Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(408)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/chromeos/policy/active_directory_policy_manager_unittest.cc

Issue 2954293002: Chromad: Prevent session from starting without policy (Closed)
Patch Set: Comment fixes Created 3 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« chrome/browser/chromeos/policy/active_directory_policy_manager.cc ('K') | « chrome/browser/chromeos/policy/active_directory_policy_manager.cc ('k') | chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h » ('j') | chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/chromeos/policy/active_directory_policy_manager.h"
6
7 #include <memory>
8 #include <utility>
9
10 #include "base/bind.h"
11 #include "base/memory/ptr_util.h"
12 #include "base/run_loop.h"
13 #include "base/test/scoped_task_environment.h"
14 #include "base/time/time.h"
15 #include "chromeos/dbus/dbus_thread_manager.h"
16 #include "chromeos/dbus/mock_auth_policy_client.h"
17 #include "components/policy/core/common/cloud/mock_cloud_policy_store.h"
18 #include "components/policy/core/common/schema_registry.h"
19 #include "components/signin/core/account_id/account_id.h"
20 #include "testing/gtest/include/gtest/gtest.h"
21
22 namespace policy {
23
24 // Note that session exit is asynchronous and thus ActiveDirectoryPolicyManager
25 // still needs to react reasonably to events happening after session exit has
26 // been fired.
27 class ActiveDirectoryPolicyManagerTest : public testing::Test {
28 public:
29 ActiveDirectoryPolicyManagerTest() {
30 auto mock_client_unique_ptr =
31 base::MakeUnique<chromeos::MockAuthPolicyClient>();
32 mock_client_ = mock_client_unique_ptr.get();
33 chromeos::DBusThreadManager::GetSetterForTesting()->SetAuthPolicyClient(
34 std::move(mock_client_unique_ptr));
35 }
36
37 ~ActiveDirectoryPolicyManagerTest() override {
38 EXPECT_EQ(session_exit_expected_, session_exited_);
39 policy_manager_->Shutdown();
40 }
41
42 protected:
43 // Expect that session exit will be called below. (Must only be called once.)
44 void ExpectSessionExit() {
45 ASSERT_FALSE(session_exit_expected_);
46 EXPECT_FALSE(session_exited_);
47 session_exit_expected_ = true;
48 }
49
50 // Expect that session exit has been called above. (Must only be called after
51 // ExpectSessionExit().)
52 void ExpectSessionExited() {
53 ASSERT_TRUE(session_exit_expected_);
54 EXPECT_TRUE(session_exited_);
55 }
56
57 // Closure to exit the session.
58 void ExitSession() {
59 EXPECT_TRUE(session_exit_expected_);
60 session_exited_ = true;
61 }
62
63 bool session_exited_ = false;
64 bool session_exit_expected_ = false;
65
66 // To be handed over to ActiveDirectoryPolicyManager.
67 base::OnceClosure exit_session_{
68 base::BindOnce(&ActiveDirectoryPolicyManagerTest::ExitSession,
69 base::Unretained(this))};
70
71 // To be handed over to ActiveDirectoryPolicyManager ...
72 std::unique_ptr<MockCloudPolicyStore> mock_store_unique_ptr_{
73 base::MakeUnique<MockCloudPolicyStore>()};
74
75 // ... but keeping a non-owned pointer.
76 MockCloudPolicyStore* mock_store_{mock_store_unique_ptr_.get()};
77
78 // Owned by DBusThreadManager.
79 chromeos::MockAuthPolicyClient* mock_client_;
80
81 SchemaRegistry schema_registry_;
82
83 // Initialized by the individual tests but owned by the test class so that it
84 // can be shut down automatically after the test has run.
85 std::unique_ptr<ActiveDirectoryPolicyManager> policy_manager_;
86
87 private:
88 base::test::ScopedTaskEnvironment scoped_task_environment_;
89 };
90
91 TEST_F(ActiveDirectoryPolicyManagerTest, DontWait) {
92 policy_manager_ = ActiveDirectoryPolicyManager::CreateForUserPolicy(
93 AccountId::AdFromUserEmailObjGuid("bla", "ble"),
94 false /* wait_for_policy_fetch */, base::TimeDelta(),
95 std::move(exit_session_), std::move(mock_store_unique_ptr_));
96 EXPECT_TRUE(policy_manager_);
97 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
98
99 // Configure mock policy fetch to fail.
