search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ozone: evdev: Sync caps lock LED state to evdev
[chromium-blink-merge.git] / remoting / host / policy_watcher_unittest.cc
blob843e4a37af07e6ec9545940415bb67fc45ef153c
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/basictypes.h"
6 #include "base/bind.h"
7 #include "base/json/json_writer.h"
8 #include "base/message_loop/message_loop.h"
9 #include "base/run_loop.h"
10 #include "base/synchronization/waitable_event.h"
11 #include "components/policy/core/common/fake_async_policy_loader.h"
12 #include "policy/policy_constants.h"
13 #include "remoting/host/dns_blackhole_checker.h"
14 #include "remoting/host/policy_watcher.h"
15 #include "testing/gmock/include/gmock/gmock.h"
16 #include "testing/gtest/include/gtest/gtest.h"
17
18 namespace remoting {
19
20 namespace key = ::policy::key;
21
22 MATCHER_P(IsPolicies, dict, "") {
23 bool equal = arg->Equals(dict);
24 if (!equal) {
25 std::string actual_value;
26 base::JSONWriter::WriteWithOptions(
27 arg, base::JSONWriter::OPTIONS_PRETTY_PRINT, &actual_value);
28
29 std::string expected_value;
30 base::JSONWriter::WriteWithOptions(
31 dict, base::JSONWriter::OPTIONS_PRETTY_PRINT, &expected_value);
32
33 *result_listener << "Policies are not equal. ";
34 *result_listener << "Expected policy: " << expected_value << ". ";
35 *result_listener << "Actual policy: " << actual_value << ".";
36 }
37 return equal;
38 }
39
40 class MockPolicyCallback {
41 public:
42 MockPolicyCallback(){};
43
44 // TODO(lukasza): gmock cannot mock a method taking scoped_ptr<T>...
45 MOCK_METHOD1(OnPolicyUpdatePtr, void(const base::DictionaryValue* policies));
46 void OnPolicyUpdate(scoped_ptr<base::DictionaryValue> policies) {
47 OnPolicyUpdatePtr(policies.get());
48 }
49
50 MOCK_METHOD0(OnPolicyError, void());
51
52 private:
53 DISALLOW_COPY_AND_ASSIGN(MockPolicyCallback);
54 };
55
56 class PolicyWatcherTest : public testing::Test {
57 public:
58 PolicyWatcherTest() : message_loop_(base::MessageLoop::TYPE_IO) {}
59
60 void SetUp() override {
61 // We expect no callbacks unless explicitly specified by individual tests.
62 EXPECT_CALL(mock_policy_callback_, OnPolicyUpdatePtr(testing::_)).Times(0);
63 EXPECT_CALL(mock_policy_callback_, OnPolicyError()).Times(0);
64
65 message_loop_proxy_ = base::MessageLoopProxy::current();
66
67 // Retaining a raw pointer to keep control over policy contents.
68 policy_loader_ = new policy::FakeAsyncPolicyLoader(message_loop_proxy_);
69 policy_watcher_ =
70 PolicyWatcher::CreateFromPolicyLoader(make_scoped_ptr(policy_loader_));
71
72 nat_true_.SetBoolean(key::kRemoteAccessHostFirewallTraversal, true);
73 nat_false_.SetBoolean(key::kRemoteAccessHostFirewallTraversal, false);
74 nat_one_.SetInteger(key::kRemoteAccessHostFirewallTraversal, 1);
75 nat_one_domain_full_.SetInteger(key::kRemoteAccessHostFirewallTraversal, 1);
76 nat_one_domain_full_.SetString(key::kRemoteAccessHostDomain, kHostDomain);
77 domain_empty_.SetString(key::kRemoteAccessHostDomain, std::string());
