Move user cloud policy to BrowserProcess.

chrome/browser/policy/cloud_policy_cache_base.h

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_POLICY_CLOUD_POLICY_CACHE_BASE_H_
 #define CHROME_BROWSER_POLICY_CLOUD_POLICY_CACHE_BASE_H_
 #pragma once
 
 #include "base/gtest_prod_util.h"
 #include "base/memory/scoped_ptr.h"
+#include "base/memory/scoped_vector.h"
 #include "base/observer_list.h"
 #include "base/threading/non_thread_safe.h"
 #include "base/time.h"
 #include "chrome/browser/policy/cloud_policy_subsystem.h"
 #include "chrome/browser/policy/configuration_policy_provider.h"
 #include "chrome/browser/policy/policy_map.h"
 #include "chrome/browser/policy/proto/device_management_backend.pb.h"
 
 namespace policy {
 
 class PolicyMap;
 class PolicyNotifier;
+class CloudPolicyProvider;
 
 namespace em = enterprise_management;
 
 // Caches policy information, as set by calls to |SetPolicy()|, persists
 // it to disk or session_manager (depending on subclass implementation),
 // and makes it available via policy providers.
 class CloudPolicyCacheBase : public base::NonThreadSafe {
  public:
   // Used to distinguish mandatory from recommended policies.
   enum PolicyLevel {
@@ skipping 27 matching lines @@
   // Returns the time at which the policy was last fetched.
   base::Time last_policy_refresh_time() const {
     return last_policy_refresh_time_;
   }
 
   // Get the version of the encryption key currently used for decoding policy.
   // Returns true if the version is available, in which case |version| is filled
   // in.
   bool GetPublicKeyVersion(int* version);
 
+  void AddObserver(ConfigurationPolicyProvider::Observer* observer);

[Mattias Nissler (ping if slow), 2011/05/26 10:20:20]

Reusing that observer interface seems odd, since you're observing a cache, but
not a provider.

[sfeuz, 2011/05/31 07:32:31]

Created a seperate interface for CloudPolicyCacheBase.
Done.

+  void RemoveObserver(ConfigurationPolicyProvider::Observer* observer);
+
+  PolicyMap* mandatory_policy();
+  PolicyMap* recommended_policy();
+
+  // See comment for |initialization_complete_|.
+  bool initialization_complete() {
+    return initialization_complete_;
+  }

[Mattias Nissler (ping if slow), 2011/05/26 10:20:20]

newline before new visibility label

[sfeuz, 2011/05/31 07:32:31]

Done.

  protected:
   // Wraps public key version and validity.
   struct PublicKeyVersion {
     int version;
     bool valid;
   };
 
   // Decodes the given |policy| using |DecodePolicyResponse()|, applies the
   // contents to |{mandatory,recommended}_policy_|, and notifies observers.
   // |timestamp| returns the timestamp embedded in |policy|, callers can pass
@@ skipping 16 matching lines @@
   // Also performs verification, returns NULL if any check fails.
   bool DecodePolicyResponse(const em::PolicyFetchResponse& policy_response,
                             PolicyMap* mandatory,
                             PolicyMap* recommended,
                             base::Time* timestamp,
                             PublicKeyVersion* public_key_version);
 
   void InformNotifier(CloudPolicySubsystem::PolicySubsystemState state,
                       CloudPolicySubsystem::ErrorDetails error_details);
 
-  // See comment for |initialization_complete_|.
-  bool initialization_complete() {
-    return initialization_complete_;
-  }
-
   void set_last_policy_refresh_time(base::Time timestamp) {
     last_policy_refresh_time_ = timestamp;
   }
 
  private:
-  class CloudPolicyProvider;
-
   friend class DevicePolicyCacheTest;
   friend class UserPolicyCacheTest;
 
   // Policy key-value information.
   PolicyMap mandatory_policy_;
   PolicyMap recommended_policy_;
 
-  // Policy providers.
-  scoped_ptr<ConfigurationPolicyProvider> managed_policy_provider_;
-  scoped_ptr<ConfigurationPolicyProvider> recommended_policy_provider_;
-
   PolicyNotifier* notifier_;
 
   // The time at which the policy was last refreshed. Is updated both upon
   // successful and unsuccessful refresh attempts.
   base::Time last_policy_refresh_time_;
 
   // Whether initialization has been completed. This is the case when we have
   // valid policy, learned that the device is unmanaged or ran into
   // unrecoverable errors.
   bool initialization_complete_;
 
   // Whether the the server has indicated this device is unmanaged.
   bool is_unmanaged_;
 
   // Currently used public key version, if available.
   PublicKeyVersion public_key_version_;
 
-  // Provider observers that are registered with this cache's providers.
+  // Provider observers that are registered with this provider.