100 mock_client_->SetRefreshUserPolicyCallbackSuccess(false);
101
102 // Trigger mock policy fetch from authpolicyd.
103 policy_manager_->Init(&schema_registry_);
104 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
105
106 // Simulate failed store load. Initialization is reported complete at this
107 // point.
108 mock_store_->NotifyStoreError();
109 EXPECT_TRUE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
110
111 // Process reply for mock policy fetch.
112 base::RunLoop().RunUntilIdle();
113 EXPECT_TRUE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
114
115 // Simulate failed store load.
116 mock_store_->NotifyStoreError();
117 EXPECT_TRUE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
118 }
119
120 // If the initial fetch timeout is infinite, initialization is only complete
121 // after policy has been fetched and after that has been loaded.
122 TEST_F(ActiveDirectoryPolicyManagerTest,
123 WaitInfinite_LoadSuccess_FetchSuccess) {
124 policy_manager_ = ActiveDirectoryPolicyManager::CreateForUserPolicy(
125 AccountId::AdFromUserEmailObjGuid("bla", "ble"),
126 true /* wait_for_policy_fetch */, base::TimeDelta::Max(),
127 std::move(exit_session_), std::move(mock_store_unique_ptr_));
128 ASSERT_TRUE(policy_manager_);
129 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
130
131 // Configure mock policy fetch to succeed.
132 mock_client_->SetRefreshUserPolicyCallbackSuccess(true);
133
134 // Trigger mock policy fetch from authpolicyd.
135 policy_manager_->Init(&schema_registry_);
136
137 // Simulate successful store load.
138 mock_store_->policy_ = base::MakeUnique<enterprise_management::PolicyData>();
139 mock_store_->NotifyStoreLoaded();
140 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
141
142 // Process reply for mock policy fetch.
143 base::RunLoop().RunUntilIdle();
144 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
145
146 // Simulate successful store load. At this point initialization is complete.
147 mock_store_->NotifyStoreLoaded();
148 EXPECT_TRUE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
149 }
150
151 // If the initial fetch timeout is infinite, initialization does not complete if
152 // load after fetch fails.
153 TEST_F(ActiveDirectoryPolicyManagerTest,
154 WaitInfinite_LoadSuccess_FetchSuccess_LoadFail) {
155 policy_manager_ = ActiveDirectoryPolicyManager::CreateForUserPolicy(
156 AccountId::AdFromUserEmailObjGuid("bla", "ble"),
157 true /* wait_for_policy_fetch */, base::TimeDelta::Max(),
158 std::move(exit_session_), std::move(mock_store_unique_ptr_));
159 ASSERT_TRUE(policy_manager_);
160 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
161
162 // Configure mock policy fetch to succeed.
163 mock_client_->SetRefreshUserPolicyCallbackSuccess(true);
164
165 // Trigger mock policy fetch from authpolicyd.
166 policy_manager_->Init(&schema_registry_);
167
168 // Simulate successful store load.
169 mock_store_->policy_ = base::MakeUnique<enterprise_management::PolicyData>();
170 mock_store_->NotifyStoreLoaded();
171 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
172
173 // Process reply for mock policy fetch.
174 base::RunLoop().RunUntilIdle();
175 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
176
177 ExpectSessionExit();
178
179 // Simulate failed store load.
180 mock_store_->NotifyStoreError();
181 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
182
183 ExpectSessionExited();
184
185 // Simulate successful store load.
186 mock_store_->NotifyStoreLoaded();
187 EXPECT_TRUE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
188 }
189
190 // If the initial fetch timeout is infinite, failure in policy fetch prevents
191 // initialization from finishing, ever.
192 TEST_F(ActiveDirectoryPolicyManagerTest, WaitInfinite_LoadSuccess_FetchFail) {
193 policy_manager_ = ActiveDirectoryPolicyManager::CreateForUserPolicy(
194 AccountId::AdFromUserEmailObjGuid("bla", "ble"),
195 true /* wait_for_policy_fetch */, base::TimeDelta::Max(),
196 std::move(exit_session_), std::move(mock_store_unique_ptr_));
197 ASSERT_TRUE(policy_manager_);
198 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
199
200 // Configure mock policy fetch to fail.
