Reporting a policy error after detecting mistyped policies.

remoting/host/policy_watcher_unittest.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/basictypes.h"
 #include "base/bind.h"
 #include "base/json/json_writer.h"
 #include "base/message_loop/message_loop.h"
 #include "base/run_loop.h"
 #include "base/synchronization/waitable_event.h"
@@ skipping 45 matching lines @@
   PolicyWatcherTest() : message_loop_(base::MessageLoop::TYPE_IO) {}
 
   void SetUp() override {
     message_loop_proxy_ = base::MessageLoopProxy::current();
 
     // Retaining a raw pointer to keep control over policy contents.
     policy_loader_ = new policy::FakeAsyncPolicyLoader(message_loop_proxy_);
     policy_watcher_ =
         PolicyWatcher::CreateFromPolicyLoader(make_scoped_ptr(policy_loader_));
 
-    schema_ = policy::Schema::Wrap(policy::GetChromeSchemaData());
-
     nat_true_.SetBoolean(policy::key::kRemoteAccessHostFirewallTraversal, true);
     nat_false_.SetBoolean(policy::key::kRemoteAccessHostFirewallTraversal,
                           false);
     nat_one_.SetInteger(policy::key::kRemoteAccessHostFirewallTraversal, 1);
     domain_empty_.SetString(policy::key::kRemoteAccessHostDomain,
                             std::string());
     domain_full_.SetString(policy::key::kRemoteAccessHostDomain, kHostDomain);
     SetDefaults(nat_true_others_default_);
     nat_true_others_default_.SetBoolean(
         policy::key::kRemoteAccessHostFirewallTraversal, true);
@@ skipping 88 matching lines @@
     policy::PolicyMap& policy_map = policy_bundle.Get(policy_namespace);
     policy_map.LoadFrom(&dict, policy::POLICY_LEVEL_MANDATORY,
                         policy::POLICY_SCOPE_MACHINE);
 
     // Simulate a policy file/registry/preference update.
     policy_loader_->SetPolicies(policy_bundle);
     policy_loader_->PostReloadOnBackgroundThread(true /* force reload asap */);
     base::RunLoop().RunUntilIdle();
   }
 
-  void SignalTransientErrorForTest() {
-    policy_watcher_->SignalTransientPolicyError();
+  const policy::Schema* GetPolicySchema() {
+    return policy_watcher_->GetPolicySchema();
   }
 
-  const policy::Schema* GetPolicySchema() { return &schema_; }
-
   const base::DictionaryValue& GetDefaultValues() {
     return *(policy_watcher_->default_values_);
   }
 
   MOCK_METHOD0(PostPolicyWatcherShutdown, void());
 
   static const char* kHostDomain;
   static const char* kPortRange;
   base::MessageLoop message_loop_;
   scoped_refptr<base::MessageLoopProxy> message_loop_proxy_;
@@ skipping 25 matching lines @@
   base::DictionaryValue nat_false_overridden_others_default_;
   base::DictionaryValue pairing_true_;
   base::DictionaryValue pairing_false_;
   base::DictionaryValue gnubby_auth_true_;
   base::DictionaryValue gnubby_auth_false_;
   base::DictionaryValue relay_true_;
   base::DictionaryValue relay_false_;
   base::DictionaryValue port_range_full_;
   base::DictionaryValue port_range_empty_;
 
-  policy::Schema schema_;
-
  private:
   void SetDefaults(base::DictionaryValue& dict) {
     dict.SetBoolean(policy::key::kRemoteAccessHostFirewallTraversal, true);
     dict.SetBoolean(policy::key::kRemoteAccessHostAllowRelayedConnection, true);
     dict.SetString(policy::key::kRemoteAccessHostUdpPortRange, "");
     dict.SetString(policy::key::kRemoteAccessHostDomain, std::string());
     dict.SetBoolean(policy::key::kRemoteAccessHostMatchUsername, false);
     dict.SetString(policy::key::kRemoteAccessHostTalkGadgetPrefix,
                    kDefaultHostTalkGadgetPrefix);
     dict.SetBoolean(policy::key::kRemoteAccessHostRequireCurtain, false);
@@ skipping 35 matching lines @@
 }
 
 TEST_F(PolicyWatcherTest, NatFalse) {
   EXPECT_CALL(mock_policy_callback_,
               OnPolicyUpdatePtr(IsPolicies(&nat_false_others_default_)));
 
   SetPolicies(nat_false_);
   StartWatching();
 }
 
-TEST_F(PolicyWatcherTest, NatOne) {
-  EXPECT_CALL(mock_policy_callback_,
-              OnPolicyUpdatePtr(IsPolicies(&nat_false_others_default_)));
+TEST_F(PolicyWatcherTest, NatWrongType) {
+  EXPECT_CALL(mock_policy_callback_, OnPolicyError());
 
   SetPolicies(nat_one_);
   StartWatching();
 }
 
 TEST_F(PolicyWatcherTest, DomainEmpty) {
   EXPECT_CALL(mock_policy_callback_,
               OnPolicyUpdatePtr(IsPolicies(&domain_empty_others_default_)));
 
   SetPolicies(domain_empty_);
@@ skipping 167 matching lines @@
               OnPolicyUpdatePtr(IsPolicies(&port_range_full_)));
   EXPECT_CALL(mock_policy_callback_,
               OnPolicyUpdatePtr(IsPolicies(&port_range_empty_)));
 
