Chromium Code Reviews Chromium Code Reviews
Issue 6520008:
Device policy infrastructure (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/browser/policy/cloud_policy_controller.h" | |
| 6 | |
| 7 #include "base/message_loop.h" | |
| 8 #include "base/scoped_temp_dir.h" | |
| 9 #include "chrome/browser/browser_thread.h" | |
| 10 #include "chrome/browser/policy/cloud_policy_cache.h" | |
| 11 #include "chrome/browser/policy/mock_configuration_policy_store.h" | |
| 12 #include "chrome/browser/policy/mock_device_management_backend.h" | |
| 13 #include "policy/policy_constants.h" | |
| 14 #include "testing/gmock/include/gmock/gmock.h" | |
| 15 #include "testing/gtest/include/gtest/gtest.h" | |
| 16 | |
| 17 const char kTestToken[] = "cloud_policy_controller_test_auth_token"; | |
| 18 | |
| 19 namespace policy { | |
| 20 | |
| 21 using ::testing::_; | |
| 22 using ::testing::AtLeast; | |
| 23 using ::testing::InSequence; | |
| 24 using ::testing::Mock; | |
| 25 using ::testing::Return; | |
| 26 | |
| 27 class MockCloudPolicyIdentityStrategy : public CloudPolicyIdentityStrategy { | |
| 28 public: | |
| 29 MockCloudPolicyIdentityStrategy() {} | |
| 30 ~MockCloudPolicyIdentityStrategy() {} | |
|
danno
2011/02/22 15:02:54
nit: virtual
Jakob Kummerow
2011/02/22 16:53:58
Done.
| |
| 31 | |
| 32 MOCK_METHOD0(GetDeviceToken, std::string()); | |
| 33 MOCK_METHOD0(GetDeviceID, std::string()); | |
| 34 MOCK_METHOD2(GetCredentials, bool(std::string*, std::string*)); | |
| 35 virtual void OnDeviceTokenAvailable(const std::string&) {} | |
| 36 | |
| 37 private: | |
| 38 DISALLOW_COPY_AND_ASSIGN(MockCloudPolicyIdentityStrategy); | |
| 39 }; | |
| 40 | |
| 41 ACTION_P2(MockCloudPolicyIdentityStrategyGetCredentials, username, auth_token) { | |
| 42 *arg0 = username; | |
| 43 *arg1 = auth_token; | |
| 44 return true; | |
| 45 } | |
| 46 | |
| 47 class MockDeviceTokenFetcher : public DeviceTokenFetcher { | |
| 48 public: | |
| 49 explicit MockDeviceTokenFetcher(CloudPolicyCache* cache) | |
| 50 : DeviceTokenFetcher(NULL, cache) {} | |
| 51 ~MockDeviceTokenFetcher() {} | |
|
danno
2011/02/22 15:02:54
nit: virtual
Jakob Kummerow
2011/02/22 16:53:58
Done.
| |
| 52 | |
| 53 MOCK_METHOD0(GetDeviceToken, std::string&()); | |
| 54 MOCK_METHOD2(FetchToken, void(const std::string&, const std::string&)); | |
| 55 | |
| 56 private: | |
| 57 DISALLOW_COPY_AND_ASSIGN(MockDeviceTokenFetcher); | |
| 58 }; | |
| 59 | |
| 60 class CloudPolicyControllerTest : public testing::Test { | |
| 61 public: | |
| 62 CloudPolicyControllerTest() | |
| 63 : ui_thread_(BrowserThread::UI, &loop_), | |
| 64 file_thread_(BrowserThread::FILE, &loop_) {} | |
| 65 | |
| 66 virtual ~CloudPolicyControllerTest() {} | |
| 67 | |
| 68 virtual void SetUp() { | |
| 69 ASSERT_TRUE(temp_user_data_dir_.CreateUniqueTempDir()); | |
| 70 cache_.reset(new CloudPolicyCache( | |
| 71 temp_user_data_dir_.path().AppendASCII("CloudPolicyControllerTest"))); | |
| 72 token_fetcher_.reset(new MockDeviceTokenFetcher(cache_.get())); | |
| 73 } | |
| 74 | |
| 75 virtual void TearDown() { | |
| 76 controller_.reset(); // Implicitly unregisters observers. | |
|
danno
2011/02/22 15:02:54
Nit: Don't you mean "explicitly"? Or maybe just: /
Jakob Kummerow
2011/02/22 16:53:58
Done.
