chrome/browser/policy/test/policy_testserver.py - Issue 341043005: Wire up component cloud policy to device local accounts.

Unified Diff: chrome/browser/policy/test/policy_testserver.py

Issue 341043005: Wire up component cloud policy to device local accounts. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: fix tests Created 6 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« chrome/browser/chromeos/policy/device_local_account_policy_service.cc ('K') | « chrome/browser/chromeos/policy/device_local_account_policy_service.cc ('k') | chromeos/chromeos_paths.h » ('j') | chromeos/chromeos_paths.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/browser/policy/test/policy_testserver.py

diff --git a/chrome/browser/policy/test/policy_testserver.py b/chrome/browser/policy/test/policy_testserver.py

index 413745514f45d63b93c3861ce25f2f4f7e5d5b54..81b6bd5357f9920a1736213730b8c8f99520a005 100644

--- a/chrome/browser/policy/test/policy_testserver.py

+++ b/chrome/browser/policy/test/policy_testserver.py

@@ -443,6 +443,14 @@ class PolicyRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):

self.server.UpdateStateKeys(token_info['device_token'],

key_update_request.server_backed_state_key)

+ # If this is a publicaccount request then get the username now and use it

bartfab (slow) 2014/06/20 09:17:25 Nit 1: s/publicaccount/|publicaccount|/ Nit 2: s/u

Joao da Silva 2014/06/20 11:48:46 Done.

+ # in every PolicyFetchResponse produced. This is required to validate

+ # policy for extensions in public accounts.

bartfab (slow) 2014/06/20 09:17:25 1: Nit: s/accounts/sessions/ 2: Do we use the |pub

Joao da Silva 2014/06/20 11:48:46 Done.

+ username = self.server.GetPolicies().get('policy_user', None)

bartfab (slow) 2014/06/20 09:17:25 1: Why is this needed? The code is prepared to han

Joao da Silva 2014/06/20 11:48:46 Done.

+ for request in msg.policy_request.request:

+ if request.policy_type == 'google/chromeos/publicaccount':

+ username = request.settings_entity_id

bartfab (slow) 2014/06/20 09:17:25 What happens if we get requests for multiple publi

Joao da Silva 2014/06/20 11:48:46 Then this doesn't work :-) The current client impl

response = dm.DeviceManagementResponse()

for request in msg.policy_request.request:

if (request.policy_type in

@@ -456,7 +464,7 @@ class PolicyRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):

self.ProcessCloudPolicy(request, token_info, fetch_response)

elif request.policy_type == 'google/chrome/extension':

self.ProcessCloudPolicyForExtensions(

- request, response.policy_response, token_info)

+ request, response.policy_response, token_info, username)

else:

fetch_response.error_code = 400

fetch_response.error_message = 'Invalid policy_type'

@@ -628,7 +636,8 @@ class PolicyRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):

self.SetProtobufMessageField(policy_message, field_descriptor, value)

settings.__getattribute__(field.name).CopyFrom(policy_message)

- def ProcessCloudPolicyForExtensions(self, request, response, token_info):

+ def ProcessCloudPolicyForExtensions(self, request, response, token_info,

+ username):

"""Handles a request for policy for extensions.

A request for policy for extensions is slightly different from the other

@@ -640,6 +649,7 @@ class PolicyRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):

response: The DevicePolicyResponse message for the response. Multiple

PolicyFetchResponses will be appended to this message.

token_info: The token extracted from the request.

+ username: The username for the response.

bartfab (slow) 2014/06/20 09:17:25 Nit: Add "May be None."

Joao da Silva 2014/06/20 11:48:46 Done.

"""

# Send one PolicyFetchResponse for each extension that has

# configuration data at the server.

@@ -649,13 +659,13 @@ class PolicyRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):

# type in the response.

request.settings_entity_id = settings_entity_id

fetch_response = response.response.add()

- self.ProcessCloudPolicy(request, token_info, fetch_response)

+ self.ProcessCloudPolicy(request, token_info, fetch_response, username)

# Don't do key rotations for these messages.

fetch_response.ClearField('new_public_key')

fetch_response.ClearField('new_public_key_signature')

fetch_response.ClearField('new_public_key_verification_signature')

- def ProcessCloudPolicy(self, msg, token_info, response):

+ def ProcessCloudPolicy(self, msg, token_info, response, username=None):

"""Handles a cloud policy request. (New protocol for policy requests.)

Encodes the policy into protobuf representation, signs it and constructs

@@ -666,6 +676,7 @@ class PolicyRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):

token_info: The token extracted from the request.

response: A PolicyFetchResponse message that should be filled with the

response data.

+ username: The username for the response. May be None.

"""

if msg.machine_id:

@@ -746,7 +757,10 @@ class PolicyRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):

if signing_key:

policy_data.public_key_version = current_key_index + 1

- if msg.policy_type == 'google/chromeos/publicaccount':

+ if username:

+ policy_data.username = username

bartfab (slow) 2014/06/20 09:17:25 Why can we not extract the username from |msg| her

Joao da Silva 2014/06/20 11:48:46 Because the |msg| here is one of the repeated Poli

+ elif msg.policy_type == 'google/chromeos/publicaccount':

policy_data.username = msg.settings_entity_id

else:

# For regular user/device policy, there is no way for the testserver to

@@ -960,7 +974,8 @@ class PolicyTestServer(testserver_base.BrokenPipeHandlerMixIn,

dm.DeviceRegisterRequest.DEVICE: [

'google/chromeos/device',

- 'google/chromeos/publicaccount'

+ 'google/chromeos/publicaccount',

+ 'google/chrome/extension'

dm.DeviceRegisterRequest.ANDROID_BROWSER: [

'google/android/user'