OLD | NEW |
(Empty) | |
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "chrome/browser/chromeos/policy/active_directory_policy_manager.h" |
| 6 |
| 7 #include <memory> |
| 8 #include <utility> |
| 9 |
| 10 #include "base/bind.h" |
| 11 #include "base/memory/ptr_util.h" |
| 12 #include "base/run_loop.h" |
| 13 #include "base/test/scoped_task_environment.h" |
| 14 #include "base/time/time.h" |
| 15 #include "chromeos/dbus/dbus_thread_manager.h" |
| 16 #include "chromeos/dbus/mock_auth_policy_client.h" |
| 17 #include "components/policy/core/common/cloud/mock_cloud_policy_store.h" |
| 18 #include "components/policy/core/common/schema_registry.h" |
| 19 #include "components/signin/core/account_id/account_id.h" |
| 20 #include "testing/gtest/include/gtest/gtest.h" |
| 21 |
| 22 namespace policy { |
| 23 |
| 24 // Note that session exit is asynchronous and thus ActiveDirectoryPolicyManager |
| 25 // still needs to react reasonably to events happening after session exit has |
| 26 // been fired. |
| 27 class ActiveDirectoryPolicyManagerTest : public testing::Test { |
| 28 public: |
| 29 ActiveDirectoryPolicyManagerTest() { |
| 30 auto mock_client_unique_ptr = |
| 31 base::MakeUnique<chromeos::MockAuthPolicyClient>(); |
| 32 mock_client_ = mock_client_unique_ptr.get(); |
| 33 chromeos::DBusThreadManager::GetSetterForTesting()->SetAuthPolicyClient( |
| 34 std::move(mock_client_unique_ptr)); |
| 35 } |
| 36 |
| 37 ~ActiveDirectoryPolicyManagerTest() override { |
| 38 EXPECT_EQ(session_exit_expected_, session_exited_); |
| 39 policy_manager_->Shutdown(); |
| 40 } |
| 41 |
| 42 protected: |
| 43 // Expect that session exit will be called below. (Must only be called once.) |
| 44 void ExpectSessionExit() { |
| 45 ASSERT_FALSE(session_exit_expected_); |
| 46 EXPECT_FALSE(session_exited_); |
| 47 session_exit_expected_ = true; |
| 48 } |
| 49 |
| 50 // Expect that session exit has been called above. (Must only be called after |
| 51 // ExpectSessionExit().) |
| 52 void ExpectSessionExited() { |
| 53 ASSERT_TRUE(session_exit_expected_); |
| 54 EXPECT_TRUE(session_exited_); |
| 55 } |
| 56 |
| 57 // Closure to exit the session. |
| 58 void ExitSession() { |
| 59 EXPECT_TRUE(session_exit_expected_); |
| 60 session_exited_ = true; |
| 61 } |
| 62 |
| 63 bool session_exited_ = false; |
| 64 bool session_exit_expected_ = false; |
| 65 |
| 66 // To be handed over to ActiveDirectoryPolicyManager. |
| 67 base::OnceClosure exit_session_{ |
| 68 base::BindOnce(&ActiveDirectoryPolicyManagerTest::ExitSession, |
| 69 base::Unretained(this))}; |
| 70 |
| 71 // To be handed over to ActiveDirectoryPolicyManager ... |
| 72 std::unique_ptr<MockCloudPolicyStore> mock_store_unique_ptr_{ |
| 73 base::MakeUnique<MockCloudPolicyStore>()}; |
| 74 |
| 75 // ... but keeping a non-owned pointer. |
| 76 MockCloudPolicyStore* mock_store_{mock_store_unique_ptr_.get()}; |
| 77 |
| 78 // Owned by DBusThreadManager. |
| 79 chromeos::MockAuthPolicyClient* mock_client_; |
| 80 |
| 81 SchemaRegistry schema_registry_; |
| 82 |
| 83 // Initialized by the individual tests but owned by the test class so that it |
| 84 // can be shut down automatically after the test has run. |
| 85 std::unique_ptr<ActiveDirectoryPolicyManager> policy_manager_; |
| 86 |
| 87 private: |
| 88 base::test::ScopedTaskEnvironment scoped_task_environment_; |
| 89 }; |
| 90 |
| 91 TEST_F(ActiveDirectoryPolicyManagerTest, DontWait) { |
| 92 policy_manager_ = ActiveDirectoryPolicyManager::CreateForUserPolicy( |
| 93 AccountId::AdFromUserEmailObjGuid("bla", "ble"), |
| 94 false /* wait_for_policy_fetch */, base::TimeDelta(), |
| 95 std::move(exit_session_), std::move(mock_store_unique_ptr_)); |
| 96 EXPECT_TRUE(policy_manager_); |
| 97 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 98 |
| 99 // Configure mock policy fetch to fail. |
| 100 mock_client_->SetRefreshUserPolicyCallbackSuccess(false); |
| 101 |
| 102 // Trigger mock policy fetch from authpolicyd. |
| 103 policy_manager_->Init(&schema_registry_); |
| 104 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 105 |
| 106 // Simulate failed store load. Initialization is reported complete at this |
| 107 // point. |
| 108 mock_store_->NotifyStoreError(); |
