Added flag for enterprise zero-touch enrollment and force enrollment if

its value is the string forced. BUG=624187,b/29833682 Review-Url: https://codereview.chromium.org/2107033002 Cr-Commit-Position: refs/heads/master@{#403278}

Added flag for enterprise zero-touch enrollment and force enrollment if
its value is the string forced. BUG=624187,b/29833682 Review-Url: https://codereview.chromium.org/2107033002 Cr-Commit-Position: refs/heads/master@{#403278}
00baf539 · drcrash · Commit bot · c36b54a4 · 00baf539 · 00baf539
Commit 00baf539 authored Jun 30, 2016 by drcrash Committed by Commit bot Jun 30, 2016
4 changed files
--- a/chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.cc
+++ b/chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.cc
@@ -52,10 +52,14 @@ namespace policy {
 namespace {
+// Well-known requisition types.
 const char kNoRequisition[] = "none";
 const char kRemoraRequisition[] = "remora";
 const char kSharkRequisition[] = "shark";
+// Zero-touch enrollment flag values.
+const char kZeroTouchEnrollmentForced[] = "forced";
 // These are the machine serial number keys that we check in order until we
 // find a non-empty serial number. The VPD spec says the serial number should be
 // in the "serial_number" key for v2+ VPDs. However, legacy devices used a
@@ -136,6 +140,7 @@ void DeviceCloudPolicyManagerChromeOS::Initialize(PrefService* local_state) {
                 base::Unretained(this)));
  InitializeRequisition();
+  InitializeEnrollment();
 }
 void DeviceCloudPolicyManagerChromeOS::AddDeviceCloudPolicyManagerObserver(
@@ -175,8 +180,7 @@ void DeviceCloudPolicyManagerChromeOS::SetDeviceRequisition(
        local_state_->ClearPref(prefs::kDeviceEnrollmentAutoStart);
        local_state_->ClearPref(prefs::kDeviceEnrollmentCanExit);
      } else {
-        local_state_->SetBoolean(prefs::kDeviceEnrollmentAutoStart, true);
+        SetDeviceEnrollmentAutoStart();
-        local_state_->SetBoolean(prefs::kDeviceEnrollmentCanExit, false);
      }
    }
  }
@@ -320,8 +324,7 @@ void DeviceCloudPolicyManagerChromeOS::InitializeRequisition() {
                              requisition);
      if (requisition == kRemoraRequisition ||
          requisition == kSharkRequisition) {
-        local_state_->SetBoolean(prefs::kDeviceEnrollmentAutoStart, true);
+        SetDeviceEnrollmentAutoStart();
-        local_state_->SetBoolean(prefs::kDeviceEnrollmentCanExit, false);
      } else {
        local_state_->SetBoolean(
            prefs::kDeviceEnrollmentAutoStart,
@@ -336,6 +339,21 @@ void DeviceCloudPolicyManagerChromeOS::InitializeRequisition() {
  }
 }
+void DeviceCloudPolicyManagerChromeOS::InitializeEnrollment() {
+  // Enrollment happens during OOBE only.
+  if (chromeos::StartupUtils::IsOobeCompleted())
+    return;
+  base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
+  if (command_line->HasSwitch(
+          chromeos::switches::kEnterpriseEnableZeroTouchEnrollment) &&
+      command_line->GetSwitchValueASCII(
+          chromeos::switches::kEnterpriseEnableZeroTouchEnrollment) ==
+          kZeroTouchEnrollmentForced) {
+    SetDeviceEnrollmentAutoStart();
+  }
+}
 void DeviceCloudPolicyManagerChromeOS::NotifyConnected() {
  FOR_EACH_OBSERVER(
      Observer, observers_, OnDeviceCloudPolicyManagerConnected());

--- a/chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h
+++ b/chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h
@@ -119,6 +119,8 @@ class DeviceCloudPolicyManagerChromeOS : public CloudPolicyManager {
  // Initializes requisition settings at OOBE with values from VPD.
  void InitializeRequisition();
+  // Initializes enrollment settings at OOBE with values from flags.
+  void InitializeEnrollment();
  void NotifyConnected();
  void NotifyDisconnected();

--- a/chromeos/chromeos_switches.cc
+++ b/chromeos/chromeos_switches.cc
@@ -210,6 +210,10 @@ const char kEnterpriseEnrollmentInitialModulus[] =
 const char kEnterpriseEnrollmentModulusLimit[] =
    "enterprise-enrollment-modulus-limit";
+// Enables the zero-touch enterprise enrollment flow.
+const char kEnterpriseEnableZeroTouchEnrollment[] =
+    "enterprise-enable-zero-touch-enrollment";
 // Enables the chromecast support for video player app.
 const char kEnableVideoPlayerChromecastSupport[] =
    "enable-video-player-chromecast-support";

--- a/chromeos/chromeos_switches.h
+++ b/chromeos/chromeos_switches.h
@@ -81,6 +81,7 @@ CHROMEOS_EXPORT extern const char kEnterpriseDisableArc[];
 CHROMEOS_EXPORT extern const char kEnterpriseEnableForcedReEnrollment[];
 CHROMEOS_EXPORT extern const char kEnterpriseEnrollmentInitialModulus[];
 CHROMEOS_EXPORT extern const char kEnterpriseEnrollmentModulusLimit[];
+CHROMEOS_EXPORT extern const char kEnterpriseEnableZeroTouchEnrollment[];
 CHROMEOS_EXPORT extern const char kFirstExecAfterBoot[];
 CHROMEOS_EXPORT extern const char kForceFirstRunUI[];
 CHROMEOS_EXPORT extern const char kForceLoginManagerInTests[];