Roll src/third_party/WebKit f36d5e0:68b67cd (svn 193299:193303)
[chromium-blink-merge.git] / remoting / host / policy_watcher_unittest.cc
blob98458283f536c83ca829adec985fa76c0f27dc74
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "base/basictypes.h"
6 #include "base/bind.h"
7 #include "base/json/json_writer.h"
8 #include "base/message_loop/message_loop.h"
9 #include "base/run_loop.h"
10 #include "base/synchronization/waitable_event.h"
11 #include "base/test/mock_log.h"
12 #include "components/policy/core/common/fake_async_policy_loader.h"
13 #include "policy/policy_constants.h"
14 #include "remoting/host/dns_blackhole_checker.h"
15 #include "remoting/host/policy_watcher.h"
16 #include "testing/gmock/include/gmock/gmock.h"
17 #include "testing/gtest/include/gtest/gtest.h"
19 namespace remoting {
21 namespace key = ::policy::key;
23 MATCHER_P(IsPolicies, dict, "") {
24 bool equal = arg->Equals(dict);
25 if (!equal) {
26 std::string actual_value;
27 base::JSONWriter::WriteWithOptions(
28 arg, base::JSONWriter::OPTIONS_PRETTY_PRINT, &actual_value);
30 std::string expected_value;
31 base::JSONWriter::WriteWithOptions(
32 dict, base::JSONWriter::OPTIONS_PRETTY_PRINT, &expected_value);
34 *result_listener << "Policies are not equal. ";
35 *result_listener << "Expected policy: " << expected_value << ". ";
36 *result_listener << "Actual policy: " << actual_value << ".";
38 return equal;
41 class MockPolicyCallback {
42 public:
43 MockPolicyCallback(){};
45 // TODO(lukasza): gmock cannot mock a method taking scoped_ptr<T>...
46 MOCK_METHOD1(OnPolicyUpdatePtr, void(const base::DictionaryValue* policies));
47 void OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies) {
48 OnPolicyUpdatePtr(policies.get());
51 MOCK_METHOD0(OnPolicyError, void());
53 private:
54 DISALLOW_COPY_AND_ASSIGN(MockPolicyCallback);
57 class PolicyWatcherTest : public testing::Test {
58 public:
59 PolicyWatcherTest() : message_loop_(base::MessageLoop::TYPE_IO) {}
61 void SetUp() override {
62 // We expect no callbacks unless explicitly specified by individual tests.
63 EXPECT_CALL(mock_policy_callback_, OnPolicyUpdatePtr(testing::_)).Times(0);
64 EXPECT_CALL(mock_policy_callback_, OnPolicyError()).Times(0);
66 message_loop_proxy_ = base::MessageLoopProxy::current();
68 // Retaining a raw pointer to keep control over policy contents.
69 policy_loader_ = new policy::FakeAsyncPolicyLoader(message_loop_proxy_);
70 policy_watcher_ =
71 PolicyWatcher::CreateFromPolicyLoader(make_scoped_ptr(policy_loader_));
73 nat_true_.SetBoolean(key::kRemoteAccessHostFirewallTraversal, true);
74 nat_false_.SetBoolean(key::kRemoteAccessHostFirewallTraversal, false);
75 nat_one_.SetInteger(key::kRemoteAccessHostFirewallTraversal, 1);
76 nat_one_domain_full_.SetInteger(key::kRemoteAccessHostFirewallTraversal, 1);
77 nat_one_domain_full_.SetString(key::kRemoteAccessHostDomain, kHostDomain);
78 domain_empty_.SetString(key::kRemoteAccessHostDomain, std::string());
79 domain_full_.SetString(key::kRemoteAccessHostDomain, kHostDomain);
80 SetDefaults(nat_true_others_default_);
81 nat_true_others_default_.SetBoolean(key::kRemoteAccessHostFirewallTraversal,
82 true);
83 SetDefaults(nat_false_others_default_);
84 nat_false_others_default_.SetBoolean(
85 key::kRemoteAccessHostFirewallTraversal, false);
86 SetDefaults(domain_empty_others_default_);