| 109 EXPECT_TRUE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 110 |
| 111 // Process reply for mock policy fetch. |
| 112 base::RunLoop().RunUntilIdle(); |
| 113 EXPECT_TRUE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 114 |
| 115 // Simulate failed store load. |
| 116 mock_store_->NotifyStoreError(); |
| 117 EXPECT_TRUE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 118 } |
| 119 |
| 120 // If the initial fetch timeout is infinite, initialization is only complete |
| 121 // after policy has been fetched and after that has been loaded. |
| 122 TEST_F(ActiveDirectoryPolicyManagerTest, |
| 123 WaitInfinite_LoadSuccess_FetchSuccess) { |
| 124 policy_manager_ = ActiveDirectoryPolicyManager::CreateForUserPolicy( |
| 125 AccountId::AdFromUserEmailObjGuid("bla", "ble"), |
| 126 true /* wait_for_policy_fetch */, base::TimeDelta::Max(), |
| 127 std::move(exit_session_), std::move(mock_store_unique_ptr_)); |
| 128 ASSERT_TRUE(policy_manager_); |
| 129 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 130 |
| 131 // Configure mock policy fetch to succeed. |
| 132 mock_client_->SetRefreshUserPolicyCallbackSuccess(true); |
| 133 |
| 134 // Trigger mock policy fetch from authpolicyd. |
| 135 policy_manager_->Init(&schema_registry_); |
| 136 |
| 137 // Simulate successful store load. |
| 138 mock_store_->policy_ = base::MakeUnique<enterprise_management::PolicyData>(); |
| 139 mock_store_->NotifyStoreLoaded(); |
| 140 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 141 |
| 142 // Process reply for mock policy fetch. |
| 143 base::RunLoop().RunUntilIdle(); |
| 144 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 145 |
| 146 // Simulate successful store load. At this point initialization is complete. |
| 147 mock_store_->NotifyStoreLoaded(); |
| 148 EXPECT_TRUE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 149 } |
| 150 |
| 151 // If the initial fetch timeout is infinite, initialization does not complete if |
| 152 // load after fetch fails. |
| 153 TEST_F(ActiveDirectoryPolicyManagerTest, |
| 154 WaitInfinite_LoadSuccess_FetchSuccess_LoadFail) { |
| 155 policy_manager_ = ActiveDirectoryPolicyManager::CreateForUserPolicy( |
| 156 AccountId::AdFromUserEmailObjGuid("bla", "ble"), |
| 157 true /* wait_for_policy_fetch */, base::TimeDelta::Max(), |
| 158 std::move(exit_session_), std::move(mock_store_unique_ptr_)); |
| 159 ASSERT_TRUE(policy_manager_); |
| 160 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 161 |
| 162 // Configure mock policy fetch to succeed. |
| 163 mock_client_->SetRefreshUserPolicyCallbackSuccess(true); |
| 164 |
| 165 // Trigger mock policy fetch from authpolicyd. |
| 166 policy_manager_->Init(&schema_registry_); |
| 167 |
| 168 // Simulate successful store load. |
| 169 mock_store_->policy_ = base::MakeUnique<enterprise_management::PolicyData>(); |
| 170 mock_store_->NotifyStoreLoaded(); |
| 171 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 172 |
| 173 // Process reply for mock policy fetch. |
| 174 base::RunLoop().RunUntilIdle(); |
| 175 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 176 |
| 177 ExpectSessionExit(); |
| 178 |
| 179 // Simulate failed store load. |
| 180 mock_store_->NotifyStoreError(); |
| 181 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 182 |
| 183 ExpectSessionExited(); |
| 184 |
| 185 // Simulate successful store load. |
| 186 mock_store_->NotifyStoreLoaded(); |
| 187 EXPECT_TRUE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 188 } |
| 189 |
| 190 // If the initial fetch timeout is infinite, failure in policy fetch prevents |
| 191 // initialization from finishing, ever. |
| 192 TEST_F(ActiveDirectoryPolicyManagerTest, WaitInfinite_LoadSuccess_FetchFail) { |
| 193 policy_manager_ = ActiveDirectoryPolicyManager::CreateForUserPolicy( |
| 194 AccountId::AdFromUserEmailObjGuid("bla", "ble"), |
| 195 true /* wait_for_policy_fetch */, base::TimeDelta::Max(), |
| 196 std::move(exit_session_), std::move(mock_store_unique_ptr_)); |
| 197 ASSERT_TRUE(policy_manager_); |
| 198 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 199 |
| 200 // Configure mock policy fetch to fail. |
| 201 mock_client_->SetRefreshUserPolicyCallbackSuccess(false); |
| 202 |