201 mock_client_->SetRefreshUserPolicyCallbackSuccess(false);
202
203 // Trigger mock policy fetch from authpolicyd.
204 policy_manager_->Init(&schema_registry_);
205
206 // Simulate successful store load.
207 mock_store_->policy_ = base::MakeUnique<enterprise_management::PolicyData>();
208 mock_store_->NotifyStoreLoaded();
209 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
210
211 ExpectSessionExit();
212
213 // Process reply for mock policy fetch.
214 base::RunLoop().RunUntilIdle();
215 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
216
217 ExpectSessionExited();
218
219 // Simulate successful store load.
220 mock_store_->NotifyStoreLoaded();
221 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
222 }
223
224 // If the initial fetch timeout is not infinite, we're in best-effort mode but
225 // still require the policy load to succeed so that there's *some* policy
226 // present (though possibly outdated).
227 TEST_F(ActiveDirectoryPolicyManagerTest, WaitFinite_LoadSuccess_FetchFail) {
228 policy_manager_ = ActiveDirectoryPolicyManager::CreateForUserPolicy(
229 AccountId::AdFromUserEmailObjGuid("bla", "ble"),
230 true /* wait_for_policy_fetch */, base::TimeDelta::FromDays(365),
231 std::move(exit_session_), std::move(mock_store_unique_ptr_));
232 ASSERT_TRUE(policy_manager_);
233 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
234
235 // Configure mock policy fetch to fail.
236 mock_client_->SetRefreshUserPolicyCallbackSuccess(false);
237
238 // Trigger mock policy fetch from authpolicyd.
239 policy_manager_->Init(&schema_registry_);
240
241 // Simulate successful store load.
242 mock_store_->policy_ = base::MakeUnique<enterprise_management::PolicyData>();
243 mock_store_->NotifyStoreLoaded();
244 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
245
246 // Process reply for mock policy fetch. At this point initialization is
247 // complete (we have waited for the fetch but now that we know it has failed
248 // we continue).
249 base::RunLoop().RunUntilIdle();
250 EXPECT_TRUE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
251
252 // Simulate successful store load.
253 mock_store_->NotifyStoreLoaded();
254 EXPECT_TRUE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
255 }
256
257 // If the initial fetch timeout is not infinite, we're in best-effort mode but
258 // still require the policy load to succeed so that there's *some* policy
259 // present (though possibly outdated). Here the sequence is inverted: Fetch
260 // returns before load.
261 TEST_F(ActiveDirectoryPolicyManagerTest, WaitFinite_FetchFail_LoadSuccess) {
262 policy_manager_ = ActiveDirectoryPolicyManager::CreateForUserPolicy(
263 AccountId::AdFromUserEmailObjGuid("bla", "ble"),
264 true /* wait_for_policy_fetch */, base::TimeDelta::FromDays(365),
265 std::move(exit_session_), std::move(mock_store_unique_ptr_));
266 ASSERT_TRUE(policy_manager_);
267 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
268
269 // Configure mock policy fetch to fail.
270 mock_client_->SetRefreshUserPolicyCallbackSuccess(false);
271
272 // Trigger mock policy fetch from authpolicyd.
273 policy_manager_->Init(&schema_registry_);
274
275 // Process reply for mock policy fetch.
276 base::RunLoop().RunUntilIdle();
277 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
278
279 // Simulate successful store load.
280 mock_store_->policy_ = base::MakeUnique<enterprise_management::PolicyData>();
281 mock_store_->NotifyStoreLoaded();
282 EXPECT_TRUE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
283 }
284
285 // If the initial fetch timeout is not infinite, we're in best-effort mode but
286 // if we can't load existing policy from disk we have to give up.
287 TEST_F(ActiveDirectoryPolicyManagerTest, WaitFinite_LoadFail_FetchFail) {
288 policy_manager_ = ActiveDirectoryPolicyManager::CreateForUserPolicy(
289 AccountId::AdFromUserEmailObjGuid("bla", "ble"),
290 true /* wait_for_policy_fetch */, base::TimeDelta::FromDays(365),
291 std::move(exit_session_), std::move(mock_store_unique_ptr_));
292 ASSERT_TRUE(policy_manager_);
293 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
294
295 // Configure mock policy fetch to fail.
