| blob | 41e87f7341b39dfb9b1dbec9887d6f01f2fe28dd |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef COMPONENTS_POLICY_CORE_COMMON_CLOUD_CLOUD_POLICY_CLIENT_H_
6 #define COMPONENTS_POLICY_CORE_COMMON_CLOUD_CLOUD_POLICY_CLIENT_H_
8 #include <map>
9 #include <set>
10 #include <string>
11 #include <utility>
12 #include <vector>
27 }
34 // Implements the core logic required to talk to the device management service.
35 // Also keeps track of the current state of the association with the service,
36 // such as whether there is a valid registration (DMToken is present in that
37 // case) and whether and what errors occurred in the latest request.
38 //
39 // Note that CloudPolicyClient doesn't do any validation of policy responses
40 // such as signature and time stamp checks. These happen once the policy gets
41 // installed in the cloud policy cache.
44 // Maps a (policy type, settings entity ID) pair to its corresponding
45 // PolicyFetchResponse.
49 // A callback which receives boolean status of an operation. If the operation
50 // succeeded, |status| is true.
53 // A callback which receives fetched remote commands.
55 DeviceManagementStatus,
58 // Observer interface for state and policy changes.
63 // Called when a policy fetch completes successfully. If a policy fetch
64 // triggers an error, OnClientError() will fire.
67 // Called upon registration state changes. This callback is invoked for
68 // successful completion of registration and unregistration requests.
71 // Called when a request for device robot OAuth2 authorization tokens
72 // returns successfully. Only occurs during enrollment. Optional
73 // (default implementation is a noop).
76 // Indicates there's been an error in a previously-issued request.
78 };
80 // |provider| and |service| are weak pointers and it's the caller's
81 // responsibility to keep them valid for the lifetime of CloudPolicyClient.
82 // |verification_key_hash| contains an identifier telling the DMServer which
83 // verification key to use.
92 // Sets the DMToken, thereby establishing a registration with the server. A
93 // policy fetch is not automatically issued but can be requested by calling
94 // FetchPolicy().
98 // Attempts to register with the device management service. Results in a
99 // registration change or error notification.
108 // Sets information about a policy invalidation. Subsequent fetch operations
109 // will use the given info, and callers can use fetched_invalidation_version
110 // to determine which version of policy was fetched.
113 // Requests a policy fetch. The client being registered is a prerequisite to
114 // this operation and this call will CHECK if the client is not in registered
115 // state. FetchPolicy() triggers a policy fetch from the cloud. A policy
116 // change notification is reported to the observers and the new policy blob
117 // can be retrieved once the policy fetch operation completes. In case of
118 // multiple requests to fetch policy, new requests will cancel any pending
119 // requests and the latest request will eventually trigger notifications.
122 // Requests OAuth2 auth codes for the device robot account. The client being
123 // registered is a prerequisite to this operation and this call will CHECK if
124 // the client is not in registered state.
127 // Sends an unregistration request to the server.
130 // Upload a device certificate to the server. Like FetchPolicy, this method
131 // requires that the client is in a registered state. |certificate_data| must
132 // hold the X.509 certificate data to be sent to the server. The |callback|
133 // will be called when the operation completes.
137 // Uploads device/session status to the server. As above, the client must be
138 // in a registered state. If non-null, |device_status| and |session_status|
139 // will be included in the upload status request. The |callback| will be
140 // called when the operation completes.
146 // Attempts to fetch remote commands, with |last_command_id| being the ID of
147 // the last command that finished execution and |command_results| being
148 // results for previous commands which have not been reported yet. The
149 // |callback| will be called when the operation completes.
150 // Note that sending |last_command_id| will acknowledge this command and any
151 // previous commands. A nullptr indicates that no commands have finished
152 // execution.
156 command_results,
159 // Sends a device attribute update permission request to the server, uses
160 // OAuth2 token |auth_token| to identify user who requests a permission to
161 // name a device, calls a |callback| from the enrollment screen to indicate
162 // whether the device naming prompt should be shown.
166 // Sends a device naming information (Asset Id and Location) to the
167 // device management server, uses OAuth2 token |auth_token| to identify user
168 // who names a device, the |callback| will be called when the operation
169 // completes.
175 // Adds an observer to be called back upon policy and state changes.
178 // Removes the specified observer.
183 }
187 }
192 }
196 }
198 // FetchPolicy() calls will request this policy type.
199 // If |settings_entity_id| is empty then it won't be set in the
200 // PolicyFetchRequest.
204 // FetchPolicy() calls won't request the given policy type and optional
205 // |settings_entity_id| anymore.
209 // Configures a set of device state keys to transfer to the server in the next
210 // policy fetch. If the fetch is successful, the keys will be cleared so they
211 // are only uploaded once.
214 // Whether the client is registered with the device management service.
220 // The device mode as received in the registration request.
223 // The policy responses as obtained by the last request to the cloud. These
224 // policies haven't gone through verification, so their contents cannot be
225 // trusted. Use CloudPolicyStore::policy() and CloudPolicyStore::policy_map()
226 // instead for making policy decisions.
229 }
231 // Returns the policy response for the (|policy_type|, |settings_entity_id|)
232 // pair if found in |responses()|. Otherwise returns nullptr.
239 }
243 }
245 // Returns the invalidation version that was used for the last FetchPolicy.
246 // Observers can call this method from their OnPolicyFetched method to
247 // determine which at which invalidation version the policy was fetched.
250 }
254 // Returns the number of active requests.
258 // A set of (policy type, settings entity ID) pairs to fetch.
261 // Callback for retries of registration requests.
264 // Callback for registration requests.
266 DeviceManagementStatus status,
270 // Callback for policy fetch requests.
272 DeviceManagementStatus status,
276 // Callback for robot account api authorization requests.
278 DeviceManagementStatus status,
282 // Callback for unregistration requests.
284 DeviceManagementStatus status,
288 // Callback for certificate upload requests.
292 DeviceManagementStatus status,
296 // Callback for status upload requests.
300 DeviceManagementStatus status,
304 // Callback for remote command fetch requests.
308 DeviceManagementStatus status,
312 // Callback for device attribute update permission requests.
316 DeviceManagementStatus status,
320 // Callback for device attribute update requests.
324 DeviceManagementStatus status,
328 // Helper to remove a job from request_jobs_.
331 // Observer notification helpers.
337 // Data necessary for constructing policy requests.
341 PolicyTypeSet types_to_fetch_;
345 DeviceMode device_mode_;
353 // Information for the latest policy invalidation received.
354 int64 invalidation_version_;
357 // The invalidation version used for the most recent fetch operation.
358 int64 fetched_invalidation_version_;
360 // Used for issuing requests to the cloud.
363 // Only one outstanding policy fetch is allowed, so this is tracked in
364 // its own member variable.
367 // All of the outstanding non-policy-fetch request jobs. These jobs are
368 // silently cancelled if Unregister() is called.
371 // The policy responses returned by the last policy fetch operation.
372 ResponseMap responses_;
373 DeviceManagementStatus status_;
380 };