| 203 // Trigger mock policy fetch from authpolicyd. |
| 204 policy_manager_->Init(&schema_registry_); |
| 205 |
| 206 // Simulate successful store load. |
| 207 mock_store_->policy_ = base::MakeUnique<enterprise_management::PolicyData>(); |
| 208 mock_store_->NotifyStoreLoaded(); |
| 209 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 210 |
| 211 ExpectSessionExit(); |
| 212 |
| 213 // Process reply for mock policy fetch. |
| 214 base::RunLoop().RunUntilIdle(); |
| 215 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 216 |
| 217 ExpectSessionExited(); |
| 218 |
| 219 // Simulate successful store load. |
| 220 mock_store_->NotifyStoreLoaded(); |
| 221 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 222 } |
| 223 |
| 224 // If the initial fetch timeout is not infinite, we're in best-effort mode but |
| 225 // still require the policy load to succeed so that there's *some* policy |
| 226 // present (though possibly outdated). |
| 227 TEST_F(ActiveDirectoryPolicyManagerTest, WaitFinite_LoadSuccess_FetchFail) { |
| 228 policy_manager_ = ActiveDirectoryPolicyManager::CreateForUserPolicy( |
| 229 AccountId::AdFromUserEmailObjGuid("bla", "ble"), |
| 230 true /* wait_for_policy_fetch */, base::TimeDelta::FromDays(365), |
| 231 std::move(exit_session_), std::move(mock_store_unique_ptr_)); |
| 232 ASSERT_TRUE(policy_manager_); |
| 233 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 234 |
| 235 // Configure mock policy fetch to fail. |
| 236 mock_client_->SetRefreshUserPolicyCallbackSuccess(false); |
| 237 |
| 238 // Trigger mock policy fetch from authpolicyd. |
| 239 policy_manager_->Init(&schema_registry_); |
| 240 |
| 241 // Simulate successful store load. |
| 242 mock_store_->policy_ = base::MakeUnique<enterprise_management::PolicyData>(); |
| 243 mock_store_->NotifyStoreLoaded(); |
| 244 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 245 |
| 246 // Process reply for mock policy fetch. At this point initialization is |
| 247 // complete (we have waited for the fetch but now that we know it has failed |
| 248 // we continue). |
| 249 base::RunLoop().RunUntilIdle(); |
| 250 EXPECT_TRUE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 251 |
| 252 // Simulate successful store load. |
| 253 mock_store_->NotifyStoreLoaded(); |
| 254 EXPECT_TRUE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 255 } |
| 256 |
| 257 // If the initial fetch timeout is not infinite, we're in best-effort mode but |
| 258 // still require the policy load to succeed so that there's *some* policy |
| 259 // present (though possibly outdated). Here the sequence is inverted: Fetch |
| 260 // returns before load. |
| 261 TEST_F(ActiveDirectoryPolicyManagerTest, WaitFinite_FetchFail_LoadSuccess) { |
| 262 policy_manager_ = ActiveDirectoryPolicyManager::CreateForUserPolicy( |
| 263 AccountId::AdFromUserEmailObjGuid("bla", "ble"), |
| 264 true /* wait_for_policy_fetch */, base::TimeDelta::FromDays(365), |
| 265 std::move(exit_session_), std::move(mock_store_unique_ptr_)); |
| 266 ASSERT_TRUE(policy_manager_); |
| 267 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 268 |
| 269 // Configure mock policy fetch to fail. |
| 270 mock_client_->SetRefreshUserPolicyCallbackSuccess(false); |
| 271 |
| 272 // Trigger mock policy fetch from authpolicyd. |
| 273 policy_manager_->Init(&schema_registry_); |
| 274 |
| 275 // Process reply for mock policy fetch. |
| 276 base::RunLoop().RunUntilIdle(); |
| 277 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 278 |
| 279 // Simulate successful store load. |
| 280 mock_store_->policy_ = base::MakeUnique<enterprise_management::PolicyData>(); |
| 281 mock_store_->NotifyStoreLoaded(); |
| 282 EXPECT_TRUE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 283 } |
| 284 |
| 285 // If the initial fetch timeout is not infinite, we're in best-effort mode but |
| 286 // if we can't load existing policy from disk we have to give up. |
| 287 TEST_F(ActiveDirectoryPolicyManagerTest, WaitFinite_LoadFail_FetchFail) { |
| 288 policy_manager_ = ActiveDirectoryPolicyManager::CreateForUserPolicy( |
| 289 AccountId::AdFromUserEmailObjGuid("bla", "ble"), |
| 290 true /* wait_for_policy_fetch */, base::TimeDelta::FromDays(365), |
