Implement device-local account policy pushing

chrome/browser/chromeos/policy/device_local_account_policy_service.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_POLICY_SERVICE_H_
 #define CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_POLICY_SERVICE_H_
 
 #include <map>
 #include <set>
 #include <string>
 
 #include "base/basictypes.h"
 #include "base/callback.h"
 #include "base/compiler_specific.h"
 #include "base/files/file_path.h"
 #include "base/memory/ref_counted.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/observer_list.h"
 #include "chrome/browser/chromeos/extensions/device_local_account_external_policy_loader.h"
+#include "chrome/browser/chromeos/policy/affiliated_invalidation_service_provider.h"
 #include "chrome/browser/chromeos/policy/device_local_account_extension_tracker.h"
 #include "chrome/browser/chromeos/policy/device_local_account_external_data_manager.h"
 #include "chrome/browser/chromeos/settings/cros_settings.h"
 #include "components/policy/core/common/cloud/cloud_policy_core.h"
 #include "components/policy/core/common/cloud/cloud_policy_store.h"
 #include "components/policy/core/common/cloud/component_cloud_policy_service.h"
 #include "components/policy/core/common/schema_registry.h"
 
 namespace base {
 class SequencedTaskRunner;
 }
 
 namespace chromeos {
 class DeviceSettingsService;
 class SessionManagerClient;
 }
 
+namespace invalidation {
+class InvalidationService;
+}
+
 namespace net {
 class URLRequestContextGetter;
 }
 
 namespace policy {
 
+class CloudPolicyInvalidator;
 struct DeviceLocalAccount;
 class DeviceLocalAccountExternalDataService;
 class DeviceLocalAccountPolicyStore;
 class DeviceManagementService;
 
 // The main switching central that downloads, caches, refreshes, etc. policy for
 // a single device-local account.
 class DeviceLocalAccountPolicyBroker
     : public CloudPolicyStore::Observer,
-      public ComponentCloudPolicyService::Delegate {
+      public ComponentCloudPolicyService::Delegate,
+      public AffiliatedInvalidationServiceProvider::Consumer {
  public:
+  // |invalidation_service_provider| must outlive |this|.
   // |policy_update_callback| will be invoked to notify observers that the
   // policy for |account| has been updated.
   // |task_runner| is the runner for policy refresh tasks.
   DeviceLocalAccountPolicyBroker(
+      AffiliatedInvalidationServiceProvider* invalidation_service_provider,

[pneubeck (no reviews), 2015/01/30 14:23:58]

nitty: 
 non const& arguments tend to be add the end of the argument list

[bartfab (slow), 2015/02/03 18:31:06]

Done.

       const DeviceLocalAccount& account,
       const base::FilePath& component_policy_cache_path,
       scoped_ptr<DeviceLocalAccountPolicyStore> store,
       scoped_refptr<DeviceLocalAccountExternalDataManager>
           external_data_manager,
       const base::Closure& policy_updated_callback,
       const scoped_refptr<base::SequencedTaskRunner>& task_runner);
   ~DeviceLocalAccountPolicyBroker() override;
 
   // Initialize the broker, loading its |store_|.
@@ skipping 34 matching lines @@
   // empty string if the policy is not present.
   std::string GetDisplayName() const;
 
   // CloudPolicyStore::Observer:
   void OnStoreLoaded(CloudPolicyStore* store) override;
   void OnStoreError(CloudPolicyStore* store) override;
 
   // ComponentCloudPolicyService::Delegate:
   void OnComponentCloudPolicyUpdated() override;
 
+  // AffiliatedInvalidationServiceProvider::Consumer:
+  void OnInvalidationServiceSet(
+      invalidation::InvalidationService* invalidation_service) override;
+
+  CloudPolicyInvalidator* GetInvalidatorForTest() const;
+
  private:
+  bool IsConnected();

[pneubeck (no reviews), 2015/01/30 14:23:58]

could have a comment

[bartfab (slow), 2015/02/03 18:31:06]

Added comment. Also, renamed this to HasClient(). The old name, IsConnected(),
was misleading as having a CloudPolicyClient in place does not mean that the
client actually managed to connect correctly.