78 domain_full_.SetString(key::kRemoteAccessHostDomain, kHostDomain);
79 SetDefaults(nat_true_others_default_);
80 nat_true_others_default_.SetBoolean(key::kRemoteAccessHostFirewallTraversal,
81 true);
82 SetDefaults(nat_false_others_default_);
83 nat_false_others_default_.SetBoolean(
84 key::kRemoteAccessHostFirewallTraversal, false);
85 SetDefaults(domain_empty_others_default_);
86 domain_empty_others_default_.SetString(key::kRemoteAccessHostDomain,
87 std::string());
88 SetDefaults(domain_full_others_default_);
89 domain_full_others_default_.SetString(key::kRemoteAccessHostDomain,
90 kHostDomain);
91 nat_true_domain_empty_.SetBoolean(key::kRemoteAccessHostFirewallTraversal,
92 true);
93 nat_true_domain_empty_.SetString(key::kRemoteAccessHostDomain,
94 std::string());
95 nat_true_domain_full_.SetBoolean(key::kRemoteAccessHostFirewallTraversal,
96 true);
97 nat_true_domain_full_.SetString(key::kRemoteAccessHostDomain, kHostDomain);
98 nat_false_domain_empty_.SetBoolean(key::kRemoteAccessHostFirewallTraversal,
99 false);
100 nat_false_domain_empty_.SetString(key::kRemoteAccessHostDomain,
101 std::string());
102 nat_false_domain_full_.SetBoolean(key::kRemoteAccessHostFirewallTraversal,
103 false);
104 nat_false_domain_full_.SetString(key::kRemoteAccessHostDomain, kHostDomain);
105 SetDefaults(nat_true_domain_empty_others_default_);
106 nat_true_domain_empty_others_default_.SetBoolean(
107 key::kRemoteAccessHostFirewallTraversal, true);
108 nat_true_domain_empty_others_default_.SetString(
109 key::kRemoteAccessHostDomain, std::string());
110 unknown_policies_.SetString("UnknownPolicyOne", std::string());
111 unknown_policies_.SetString("UnknownPolicyTwo", std::string());
112 unknown_policies_.SetBoolean("RemoteAccessHostUnknownPolicyThree", true);
113
114 const char kOverrideNatTraversalToFalse[] =
115 "{ \"RemoteAccessHostFirewallTraversal\": false }";
116 nat_true_and_overridden_.SetBoolean(key::kRemoteAccessHostFirewallTraversal,
117 true);
118 nat_true_and_overridden_.SetString(
119 key::kRemoteAccessHostDebugOverridePolicies,
120 kOverrideNatTraversalToFalse);
121 pairing_true_.SetBoolean(key::kRemoteAccessHostAllowClientPairing, true);
122 pairing_false_.SetBoolean(key::kRemoteAccessHostAllowClientPairing, false);
123 gnubby_auth_true_.SetBoolean(key::kRemoteAccessHostAllowGnubbyAuth, true);
124 gnubby_auth_false_.SetBoolean(key::kRemoteAccessHostAllowGnubbyAuth, false);
125 relay_true_.SetBoolean(key::kRemoteAccessHostAllowRelayedConnection, true);
126 relay_false_.SetBoolean(key::kRemoteAccessHostAllowRelayedConnection,
127 false);
128 port_range_full_.SetString(key::kRemoteAccessHostUdpPortRange, kPortRange);
129 port_range_empty_.SetString(key::kRemoteAccessHostUdpPortRange,
130 std::string());
131 port_range_malformed_.SetString(key::kRemoteAccessHostUdpPortRange,
132 "malformed");
133 port_range_malformed_domain_full_.MergeDictionary(&port_range_malformed_);
134 port_range_malformed_domain_full_.SetString(key::kRemoteAccessHostDomain,
135 kHostDomain);
136
137 curtain_true_.SetBoolean(key::kRemoteAccessHostRequireCurtain, true);
