Reusing names of policy keys from policy_constants.h

components/policy/resources/policy_templates.json

 {
 # policy_templates.json - Metafile for policy templates
 #
 # The content of this file is evaluated as a Python expression.
 #
 # This file is used as input to generate the following policy templates:
 # ADM, ADMX+ADML, MCX/plist and html documentation.
 #
 # Policy templates are user interface definitions or documents about the
 # policies that can be used to configure Chrome. Each policy is a name-value
@@ skipping 105 matching lines @@
 #   templates and documentation. The policy definition list that Chrome sees
 #   will include policies marked with 'future'. If a WIP policy isn't meant to
 #   be seen by the policy providers either, the 'supported_on' key should be set
 #   to an empty list.
 #
 # IDs:
 #   Since a Protocol Buffer definition is generated from this file, unique and
 #   persistent IDs for all fields (but not for groups!) are needed. These are
 #   specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs,
 #   because doing so would break the deployed wire format!
-#   For your editing convenience: highest ID currently used: 284
+#   For your editing convenience: highest ID currently used: 289
 #
 # Placeholders:
 #   The following placeholder strings are automatically substituted:
 #     $1 -> Google Chrome / Chromium
 #     $2 -> Google Chrome OS / Chromium OS
 #     $3 -> Google Chrome Frame / Chromium Frame
 #     $6 is reserved for doc_writer
 #
 # Device Policy:
 #   An additional flag device_only (optional, defaults to False) indicates
@@ skipping 601 matching lines @@
             'dynamic_refresh': True,
             'per_profile': False,
           },
           'example_value': '12400-12409',
           'id': 264,
           'caption': '''Restrict the UDP port range used by the remote access host''',
           'desc': '''Restricts the UDP port range used by the remote access host in this machine.
 
           If this policy is left not set, or if it is set to an empty string, the remote access host will be allowed to use any available port, unless the policy <ph name="REMOTEACCESSHOSTFIREWALLTRAVERSAL_POLICY_NAME">RemoteAccessHostFirewallTraversal</ph> is disabled, in which case the remote access host will use UDP ports in the 12400-12409 range.''',
         },
+        {
+          'name': 'RemoteAccessHostMatchUsername',
+          'type': 'main',
+          'schema': { 'type': 'boolean' },
+          'supported_on': ['chrome_os:25-', 'chrome.linux:25-', 'chrome.mac:25-'],
+          'features': {
+            'dynamic_refresh': True,
+            'per_profile': False,
+          },
+          'example_value': False,
+          'id': 285,
+          'caption': '''Requires that the name of the local user and the remote access host owner match''',
+          'desc': '''Requires that the name of the local user and the remote access host owner match.
+
+          If this setting is enabled, then the remote access host compares the name of the local user (that the host is associated with) and the name of the Google account registered as the host owner (i.e. "johndoe" if the host is owned by "johndoe@example.com" Google account).  The remote access host will not start if the name of the host owner is different from the name of the local user that the host is associated with.  RemoteAccessHostMatchUsername policy should be used together with RemoteAccessHostDomain to also enforce that the Google account of the host owner is associated with a specific domain (i.e. "example.com").
+
+          If this setting is disabled or not set, then the remote access host can be associated with any local user.''',
+        },
+        {
+          'name': 'RemoteAccessHostTokenUrl',
+          'type': 'string',
+          'schema': { 'type': 'string' },
+          'supported_on': ['chrome.*:28-'],

[bartfab (slow), 2015/01/13 18:49:45]

Note that |chrome.*| does not include Chrome OS. If the policy is supported on
Chrome OS as well, you need to also set |chrome_os:28-|.

[Łukasz Anforowicz, 2015/01/13 20:10:24]

Thanks for pointing this out.  Fixed/done.

I noticed that this was also missing for the old policies, because Chromoting
*into* Chrome OS was not supported until 41 (thanks to Kelvin for helping me
understand the version/support here).  I've fixed this for the old policies as
well (and fixed version number in one of the new policies).

