Implement IdentityManager::ClearPrimaryAccount(...)

Another step on the path to deprecating SigninManager. This method
replaces SigninManager::SignOut*(). See design discussion here:
https://groups.google.com/a/chromium.org/d/msg/identity-service-dev/hNrtJ_nIXJ4/6nMXfIcVBwAJ

Bug: 806781
Test: New unit tests

Change-Id: I39fe49925c980362b0cdf58db2ce961e107241b6
Reviewed-on: https://chromium-review.googlesource.com/1154985
Commit-Queue: Chrome Cunningham (In Paris) <chcunningham@chromium.org>
Reviewed-by: Mihai Sardarescu <msarda@chromium.org>
Reviewed-by: Colin Blundell <blundell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#580519}

services/identity/public/cpp/DEPS

@@ -4,6 +4,8 @@ include_rules = [
   "+components/signin/core/browser/fake_gaia_cookie_manager_service.h",
   "+components/signin/core/browser/gaia_cookie_manager_service.h",
   "+components/signin/core/browser/profile_management_switches.h",
+  "+components/signin/core/browser/signin_metrics.h",
+  "+components/signin/core/browser/signin_switches.h",
   "+google_apis/gaia/gaia_auth_util.h",
   "+google_apis/gaia/google_service_auth_error.h",
   "+google_apis/gaia/oauth2_token_service.h",

services/identity/public/cpp/identity_manager.cc

@@ -154,6 +154,33 @@ bool IdentityManager::HasPrimaryAccount() const {
   return !primary_account_info_.account_id.empty();
 }
 
+#if !defined(OS_CHROMEOS)
+void IdentityManager::ClearPrimaryAccount(
+    ClearAccountTokensAction token_action,
+    signin_metrics::ProfileSignout signout_source_metric,
+    signin_metrics::SignoutDelete signout_delete_metric) {
+  SigninManager* signin_manager =
+      SigninManager::FromSigninManagerBase(signin_manager_);
+
+  switch (token_action) {
+    case IdentityManager::ClearAccountTokensAction::kDefault:
+      signin_manager->SignOut(signout_source_metric, signout_delete_metric);
+      break;
+    case IdentityManager::ClearAccountTokensAction::kKeepAll:
+      signin_manager->SignOutAndKeepAllAccounts(signout_source_metric,
+                                                signout_delete_metric);
+      break;
+    case IdentityManager::ClearAccountTokensAction::kRemoveAll:
+      signin_manager->SignOutAndRemoveAllAccounts(signout_source_metric,
+                                                  signout_delete_metric);
+      break;
+  }
+
+  // NOTE: |primary_account_| member is cleared in WillFireGoogleSignedOut()
+  // and IdentityManager::Observers are notified in GoogleSignedOut();
+}
+#endif  // defined(OS_CHROMEOS)
+
 std::vector<AccountInfo> IdentityManager::GetAccountsWithRefreshTokens() const {
   // TODO(blundell): It seems wasteful to construct this vector every time this
   // method is called, but it also seems bad to maintain the vector as an ivar
@@ -289,7 +316,6 @@ void IdentityManager::WillFireOnRefreshTokenAvailable(
     const std::string& account_id,
     bool is_valid) {
   DCHECK(!pending_token_available_state_);
-
   AccountInfo account_info =
       account_tracker_service_->GetAccountInfo(account_id);
 

services/identity/public/cpp/identity_manager.h

@@ -11,6 +11,7 @@
 #include "components/signin/core/browser/gaia_cookie_manager_service.h"
 #include "components/signin/core/browser/profile_oauth2_token_service.h"
 #include "components/signin/core/browser/signin_manager_base.h"
+#include "components/signin/core/browser/signin_metrics.h"
 #include "services/identity/public/cpp/access_token_fetcher.h"
 
 #if !defined(OS_CHROMEOS)
@@ -68,8 +69,8 @@ class IdentityManager : public SigninManagerBase::Observer,
     virtual void OnPrimaryAccountCleared(
         const AccountInfo& previous_primary_account_info) {}
 
-    // TODO(blundell): Eventually we might need a callback for failure to log in
-    // to the primary account.
+    // TODO(https://crbug/869418): Eventually we might need a callback for
+    // failure to log in to the primary account.
 
     // Called when a new refresh token is associated with |account_info|.
     // |is_valid| indicates whether the new refresh token is valid.
@@ -128,6 +129,29 @@ class IdentityManager : public SigninManagerBase::Observer,
   // primary account info has a valid account ID.
   bool HasPrimaryAccount() const;
 
+// For ChromeOS, mutation of primary account state is not managed externally.
+#if !defined(OS_CHROMEOS)
+  // Describes options for handling of tokens upon calling
+  // ClearPrimaryAccount().
+  enum class ClearAccountTokensAction{
+      // Default action (keep or remove tokens) based on internal policy.
+      kDefault,
+      // Keeps all account tokens for all accounts.
+      kKeepAll,
+      // Removes all accounts tokens for all accounts.
+      kRemoveAll,
+  };
+
+  // Clears the primary account, removing the preferences, and canceling all
+  // auth in progress. May optionally remove account tokens - see
+  // ClearAccountTokensAction. See definitions of signin_metrics::ProfileSignout
+  // and signin_metrics::SignoutDelete for usage. Observers will be notified via
+  // OnPrimaryAccountCleared() when complete.
+  void ClearPrimaryAccount(ClearAccountTokensAction token_action,
+                           signin_metrics::ProfileSignout signout_source_metric,
+                           signin_metrics::SignoutDelete signout_delete_metric);
+#endif  // defined(OS_CHROMEOS)
+
   // Provides access to the latest cached information of all accounts that have
   // refresh tokens.
   // NOTE: The accounts should not be assumed to be in any particular order; in