87 domain_empty_others_default_.SetString(key::kRemoteAccessHostDomain,
88 std::string());
89 SetDefaults(domain_full_others_default_);
90 domain_full_others_default_.SetString(key::kRemoteAccessHostDomain,
91 kHostDomain);
92 nat_true_domain_empty_.SetBoolean(key::kRemoteAccessHostFirewallTraversal,
93 true);
94 nat_true_domain_empty_.SetString(key::kRemoteAccessHostDomain,
95 std::string());
96 nat_true_domain_full_.SetBoolean(key::kRemoteAccessHostFirewallTraversal,
97 true);
98 nat_true_domain_full_.SetString(key::kRemoteAccessHostDomain, kHostDomain);
99 nat_false_domain_empty_.SetBoolean(key::kRemoteAccessHostFirewallTraversal,
100 false);
101 nat_false_domain_empty_.SetString(key::kRemoteAccessHostDomain,
102 std::string());
103 nat_false_domain_full_.SetBoolean(key::kRemoteAccessHostFirewallTraversal,
104 false);
105 nat_false_domain_full_.SetString(key::kRemoteAccessHostDomain, kHostDomain);
106 SetDefaults(nat_true_domain_empty_others_default_);
107 nat_true_domain_empty_others_default_.SetBoolean(
108 key::kRemoteAccessHostFirewallTraversal, true);
109 nat_true_domain_empty_others_default_.SetString(
110 key::kRemoteAccessHostDomain, std::string());
111 unknown_policies_.SetString("UnknownPolicyOne", std::string());
112 unknown_policies_.SetString("UnknownPolicyTwo", std::string());
113 unknown_policies_.SetBoolean("RemoteAccessHostUnknownPolicyThree", true);
115 const char kOverrideNatTraversalToFalse[] =
116 "{ \"RemoteAccessHostFirewallTraversal\": false }";
117 nat_true_and_overridden_.SetBoolean(key::kRemoteAccessHostFirewallTraversal,
118 true);
119 nat_true_and_overridden_.SetString(
120 key::kRemoteAccessHostDebugOverridePolicies,
121 kOverrideNatTraversalToFalse);
122 pairing_true_.SetBoolean(key::kRemoteAccessHostAllowClientPairing, true);
123 pairing_false_.SetBoolean(key::kRemoteAccessHostAllowClientPairing, false);
124 gnubby_auth_true_.SetBoolean(key::kRemoteAccessHostAllowGnubbyAuth, true);
125 gnubby_auth_false_.SetBoolean(key::kRemoteAccessHostAllowGnubbyAuth, false);
126 relay_true_.SetBoolean(key::kRemoteAccessHostAllowRelayedConnection, true);
127 relay_false_.SetBoolean(key::kRemoteAccessHostAllowRelayedConnection,
128 false);
129 port_range_full_.SetString(key::kRemoteAccessHostUdpPortRange, kPortRange);
130 port_range_empty_.SetString(key::kRemoteAccessHostUdpPortRange,
131 std::string());
132 port_range_malformed_.SetString(key::kRemoteAccessHostUdpPortRange,
133 "malformed");
134 port_range_malformed_domain_full_.MergeDictionary(&port_range_malformed_);
135 port_range_malformed_domain_full_.SetString(key::kRemoteAccessHostDomain,
136 kHostDomain);
138 curtain_true_.SetBoolean(key::kRemoteAccessHostRequireCurtain, true);
139 curtain_false_.SetBoolean(key::kRemoteAccessHostRequireCurtain, false);
140 username_true_.SetBoolean(key::kRemoteAccessHostMatchUsername, true);
141 username_false_.SetBoolean(key::kRemoteAccessHostMatchUsername, false);
142 talk_gadget_blah_.SetString(key::kRemoteAccessHostTalkGadgetPrefix, "blah");
143 third_party_auth_partial_.SetString(key::kRemoteAccessHostTokenUrl,
144 "https://token.com");
145 third_party_auth_partial_.SetString(
146 key::kRemoteAccessHostTokenValidationUrl, "https://validation.com");
147 third_party_auth_full_.MergeDictionary(&third_party_auth_partial_);
148 third_party_auth_full_.SetString(
