Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(32)

Side by Side Diff: chrome/browser/chromeos/policy/active_directory_policy_manager.cc

Issue 2652653007: Chromad: Refresh policy every 90 minutes (Closed)
Patch Set: Refactoring / comments / improvements Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2016 The Chromium Authors. All rights reserved. 1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/chromeos/policy/active_directory_policy_manager.h" 5 #include "chrome/browser/chromeos/policy/active_directory_policy_manager.h"
6 6
7 #include <algorithm>
emaxx 2017/01/26 20:54:02 nit: not needed?
Thiemo Nagel 2017/01/27 10:55:35 Done.
7 #include <string> 8 #include <string>
8 #include <utility> 9 #include <utility>
9 10
10 #include "base/logging.h" 11 #include "base/logging.h"
11 #include "base/memory/ptr_util.h" 12 #include "base/memory/ptr_util.h"
13 #include "base/threading/thread_task_runner_handle.h"
12 #include "chromeos/dbus/auth_policy_client.h" 14 #include "chromeos/dbus/auth_policy_client.h"
13 #include "chromeos/dbus/dbus_thread_manager.h" 15 #include "chromeos/dbus/dbus_thread_manager.h"
14 #include "components/policy/core/common/policy_bundle.h" 16 #include "components/policy/core/common/policy_bundle.h"
15 #include "components/policy/core/common/policy_types.h" 17 #include "components/policy/core/common/policy_types.h"
16 #include "components/policy/policy_constants.h" 18 #include "components/policy/policy_constants.h"
17 19
20 namespace {
21
22 // Refresh policy every 90 minutes which matches the Windows default:
23 // https://technet.microsoft.com/en-us/library/cc940895.aspx
24 constexpr int kRefreshIntervalSeconds = 90 * 60;
25
26 // After startup, delay initial policy fetch to keep authpolicyd free for more
27 // important tasks like user auth.
28 constexpr int kInitialFetchDelaySeconds = 60;
29
30 // Retry delay in case of |refresh_in_progress_|.
31 constexpr int kBusyRetryDelaySeconds = 1;
32
33 } // namespace
34
18 namespace policy { 35 namespace policy {
19 36
20 ActiveDirectoryPolicyManager::~ActiveDirectoryPolicyManager() {} 37 ActiveDirectoryPolicyManager::~ActiveDirectoryPolicyManager() {}
21 38
22 // static 39 // static
23 std::unique_ptr<ActiveDirectoryPolicyManager> 40 std::unique_ptr<ActiveDirectoryPolicyManager>
24 ActiveDirectoryPolicyManager::CreateForDevicePolicy( 41 ActiveDirectoryPolicyManager::CreateForDevicePolicy(
25 std::unique_ptr<CloudPolicyStore> store) { 42 std::unique_ptr<CloudPolicyStore> store) {
26 return base::WrapUnique( 43 return base::WrapUnique(
27 new ActiveDirectoryPolicyManager(EmptyAccountId(), std::move(store))); 44 new ActiveDirectoryPolicyManager(EmptyAccountId(), std::move(store)));
(...skipping 12 matching lines...) Expand all
40 ConfigurationPolicyProvider::Init(registry); 57 ConfigurationPolicyProvider::Init(registry);
41 58
42 store_->AddObserver(this); 59 store_->AddObserver(this);
43 if (!store_->is_initialized()) { 60 if (!store_->is_initialized()) {
44 store_->Load(); 61 store_->Load();
45 } 62 }
46 63
47 // Does nothing if |store_| hasn't yet initialized. 64 // Does nothing if |store_| hasn't yet initialized.
48 PublishPolicy(); 65 PublishPolicy();
49 66
50 RefreshPolicies(); 67 ScheduleAutomaticRefresh();
51 } 68 }
52 69
53 void ActiveDirectoryPolicyManager::Shutdown() { 70 void ActiveDirectoryPolicyManager::Shutdown() {
54 store_->RemoveObserver(this); 71 store_->RemoveObserver(this);
55 ConfigurationPolicyProvider::Shutdown(); 72 ConfigurationPolicyProvider::Shutdown();
56 } 73 }
57 74
58 bool ActiveDirectoryPolicyManager::IsInitializationComplete( 75 bool ActiveDirectoryPolicyManager::IsInitializationComplete(
59 PolicyDomain domain) const { 76 PolicyDomain domain) const {
60 if (domain == POLICY_DOMAIN_CHROME) 77 if (domain == POLICY_DOMAIN_CHROME) {
61 return store_->is_initialized(); 78 return store_->is_initialized();
79 }
62 return true; 80 return true;
63 } 81 }
64 82
65 void ActiveDirectoryPolicyManager::RefreshPolicies() { 83 void ActiveDirectoryPolicyManager::RefreshPolicies() {
66 chromeos::DBusThreadManager* thread_manager = 84 ScheduleRefresh(base::TimeDelta());
67 chromeos::DBusThreadManager::Get();
68 DCHECK(thread_manager);
69 chromeos::AuthPolicyClient* auth_policy_client =
70 thread_manager->GetAuthPolicyClient();
71 DCHECK(auth_policy_client);