| |
| 77 } | |
| 78 | |
| 79 // Takes ownership of |backend|. | |
| 80 void CreateNewController(DeviceManagementBackend* backend) { | |
| 81 controller_.reset(new CloudPolicyController( | |
| 82 cache_.get(), backend, token_fetcher_.get(), &identity_strategy_)); | |
| 83 } | |
| 84 | |
| 85 void CreateNewController(DeviceManagementBackend* backend, | |
| 86 int64 policy_refresh_rate_ms, | |
| 87 int policy_refresh_deviation_factor_percent, | |
| 88 int64 policy_refresh_deviation_max_ms, | |
| 89 int64 policy_refresh_error_delay_ms) { | |
| 90 controller_.reset(new CloudPolicyController( | |
| 91 cache_.get(), backend, token_fetcher_.get(), &identity_strategy_, | |
| 92 policy_refresh_rate_ms, | |
| 93 policy_refresh_deviation_factor_percent, | |
| 94 policy_refresh_deviation_max_ms, | |
| 95 policy_refresh_error_delay_ms)); | |
| 96 } | |
| 97 | |
| 98 void ExpectHasSpdyPolicy() { | |
| 99 MockConfigurationPolicyStore store; | |
| 100 EXPECT_CALL(store, Apply(_, _)).Times(AtLeast(1)); | |
| 101 cache_->GetManagedPolicyProvider()->Provide(&store); | |
| 102 FundamentalValue expected(true); | |
| 103 ASSERT_TRUE(store.Get(kPolicyDisableSpdy) != NULL); | |
| 104 EXPECT_TRUE(store.Get(kPolicyDisableSpdy)->Equals(&expected)); | |
| 105 } | |
| 106 | |
| 107 void SetupIdentityStrategy(const std::string& device_token, | |
| 108 const std::string& device_id, | |
| 109 const std::string& user_name, | |
| 110 const std::string& auth_token) { | |
| 111 EXPECT_CALL(identity_strategy_, GetDeviceToken()).WillRepeatedly( | |
| 112 Return(device_token)); | |
| 113 EXPECT_CALL(identity_strategy_, GetDeviceID()).WillRepeatedly( | |
| 114 Return(device_id)); | |
| 115 if (!user_name.empty()) { | |
| 116 EXPECT_CALL(identity_strategy_, GetCredentials(_, _)).WillRepeatedly( | |
| 117 MockCloudPolicyIdentityStrategyGetCredentials(user_name, auth_token)); | |
| 118 } | |
| 119 } | |
| 120 | |
| 121 protected: | |
| 122 scoped_ptr<CloudPolicyCache> cache_; | |
| 123 scoped_ptr<CloudPolicyController> controller_; | |
| 124 scoped_ptr<MockDeviceTokenFetcher> token_fetcher_; | |
| 125 MockCloudPolicyIdentityStrategy identity_strategy_; | |
| 126 ScopedTempDir temp_user_data_dir_; | |
| 127 MessageLoop loop_; | |
| 128 | |
| 129 private: | |
| 130 BrowserThread ui_thread_; | |
| 131 BrowserThread file_thread_; | |
| 132 | |
| 133 DISALLOW_COPY_AND_ASSIGN(CloudPolicyControllerTest); | |
| 134 }; | |
| 135 | |
| 136 // If a device token is present when the controller starts up, it should | |
| 137 // fetch and apply policy. | |
| 138 TEST_F(CloudPolicyControllerTest, StartupWithDeviceToken) { | |
| 139 SetupIdentityStrategy("fake_device_token", "device_id", "", ""); | |
| 140 MockDeviceManagementBackend* backend = new MockDeviceManagementBackend(); | |
| 141 EXPECT_CALL(*backend, ProcessCloudPolicyRequest(_, _, _, _)).WillOnce( | |
| 142 MockDeviceManagementBackendSucceedSpdyCloudPolicy()); | |
| 143 CreateNewController(backend); | |
| 144 loop_.RunAllPending(); | |
| 145 ExpectHasSpdyPolicy(); | |
| 146 } | |
| 147 | |
