Purge cache when the server removes the policy for an extension.

components/policy/core/common/cloud/cloud_policy_client.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef COMPONENTS_POLICY_CORE_COMMON_CLOUD_CLOUD_POLICY_CLIENT_H_
 #define COMPONENTS_POLICY_CORE_COMMON_CLOUD_CLOUD_POLICY_CLIENT_H_
 
 #include <map>
 #include <set>
 #include <string>
@@ skipping 20 matching lines @@
 // Implements the core logic required to talk to the device management service.
 // Also keeps track of the current state of the association with the service,
 // such as whether there is a valid registration (DMToken is present in that
 // case) and whether and what errors occurred in the latest request.
 //
 // Note that CloudPolicyClient doesn't do any validation of policy responses
 // such as signature and time stamp checks. These happen once the policy gets
 // installed in the cloud policy cache.
 class POLICY_EXPORT CloudPolicyClient {
  public:
+  // A set of PolicyNamespaceKeys to fetch.
+  typedef std::set<PolicyNamespaceKey> NamespaceSet;
+
   // Maps a PolicyNamespaceKey to its corresponding PolicyFetchResponse.
   typedef std::map<PolicyNamespaceKey,
                    enterprise_management::PolicyFetchResponse*> ResponseMap;
 
   // A callback which receives boolean status of an operation.  If the operation
   // succeeded, |status| is true.
   typedef base::Callback<void(bool status)> StatusCallback;
 
   // Observer interface for state and policy changes.
   class POLICY_EXPORT Observer {
@@ skipping 138 matching lines @@
   DeviceMode device_mode() const { return device_mode_; }
 
   // The policy responses as obtained by the last request to the cloud. These
   // policies haven't gone through verification, so their contents cannot be
   // trusted. Use CloudPolicyStore::policy() and CloudPolicyStore::policy_map()
   // instead for making policy decisions.
   const ResponseMap& responses() const {
     return responses_;
   }
 
+  // Returns a set with the policy namespaces that were included in the fetch
+  // request that produced the current |responses()|. This can be used to
+  // determine if a namespace is missing because it wasn't requested or because
+  // the server didn't include a response.

[Mattias Nissler (ping if slow), 2014/11/26 13:44:14]

Hm, this moves the responsibility to do the diffing on calling code. Can't we
just store NULL entries in the map returned by responses()?

Following up on the offline conversation: How about we pass the PolicyNamespace
set for extensions to the client and have the client reduce it to just a single
PolicyNamespace(EXTENSIONS, "") for the request? Then, we'd have all requested
namespaces present in ResponseMap, and a NULL indicates that the server didn't
provide a response.

After another discussion, there's the problem here that we'd all the namespaces
to be added before making the first fetch, which causes initialization
nightmares. Needs further thought.

+  const NamespaceSet& namespaces_requested() const {
+    return namespaces_requested_;
+  }
+
   // Returns the policy response for |policy_ns_key|, if found in |responses()|;
   // otherwise returns NULL.
   const enterprise_management::PolicyFetchResponse* GetPolicyFor(
       const PolicyNamespaceKey& policy_ns_key) const;
 
   DeviceManagementStatus status() const {
     return status_;
   }
 
   const std::string& robot_api_auth_code() const {
     return robot_api_auth_code_;
   }
 
   // Returns the invalidation version that was used for the last FetchPolicy.
   // Observers can call this method from their OnPolicyFetched method to
   // determine which at which invalidation version the policy was fetched.
   int64 fetched_invalidation_version() const {
     return fetched_invalidation_version_;
   }
 
   scoped_refptr<net::URLRequestContextGetter> GetRequestContext();
 
  protected:
-  // A set of PolicyNamespaceKeys to fetch.
-  typedef std::set<PolicyNamespaceKey> NamespaceSet;
-
   // Callback for retries of registration requests.
   void OnRetryRegister(DeviceManagementRequestJob* job);
 
   // Callback for registration requests.
   void OnRegisterCompleted(
       DeviceManagementStatus status,
       int net_error,
       const enterprise_management::DeviceManagementResponse& response);
 
   // Callback for policy fetch requests.
   void OnPolicyFetchCompleted(
+      const NamespaceSet& namespaces_requested,
       DeviceManagementStatus status,
       int net_error,
       const enterprise_management::DeviceManagementResponse& response);
 
   // Callback for robot account api authorization requests.
   void OnFetchRobotAuthCodesCompleted(
       DeviceManagementStatus status,
       int net_error,
       const enterprise_management::DeviceManagementResponse& response);
 
@@ skipping 44 matching lines @@
   DeviceManagementService* service_;
   scoped_ptr<DeviceManagementRequestJob> request_job_;
 
   // Status upload data is produced by |status_provider_|.
   StatusProvider* status_provider_;
 
   // The policy responses returned by the last policy fetch operation.
   ResponseMap responses_;
   DeviceManagementStatus status_;
 
+  // The namespaces that were requested in the last successful policy fetch.
+  NamespaceSet namespaces_requested_;
+
   ObserverList<Observer, true> observers_;
   scoped_refptr<net::URLRequestContextGetter> request_context_;
 
  private:
   DISALLOW_COPY_AND_ASSIGN(CloudPolicyClient);
 };
 
 }  // namespace policy
 
 #endif  // COMPONENTS_POLICY_CORE_COMMON_CLOUD_CLOUD_POLICY_CLIENT_H_