138 curtain_false_.SetBoolean(key::kRemoteAccessHostRequireCurtain, false);
139 username_true_.SetBoolean(key::kRemoteAccessHostMatchUsername, true);
140 username_false_.SetBoolean(key::kRemoteAccessHostMatchUsername, false);
141 talk_gadget_blah_.SetString(key::kRemoteAccessHostTalkGadgetPrefix, "blah");
142 third_party_auth_partial_.SetString(key::kRemoteAccessHostTokenUrl,
143 "https://token.com");
144 third_party_auth_partial_.SetString(
145 key::kRemoteAccessHostTokenValidationUrl, "https://validation.com");
146 third_party_auth_full_.MergeDictionary(&third_party_auth_partial_);
147 third_party_auth_full_.SetString(
148 key::kRemoteAccessHostTokenValidationCertificateIssuer,
149 "certificate subject");
150 third_party_auth_cert_empty_.MergeDictionary(&third_party_auth_partial_);
151 third_party_auth_cert_empty_.SetString(
152 key::kRemoteAccessHostTokenValidationCertificateIssuer, "");
153
154 #if !defined(NDEBUG)
155 SetDefaults(nat_false_overridden_others_default_);
156 nat_false_overridden_others_default_.SetBoolean(
157 key::kRemoteAccessHostFirewallTraversal, false);
158 nat_false_overridden_others_default_.SetString(
159 key::kRemoteAccessHostDebugOverridePolicies,
160 kOverrideNatTraversalToFalse);
161 #endif
162 }
163
164 void TearDown() override {
165 policy_watcher_.reset();
166 policy_loader_ = nullptr;
167 base::RunLoop().RunUntilIdle();
168 }
169
170 protected:
171 void StartWatching() {
172 policy_watcher_->StartWatching(
173 base::Bind(&MockPolicyCallback::OnPolicyUpdate,
174 base::Unretained(&mock_policy_callback_)),
175 base::Bind(&MockPolicyCallback::OnPolicyError,
176 base::Unretained(&mock_policy_callback_)));
177 base::RunLoop().RunUntilIdle();
178 }
179
180 void SetPolicies(const base::DictionaryValue& dict) {
181 // Copy |dict| into |policy_bundle|.
182 policy::PolicyNamespace policy_namespace =
183 policy::PolicyNamespace(policy::POLICY_DOMAIN_CHROME, std::string());
184 policy::PolicyBundle policy_bundle;
185 policy::PolicyMap& policy_map = policy_bundle.Get(policy_namespace);
186 policy_map.LoadFrom(&dict, policy::POLICY_LEVEL_MANDATORY,
187 policy::POLICY_SCOPE_MACHINE);
188
189 // Simulate a policy file/registry/preference update.
190 policy_loader_->SetPolicies(policy_bundle);
191 policy_loader_->PostReloadOnBackgroundThread(true /* force reload asap */);
192 base::RunLoop().RunUntilIdle();
193 }
194
195 const policy::Schema* GetPolicySchema() {
196 return policy_watcher_->GetPolicySchema();
197 }
198
199 const base::DictionaryValue& GetDefaultValues() {
200 return *(policy_watcher_->default_values_);
201 }
202
203 MOCK_METHOD0(PostPolicyWatcherShutdown, void());
204
205 static const char* kHostDomain;
206 static const char* kPortRange;
207 base::MessageLoop message_loop_;
208 scoped_refptr<base::MessageLoopProxy> message_loop_proxy_;
209 MockPolicyCallback mock_policy_callback_;
210
211 // |policy_loader_| is owned by |policy_watcher_|. PolicyWatcherTest retains
212 // a raw pointer to |policy_loader_| in order to control the simulated / faked
213 // policy contents.
