test_auth.app = FakeApp(iter([
-            # PUT of .auth account
+            # PUT of gsmetadata account
             ('503 Service Unavailable', {}, '')]))
         resp = Request.blank('/auth/v2/.prep',
                              environ={
@@ -1281,7 +1281,7 @@ class TestAuth(unittest.TestCase):
 
     def test_prep_fail_token_container_create(self):
         self.test_auth.app = FakeApp(iter([
-            # PUT of .auth account
+            # PUT of gsmetadata account
             ('201 Created', {}, ''),
             # PUT of .token container
             ('503 Service Unavailable', {}, '')]))
@@ -1298,7 +1298,7 @@ class TestAuth(unittest.TestCase):
 
     def test_prep_fail_account_id_container_create(self):
         self.test_auth.app = FakeApp(iter([
-            # PUT of .auth account
+            # PUT of gsmetadata account
             ('201 Created', {}, ''),
             # PUT of .token container
             ('201 Created', {}, ''),
@@ -1317,13 +1317,13 @@ class TestAuth(unittest.TestCase):
 
     def test_get_reseller_success(self):
         self.test_auth.app = FakeApp(iter([
-            # GET of .auth account (list containers)
+            # GET of gsmetadata account (list containers)
             ('200 Ok', {}, json.dumps([
                 {"name": ".token", "count": 0, "bytes": 0},
                 {"name": ".account_id",
                     "count": 0, "bytes": 0},
                 {"name": "act", "count": 0, "bytes": 0}])),
-            # GET of .auth account (list containers
+            # GET of gsmetadata account (list containers
             # continuation)
             ('200 Ok', {}, '[]')]))
         resp = Request.blank('/auth/v2',
@@ -1342,13 +1342,13 @@ class TestAuth(unittest.TestCase):
             ('200 Ok', {}, json.dumps({"groups": [{"name": "act:adm"},
              {"name": "test"}, {"name": ".admin"},
              {"name": ".reseller_admin"}], "auth": "plaintext:key"})),
-            # GET of .auth account (list containers)
+            # GET of gsmetadata account (list containers)
             ('200 Ok', {}, json.dumps([
                 {"name": ".token", "count": 0, "bytes": 0},
                 {"name": ".account_id",
                     "count": 0, "bytes": 0},
                 {"name": "act", "count": 0, "bytes": 0}])),
-            # GET of .auth account (list containers
+            # GET of gsmetadata account (list containers
             # continuation)
             ('200 Ok', {}, '[]')]))
         resp = Request.blank('/auth/v2',
@@ -1405,7 +1405,7 @@ class TestAuth(unittest.TestCase):
 
     def test_get_reseller_fail_listing(self):
         self.test_auth.app = FakeApp(iter([
-            # GET of .auth account (list containers)
+            # GET of gsmetadata account (list containers)
             ('503 Service Unavailable', {}, '')]))
         resp = Request.blank('/auth/v2',
                              headers={
@@ -1417,13 +1417,13 @@ class TestAuth(unittest.TestCase):
         self.assertEquals(self.test_auth.app.calls, 1)
 
         self.test_auth.app = FakeApp(iter([
-            # GET of .auth account (list containers)
+            # GET of gsmetadata account (list containers)
             ('200 Ok', {}, json.dumps([
                 {"name": ".token", "count": 0, "bytes": 0},
                 {"name": ".account_id",
                     "count": 0, "bytes": 0},
                 {"name": "act", "count": 0, "bytes": 0}])),
-            # GET of .auth account (list containers
+            # GET of gsmetadata account (list containers
             # continuation)
             ('503 Service Unavailable', {}, '')]))
         resp = Request.blank('/auth/v2',
@@ -3858,7 +3858,7 @@ class TestAuth(unittest.TestCase):
         except Exception as err:
             exc = err
         self.assertEquals(str(exc), 'Could not get admin user object: '
-                          '/v1/AUTH_.auth/act/usr 503 Service Unavailable')
+                          '/v1/AUTH_gsmetadata/act/usr 503 Service Unavailable')
         self.assertEquals(self.test_auth.app.calls, 1)
 
     def test_get_admin_detail_success(self):
@@ -4079,7 +4079,7 @@ class TestAuth(unittest.TestCase):
 