[Mattias Nissler (ping if slow), 2011/05/26 10:20:20]

CloudPolicyCacheBase is not a provider.

[sfeuz, 2011/05/31 07:32:31]

Done.

   ObserverList<ConfigurationPolicyProvider::Observer, true> observer_list_;
 
   DISALLOW_COPY_AND_ASSIGN(CloudPolicyCacheBase);
 };
 
+// A thin wrapper around CloudPolicyCacheBase. Proxies the notifications and
+// delegates the actions to the underlying |cache_|. Also exposes the PolicyMap
+// of |cache_|.
+// The |cache_| is kept as a weak reference and can be exchanged at any point
+// destroying the CloudPolicyProvider instance.
+class CloudPolicyProvider : public ConfigurationPolicyProvider,

[Mattias Nissler (ping if slow), 2011/05/26 10:20:20]

Seems like this should rather go into its own file.

[sfeuz, 2011/05/31 07:32:31]

I agree, split the CloudPolicyProvider+CombiningCloudPolicyProvider into one
file. They somehow belong together but maybe we should also split those two?

+                            public ConfigurationPolicyProvider::Observer {
+ public:
+  CloudPolicyProvider(const PolicyDefinitionList* policy_list,
+                      CloudPolicyCacheBase::PolicyLevel level);
+  virtual ~CloudPolicyProvider();
+
+  // ConfigurationPolicyProvider implementation.
+  virtual bool Provide(ConfigurationPolicyStoreInterface* store);
+  virtual bool IsInitializationComplete() const;
+  virtual void AddObserver(ConfigurationPolicyProvider::Observer* observer);
+  virtual void RemoveObserver(ConfigurationPolicyProvider::Observer* observer);
+
+  // ConfigurationPolicyProvier::Observer implementation.

[Mattias Nissler (ping if slow), 2011/05/26 10:20:20]

Provier -> Provider

[sfeuz, 2011/05/31 07:32:31]

Done.

+  virtual void OnUpdatePolicy();
+  virtual void OnProviderGoingAway();
+
+  // Exposes |policy_map| of the underlying |cache_|.
+  PolicyMap* policy_map();
+
+  // Sets another backend.
+  void set_cache(CloudPolicyCacheBase* cache);

[Mattias Nissler (ping if slow), 2011/05/26 10:20:20]

newline before visibility label

[sfeuz, 2011/05/31 07:32:31]

Done.

+ private:
+  // The underlying policy cache. Can be NULL if currently none is present.
+  CloudPolicyCacheBase* cache_;
+  // Policy level this provider will handle.
+  CloudPolicyCacheBase::PolicyLevel level_;
+
+  // Provider observers that are registered with this provider.
+  ObserverList<ConfigurationPolicyProvider::Observer, true> observer_list_;
+
+  DISALLOW_COPY_AND_ASSIGN(CloudPolicyProvider);
+};
+
+// Combines multiple CloudPolicyProviders and applies them in the given order.
+class CombiningCloudPolicyProvider : public ConfigurationPolicyProvider {

[Mattias Nissler (ping if slow), 2011/05/26 10:20:20]

It seems like this layering is overkill. Why not just have a single
CloudPolicyProvider with which you can register different caches that will be
accessed directly?

[sfeuz, 2011/05/31 07:32:31]

Note that CloudPolicyProvider also keeps track of whether to use the Managed or
Recommended map.
Removing this layer would mean that we have to track this in the current
CombiningCloudPolicyProvider. I.e. either having a list of pairs of
<PolicyLevel, CloudPolicyCacheBase*> or fixing the PolicyLevel per
CombiningCloudPolicyProvider (and not be able to combine managed- and
recommended policies.

[Mattias Nissler (ping if slow), 2011/05/31 14:14:19]

Why would we want to combine recommended and managed in the first place? That
would be wrong anyhow.

+ public:
+  explicit CombiningCloudPolicyProvider(
+      const PolicyDefinitionList* policy_list);
+  virtual ~CombiningCloudPolicyProvider();
+
+  // ConfigurationPolicyProvier implementation.
+  // Applies policy by applying the policies of the underlying
+  // CloudPolicyProviders in |cloud_policy_providers_| in the
+  // order they appear there. Early elements in |cloud_policy_providers_| take
+  // precedence. Handles special case for Proxy policy by marking all
+  // Proxy-related policies as applied as soon as one of them is applied.
+  // Returns true if we could apply at least one policy.
+  bool Provide(ConfigurationPolicyStoreInterface* store) OVERRIDE;

[Mattias Nissler (ping if slow), 2011/05/26 10:20:20]

newline before comment

[sfeuz, 2011/05/31 07:32:31]

Done.