   SetPolicies(empty_);
   StartWatching();
   SetPolicies(port_range_full_);
   SetPolicies(port_range_empty_);
 }
 
-const int kMaxTransientErrorRetries = 5;
-
-TEST_F(PolicyWatcherTest, SingleTransientErrorDoesntTriggerErrorCallback) {
-  EXPECT_CALL(mock_policy_callback_, OnPolicyError()).Times(0);
-
-  StartWatching();
-  SignalTransientErrorForTest();
-}
-
-TEST_F(PolicyWatcherTest, MultipleTransientErrorsTriggerErrorCallback) {
-  EXPECT_CALL(mock_policy_callback_, OnPolicyError());
-
-  StartWatching();
-  for (int i = 0; i < kMaxTransientErrorRetries; i++) {
-    SignalTransientErrorForTest();
-  }
-}
-
-TEST_F(PolicyWatcherTest, PolicyUpdateResetsTransientErrorsCounter) {
-  testing::InSequence s;
-  EXPECT_CALL(mock_policy_callback_, OnPolicyUpdatePtr(testing::_));
-  EXPECT_CALL(mock_policy_callback_, OnPolicyError()).Times(0);
-
-  StartWatching();
-  for (int i = 0; i < (kMaxTransientErrorRetries - 1); i++) {
-    SignalTransientErrorForTest();
-  }
-  SetPolicies(nat_true_);
-  for (int i = 0; i < (kMaxTransientErrorRetries - 1); i++) {
-    SignalTransientErrorForTest();
-  }
-}
-
 TEST_F(PolicyWatcherTest, PolicySchemaAndPolicyWatcherShouldBeInSync) {
   // This test verifies that
   // 1) policy schema (generated out of policy_templates.json)
   // and
   // 2) PolicyWatcher's code (i.e. contents of the |default_values_| field)
   // are kept in-sync.
 
-  std::set<std::string> expected_schema_keys;
+  std::map<std::string, base::Value::Type> expected_schema;
   for (base::DictionaryValue::Iterator i(GetDefaultValues()); !i.IsAtEnd();
        i.Advance()) {
-    expected_schema_keys.insert(i.key());
+    expected_schema[i.key()] = i.value().GetType();
   }
 #if defined(OS_WIN)
   // RemoteAccessHostMatchUsername is marked in policy_templates.json as not
   // supported on Windows and therefore is (by design) excluded from the schema.
-  expected_schema_keys.erase(policy::key::kRemoteAccessHostMatchUsername);
+  expected_schema.erase(policy::key::kRemoteAccessHostMatchUsername);
 #endif
 #if defined(NDEBUG)
   // Policy schema / policy_templates.json cannot differ between debug and
   // release builds so we compensate below to account for the fact that
   // PolicyWatcher::default_values_ does differ between debug and release.
-  expected_schema_keys.insert(
-      policy::key::kRemoteAccessHostDebugOverridePolicies);
+  expected_schema[policy::key::kRemoteAccessHostDebugOverridePolicies] =
+      base::Value::TYPE_STRING;
 #endif
 
-  std::set<std::string> actual_schema_keys;
+  std::map<std::string, base::Value::Type> actual_schema;
   const policy::Schema* schema = GetPolicySchema();
   ASSERT_TRUE(schema->valid());
   for (auto it = schema->GetPropertiesIterator(); !it.IsAtEnd(); it.Advance()) {
     std::string key = it.key();
     if (key.find("RemoteAccessHost") == std::string::npos) {
       // For now PolicyWatcher::GetPolicySchema() mixes Chrome and Chromoting
       // policies, so we have to skip them here.
       continue;
     }
-    actual_schema_keys.insert(key);
+    actual_schema[key] = it.schema().type();
   }
 
-  EXPECT_THAT(actual_schema_keys, testing::ContainerEq(expected_schema_keys));
+  EXPECT_THAT(actual_schema, testing::ContainerEq(expected_schema));
+}
+
+TEST_F(PolicyWatcherTest, SchemaTypeCheck) {
+  const policy::Schema* schema = GetPolicySchema();
+  ASSERT_TRUE(schema->valid());
+
+  // Check one, random "string" policy to see if the type propagated correctly
+  // from policy_templates.json file.
+  const policy::Schema string_schema =
+      schema->GetKnownProperty("RemoteAccessHostDomain");
+  EXPECT_TRUE(string_schema.valid());
+  EXPECT_EQ(string_schema.type(), base::Value::Type::TYPE_STRING);
+
+  // And check one, random "boolean" policy to see if the type propagated
+  // correctly from policy_templates.json file.
+  const policy::Schema boolean_schema =
+      schema->GetKnownProperty("RemoteAccessHostRequireCurtain");
+  EXPECT_TRUE(boolean_schema.valid());
+  EXPECT_EQ(boolean_schema.type(), base::Value::Type::TYPE_BOOLEAN);
 }
 
 // Unit tests cannot instantiate PolicyWatcher on ChromeOS
 // (as this requires running inside a browser process).
 #ifndef OS_CHROMEOS
 
 namespace {
 
 void OnPolicyUpdatedDumpPolicy(scoped_ptr<base::DictionaryValue> policies) {
   VLOG(1) << "OnPolicyUpdated callback received the following policies:";
@@ skipping 42 matching lines @@
   }
 
   // Today, the only verification offered by this test is:
   // - Manual verification of policy values dumped by OnPolicyUpdatedDumpPolicy
   // - Automated verification that nothing crashed
 }
 
 #endif
 
 }  // namespace remoting