Add tests for PAM authentication.

Bug: 1003829

* keystone/config.py
  Define defaults for pam.

* tests/backend_pam.conf
  Defaults to execute pam tests.

* tests/test_backend_pam.py
  New script to test all implemented methods for pam backend.

Change-Id: I891f080c36fbdc1d641d49edf9fe762702b591b6

keystone/config.py

@@ -179,3 +179,8 @@ register_str('role_tree_dn', group='ldap', default=None)
 register_str('role_objectclass', group='ldap', default='organizationalRole')
 register_str('role_id_attribute', group='ldap', default='cn')
 register_str('role_member_attribute', group='ldap', default='roleOccupant')
+
+#pam
+register_str('url', group='pam', default=None)
+register_str('userid', group='pam', default=None)
+register_str('password', group='pam', default=None)

tests/backend_pam.conf

@@ -0,0 +1,7 @@
+[pam]
+url = fake://memory
+userid = fakeuser
+password = fakepass
+
+[identity]
+driver = keystone.identity.backends.pam.PamIdentity

tests/test_backend_pam.py

@@ -0,0 +1,66 @@
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright 2012 OpenStack LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import uuid
+
+from keystone import config
+from keystone.identity.backends import pam as identity_pam
+from keystone import test
+
+import default_fixtures
+
+
+CONF = config.CONF
+
+
+class PamIdentity(test.TestCase):
+    def setUp(self):
+        super(PamIdentity, self).setUp()
+        self.config([test.etcdir('keystone.conf.sample'),
+                     test.testsdir('test_overrides.conf'),
+                     test.testsdir('backend_pam.conf')])
+        self.identity_api = identity_pam.PamIdentity()
+        id = uuid.uuid4().hex
+        self.tenant_in = {'id': id, 'name': id}
+        self.user_in = {'id': CONF.pam.userid, 'name': CONF.pam.userid}
+
+    def test_get_tenant(self):
+        tenant_out = self.identity_api.get_tenant(self.tenant_in['id'])
+        self.assertDictEqual(self.tenant_in, tenant_out)
+
+    def test_get_tenant_by_name(self):
+        tenant_out = self.identity_api.\
+                          get_tenant_by_name(self.tenant_in['name'])
+        self.assertDictEqual(self.tenant_in, tenant_out)
+
+    def test_get_user(self):
+        user_out = self.identity_api.get_user(self.user_in['id'])
+        self.assertDictEqual(self.user_in, user_out)
+
+    def test_get_user_by_name(self):
+        user_out = self.identity_api.get_user_by_name(self.user_in['name'])
+        self.assertDictEqual(self.user_in, user_out)
+
+    def test_get_metadata_for_non_root(self):
+        metadata_out = self.identity_api.get_metadata(self.user_in['id'],
+                                                      self.tenant_in['id'])
+        self.assertDictEqual({}, metadata_out)
+
+    def test_get_metadata_for_root(self):
+        metadata = {'is_admin': True}
+        metadata_out = self.identity_api.get_metadata('root',
+                                                      self.tenant_in['id'])
+        self.assertDictEqual(metadata, metadata_out)