214 policy::FakeAsyncPolicyLoader* policy_loader_;
215 scoped_ptr<PolicyWatcher> policy_watcher_;
216
217 base::DictionaryValue empty_;
218 base::DictionaryValue nat_true_;
219 base::DictionaryValue nat_false_;
220 base::DictionaryValue nat_one_;
221 base::DictionaryValue nat_one_domain_full_;
222 base::DictionaryValue domain_empty_;
223 base::DictionaryValue domain_full_;
224 base::DictionaryValue nat_true_others_default_;
225 base::DictionaryValue nat_false_others_default_;
226 base::DictionaryValue domain_empty_others_default_;
227 base::DictionaryValue domain_full_others_default_;
228 base::DictionaryValue nat_true_domain_empty_;
229 base::DictionaryValue nat_true_domain_full_;
230 base::DictionaryValue nat_false_domain_empty_;
231 base::DictionaryValue nat_false_domain_full_;
232 base::DictionaryValue nat_true_domain_empty_others_default_;
233 base::DictionaryValue unknown_policies_;
234 base::DictionaryValue nat_true_and_overridden_;
235 base::DictionaryValue nat_false_overridden_others_default_;
236 base::DictionaryValue pairing_true_;
237 base::DictionaryValue pairing_false_;
238 base::DictionaryValue gnubby_auth_true_;
239 base::DictionaryValue gnubby_auth_false_;
240 base::DictionaryValue relay_true_;
241 base::DictionaryValue relay_false_;
242 base::DictionaryValue port_range_full_;
243 base::DictionaryValue port_range_empty_;
244 base::DictionaryValue port_range_malformed_;
245 base::DictionaryValue port_range_malformed_domain_full_;
246 base::DictionaryValue curtain_true_;
247 base::DictionaryValue curtain_false_;
248 base::DictionaryValue username_true_;
249 base::DictionaryValue username_false_;
250 base::DictionaryValue talk_gadget_blah_;
251 base::DictionaryValue third_party_auth_full_;
252 base::DictionaryValue third_party_auth_partial_;
253 base::DictionaryValue third_party_auth_cert_empty_;
254
255 private:
256 void SetDefaults(base::DictionaryValue& dict) {
257 dict.SetBoolean(key::kRemoteAccessHostFirewallTraversal, true);
258 dict.SetBoolean(key::kRemoteAccessHostAllowRelayedConnection, true);
259 dict.SetString(key::kRemoteAccessHostUdpPortRange, "");
260 dict.SetString(key::kRemoteAccessHostDomain, std::string());
261 dict.SetBoolean(key::kRemoteAccessHostMatchUsername, false);
262 dict.SetString(key::kRemoteAccessHostTalkGadgetPrefix,
263 kDefaultHostTalkGadgetPrefix);
264 dict.SetBoolean(key::kRemoteAccessHostRequireCurtain, false);
265 dict.SetString(key::kRemoteAccessHostTokenUrl, "");
266 dict.SetString(key::kRemoteAccessHostTokenValidationUrl, "");
267 dict.SetString(key::kRemoteAccessHostTokenValidationCertificateIssuer, "");
268 dict.SetBoolean(key::kRemoteAccessHostAllowClientPairing, true);
269 dict.SetBoolean(key::kRemoteAccessHostAllowGnubbyAuth, true);
270 #if !defined(NDEBUG)
271 dict.SetString(key::kRemoteAccessHostDebugOverridePolicies, "");
272 #endif
273
274 ASSERT_THAT(&dict, IsPolicies(&GetDefaultValues()))
275 << "Sanity check that defaults expected by the test code "
276 << "match what is stored in PolicyWatcher::default_values_";
277 }
278 };
279
280 const char* PolicyWatcherTest::kHostDomain = "google.com";
281 const char* PolicyWatcherTest::kPortRange = "12400-12409";
282
283 TEST_F(PolicyWatcherTest, None) {
284 EXPECT_CALL(mock_policy_callback_,
285 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
286
287 SetPolicies(empty_);
288 StartWatching();
289 }
290
291 TEST_F(PolicyWatcherTest, NatTrue) {
292 EXPECT_CALL(mock_policy_callback_,
293 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
294
295 SetPolicies(nat_true_);
296 StartWatching();
297 }
298
299 TEST_F(PolicyWatcherTest, NatFalse) {
300 EXPECT_CALL(mock_policy_callback_,
301 OnPolicyUpdatePtr(IsPolicies(&nat_false_others_default_)));
302
303 SetPolicies(nat_false_);
304 StartWatching();
305 }
306
307 TEST_F(PolicyWatcherTest, NatWrongType) {
308 EXPECT_CALL(mock_policy_callback_, OnPolicyError());
309
310 SetPolicies(nat_one_);
311 StartWatching();
312 }
313
314 // This test verifies that a mistyped policy value is still detected
315 // even though it doesn't change during the second SetPolicies call.
316 TEST_F(PolicyWatcherTest, NatWrongTypeThenIrrelevantChange) {
317 EXPECT_CALL(mock_policy_callback_, OnPolicyError()).Times(2);
318
319 SetPolicies(nat_one_);
320 StartWatching();
321 SetPolicies(nat_one_domain_full_);
322 }
323
324 // This test verifies that a malformed policy value is still detected
325 // even though it doesn't change during the second SetPolicies call.