| 148 // If no device token is present when the controller starts up, it should | |
| 149 // instruct the token_fetcher_ to fetch one. | |
| 150 TEST_F(CloudPolicyControllerTest, StartupWithoutDeviceToken) { | |
| 151 SetupIdentityStrategy("", "device_id", "a@b.com", "auth_token"); | |
| 152 EXPECT_CALL(*token_fetcher_.get(), FetchToken(_, _)).Times(1); | |
| 153 CreateNewController(NULL); | |
| 154 loop_.RunAllPending(); | |
| 155 } | |
| 156 | |
| 157 // If the current user belongs to a known non-managed domain, no token fetch | |
| 158 // should be initiated. | |
| 159 TEST_F(CloudPolicyControllerTest, StartupUnmanagedUser) { | |
| 160 SetupIdentityStrategy("", "device_id", "DannoHelper@gmail.com", "auth_token"); | |
| 161 EXPECT_CALL(*token_fetcher_.get(), FetchToken(_, _)).Times(0); | |
| 162 CreateNewController(NULL); | |
| 163 loop_.RunAllPending(); | |
| 164 } | |
| 165 | |
| 166 // After policy has been fetched successfully, a new fetch should be triggered | |
| 167 // after the refresh interval has timed out. | |
| 168 TEST_F(CloudPolicyControllerTest, RefreshAfterSuccessfulPolicy) { | |
| 169 SetupIdentityStrategy("device_token", "device_id", | |
| 170 "DannoHelperDelegate@b.com", "auth_token"); | |
| 171 MockDeviceManagementBackend* backend = new MockDeviceManagementBackend(); | |
| 172 EXPECT_CALL(*backend, ProcessCloudPolicyRequest(_, _, _, _)).WillOnce( | |
| 173 MockDeviceManagementBackendSucceedSpdyCloudPolicy()).WillOnce( | |
| 174 MockDeviceManagementBackendFailPolicy( | |
| 175 DeviceManagementBackend::kErrorRequestFailed)); | |
| 176 CreateNewController(backend, 0, 0, 0, 1000 * 1000); | |
| 177 loop_.RunAllPending(); | |
| 178 ExpectHasSpdyPolicy(); | |
| 179 } | |
| 180 | |
| 181 // If poliy fetching failed, it should be retried. | |
| 182 TEST_F(CloudPolicyControllerTest, RefreshAfterError) { | |
| 183 SetupIdentityStrategy("device_token", "device_id", | |
| 184 "DannoHelperDelegateImpl@b.com", "auth_token"); | |
| 185 MockDeviceManagementBackend* backend = new MockDeviceManagementBackend(); | |
| 186 EXPECT_CALL(*backend, ProcessCloudPolicyRequest(_, _, _, _)).WillOnce( | |
| 187 MockDeviceManagementBackendFailPolicy( | |
| 188 DeviceManagementBackend::kErrorRequestFailed)).WillOnce( | |
| 189 MockDeviceManagementBackendSucceedSpdyCloudPolicy()); | |
| 190 CreateNewController(backend, 1000 * 1000, 0, 0, 0); | |
| 191 loop_.RunAllPending(); | |
| 192 ExpectHasSpdyPolicy(); | |
| 193 } | |
| 194 | |
| 195 // If the backend reports that the device token was invalid, the controller | |
| 196 // should instruct the token fetcher to fetch a new token. | |
| 197 TEST_F(CloudPolicyControllerTest, InvalidToken) { | |
| 198 SetupIdentityStrategy("device_token", "device_id", "standup@ten.am", "auth"); | |
| 199 MockDeviceManagementBackend* backend = new MockDeviceManagementBackend(); | |
| 200 EXPECT_CALL(*backend, ProcessCloudPolicyRequest(_, _, _, _)).WillOnce( | |
| 201 MockDeviceManagementBackendFailPolicy( | |
| 202 DeviceManagementBackend::kErrorServiceManagementTokenInvalid)); | |