149 key::kRemoteAccessHostTokenValidationCertificateIssuer,
150 "certificate subject");
151 third_party_auth_cert_empty_.MergeDictionary(&third_party_auth_partial_);
152 third_party_auth_cert_empty_.SetString(
153 key::kRemoteAccessHostTokenValidationCertificateIssuer, "");
155 #if !defined(NDEBUG)
156 SetDefaults(nat_false_overridden_others_default_);
157 nat_false_overridden_others_default_.SetBoolean(
158 key::kRemoteAccessHostFirewallTraversal, false);
159 nat_false_overridden_others_default_.SetString(
160 key::kRemoteAccessHostDebugOverridePolicies,
161 kOverrideNatTraversalToFalse);
162 #endif
165 void TearDown() override {
166 policy_watcher_.reset();
167 policy_loader_ = nullptr;
168 base::RunLoop().RunUntilIdle();
171 protected:
172 void StartWatching() {
173 policy_watcher_->StartWatching(
174 base::Bind(&MockPolicyCallback::OnPolicyUpdate,
175 base::Unretained(&mock_policy_callback_)),
176 base::Bind(&MockPolicyCallback::OnPolicyError,
177 base::Unretained(&mock_policy_callback_)));
178 base::RunLoop().RunUntilIdle();
181 void SetPolicies(const base::DictionaryValue& dict) {
182 // Copy |dict| into |policy_bundle|.
183 policy::PolicyNamespace policy_namespace =
184 policy::PolicyNamespace(policy::POLICY_DOMAIN_CHROME, std::string());
185 policy::PolicyBundle policy_bundle;
186 policy::PolicyMap& policy_map = policy_bundle.Get(policy_namespace);
187 policy_map.LoadFrom(&dict, policy::POLICY_LEVEL_MANDATORY,
188 policy::POLICY_SCOPE_MACHINE);
190 // Simulate a policy file/registry/preference update.
191 policy_loader_->SetPolicies(policy_bundle);
192 policy_loader_->PostReloadOnBackgroundThread(true /* force reload asap */);
193 base::RunLoop().RunUntilIdle();
196 const policy::Schema* GetPolicySchema() {
197 return policy_watcher_->GetPolicySchema();
200 const base::DictionaryValue& GetDefaultValues() {
201 return *(policy_watcher_->default_values_);
204 MOCK_METHOD0(PostPolicyWatcherShutdown, void());
206 static const char* kHostDomain;
207 static const char* kPortRange;
208 base::MessageLoop message_loop_;
209 scoped_refptr<base::MessageLoopProxy> message_loop_proxy_;
210 MockPolicyCallback mock_policy_callback_;
212 // |policy_loader_| is owned by |policy_watcher_|. PolicyWatcherTest retains
213 // a raw pointer to |policy_loader_| in order to control the simulated / faked
214 // policy contents.
215 policy::FakeAsyncPolicyLoader* policy_loader_;
216 scoped_ptr<PolicyWatcher> policy_watcher_;
218 base::DictionaryValue empty_;
219 base::DictionaryValue nat_true_;
220 base::DictionaryValue nat_false_;
221 base::DictionaryValue nat_one_;
222 base::DictionaryValue nat_one_domain_full_;
223 base::DictionaryValue domain_empty_;
224 base::DictionaryValue domain_full_;
225 base::DictionaryValue nat_true_others_default_;
226 base::DictionaryValue nat_false_others_default_;
227 base::DictionaryValue domain_empty_others_default_;
228 base::DictionaryValue domain_full_others_default_;
229 base::DictionaryValue nat_true_domain_empty_;
230 base::DictionaryValue nat_true_domain_full_;
231 base::DictionaryValue nat_false_domain_empty_;
232 base::DictionaryValue nat_false_domain_full_;
233 base::DictionaryValue nat_true_domain_empty_others_default_;
234 base::DictionaryValue unknown_policies_;
235 base::DictionaryValue nat_true_and_overridden_;
236 base::DictionaryValue nat_false_overridden_others_default_;
