Log policy values after sign-in.

Use --vmodule=dice_turn_sync_on_helper=2 to enable this log message. It's possible that user cloud policies which are fetched during sign-in process may block sign-in in the end. It's not easy to debug under this situation because these policies will be removed right after sign-in is terminated. And chrome://policy page will never show these policies. Print policy values into log helps developers to understand policy values change user cloud policies are merged. Bug: 991322 Change-Id: I9b2d4358ec32f86b7fc3e5f2e3d06c4511f62a2d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1835020Reviewed-by: Mihai Sardarescu <msarda@chromium.org> Commit-Queue: Owen Min <zmin@chromium.org> Cr-Commit-Position: refs/heads/master@{#703512}

Log policy values after sign-in.
Use --vmodule=dice_turn_sync_on_helper=2 to enable this log message. It's possible that user cloud policies which are fetched during sign-in process may block sign-in in the end. It's not easy to debug under this situation because these policies will be removed right after sign-in is terminated. And chrome://policy page will never show these policies. Print policy values into log helps developers to understand policy values change user cloud policies are merged. Bug: 991322 Change-Id: I9b2d4358ec32f86b7fc3e5f2e3d06c4511f62a2d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1835020Reviewed-by: Mihai Sardarescu <msarda@chromium.org> Commit-Queue: Owen Min <zmin@chromium.org> Cr-Commit-Position: refs/heads/master@{#703512}
a1cc3ed8 · Owen Min · Commit Bot · 1796b2af · a1cc3ed8 · a1cc3ed8
Commit a1cc3ed8 authored Oct 07, 2019 by Owen Min Committed by Commit Bot Oct 07, 2019
2 changed files
--- a/chrome/browser/ui/webui/signin/dice_turn_sync_on_helper.cc
+++ b/chrome/browser/ui/webui/signin/dice_turn_sync_on_helper.cc
@@ -20,6 +20,8 @@
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/policy/cloud/user_policy_signin_service.h"
 #include "chrome/browser/policy/cloud/user_policy_signin_service_factory.h"
+#include "chrome/browser/policy/policy_conversions.h"
+#include "chrome/browser/policy/profile_policy_connector.h"
 #include "chrome/browser/profiles/profile_attributes_storage.h"
 #include "chrome/browser/profiles/profile_avatar_icon_util.h"
 #include "chrome/browser/profiles/profile_manager.h"
@@ -32,6 +34,7 @@
 #include "chrome/browser/unified_consent/unified_consent_service_factory.h"
 #include "components/keyed_service/content/browser_context_keyed_service_shutdown_notifier_factory.h"
 #include "components/policy/core/browser/browser_policy_connector.h"
+#include "components/policy/core/common/cloud/user_cloud_policy_manager.h"
 #include "components/prefs/pref_service.h"
 #include "components/signin/public/base/signin_metrics.h"
 #include "components/signin/public/base/signin_pref_names.h"
@@ -348,9 +351,29 @@ void DiceTurnSyncOnHelper::OnPolicyFetchComplete(bool success) {
  // PrimaryAccountMutator::ClearPrimaryAccount() here instead.
  DLOG_IF(ERROR, !success) << "Error fetching policy for user";
  DVLOG_IF(1, success) << "Policy fetch successful - completing signin";
+  if (VLOG_IS_ON(2)) {
+    // User cloud policies have been fetched from the server. Dump all policy
+    // values into log once these new policies are merged.
+    profile_->GetProfilePolicyConnector()
+        ->policy_service()
+        ->AddProviderUpdateObserver(this);
+  }
  SigninAndShowSyncConfirmationUI();
 }

+void DiceTurnSyncOnHelper::OnProviderUpdatePropagated(
+    policy::ConfigurationPolicyProvider* provider) {
+  if (provider != profile_->GetUserCloudPolicyManager())
+    return;
+  VLOG(2) << "Policies after sign in:";
+  VLOG(2) << policy::DictionaryPolicyConversions()
+                 .WithBrowserContext(profile_)
+                 .ToJSON();
+  profile_->GetProfilePolicyConnector()
+      ->policy_service()
+      ->RemoveProviderUpdateObserver(this);
+}
+
 void DiceTurnSyncOnHelper::CreateNewSignedInProfile() {
  // Create a new profile and have it call back when done so we can start the
  // signin flow.

--- a/chrome/browser/ui/webui/signin/dice_turn_sync_on_helper.h
+++ b/chrome/browser/ui/webui/signin/dice_turn_sync_on_helper.h
@@ -16,6 +16,7 @@
 #include "chrome/browser/sync/sync_startup_tracker.h"
 #include "chrome/browser/ui/webui/signin/login_ui_service.h"
 #include "components/keyed_service/core/keyed_service_shutdown_notifier.h"
+#include "components/policy/core/common/policy_service.h"
 #include "components/signin/public/base/signin_metrics.h"
 #include "components/signin/public/identity_manager/account_info.h"

@@ -32,7 +33,9 @@ class SyncSetupInProgressHandle;

 // Handles details of setting the primary account with IdentityManager and
 // turning on sync for an account for which there is already a refresh token.
-class DiceTurnSyncOnHelper : public SyncStartupTracker::Observer {
+class DiceTurnSyncOnHelper
+    : public SyncStartupTracker::Observer,
+      public policy::PolicyService::ProviderUpdateObserver {
 public:
  // Behavior when the signin is aborted (by an error or cancelled by the user).
  enum class SigninAbortedMode {
@@ -160,6 +163,10 @@ class DiceTurnSyncOnHelper : public SyncStartupTracker::Observer {
  // true if policy was successfully fetched.
  void OnPolicyFetchComplete(bool success);

+  // policy::PolicyService::ProviderUpdateObserver
+  void OnProviderUpdatePropagated(
+      policy::ConfigurationPolicyProvider* provider) override;
+
  // Called to create a new profile, which is then signed in with the
  // in-progress auth credentials currently stored in this object.
  void CreateNewSignedInProfile();