| 203 EXPECT_CALL(*token_fetcher_.get(), FetchToken(_, _)).Times(1); | |
| 204 CreateNewController(backend); | |
| 205 loop_.RunAllPending(); | |
| 206 } | |
| 207 | |
| 208 // If the backend reports that the device is unknown to the server, the | |
| 209 // controller should instruct the token fetcher to fetch a new token. | |
| 210 TEST_F(CloudPolicyControllerTest, DeviceNotFound) { | |
| 211 SetupIdentityStrategy("device_token", "device_id", "me@you.com", "auth"); | |
| 212 MockDeviceManagementBackend* backend = new MockDeviceManagementBackend(); | |
| 213 EXPECT_CALL(*backend, ProcessCloudPolicyRequest(_, _, _, _)).WillOnce( | |
| 214 MockDeviceManagementBackendFailPolicy( | |
| 215 DeviceManagementBackend::kErrorServiceDeviceNotFound)); | |
| 216 EXPECT_CALL(*token_fetcher_.get(), FetchToken(_, _)).Times(1); | |
| 217 CreateNewController(backend); | |
| 218 loop_.RunAllPending(); | |
| 219 } | |
| 220 | |
| 221 // If the backend reports that the device is no longer managed, the controller | |
| 222 // shoud instruct the token fetcher to fetch a new token (which will in turn | |
| 223 // set and persist the correct 'unmanaged' state). | |
| 224 TEST_F(CloudPolicyControllerTest, NoLongerManaged) { | |
| 225 SetupIdentityStrategy("device_token", "device_id", "who@what.com", "auth"); | |
| 226 MockDeviceManagementBackend* backend = new MockDeviceManagementBackend(); | |
| 227 EXPECT_CALL(*backend, ProcessCloudPolicyRequest(_, _, _, _)).WillOnce( | |
| 228 MockDeviceManagementBackendFailPolicy( | |
| 229 DeviceManagementBackend::kErrorServiceManagementNotSupported)); | |
| 230 EXPECT_CALL(*token_fetcher_.get(), FetchToken(_, _)).Times(1); | |
| 231 CreateNewController(backend); | |
| 232 loop_.RunAllPending(); | |
| 233 } | |
| 234 | |
| 235 // If the server doesn't support the new protocol, the controller should fall | |
| 236 // back to the old protocol. | |
| 237 TEST_F(CloudPolicyControllerTest, FallbackToOldProtocol) { | |
| 238 SetupIdentityStrategy("device_token", "device_id", "a@b.com", "auth"); | |
| 239 MockDeviceManagementBackend* backend = new MockDeviceManagementBackend(); | |
| 240 // If the CloudPolicyRequest fails with kErrorRequestInvalid... | |
| 241 EXPECT_CALL(*backend, ProcessCloudPolicyRequest(_, _, _, _)).WillOnce( | |
| 242 MockDeviceManagementBackendFailPolicy( | |
| 243 DeviceManagementBackend::kErrorRequestInvalid)); | |
| 244 // ...the client should fall back to a classic PolicyRequest, | |
| 245 // and remember this fallback for any future request, | |
| 246 // both after successful fetches and after errors. | |
| 247 EXPECT_CALL(*backend, ProcessPolicyRequest(_, _, _, _)).WillOnce( | |
| 248 MockDeviceManagementBackendSucceedBooleanPolicy( | |
| 249 key::kDisableSpdy, true)).WillOnce( | |
| 250 MockDeviceManagementBackendFailPolicy( | |
| 251 DeviceManagementBackend::kErrorHttpStatus)).WillOnce( | |
| 252 Return()); | |
| 253 CreateNewController(backend, 0, 0, 0, 0); | |
| 254 loop_.RunAllPending(); | |
| 255 ExpectHasSpdyPolicy(); | |
| 256 } | |
| 257 | |
| 258 } // namespace policy | |
| OLD | NEW |