237 base::DictionaryValue pairing_true_;
238 base::DictionaryValue pairing_false_;
239 base::DictionaryValue gnubby_auth_true_;
240 base::DictionaryValue gnubby_auth_false_;
241 base::DictionaryValue relay_true_;
242 base::DictionaryValue relay_false_;
243 base::DictionaryValue port_range_full_;
244 base::DictionaryValue port_range_empty_;
245 base::DictionaryValue port_range_malformed_;
246 base::DictionaryValue port_range_malformed_domain_full_;
247 base::DictionaryValue curtain_true_;
248 base::DictionaryValue curtain_false_;
249 base::DictionaryValue username_true_;
250 base::DictionaryValue username_false_;
251 base::DictionaryValue talk_gadget_blah_;
252 base::DictionaryValue third_party_auth_full_;
253 base::DictionaryValue third_party_auth_partial_;
254 base::DictionaryValue third_party_auth_cert_empty_;
256 private:
257 void SetDefaults(base::DictionaryValue& dict) {
258 dict.SetBoolean(key::kRemoteAccessHostFirewallTraversal, true);
259 dict.SetBoolean(key::kRemoteAccessHostAllowRelayedConnection, true);
260 dict.SetString(key::kRemoteAccessHostUdpPortRange, "");
261 dict.SetString(key::kRemoteAccessHostDomain, std::string());
262 dict.SetBoolean(key::kRemoteAccessHostMatchUsername, false);
263 dict.SetString(key::kRemoteAccessHostTalkGadgetPrefix,
264 kDefaultHostTalkGadgetPrefix);
265 dict.SetBoolean(key::kRemoteAccessHostRequireCurtain, false);
266 dict.SetString(key::kRemoteAccessHostTokenUrl, "");
267 dict.SetString(key::kRemoteAccessHostTokenValidationUrl, "");
268 dict.SetString(key::kRemoteAccessHostTokenValidationCertificateIssuer, "");
269 dict.SetBoolean(key::kRemoteAccessHostAllowClientPairing, true);
270 dict.SetBoolean(key::kRemoteAccessHostAllowGnubbyAuth, true);
271 #if !defined(NDEBUG)
272 dict.SetString(key::kRemoteAccessHostDebugOverridePolicies, "");
273 #endif
275 ASSERT_THAT(&dict, IsPolicies(&GetDefaultValues()))
276 << "Sanity check that defaults expected by the test code "
277 << "match what is stored in PolicyWatcher::default_values_";
281 const char* PolicyWatcherTest::kHostDomain = "google.com";
282 const char* PolicyWatcherTest::kPortRange = "12400-12409";
284 TEST_F(PolicyWatcherTest, None) {
285 EXPECT_CALL(mock_policy_callback_,
286 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
288 SetPolicies(empty_);
289 StartWatching();
292 TEST_F(PolicyWatcherTest, NatTrue) {
293 EXPECT_CALL(mock_policy_callback_,
294 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
296 SetPolicies(nat_true_);
297 StartWatching();
300 TEST_F(PolicyWatcherTest, NatFalse) {
301 EXPECT_CALL(mock_policy_callback_,
302 OnPolicyUpdatePtr(IsPolicies(&nat_false_others_default_)));
304 SetPolicies(nat_false_);
305 StartWatching();
308 TEST_F(PolicyWatcherTest, NatWrongType) {
309 EXPECT_CALL(mock_policy_callback_, OnPolicyError());
311 SetPolicies(nat_one_);
312 StartWatching();
315 // This test verifies that a mistyped policy value is still detected
316 // even though it doesn't change during the second SetPolicies call.
317 TEST_F(PolicyWatcherTest, NatWrongTypeThenIrrelevantChange) {
318 EXPECT_CALL(mock_policy_callback_, OnPolicyError()).Times(2);
320 SetPolicies(nat_one_);
321 StartWatching();
322 SetPolicies(nat_one_domain_full_);
325 // This test verifies that a malformed policy value is still detected
326 // even though it doesn't change during the second SetPolicies call.