| 291 std::move(exit_session_), std::move(mock_store_unique_ptr_)); |
| 292 ASSERT_TRUE(policy_manager_); |
| 293 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 294 |
| 295 // Configure mock policy fetch to fail. |
| 296 mock_client_->SetRefreshUserPolicyCallbackSuccess(false); |
| 297 |
| 298 // Trigger mock policy fetch from authpolicyd. |
| 299 policy_manager_->Init(&schema_registry_); |
| 300 |
| 301 // Simulate failed store load. |
| 302 mock_store_->NotifyStoreError(); |
| 303 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 304 |
| 305 ExpectSessionExit(); |
| 306 |
| 307 // Process reply for mock policy fetch. |
| 308 base::RunLoop().RunUntilIdle(); |
| 309 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 310 |
| 311 ExpectSessionExited(); |
| 312 |
| 313 // Simulate successful store load. |
| 314 mock_store_->policy_ = base::MakeUnique<enterprise_management::PolicyData>(); |
| 315 mock_store_->NotifyStoreLoaded(); |
| 316 EXPECT_TRUE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 317 } |
| 318 |
| 319 // If the initial fetch timeout is not infinite, we're in best-effort mode and |
| 320 // upon timeout initialization is complete if any policy could be loaded from |
| 321 // disk. |
| 322 TEST_F(ActiveDirectoryPolicyManagerTest, WaitFinite_LoadSuccess_FetchTimeout) { |
| 323 policy_manager_ = ActiveDirectoryPolicyManager::CreateForUserPolicy( |
| 324 AccountId::AdFromUserEmailObjGuid("bla", "ble"), |
| 325 true /* wait_for_policy_fetch */, base::TimeDelta::FromDays(365), |
| 326 std::move(exit_session_), std::move(mock_store_unique_ptr_)); |
| 327 ASSERT_TRUE(policy_manager_); |
| 328 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 329 |
| 330 // Configure mock policy fetch to fail. |
| 331 mock_client_->SetRefreshUserPolicyCallbackSuccess(false); |
| 332 |
| 333 // Trigger mock policy fetch from authpolicyd. |
| 334 policy_manager_->Init(&schema_registry_); |
| 335 |
| 336 // Simulate successful store load. |
| 337 mock_store_->policy_ = base::MakeUnique<enterprise_management::PolicyData>(); |
| 338 mock_store_->NotifyStoreLoaded(); |
| 339 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 340 |
| 341 // Simulate policy fetch timeout. |
| 342 policy_manager_->ForceTimeoutForTest(); |
| 343 EXPECT_TRUE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 344 |
| 345 // Process reply for mock policy fetch. |
| 346 base::RunLoop().RunUntilIdle(); |
| 347 EXPECT_TRUE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 348 |
| 349 // Simulate failed store load. |
| 350 mock_store_->NotifyStoreError(); |
| 351 EXPECT_TRUE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 352 } |
| 353 |
| 354 // If the initial fetch timeout is not infinite, we're in best-effort mode but |
| 355 // without a successful policy load we still can't continue. |
| 356 TEST_F(ActiveDirectoryPolicyManagerTest, WaitFinite_LoadTimeout_FetchTimeout) { |
| 357 policy_manager_ = ActiveDirectoryPolicyManager::CreateForUserPolicy( |
| 358 AccountId::AdFromUserEmailObjGuid("bla", "ble"), |
| 359 true /* wait_for_policy_fetch */, base::TimeDelta::FromDays(365), |
| 360 std::move(exit_session_), std::move(mock_store_unique_ptr_)); |
| 361 ASSERT_TRUE(policy_manager_); |
| 362 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 363 |
| 364 // Configure mock policy fetch to fail. |
| 365 mock_client_->SetRefreshUserPolicyCallbackSuccess(false); |
| 366 |
| 367 // Trigger mock policy fetch from authpolicyd. |
| 368 policy_manager_->Init(&schema_registry_); |
| 369 |
| 370 ExpectSessionExit(); |
| 371 |
| 372 // Simulate policy fetch timeout. |
| 373 policy_manager_->ForceTimeoutForTest(); |
| 374 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 375 |
| 376 ExpectSessionExited(); |
| 377 |
| 378 // Process reply for mock policy fetch. |
| 379 base::RunLoop().RunUntilIdle(); |
| 380 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 381 |
| 382 // Simulate successful store load. |
| 383 mock_store_->policy_ = base::MakeUnique<enterprise_management::PolicyData>(); |
| 384 mock_store_->NotifyStoreLoaded(); |
| 385 EXPECT_TRUE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME)); |
| 386 } |
| 387 |
| 388 } // namespace policy |
OLD | NEW |