326 TEST_F(PolicyWatcherTest, PortRangeMalformedThenIrrelevantChange) {
327 EXPECT_CALL(mock_policy_callback_, OnPolicyError()).Times(2);
328
329 SetPolicies(port_range_malformed_);
330 StartWatching();
331 SetPolicies(port_range_malformed_domain_full_);
332 }
333
334 TEST_F(PolicyWatcherTest, DomainEmpty) {
335 EXPECT_CALL(mock_policy_callback_,
336 OnPolicyUpdatePtr(IsPolicies(&domain_empty_others_default_)));
337
338 SetPolicies(domain_empty_);
339 StartWatching();
340 }
341
342 TEST_F(PolicyWatcherTest, DomainFull) {
343 EXPECT_CALL(mock_policy_callback_,
344 OnPolicyUpdatePtr(IsPolicies(&domain_full_others_default_)));
345
346 SetPolicies(domain_full_);
347 StartWatching();
348 }
349
350 TEST_F(PolicyWatcherTest, NatNoneThenTrue) {
351 EXPECT_CALL(mock_policy_callback_,
352 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
353
354 SetPolicies(empty_);
355 StartWatching();
356 SetPolicies(nat_true_);
357 }
358
359 TEST_F(PolicyWatcherTest, NatNoneThenTrueThenTrue) {
360 EXPECT_CALL(mock_policy_callback_,
361 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
362
363 SetPolicies(empty_);
364 StartWatching();
365 SetPolicies(nat_true_);
366 SetPolicies(nat_true_);
367 }
368
369 TEST_F(PolicyWatcherTest, NatNoneThenTrueThenTrueThenFalse) {
370 testing::InSequence sequence;
371 EXPECT_CALL(mock_policy_callback_,
372 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
373 EXPECT_CALL(mock_policy_callback_,
374 OnPolicyUpdatePtr(IsPolicies(&nat_false_)));
375
376 SetPolicies(empty_);
377 StartWatching();
378 SetPolicies(nat_true_);
379 SetPolicies(nat_true_);
380 SetPolicies(nat_false_);
381 }
382
383 TEST_F(PolicyWatcherTest, NatNoneThenFalse) {
384 testing::InSequence sequence;
385 EXPECT_CALL(mock_policy_callback_,
386 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
387 EXPECT_CALL(mock_policy_callback_,
388 OnPolicyUpdatePtr(IsPolicies(&nat_false_)));
389
390 SetPolicies(empty_);
391 StartWatching();
392 SetPolicies(nat_false_);
393 }
394
395 TEST_F(PolicyWatcherTest, NatNoneThenFalseThenTrue) {
396 testing::InSequence sequence;
397 EXPECT_CALL(mock_policy_callback_,
398 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
399 EXPECT_CALL(mock_policy_callback_,
400 OnPolicyUpdatePtr(IsPolicies(&nat_false_)));
401 EXPECT_CALL(mock_policy_callback_, OnPolicyUpdatePtr(IsPolicies(&nat_true_)));
402
403 SetPolicies(empty_);
404 StartWatching();
405 SetPolicies(nat_false_);
406 SetPolicies(nat_true_);
407 }
408
409 TEST_F(PolicyWatcherTest, ChangeOneRepeatedlyThenTwo) {
410 testing::InSequence sequence;
411 EXPECT_CALL(
412 mock_policy_callback_,
413 OnPolicyUpdatePtr(IsPolicies(&nat_true_domain_empty_others_default_)));
414 EXPECT_CALL(mock_policy_callback_,
415 OnPolicyUpdatePtr(IsPolicies(&domain_full_)));
416 EXPECT_CALL(mock_policy_callback_,
417 OnPolicyUpdatePtr(IsPolicies(&nat_false_)));
418 EXPECT_CALL(mock_policy_callback_,
419 OnPolicyUpdatePtr(IsPolicies(&domain_empty_)));
420 EXPECT_CALL(mock_policy_callback_,
421 OnPolicyUpdatePtr(IsPolicies(&nat_true_domain_full_)));
422
423 SetPolicies(nat_true_domain_empty_);
424 StartWatching();
425 SetPolicies(nat_true_domain_full_);
426 SetPolicies(nat_false_domain_full_);
427 SetPolicies(nat_false_domain_empty_);