Full disclosure: Chromoting *into* Chrome OS is only supported in "it2me" /
"Remote Assistance" mode.  We still do not support "me2me" / "My Computers" mode
for Chromoting into Chrome OS.

+          'features': {
+            'dynamic_refresh': True,
+            'per_profile': False,
+          },
+          'example_value': 'https://example.com/issue',
+          'id': 286,
+          'caption': '''URL where remote access clients should obtain their authentication token''',
+          'desc': '''URL where remote access clients should obtain their authentication token.
+
+          If this policy is set, the remote access host will require authenticating clients to obtain an authentication token from this URL in order to connect. Must be used in conjunction with RemoteAccessHostTokenValidationUrl.
+
+          This feature is currently disabled server-side.''',
+        },
+        {
+          'name': 'RemoteAccessHostTokenValidationUrl',
+          'type': 'string',
+          'schema': { 'type': 'string' },
+          'supported_on': ['chrome.*:28-'],
+          'features': {
+            'dynamic_refresh': True,
+            'per_profile': False,
+          },
+          'example_value': 'https://example.com/validate',
+          'id': 287,
+          'caption': '''URL for validating remote access client authentication token''',
+          'desc': '''URL for validating remote access client authentication token.
+
+          If this policy is set, the remote access host will use this URL to validate authentication tokens from remote access clients, in order to accept connections. Must be used in conjunction with RemoteAccessHostTokenUrl.
+
+          This feature is currently disabled server-side.''',
+        },
+        {
+          'name': 'RemoteAccessHostTokenValidationCertificateIssuer',
+          'type': 'string',
+          'schema': { 'type': 'string' },
+          'supported_on': ['chrome.*:28-'],
+          'features': {
+            'dynamic_refresh': True,
+            'per_profile': False,
+          },
+          'example_value': 'Example Certificate Authority',
+          'id': 288,
+          'caption': '''Client certificate for connecting to RemoteAccessHostTokenValidationUrl''',
+          'desc': '''Client certificate for connecting to RemoteAccessHostTokenValidationUrl.
+
+          If this policy is set, the host will use a client certificate with the given issuer CN to authenticate to RemoteAccessHostTokenValidationUrl. Set it to "*" to use any available client certificate.
+
+          This feature is currently disabled server-side.''',
+        },
+        {
+          'name': 'RemoteAccessHostDebugOverridePolicies',
+          'type': 'string',
+          'schema': { 'type': 'string' },
+          'supported_on': ['chrome.*:25-'],
+          'features': {
+            'dynamic_refresh': True,
+            'per_profile': False,
+          },
+          'example_value': '{ "RemoteAccessHostMatchUsername": true }',
+          'id': 289,
+          'caption': '''Policy overrides for Debug builds of the remote access host''',
+          'desc': '''Overrides policies on Debug builds of the remote access host.
+
+          The value is parsed as a JSON dictionary of policy name to policy value mappings.''',
+        },
       ],
     },
     {
       'name': 'PrintingEnabled',
       'type': 'main',
       'schema': { 'type': 'boolean' },
       'supported_on': ['chrome.*:8-', 'chrome_os:11-', 'android:39-'],
       'features': {
         'dynamic_refresh': True,
         'per_profile': True,
@@ skipping 6403 matching lines @@
       'desc': '''Text appended in parentheses next to the policies top-level container to indicate that those policies are of the Recommended level''',
       'text': 'Default Settings (users can override)',
     },
     'doc_complex_policies_on_windows': {
       'desc': '''Text pointing the user to a help article for complex policies on Windows''',
       'text': '''encoded as a JSON string, for details see <ph name="COMPLEX_POLICIES_URL">http://www.chromium.org/administrators/complex-policies-on-windows<ex>http://www.chromium.org/administrators/complex-policies-on-windows</ex></ph>''',
     },
   },
   'placeholders': [],
 }