+
   void CreateComponentCloudPolicyService(
       const scoped_refptr<net::URLRequestContextGetter>& request_context,
       CloudPolicyClient* client);
 
+  // Creates an |invalidator_| if an |invalidation_service_| is available and
+  // the |core_| is connected.
+  void CreateInvalidatorIfPossible();
+
+  void DestroyInvalidator();
+
+  AffiliatedInvalidationServiceProvider* invalidation_service_provider_;
   const std::string account_id_;
   const std::string user_id_;
   const base::FilePath component_policy_cache_path_;
   SchemaRegistry schema_registry_;
   const scoped_ptr<DeviceLocalAccountPolicyStore> store_;
   DeviceLocalAccountExtensionTracker extension_tracker_;
   scoped_refptr<DeviceLocalAccountExternalDataManager> external_data_manager_;
   scoped_refptr<chromeos::DeviceLocalAccountExternalPolicyLoader>
       extension_loader_;
   CloudPolicyCore core_;
   scoped_ptr<ComponentCloudPolicyService> component_policy_service_;
   base::Closure policy_update_callback_;
 
+  int64 highest_handled_invalidation_version_;
+  invalidation::InvalidationService* invalidation_service_;
+  scoped_ptr<CloudPolicyInvalidator> invalidator_;
+
   DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyBroker);
 };
 
 // Manages user policy blobs for device-local accounts present on the device.
 // The actual policy blobs are brokered by session_manager (to prevent file
 // manipulation), and we're making signature checks on the policy blobs to
 // ensure they're issued by the device owner.
 class DeviceLocalAccountPolicyService {
  public:
   // Interface for interested parties to observe policy changes.
   class Observer {
    public:
     virtual ~Observer() {}
 
     // Policy for the given |user_id| has changed.
     virtual void OnPolicyUpdated(const std::string& user_id) = 0;
 
     // The list of accounts has been updated.
     virtual void OnDeviceLocalAccountsChanged() = 0;
   };
 
   DeviceLocalAccountPolicyService(
       chromeos::SessionManagerClient* session_manager_client,
       chromeos::DeviceSettingsService* device_settings_service,
       chromeos::CrosSettings* cros_settings,
+      AffiliatedInvalidationServiceProvider* invalidation_service_provider,
       scoped_refptr<base::SequencedTaskRunner> store_background_task_runner,
       scoped_refptr<base::SequencedTaskRunner> extension_cache_task_runner,
       scoped_refptr<base::SequencedTaskRunner>
           external_data_service_backend_task_runner,
       scoped_refptr<base::SequencedTaskRunner> io_task_runner,
       scoped_refptr<net::URLRequestContextGetter> request_context);
   virtual ~DeviceLocalAccountPolicyService();
 
   // Shuts down the service and prevents further policy fetches from the cloud.
   void Shutdown();
@@ skipping 54 matching lines @@
   DeviceLocalAccountPolicyBroker* GetBrokerForStore(CloudPolicyStore* store);
 
   // Notifies the |observers_| that the policy for |user_id| has changed.
   void NotifyPolicyUpdated(const std::string& user_id);
 
   ObserverList<Observer, true> observers_;
 
   chromeos::SessionManagerClient* session_manager_client_;
   chromeos::DeviceSettingsService* device_settings_service_;
   chromeos::CrosSettings* cros_settings_;
+  AffiliatedInvalidationServiceProvider* invalidation_service_provider_;
 
   DeviceManagementService* device_management_service_;
 
   // The device-local account policy brokers, keyed by user ID.
   PolicyBrokerMap policy_brokers_;
 
   // Whether a call to UpdateAccountList() is pending because |cros_settings_|
   // are not trusted yet.
   bool waiting_for_cros_settings_;
 
@@ skipping 26 matching lines @@
   base::FilePath component_policy_cache_root_;
 
   base::WeakPtrFactory<DeviceLocalAccountPolicyService> weak_factory_;
 
   DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyService);
 };
 
 }  // namespace policy
 
 #endif  // CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_POLICY_SERVICE_H_