428 SetPolicies(nat_true_domain_full_);
429 }
430
431 TEST_F(PolicyWatcherTest, FilterUnknownPolicies) {
432 testing::InSequence sequence;
433 EXPECT_CALL(mock_policy_callback_,
434 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
435
436 SetPolicies(empty_);
437 StartWatching();
438 SetPolicies(unknown_policies_);
439 SetPolicies(empty_);
440 }
441
442 TEST_F(PolicyWatcherTest, DebugOverrideNatPolicy) {
443 #if !defined(NDEBUG)
444 EXPECT_CALL(
445 mock_policy_callback_,
446 OnPolicyUpdatePtr(IsPolicies(&nat_false_overridden_others_default_)));
447 #else
448 EXPECT_CALL(mock_policy_callback_,
449 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
450 #endif
451
452 SetPolicies(nat_true_and_overridden_);
453 StartWatching();
454 }
455
456 TEST_F(PolicyWatcherTest, PairingFalseThenTrue) {
457 testing::InSequence sequence;
458 EXPECT_CALL(mock_policy_callback_,
459 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
460 EXPECT_CALL(mock_policy_callback_,
461 OnPolicyUpdatePtr(IsPolicies(&pairing_false_)));
462 EXPECT_CALL(mock_policy_callback_,
463 OnPolicyUpdatePtr(IsPolicies(&pairing_true_)));
464
465 SetPolicies(empty_);
466 StartWatching();
467 SetPolicies(pairing_false_);
468 SetPolicies(pairing_true_);
469 }
470
471 TEST_F(PolicyWatcherTest, GnubbyAuth) {
472 testing::InSequence sequence;
473 EXPECT_CALL(mock_policy_callback_,
474 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
475 EXPECT_CALL(mock_policy_callback_,
476 OnPolicyUpdatePtr(IsPolicies(&gnubby_auth_false_)));
477 EXPECT_CALL(mock_policy_callback_,
478 OnPolicyUpdatePtr(IsPolicies(&gnubby_auth_true_)));
479
480 SetPolicies(empty_);
481 StartWatching();
482 SetPolicies(gnubby_auth_false_);
483 SetPolicies(gnubby_auth_true_);
484 }
485
486 TEST_F(PolicyWatcherTest, Relay) {
487 testing::InSequence sequence;
488 EXPECT_CALL(mock_policy_callback_,
489 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
490 EXPECT_CALL(mock_policy_callback_,
491 OnPolicyUpdatePtr(IsPolicies(&relay_false_)));
492 EXPECT_CALL(mock_policy_callback_,
493 OnPolicyUpdatePtr(IsPolicies(&relay_true_)));
494
495 SetPolicies(empty_);
496 StartWatching();
497 SetPolicies(relay_false_);
498 SetPolicies(relay_true_);
499 }
500
501 TEST_F(PolicyWatcherTest, Curtain) {
502 testing::InSequence sequence;
503 EXPECT_CALL(mock_policy_callback_,
504 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
505 EXPECT_CALL(mock_policy_callback_,
506 OnPolicyUpdatePtr(IsPolicies(&curtain_true_)));
507 EXPECT_CALL(mock_policy_callback_,
508 OnPolicyUpdatePtr(IsPolicies(&curtain_false_)));
509
510 SetPolicies(empty_);
511 StartWatching();
512 SetPolicies(curtain_true_);
513 SetPolicies(curtain_false_);
514 }
515
516 TEST_F(PolicyWatcherTest, MatchUsername) {
517 testing::InSequence sequence;
518 EXPECT_CALL(mock_policy_callback_,
519 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
520 #if !defined(OS_WIN)
521 EXPECT_CALL(mock_policy_callback_,
522 OnPolicyUpdatePtr(IsPolicies(&username_true_)));
523 EXPECT_CALL(mock_policy_callback_,
524 OnPolicyUpdatePtr(IsPolicies(&username_false_)));
525 #else
526 // On Windows the MatchUsername policy is ignored and therefore the 2
527 // SetPolicies calls won't result in any calls to OnPolicyUpdate.