327 TEST_F(PolicyWatcherTest, PortRangeMalformedThenIrrelevantChange) {
328 EXPECT_CALL(mock_policy_callback_, OnPolicyError()).Times(2);
330 SetPolicies(port_range_malformed_);
331 StartWatching();
332 SetPolicies(port_range_malformed_domain_full_);
335 TEST_F(PolicyWatcherTest, DomainEmpty) {
336 EXPECT_CALL(mock_policy_callback_,
337 OnPolicyUpdatePtr(IsPolicies(&domain_empty_others_default_)));
339 SetPolicies(domain_empty_);
340 StartWatching();
343 TEST_F(PolicyWatcherTest, DomainFull) {
344 EXPECT_CALL(mock_policy_callback_,
345 OnPolicyUpdatePtr(IsPolicies(&domain_full_others_default_)));
347 SetPolicies(domain_full_);
348 StartWatching();
351 TEST_F(PolicyWatcherTest, NatNoneThenTrue) {
352 EXPECT_CALL(mock_policy_callback_,
353 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
355 SetPolicies(empty_);
356 StartWatching();
357 SetPolicies(nat_true_);
360 TEST_F(PolicyWatcherTest, NatNoneThenTrueThenTrue) {
361 EXPECT_CALL(mock_policy_callback_,
362 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
364 SetPolicies(empty_);
365 StartWatching();
366 SetPolicies(nat_true_);
367 SetPolicies(nat_true_);
370 TEST_F(PolicyWatcherTest, NatNoneThenTrueThenTrueThenFalse) {
371 testing::InSequence sequence;
372 EXPECT_CALL(mock_policy_callback_,
373 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
374 EXPECT_CALL(mock_policy_callback_,
375 OnPolicyUpdatePtr(IsPolicies(&nat_false_)));
377 SetPolicies(empty_);
378 StartWatching();
379 SetPolicies(nat_true_);
380 SetPolicies(nat_true_);
381 SetPolicies(nat_false_);
384 TEST_F(PolicyWatcherTest, NatNoneThenFalse) {
385 testing::InSequence sequence;
386 EXPECT_CALL(mock_policy_callback_,
387 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
388 EXPECT_CALL(mock_policy_callback_,
389 OnPolicyUpdatePtr(IsPolicies(&nat_false_)));
391 SetPolicies(empty_);
392 StartWatching();
393 SetPolicies(nat_false_);
396 TEST_F(PolicyWatcherTest, NatNoneThenFalseThenTrue) {
397 testing::InSequence sequence;
398 EXPECT_CALL(mock_policy_callback_,
399 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
400 EXPECT_CALL(mock_policy_callback_,
401 OnPolicyUpdatePtr(IsPolicies(&nat_false_)));
402 EXPECT_CALL(mock_policy_callback_, OnPolicyUpdatePtr(IsPolicies(&nat_true_)));
404 SetPolicies(empty_);
405 StartWatching();
406 SetPolicies(nat_false_);
407 SetPolicies(nat_true_);
410 TEST_F(PolicyWatcherTest, ChangeOneRepeatedlyThenTwo) {
411 testing::InSequence sequence;
412 EXPECT_CALL(
413 mock_policy_callback_,
414 OnPolicyUpdatePtr(IsPolicies(&nat_true_domain_empty_others_default_)));
415 EXPECT_CALL(mock_policy_callback_,
416 OnPolicyUpdatePtr(IsPolicies(&domain_full_)));
417 EXPECT_CALL(mock_policy_callback_,
418 OnPolicyUpdatePtr(IsPolicies(&nat_false_)));
419 EXPECT_CALL(mock_policy_callback_,
420 OnPolicyUpdatePtr(IsPolicies(&domain_empty_)));
421 EXPECT_CALL(mock_policy_callback_,
422 OnPolicyUpdatePtr(IsPolicies(&nat_true_domain_full_)));
424 SetPolicies(nat_true_domain_empty_);
425 StartWatching();
426 SetPolicies(nat_true_domain_full_);
427 SetPolicies(nat_false_domain_full_);
428 SetPolicies(nat_false_domain_empty_);
429 SetPolicies(nat_true_domain_full_);
432 TEST_F(PolicyWatcherTest, FilterUnknownPolicies) {
433 testing::InSequence sequence;
434 EXPECT_CALL(mock_policy_callback_,
435 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
437 SetPolicies(empty_);
438 StartWatching();
439 SetPolicies(unknown_policies_);
440 SetPolicies(empty_);
443 class MisspelledPolicyTest : public PolicyWatcherTest,
444 public ::testing::WithParamInterface<const char*> {
447 // Verify that a misspelled policy causes a warning written to the log.
