Index: chrome/browser/chromeos/policy/active_directory_policy_manager.h |
diff --git a/chrome/browser/chromeos/policy/active_directory_policy_manager.h b/chrome/browser/chromeos/policy/active_directory_policy_manager.h |
index 46cf742e3f35dd633174965ce6ff71098e0418d7..ad0f4da96f16e76eaa751feabce1ce10247e93d5 100644 |
--- a/chrome/browser/chromeos/policy/active_directory_policy_manager.h |
+++ b/chrome/browser/chromeos/policy/active_directory_policy_manager.h |
@@ -7,8 +7,11 @@ |
#include <memory> |
+#include "base/bind.h" |
#include "base/macros.h" |
#include "base/memory/weak_ptr.h" |
+#include "base/time/time.h" |
+#include "base/timer/timer.h" |
#include "components/policy/core/common/cloud/cloud_policy_store.h" |
#include "components/policy/core/common/configuration_policy_provider.h" |
#include "components/policy/core/common/policy_scheduler.h" |
@@ -33,6 +36,9 @@ class ActiveDirectoryPolicyManager : public ConfigurationPolicyProvider, |
// Create manager for |accound_id| user policy. |
static std::unique_ptr<ActiveDirectoryPolicyManager> CreateForUserPolicy( |
const AccountId& account_id, |
+ bool wait_for_policy_fetch, |
+ base::TimeDelta initial_policy_fetch_timeout, |
+ base::OnceClosure exit_session, |
std::unique_ptr<CloudPolicyStore> store); |
// ConfigurationPolicyProvider: |
@@ -47,10 +53,20 @@ class ActiveDirectoryPolicyManager : public ConfigurationPolicyProvider, |
CloudPolicyStore* store() const { return store_.get(); } |
+ // Helper function to force a policy fetch timeout. |
+ void ForceTimeoutForTest(); |
+ |
private: |
- // |account_id| specifies the user to manage policy for. If |account_id| is |
- // empty, device policy is managed. |
+ // |account_id| specifies the user to manage policy for. If |account_id| is |
+ // empty, device policy is managed. If |wait_for_policy_fetch| is true, |
+ // IsInitializationComplete() is forced to false until either there has been a |
+ // successful policy fetch from the server or |initial_policy_fetch_timeout| |
+ // has expired. (The timeout may be set to TimeDelta::Max() to block |
+ // permanently.) |
ActiveDirectoryPolicyManager(const AccountId& account_id, |
+ bool wait_for_policy_fetch, |
+ base::TimeDelta initial_policy_fetch_timeout, |
+ base::OnceClosure exit_session, |
std::unique_ptr<CloudPolicyStore> store); |
// Publish the policy that's currently cached in the store. |
@@ -60,12 +76,45 @@ class ActiveDirectoryPolicyManager : public ConfigurationPolicyProvider, |
// |callback|. |
void DoFetch(PolicyScheduler::TaskCallback callback); |
- // Called by scheduler with result of policy fetch. |
+ // Called by scheduler with result of policy fetch. This covers policy |
+ // download, parsing and storing into session_manager. (To access and publish |
+ // the policy, the store needs to be reloaded from session_manager.) |
void OnPolicyFetched(bool success); |
+ // Called when |policy_fetch_timeout_| times out, to cancel the blocking wait |
emaxx
2017/07/12 20:18:20
nit: s/policy_fetch_timeout_/initial_policy_timeou
Thiemo Nagel
2017/07/14 12:18:55
Done.
|
+ // for the initial policy fetch. |
+ void OnBlockingFetchTimeout(); |
+ |
+ // Cancels waiting for the initial policy fetch and flags the |
+ // ConfigurationPolicyProvider ready (assuming all other initialization tasks |
+ // have completed). |success| denotes whether the policy fetch was successful. |
+ void CancelWaitForPolicy(bool success); |
emaxx
2017/07/12 20:18:20
nit: Maybe add s/ForPolicy/ForInitialPolicy/ (or e
Thiemo Nagel
2017/07/14 12:18:55
Thanks. Done. I'm not adding Fetch because a Load
|
+ |
const AccountId account_id_; |
- std::unique_ptr<CloudPolicyStore> store_; |
+ // Whether we're waiting for a policy fetch to complete before reporting |
+ // IsInitializationComplete(). |
+ bool waiting_for_initial_policy_fetch_; |
+ |
+ // Whether the user session is continued in case of failure of initial policy |
+ // fetch. |
+ bool initial_policy_fetch_may_fail_; |
+ |
+ // Whether policy fetch has ever been reported as completed by authpolicyd. |
+ bool fetch_ever_completed_ = false; |
+ |
+ // Whether policy fetch has ever been reported as successful by authpolicyd. |
+ bool fetch_ever_succeeded_ = false; |
+ |
+ // A timer that puts a hard limit on the maximum time to wait for the initial |
+ // policy fetch/load. |
+ base::Timer initial_policy_timeout_{false /* retain_user_task */, |
emaxx
2017/07/12 20:18:20
nit: If you're not opposed to too long names, I'd
Thiemo Nagel
2017/07/14 12:18:55
Same as above, I think writing "fetch" hides the f
|
+ false /* is_repeating */}; |
+ |
+ // Callback to exit the session. |
+ base::OnceClosure exit_session_; |
+ |
+ std::unique_ptr<CloudPolicyStore> store_; |
std::unique_ptr<PolicyScheduler> scheduler_; |
// Must be last member. |