528 #endif
529
530 SetPolicies(empty_);
531 StartWatching();
532 SetPolicies(username_true_);
533 SetPolicies(username_false_);
534 }
535
536 TEST_F(PolicyWatcherTest, TalkGadgetPrefix) {
537 testing::InSequence sequence;
538 EXPECT_CALL(mock_policy_callback_,
539 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
540 EXPECT_CALL(mock_policy_callback_,
541 OnPolicyUpdatePtr(IsPolicies(&talk_gadget_blah_)));
542
543 SetPolicies(empty_);
544 StartWatching();
545 SetPolicies(talk_gadget_blah_);
546 }
547
548 TEST_F(PolicyWatcherTest, ThirdPartyAuthFull) {
549 testing::InSequence sequence;
550 EXPECT_CALL(mock_policy_callback_,
551 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
552 EXPECT_CALL(mock_policy_callback_,
553 OnPolicyUpdatePtr(IsPolicies(&third_party_auth_full_)));
554
555 SetPolicies(empty_);
556 StartWatching();
557 SetPolicies(third_party_auth_full_);
558 }
559
560 // This test verifies what happens when only 1 out of 3 third-party auth
561 // policies changes. Without the other 2 policy values such policy values
562 // combination is invalid (i.e. cannot have TokenUrl without
563 // TokenValidationUrl) and can trigger OnPolicyError unless PolicyWatcher
564 // implementation is careful around this scenario.
565 TEST_F(PolicyWatcherTest, ThirdPartyAuthPartialToFull) {
566 testing::InSequence sequence;
567 EXPECT_CALL(mock_policy_callback_,
568 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
569 EXPECT_CALL(mock_policy_callback_,
570 OnPolicyUpdatePtr(IsPolicies(&third_party_auth_cert_empty_)));
571 EXPECT_CALL(mock_policy_callback_,
572 OnPolicyUpdatePtr(IsPolicies(&third_party_auth_full_)));
573
574 SetPolicies(empty_);
575 StartWatching();
576 SetPolicies(third_party_auth_partial_);
577 SetPolicies(third_party_auth_full_);
578 }
579
580 TEST_F(PolicyWatcherTest, UdpPortRange) {
581 testing::InSequence sequence;
582 EXPECT_CALL(mock_policy_callback_,
583 OnPolicyUpdatePtr(IsPolicies(&nat_true_others_default_)));
584 EXPECT_CALL(mock_policy_callback_,
585 OnPolicyUpdatePtr(IsPolicies(&port_range_full_)));
586 EXPECT_CALL(mock_policy_callback_,
587 OnPolicyUpdatePtr(IsPolicies(&port_range_empty_)));
588
589 SetPolicies(empty_);
590 StartWatching();
591 SetPolicies(port_range_full_);
592 SetPolicies(port_range_empty_);
593 }
594
595 TEST_F(PolicyWatcherTest, PolicySchemaAndPolicyWatcherShouldBeInSync) {
596 // This test verifies that
597 // 1) policy schema (generated out of policy_templates.json)
598 // and
599 // 2) PolicyWatcher's code (i.e. contents of the |default_values_| field)
600 // are kept in-sync.
601
602 std::map<std::string, base::Value::Type> expected_schema;
603 for (base::DictionaryValue::Iterator i(GetDefaultValues()); !i.IsAtEnd();
604 i.Advance()) {
605 expected_schema[i.key()] = i.value().GetType();
606 }
607 #if defined(OS_WIN)
608 // RemoteAccessHostMatchUsername is marked in policy_templates.json as not
609 // supported on Windows and therefore is (by design) excluded from the schema.
610 expected_schema.erase(key::kRemoteAccessHostMatchUsername);
611 #endif
612 #if defined(NDEBUG)
613 // Policy schema / policy_templates.json cannot differ between debug and
614 // release builds so we compensate below to account for the fact that
615 // PolicyWatcher::default_values_ does differ between debug and release.