448 TEST_P(MisspelledPolicyTest, WarningLogged) {
449 const char* misspelled_policy_name = GetParam();
450 base::test::MockLog mock_log;
452 ON_CALL(mock_log, Log(testing::_, testing::_, testing::_, testing::_,
453 testing::_)).WillByDefault(testing::Return(true));
455 EXPECT_CALL(mock_log,
456 Log(logging::LOG_WARNING, testing::_, testing::_, testing::_,
457 testing::HasSubstr(misspelled_policy_name))).Times(1);
459 EXPECT_CALL(mock_policy_callback_,
460 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
462 base::DictionaryValue misspelled_policies;
463 misspelled_policies.SetString(misspelled_policy_name, "some test value");
464 mock_log.StartCapturingLogs();
466 SetPolicies(misspelled_policies);
467 StartWatching();
469 mock_log.StopCapturingLogs();
472 INSTANTIATE_TEST_CASE_P(
473 PolicyWatcherTest,
474 MisspelledPolicyTest,
475 ::testing::Values("RemoteAccessHostDomainX",
476 "XRemoteAccessHostDomain",
477 "RemoteAccessHostdomain",
478 "RemoteAccessHostPolicyForFutureVersion"));
480 TEST_F(PolicyWatcherTest, DebugOverrideNatPolicy) {
481 #if !defined(NDEBUG)
482 EXPECT_CALL(
483 mock_policy_callback_,
484 OnPolicyUpdatePtr(IsPolicies(&nat_false_overridden_others_default_)));
485 #else
486 EXPECT_CALL(mock_policy_callback_,
487 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
488 #endif
490 SetPolicies(nat_true_and_overridden_);
491 StartWatching();
494 TEST_F(PolicyWatcherTest, PairingFalseThenTrue) {
495 testing::InSequence sequence;
496 EXPECT_CALL(mock_policy_callback_,
497 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
498 EXPECT_CALL(mock_policy_callback_,
499 OnPolicyUpdatePtr(IsPolicies(&pairing_false_)));
500 EXPECT_CALL(mock_policy_callback_,
501 OnPolicyUpdatePtr(IsPolicies(&pairing_true_)));
503 SetPolicies(empty_);
504 StartWatching();
505 SetPolicies(pairing_false_);
506 SetPolicies(pairing_true_);
509 TEST_F(PolicyWatcherTest, GnubbyAuth) {
510 testing::InSequence sequence;
511 EXPECT_CALL(mock_policy_callback_,
512 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
513 EXPECT_CALL(mock_policy_callback_,
514 OnPolicyUpdatePtr(IsPolicies(&gnubby_auth_false_)));
515 EXPECT_CALL(mock_policy_callback_,
516 OnPolicyUpdatePtr(IsPolicies(&gnubby_auth_true_)));
518 SetPolicies(empty_);
519 StartWatching();
520 SetPolicies(gnubby_auth_false_);
521 SetPolicies(gnubby_auth_true_);
524 TEST_F(PolicyWatcherTest, Relay) {
525 testing::InSequence sequence;
526 EXPECT_CALL(mock_policy_callback_,
527 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
528 EXPECT_CALL(mock_policy_callback_,
529 OnPolicyUpdatePtr(IsPolicies(&relay_false_)));
530 EXPECT_CALL(mock_policy_callback_,
531 OnPolicyUpdatePtr(IsPolicies(&relay_true_)));
533 SetPolicies(empty_);
534 StartWatching();
535 SetPolicies(relay_false_);
536 SetPolicies(relay_true_);
539 TEST_F(PolicyWatcherTest, Curtain) {
540 testing::InSequence sequence;
541 EXPECT_CALL(mock_policy_callback_,
542 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
543 EXPECT_CALL(mock_policy_callback_,
544 OnPolicyUpdatePtr(IsPolicies(&curtain_true_)));
545 EXPECT_CALL(mock_policy_callback_,
546 OnPolicyUpdatePtr(IsPolicies(&curtain_false_)));
548 SetPolicies(empty_);
549 StartWatching();
550 SetPolicies(curtain_true_);
551 SetPolicies(curtain_false_);
554 TEST_F(PolicyWatcherTest, MatchUsername) {
555 testing::InSequence sequence;
556 EXPECT_CALL(mock_policy_callback_,
557 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
558 #if !defined(OS_WIN)
559 EXPECT_CALL(mock_policy_callback_,
560 OnPolicyUpdatePtr(IsPolicies(&username_true_)));
561 EXPECT_CALL(mock_policy_callback_,
562 OnPolicyUpdatePtr(IsPolicies(&username_false_)));
563 #else
564 // On Windows the MatchUsername policy is ignored and therefore the 2
565 // SetPolicies calls won't result in any calls to OnPolicyUpdate.