     def test_reseller_admin_but_account_is_internal_use_only(
             self):
-        req = Request.blank('/v1/AUTH_.auth',
+        req = Request.blank('/v1/AUTH_gsmetadata',
                             environ={'REQUEST_METHOD': 'GET'})
         req.remote_user = 'act:usr,act,.reseller_admin'
         resp = self.test_auth.authorize(req)
diff --git a/tools/gswauth_functional_tests.sh b/tools/gswauth_functional_tests.sh
new file mode 100755
index 0000000..f0d44dd
--- /dev/null
+++ b/tools/gswauth_functional_tests.sh
@@ -0,0 +1,116 @@
+#!/bin/bash
+
+# Copyright (c) 2013 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This program expects to be run by tox in a virtual python environment
+# so that it does not pollute the host development system
+
+sudo_env()
+{
+    sudo bash -c "PATH=$PATH $*"
+}
+
+cleanup()
+{
+        sudo service memcached stop
+        sudo_env swift-init main stop
+        sudo rm -rf /etc/swift > /dev/null 2>&1
+        sudo rm -rf /mnt/gluster-object/test{,2}/* > /dev/null 2>&1
+        sudo setfattr -x user.swift.metadata /mnt/gluster-object/test{,2} > /dev/null 2>&1
+        gswauth_cleanup
+}
+
+gswauth_cleanup()
+{
+        sudo rm -rf /mnt/gluster-object/gsmetadata/.* > /dev/null 2>&1
+        sudo rm -rf /mnt/gluster-object/gsmetadata/* > /dev/null 2>&1
+        sudo setfattr -x user.swift.metadata /mnt/gluster-object/gsmetadata > /dev/null 2>&1
+}
+
+quit()
+{
+        echo "$1"
+        exit 1
+}
+
+
+fail()
+{
+        cleanup
+	quit "$1"
+}
+
+### MAIN ###
+
+# Only run if there is no configuration in the system
+if [ -x /etc/swift ] ; then
+	quit "/etc/swift exists, cannot run functional tests."
+fi
+
+# Check the directories exist
+DIRS="/mnt/gluster-object /mnt/gluster-object/test /mnt/gluster-object/test2 /mnt/gluster-object/gsmetadata"
+for d in $DIRS ; do
+	if [ ! -x $d ] ; then
+		quit "$d must exist on an XFS or GlusterFS volume"
+	fi
+done
+
+export SWIFT_TEST_CONFIG_FILE=/etc/swift/test.conf
+
+# Install the configuration files
+sudo mkdir /etc/swift > /dev/null 2>&1
+sudo cp -r test/functional_auth/gswauth/conf/* /etc/swift || fail "Unable to copy configuration files to /etc/swift"
+sudo_env gluster-swift-gen-builders test test2 gsmetadata || fail "Unable to create ring files"
+
+# Start the services
+sudo service memcached start || fail "Unable to start memcached"
+sudo_env swift-init main start || fail "Unable to start swift"
+
+#swauth-prep
+sudo_env swauth-prep -K swauthkey || fail "Unable to prep gswauth"
+
+mkdir functional_tests > /dev/null 2>&1
+nosetests -v --exe \
+	--with-xunit \
+	--xunit-file functional_tests/gluster-swift-gswauth-functional-TC-report.xml \
+    --with-html-output \
+    --html-out-file functional_tests/gluster-swift-gswauth-functional-result.html \
+    test/functional_auth/gswauth || fail "Functional gswauth test failed"
+
+# clean up gsmetadata dir
+gswauth_cleanup
+
+#swauth-prep
+sudo_env swauth-prep -K swauthkey || fail "Unable to prep gswauth"
+sudo_env swauth-add-user -K swauthkey -a test tester testing || fail "Unable to add user test"
+sudo_env swauth-add-user -K swauthkey -a test2 tester2 testing2 || fail "Unable to add user test2"
+sudo_env swauth-add-user -K swauthkey test tester3 testing3 || fail "Unable to add user test3"
+
+nosetests -v --exe \
+	--with-xunit \
+	--xunit-file functional_tests/gluster-swift-gswauth-generic-functional-TC-report.xml \
+    --with-html-output \
+    --html-out-file functional_tests/gluster-swift-gswauth-generic-functional-result.html \
+    test/functional || fail "Functional tests failed"
+nosetests -v --exe \
+	--with-xunit \
+	--xunit-file functional_tests/gluster-swift-gswauth-functionalnosetests-TC-report.xml \
+    --with-html-output \
+    --html-out-file functional_tests/gluster-swift-gswauth-functionalnosetests-result.html \
+    test/functionalnosetests || fail "Functional-nose tests failed"
+
+cleanup
+exit 0
diff --git a/tox.ini b/tox.ini
index c9e44ac..680b1c4 100644
--- a/tox.ini
+++ b/tox.ini
@@ -23,6 +23,7 @@ downloadcache = ~/cache/pip
 changedir = {toxinidir}
 whitelist_externals=bash
 commands = bash tools/functional_tests.sh
+    bash tools/gswauth_functional_tests.sh
 
 [testenv:pep8]
 deps =