72 if (account_id_ == EmptyAccountId()) {
73 auth_policy_client->RefreshDevicePolicy(
74 base::Bind(&ActiveDirectoryPolicyManager::OnPolicyRefreshed,
75 weak_ptr_factory_.GetWeakPtr()));
76 } else {
77 auth_policy_client->RefreshUserPolicy(
78 account_id_,
79 base::Bind(&ActiveDirectoryPolicyManager::OnPolicyRefreshed,
80 weak_ptr_factory_.GetWeakPtr()));
81 }
82 } 85 }
83 86
84 void ActiveDirectoryPolicyManager::OnStoreLoaded( 87 void ActiveDirectoryPolicyManager::OnStoreLoaded(
85 CloudPolicyStore* cloud_policy_store) { 88 CloudPolicyStore* cloud_policy_store) {
86 DCHECK_EQ(store_.get(), cloud_policy_store); 89 DCHECK_EQ(store_.get(), cloud_policy_store);
87 PublishPolicy(); 90 PublishPolicy();
88 } 91 }
89 92
90 void ActiveDirectoryPolicyManager::OnStoreError( 93 void ActiveDirectoryPolicyManager::OnStoreError(
91 CloudPolicyStore* cloud_policy_store) { 94 CloudPolicyStore* cloud_policy_store) {
(...skipping 28 matching lines...) Expand all
120 UpdatePolicy(std::move(bundle)); 123 UpdatePolicy(std::move(bundle));
121 } 124 }
122 125
123 void ActiveDirectoryPolicyManager::OnPolicyRefreshed(bool success) { 126 void ActiveDirectoryPolicyManager::OnPolicyRefreshed(bool success) {
124 if (!success) { 127 if (!success) {
125 LOG(ERROR) << "Active Directory policy refresh failed."; 128 LOG(ERROR) << "Active Directory policy refresh failed.";
126 } 129 }
127 // Load independently of success or failure to keep up to date with whatever 130 // Load independently of success or failure to keep up to date with whatever
128 // has happened on the authpolicyd / session manager side. 131 // has happened on the authpolicyd / session manager side.
129 store_->Load(); 132 store_->Load();
133
134 refresh_in_progress_ = false;
135 last_refresh_ = base::TimeTicks::Now();
136 ScheduleAutomaticRefresh();
137 }
138
139 void ActiveDirectoryPolicyManager::ScheduleRefresh(base::TimeDelta delay) {
140 if (refresh_task_) {
141 refresh_task_->Cancel();
142 }
143 refresh_task_ = base::MakeUnique<base::CancelableClosure>(
144 base::Bind(&ActiveDirectoryPolicyManager::RunScheduledRefresh,
145 weak_ptr_factory_.GetWeakPtr()));
146 base::ThreadTaskRunnerHandle::Get()->PostDelayedTask(
147 FROM_HERE, refresh_task_->callback(), delay);
148 }
149
150 void ActiveDirectoryPolicyManager::ScheduleAutomaticRefresh() {
151 base::TimeTicks baseline;
152 base::TimeDelta interval;
153 if (last_refresh_ == base::TimeTicks()) {
154 baseline = startup_;
155 interval = base::TimeDelta::FromSeconds(kInitialFetchDelaySeconds);
156 } else {
157 baseline = last_refresh_;
158 interval = base::TimeDelta::FromSeconds(kRefreshIntervalSeconds);
159 }
160 base::TimeTicks now(base::TimeTicks::Now());
161 base::TimeDelta delay;
162 if (now < baseline + interval) {
163 delay = baseline + interval - now;
164 }
165 ScheduleRefresh(delay);
166 }
167
168 void ActiveDirectoryPolicyManager::RunScheduledRefresh() {
169 // Re-schedule when a refresh is currently in progress (to avoid D-Bus jobs
emaxx 2017/01/26 20:54:02 Sorry, I'm still a bit puzzled about why this re-s
Thiemo Nagel 2017/01/27 10:55:35 Your reasoning is sound. I wanted to a manual ref
170 // piling up behind each other).
171 if (refresh_in_progress_) {
172 // Don't call ScheduleRefresh() directly as that would cancel the task
173 // that's currently running.
174 base::ThreadTaskRunnerHandle::Get()->PostTask(
175 FROM_HERE,
176 base::Bind(&ActiveDirectoryPolicyManager::ScheduleRefresh,
177 weak_ptr_factory_.GetWeakPtr(),
178 base::TimeDelta::FromSeconds(kBusyRetryDelaySeconds)));
179 return;
180 }
181
182 refresh_in_progress_ = true;
183 chromeos::DBusThreadManager* thread_manager =
184 chromeos::DBusThreadManager::Get();
185 DCHECK(thread_manager);
186 chromeos::AuthPolicyClient* auth_policy_client =
187 thread_manager->GetAuthPolicyClient();
188 DCHECK(auth_policy_client);
189 if (account_id_ == EmptyAccountId()) {
190 auth_policy_client->RefreshDevicePolicy(
191 base::Bind(&ActiveDirectoryPolicyManager::OnPolicyRefreshed,
192 weak_ptr_factory_.GetWeakPtr()));
193 } else {
194 auth_policy_client->RefreshUserPolicy(
195 account_id_,
196 base::Bind(&ActiveDirectoryPolicyManager::OnPolicyRefreshed,
197 weak_ptr_factory_.GetWeakPtr()));
198 }
130 } 199 }
131 200
132 } // namespace policy 201 } // namespace policy
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698