566 #endif
568 SetPolicies(empty_);
569 StartWatching();
570 SetPolicies(username_true_);
571 SetPolicies(username_false_);
574 TEST_F(PolicyWatcherTest, TalkGadgetPrefix) {
575 testing::InSequence sequence;
576 EXPECT_CALL(mock_policy_callback_,
577 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
578 EXPECT_CALL(mock_policy_callback_,
579 OnPolicyUpdatePtr(IsPolicies(&talk_gadget_blah_)));
581 SetPolicies(empty_);
582 StartWatching();
583 SetPolicies(talk_gadget_blah_);
586 TEST_F(PolicyWatcherTest, ThirdPartyAuthFull) {
587 testing::InSequence sequence;
588 EXPECT_CALL(mock_policy_callback_,
589 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
590 EXPECT_CALL(mock_policy_callback_,
591 OnPolicyUpdatePtr(IsPolicies(&third_party_auth_full_)));
593 SetPolicies(empty_);
594 StartWatching();
595 SetPolicies(third_party_auth_full_);
598 // This test verifies what happens when only 1 out of 3 third-party auth
599 // policies changes. Without the other 2 policy values such policy values
600 // combination is invalid (i.e. cannot have TokenUrl without
601 // TokenValidationUrl) and can trigger OnPolicyError unless PolicyWatcher
602 // implementation is careful around this scenario.
603 TEST_F(PolicyWatcherTest, ThirdPartyAuthPartialToFull) {
604 testing::InSequence sequence;
605 EXPECT_CALL(mock_policy_callback_,
606 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
607 EXPECT_CALL(mock_policy_callback_,
608 OnPolicyUpdatePtr(IsPolicies(&third_party_auth_cert_empty_)));
609 EXPECT_CALL(mock_policy_callback_,
610 OnPolicyUpdatePtr(IsPolicies(&third_party_auth_full_)));
612 SetPolicies(empty_);
613 StartWatching();
614 SetPolicies(third_party_auth_partial_);
615 SetPolicies(third_party_auth_full_);
618 TEST_F(PolicyWatcherTest, UdpPortRange) {
619 testing::InSequence sequence;
620 EXPECT_CALL(mock_policy_callback_,
621 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
622 EXPECT_CALL(mock_policy_callback_,
623 OnPolicyUpdatePtr(IsPolicies(&port_range_full_)));
624 EXPECT_CALL(mock_policy_callback_,
625 OnPolicyUpdatePtr(IsPolicies(&port_range_empty_)));
627 SetPolicies(empty_);
628 StartWatching();
629 SetPolicies(port_range_full_);
630 SetPolicies(port_range_empty_);
633 TEST_F(PolicyWatcherTest, PolicySchemaAndPolicyWatcherShouldBeInSync) {
634 // This test verifies that
635 // 1) policy schema (generated out of policy_templates.json)
636 // and
637 // 2) PolicyWatcher's code (i.e. contents of the |default_values_| field)
638 // are kept in-sync.
640 std::map<std::string, base::Value::Type> expected_schema;
641 for (base::DictionaryValue::Iterator i(GetDefaultValues()); !i.IsAtEnd();
642 i.Advance()) {
643 expected_schema[i.key()] = i.value().GetType();
645 #if defined(OS_WIN)
646 // RemoteAccessHostMatchUsername is marked in policy_templates.json as not
647 // supported on Windows and therefore is (by design) excluded from the schema.