+  // Returns true if at least one CloudPolicyProvider in
+  // |cloud_policy_providers_| is initialized.
+  bool IsInitializationComplete() const OVERRIDE;
+  void AddObserver(ConfigurationPolicyProvider::Observer* observer) OVERRIDE;
+  void RemoveObserver(ConfigurationPolicyProvider::Observer* observer) OVERRIDE;
+
+  // Callbacks for CloudPolicyProviderWithObserver.
+  void OnUpdatePolicy(CloudPolicyProvider* cloud_policy_provider);
+  void OnProviderGoingAway(CloudPolicyProvider* cloud_policy_provider);
+
+  // Adds a new CloudPolicyProvider to the end of |cloud_policy_providers_|.
+  // Does not take ownership of |cloud_policy_provider|.
+  void AddCloudPolicyProvider(CloudPolicyProvider* cloud_policy_provider);

[Mattias Nissler (ping if slow), 2011/05/26 10:20:20]

newline before visibility label

[sfeuz, 2011/05/31 07:32:31]

Done.

+ private:
+  // Wrapper around a CloudPolicyProvider to include the source in the
+  // callbacks. We need that to figure out which element in
+  // |cloud_policy_providers_| to remove if a CloudPolicyProvider calls
+  // OnProviderGoingAway.
+  class CloudPolicyProviderWithObserver :
+      public ConfigurationPolicyProvider::Observer {
+   public:
+    CloudPolicyProviderWithObserver(
+        CombiningCloudPolicyProvider* combining_cloud_policy_provider,
+        CloudPolicyProvider* cloud_policy_provider) :
+        combining_cloud_policy_provider_(combining_cloud_policy_provider),
+        cloud_policy_provider_(cloud_policy_provider) {
+      DCHECK(combining_cloud_policy_provider_ && cloud_policy_provider_);
+      cloud_policy_provider_->AddObserver(this);
+    }
+    ~CloudPolicyProviderWithObserver() {
+      if (cloud_policy_provider_) {
+        cloud_policy_provider_->RemoveObserver(this);
+        cloud_policy_provider_ = NULL;
+      }
+    }
+    virtual void OnUpdatePolicy() {
+      combining_cloud_policy_provider_->OnUpdatePolicy(
+          cloud_policy_provider_);
+    }
+    virtual void OnProviderGoingAway() {
+      combining_cloud_policy_provider_->OnProviderGoingAway(
+          cloud_policy_provider_);
+      // Normally our dtor is called on removal from |cloud_policy_providers_|,
+      // but just in case we are still active remove us as Observer.
+      if (cloud_policy_provider_) {
+        cloud_policy_provider_->RemoveObserver(this);
+        cloud_policy_provider_ = NULL;
+      }
+    }
+    CloudPolicyProvider* cloud_policy_provider() const {
+      return cloud_policy_provider_;
+    }

[Mattias Nissler (ping if slow), 2011/05/26 10:20:20]

newline

[sfeuz, 2011/05/31 07:32:31]

Done.

+   private:
+    CombiningCloudPolicyProvider* combining_cloud_policy_provider_;
+    CloudPolicyProvider* cloud_policy_provider_;

[Mattias Nissler (ping if slow), 2011/05/26 10:20:20]

DISALLOW_COPY_AND_ASSIGN

[sfeuz, 2011/05/31 07:32:31]

Done.

+  };
+
+  // CloudPolicyProviders which are combined by this instance of
+  // CombiningCoudPolicyProvider. Order dependant.
+  typedef ScopedVector<CloudPolicyProviderWithObserver> ListType;
+  ListType cloud_policy_providers_;
+
+  // Provider observers that are registered with this provider.
+  ObserverList<ConfigurationPolicyProvider::Observer, true> observer_list_;
+
+  DISALLOW_COPY_AND_ASSIGN(CombiningCloudPolicyProvider);
+};
+

[Mattias Nissler (ping if slow), 2011/05/26 10:20:20]

excess newline

[sfeuz, 2011/05/31 07:32:31]

Done.

+
 }  // namespace policy
 
 #endif  // CHROME_BROWSER_POLICY_CLOUD_POLICY_CACHE_BASE_H_