616 expected_schema[key::kRemoteAccessHostDebugOverridePolicies] =
617 base::Value::TYPE_STRING;
618 #endif
619
620 std::map<std::string, base::Value::Type> actual_schema;
621 const policy::Schema* schema = GetPolicySchema();
622 ASSERT_TRUE(schema->valid());
623 for (auto it = schema->GetPropertiesIterator(); !it.IsAtEnd(); it.Advance()) {
624 std::string key = it.key();
625 if (key.find("RemoteAccessHost") == std::string::npos) {
626 // For now PolicyWatcher::GetPolicySchema() mixes Chrome and Chromoting
627 // policies, so we have to skip them here.
628 continue;
629 }
630 actual_schema[key] = it.schema().type();
631 }
632
633 EXPECT_THAT(actual_schema, testing::ContainerEq(expected_schema));
634 }
635
636 TEST_F(PolicyWatcherTest, SchemaTypeCheck) {
637 const policy::Schema* schema = GetPolicySchema();
638 ASSERT_TRUE(schema->valid());
639
640 // Check one, random "string" policy to see if the type propagated correctly
641 // from policy_templates.json file.
642 const policy::Schema string_schema =
643 schema->GetKnownProperty("RemoteAccessHostDomain");
644 EXPECT_TRUE(string_schema.valid());
645 EXPECT_EQ(string_schema.type(), base::Value::Type::TYPE_STRING);
646
647 // And check one, random "boolean" policy to see if the type propagated
648 // correctly from policy_templates.json file.
649 const policy::Schema boolean_schema =
650 schema->GetKnownProperty("RemoteAccessHostRequireCurtain");
651 EXPECT_TRUE(boolean_schema.valid());
652 EXPECT_EQ(boolean_schema.type(), base::Value::Type::TYPE_BOOLEAN);
653 }
654
655 // Unit tests cannot instantiate PolicyWatcher on ChromeOS
656 // (as this requires running inside a browser process).
657 #ifndef OS_CHROMEOS
658
659 namespace {
660
661 void OnPolicyUpdatedDumpPolicy(scoped_ptr<base::DictionaryValue> policies) {
662 VLOG(1) << "OnPolicyUpdated callback received the following policies:";
663
664 for (base::DictionaryValue::Iterator iter(*policies); !iter.IsAtEnd();
665 iter.Advance()) {
666 switch (iter.value().GetType()) {
667 case base::Value::Type::TYPE_STRING: {
668 std::string value;
669 CHECK(iter.value().GetAsString(&value));
670 VLOG(1) << iter.key() << " = "
671 << "string: " << '"' << value << '"';
672 break;
673 }
674 case base::Value::Type::TYPE_BOOLEAN: {
675 bool value;
676 CHECK(iter.value().GetAsBoolean(&value));
677 VLOG(1) << iter.key() << " = "
678 << "boolean: " << (value ? "True" : "False");
679 break;
680 }
681 default: {
682 VLOG(1) << iter.key() << " = "
683 << "unrecognized type";
684 break;
685 }
686 }
687 }
688 }
689
690 } // anonymous namespace
691
692 // To dump policy contents, run unit tests with the following flags:
693 // out/Debug/remoting_unittests --gtest_filter=*TestRealChromotingPolicy* -v=1
694 TEST_F(PolicyWatcherTest, TestRealChromotingPolicy) {
695 scoped_refptr<base::SingleThreadTaskRunner> task_runner =
696 base::MessageLoop::current()->task_runner();
697 scoped_ptr<PolicyWatcher> policy_watcher(
698 PolicyWatcher::Create(nullptr, task_runner));
699
700 {
701 base::RunLoop run_loop;
702 policy_watcher->StartWatching(base::Bind(OnPolicyUpdatedDumpPolicy),
703 base::Bind(base::DoNothing));
704 run_loop.RunUntilIdle();
705 }
706
707 // Today, the only verification offered by this test is:
708 // - Manual verification of policy values dumped by OnPolicyUpdatedDumpPolicy
709 // - Automated verification that nothing crashed
710 }
711
712 #endif
713
714 } // namespace remoting