648 expected_schema.erase(key::kRemoteAccessHostMatchUsername);
649 #endif
650 #if defined(NDEBUG)
651 // Policy schema / policy_templates.json cannot differ between debug and
652 // release builds so we compensate below to account for the fact that
653 // PolicyWatcher::default_values_ does differ between debug and release.
654 expected_schema[key::kRemoteAccessHostDebugOverridePolicies] =
655 base::Value::TYPE_STRING;
656 #endif
658 std::map<std::string, base::Value::Type> actual_schema;
659 const policy::Schema* schema = GetPolicySchema();
660 ASSERT_TRUE(schema->valid());
661 for (auto it = schema->GetPropertiesIterator(); !it.IsAtEnd(); it.Advance()) {
662 std::string key = it.key();
663 if (key.find("RemoteAccessHost") == std::string::npos) {
664 // For now PolicyWatcher::GetPolicySchema() mixes Chrome and Chromoting
665 // policies, so we have to skip them here.
666 continue;
668 actual_schema[key] = it.schema().type();
671 EXPECT_THAT(actual_schema, testing::ContainerEq(expected_schema));
674 TEST_F(PolicyWatcherTest, SchemaTypeCheck) {
675 const policy::Schema* schema = GetPolicySchema();
676 ASSERT_TRUE(schema->valid());
678 // Check one, random "string" policy to see if the type propagated correctly
679 // from policy_templates.json file.
680 const policy::Schema string_schema =
681 schema->GetKnownProperty("RemoteAccessHostDomain");
682 EXPECT_TRUE(string_schema.valid());
683 EXPECT_EQ(string_schema.type(), base::Value::Type::TYPE_STRING);
685 // And check one, random "boolean" policy to see if the type propagated
686 // correctly from policy_templates.json file.
687 const policy::Schema boolean_schema =
688 schema->GetKnownProperty("RemoteAccessHostRequireCurtain");
689 EXPECT_TRUE(boolean_schema.valid());
690 EXPECT_EQ(boolean_schema.type(), base::Value::Type::TYPE_BOOLEAN);
693 // Unit tests cannot instantiate PolicyWatcher on ChromeOS
694 // (as this requires running inside a browser process).
695 #ifndef OS_CHROMEOS
697 namespace {
699 void OnPolicyUpdatedDumpPolicy(scoped_ptr<base::DictionaryValue> policies) {
700 VLOG(1) << "OnPolicyUpdated callback received the following policies:";
702 for (base::DictionaryValue::Iterator iter(*policies); !iter.IsAtEnd();
703 iter.Advance()) {
704 switch (iter.value().GetType()) {
705 case base::Value::Type::TYPE_STRING: {
706 std::string value;
707 CHECK(iter.value().GetAsString(&value));
708 VLOG(1) << iter.key() << " = "
709 << "string: " << '"' << value << '"';
710 break;
712 case base::Value::Type::TYPE_BOOLEAN: {
713 bool value;
714 CHECK(iter.value().GetAsBoolean(&value));
715 VLOG(1) << iter.key() << " = "
716 << "boolean: " << (value ? "True" : "False");
717 break;
719 default: {
720 VLOG(1) << iter.key() << " = "
721 << "unrecognized type";
722 break;
728 } // anonymous namespace
730 // To dump policy contents, run unit tests with the following flags:
731 // out/Debug/remoting_unittests --gtest_filter=*TestRealChromotingPolicy* -v=1
732 TEST_F(PolicyWatcherTest, TestRealChromotingPolicy) {
733 scoped_refptr<base::SingleThreadTaskRunner> task_runner =
734 base::MessageLoop::current()->task_runner();
735 scoped_ptr<PolicyWatcher> policy_watcher(
736 PolicyWatcher::Create(nullptr, task_runner));
739 base::RunLoop run_loop;
740 policy_watcher->StartWatching(base::Bind(OnPolicyUpdatedDumpPolicy),
741 base::Bind(base::DoNothing));
742 run_loop.RunUntilIdle();
745 // Today, the only verification offered by this test is:
746 // - Manual verification of policy values dumped by OnPolicyUpdatedDumpPolicy
747 // - Automated verification that nothing crashed
750 #endif
752 } // namespace remoting