296 mock_client_->SetRefreshUserPolicyCallbackSuccess(false);
297
298 // Trigger mock policy fetch from authpolicyd.
299 policy_manager_->Init(&schema_registry_);
300
301 // Simulate failed store load.
302 mock_store_->NotifyStoreError();
303 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
304
305 ExpectSessionExit();
306
307 // Process reply for mock policy fetch.
308 base::RunLoop().RunUntilIdle();
309 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
310
311 ExpectSessionExited();
312
313 // Simulate successful store load.
314 mock_store_->policy_ = base::MakeUnique<enterprise_management::PolicyData>();
315 mock_store_->NotifyStoreLoaded();
316 EXPECT_TRUE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
317 }
318
319 // If the initial fetch timeout is not infinite, we're in best-effort mode and
320 // upon timeout initialization is complete if any policy could be loaded from
321 // disk.
322 TEST_F(ActiveDirectoryPolicyManagerTest, WaitFinite_LoadSuccess_FetchTimeout) {
323 policy_manager_ = ActiveDirectoryPolicyManager::CreateForUserPolicy(
324 AccountId::AdFromUserEmailObjGuid("bla", "ble"),
325 true /* wait_for_policy_fetch */, base::TimeDelta::FromDays(365),
326 std::move(exit_session_), std::move(mock_store_unique_ptr_));
327 ASSERT_TRUE(policy_manager_);
328 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
329
330 // Configure mock policy fetch to fail.
331 mock_client_->SetRefreshUserPolicyCallbackSuccess(false);
332
333 // Trigger mock policy fetch from authpolicyd.
334 policy_manager_->Init(&schema_registry_);
335
336 // Simulate successful store load.
337 mock_store_->policy_ = base::MakeUnique<enterprise_management::PolicyData>();
338 mock_store_->NotifyStoreLoaded();
339 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
340
341 // Simulate policy fetch timeout.
342 policy_manager_->ForceTimeoutForTest();
343 EXPECT_TRUE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
344
345 // Process reply for mock policy fetch.
346 base::RunLoop().RunUntilIdle();
347 EXPECT_TRUE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
348
349 // Simulate failed store load.
350 mock_store_->NotifyStoreError();
351 EXPECT_TRUE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
352 }
353
354 // If the initial fetch timeout is not infinite, we're in best-effort mode but
355 // without a successful policy load we still can't continue.
356 TEST_F(ActiveDirectoryPolicyManagerTest, WaitFinite_LoadTimeout_FetchTimeout) {
357 policy_manager_ = ActiveDirectoryPolicyManager::CreateForUserPolicy(
358 AccountId::AdFromUserEmailObjGuid("bla", "ble"),
359 true /* wait_for_policy_fetch */, base::TimeDelta::FromDays(365),
360 std::move(exit_session_), std::move(mock_store_unique_ptr_));
361 ASSERT_TRUE(policy_manager_);
362 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
363
364 // Configure mock policy fetch to fail.
365 mock_client_->SetRefreshUserPolicyCallbackSuccess(false);
366
367 // Trigger mock policy fetch from authpolicyd.
368 policy_manager_->Init(&schema_registry_);
369
370 ExpectSessionExit();
371
372 // Simulate policy fetch timeout.
373 policy_manager_->ForceTimeoutForTest();
374 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
375
376 ExpectSessionExited();
377
378 // Process reply for mock policy fetch.
379 base::RunLoop().RunUntilIdle();
380 EXPECT_FALSE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
381
382 // Simulate successful store load.
383 mock_store_->policy_ = base::MakeUnique<enterprise_management::PolicyData>();
384 mock_store_->NotifyStoreLoaded();
385 EXPECT_TRUE(policy_manager_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
386 }
387
388 } // namespace policy
OLDNEW
« chrome/browser/chromeos/policy/active_directory_policy_manager.cc ('K') | « chrome/browser/chromeos/policy/active_directory_policy_manager.cc ('k') | chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h » ('j') | chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698