Refactor ComponentCloudPolicyStore.

Refactor the class as one instance only supports one policy type and domain pair.

PolicyDomain is now the member of class which indicates the type/domain instance
owned.

Also,
1) Remove domain to DomainConstants converting as there're two policy types use
   the same policy domain.
2) Store()/Delete() check whether the policy namespace matches the owned domain
   or not.
3) Purge() only filters on the owned domain.


Bug: 867028
Change-Id: I7fc5650bb11e0ea6db362efc113eca049fdd2fb1
Reviewed-on: https://chromium-review.googlesource.com/1155653
Commit-Queue: Owen Min <zmin@chromium.org>
Reviewed-by: Lutz Justen <ljusten@chromium.org>
Cr-Commit-Position: refs/heads/master@{#579815}

components/policy/core/common/cloud/component_cloud_policy_service.cc

@@ -251,14 +251,8 @@ void ComponentCloudPolicyService::Backend::UpdateWithLastFetchedPolicy() {
   // Purge any components that don't have a policy configured at the server.
   // TODO(emaxx): This is insecure, as it happens before the policy validation:
   // see crbug.com/668733.
-  store_.Purge(
-      POLICY_DOMAIN_EXTENSIONS,
-      base::Bind(&NotInResponseMap, base::ConstRef(*last_fetched_policy_),
-                 POLICY_DOMAIN_EXTENSIONS));
-  store_.Purge(
-      POLICY_DOMAIN_SIGNIN_EXTENSIONS,
-      base::Bind(&NotInResponseMap, base::ConstRef(*last_fetched_policy_),
-                 POLICY_DOMAIN_SIGNIN_EXTENSIONS));
+  store_.Purge(base::BindRepeating(&NotInResponseMap,
+                                   base::ConstRef(*last_fetched_policy_)));
 
   for (auto it = last_fetched_policy_->begin();
        it != last_fetched_policy_->end(); ++it) {

components/policy/core/common/cloud/component_cloud_policy_store.h

@@ -26,6 +26,8 @@ class PolicyFetchResponse;
 
 namespace policy {
 
+class ResourceCache;
+
 // Validates protobufs for external policy data, validates the data itself, and
 // caches both locally.
 //
@@ -44,6 +46,12 @@ class POLICY_EXPORT ComponentCloudPolicyStore {
     virtual void OnComponentCloudPolicyStoreUpdated() = 0;
   };
 
+  struct DomainConstants;
+
+  using PurgeFilter =
+      base::RepeatingCallback<bool(const PolicyDomain domain,
+                                   const std::string& component_id)>;
+
   // Both the |delegate| and the |cache| must outlive this object.
   // |policy_type| only supports kChromeSigninExtensionPolicyType,
   // kChromeExtensionPolicyType, kChromeMachineLevelExtensionCloudPolicyType.
@@ -102,10 +110,9 @@ class POLICY_EXPORT ComponentCloudPolicyStore {
   // Deletes the storage of namespace |ns| and stops serving its policies.
   void Delete(const PolicyNamespace& ns);
 
-  // Deletes the storage of all components of |domain| that pass then given
+  // Deletes the storage of all components that pass for the given
   // |filter|, and stops serving their policies.
-  void Purge(PolicyDomain domain,
-             const ResourceCache::SubkeyFilter& filter);
+  void Purge(const PurgeFilter& filter);
 
   // Deletes the storage of every component that is owned by this PolicyStore.
   void Clear();
@@ -153,7 +160,7 @@ class POLICY_EXPORT ComponentCloudPolicyStore {
   // exposed component.
   std::map<PolicyNamespace, base::Time> stored_policy_times_;
 
-  std::string policy_type_;
+  const DomainConstants* domain_constants_;
 
   SEQUENCE_CHECKER(sequence_checker_);
 

components/policy/core/common/cloud/component_cloud_policy_store_unittest.cc

@@ -55,11 +55,13 @@ std::string TestPolicyHash() {
   return crypto::SHA256HashString(kTestPolicy);
 }
 
-bool NotEqual(const std::string& expected, const std::string& key) {
+bool NotEqual(const std::string& expected,
+              const PolicyDomain domain,
+              const std::string& key) {
   return key != expected;
 }
 
-bool True(const std::string& ignored) {
+bool True(const PolicyDomain domain, const std::string& ignored) {
   return true;
 }
 
@@ -465,6 +467,12 @@ TEST_F(ComponentCloudPolicyStoreTest, StoreAndLoad) {
                     CreateSerializedResponse(), CreatePolicyData().get(),
                     TestPolicyHash(), kTestPolicy));
 
+  // Store policy for an unowned domain.
+  EXPECT_FALSE(store_->Store(
+      PolicyNamespace(POLICY_DOMAIN_SIGNIN_EXTENSIONS, kTestExtension),
+      CreateSerializedResponse(), CreatePolicyData().get(), TestPolicyHash(),
+      kTestPolicy));
+
   // Store policy with the wrong hash.
   builder_.policy_data().set_policy_type(
       dm_protocol::kChromeExtensionPolicyType);
@@ -553,6 +561,11 @@ TEST_F(ComponentCloudPolicyStoreTest, Updates) {
   store_->Delete(ns_fake);
   Mock::VerifyAndClearExpectations(&store_delegate_);
 
+  // Deleting a unowned domain doesn't trigger updates.
+  PolicyNamespace ns_fake_2(POLICY_DOMAIN_SIGNIN_EXTENSIONS, kTestExtension);
+  store_->Delete(ns_fake_2);
+  Mock::VerifyAndClearExpectations(&store_delegate_);
+
   // Deleting a namespace that has policies triggers an update.
   EXPECT_CALL(store_delegate_, OnComponentCloudPolicyStoreUpdated());
   store_->Delete(kTestPolicyNS);
@@ -570,8 +583,7 @@ TEST_F(ComponentCloudPolicyStoreTest, Purge) {
   EXPECT_TRUE(store_->policy().Equals(expected_bundle_));
 
   // Purge other components.
-  store_->Purge(POLICY_DOMAIN_EXTENSIONS,
-                base::Bind(&NotEqual, kTestExtension));
+  store_->Purge(base::BindRepeating(&NotEqual, kTestExtension));
 
   // The policy for |kTestPolicyNS| is still served.
   EXPECT_TRUE(store_->policy().Equals(expected_bundle_));
@@ -589,7 +601,7 @@ TEST_F(ComponentCloudPolicyStoreTest, Purge) {
 
   // Now purge everything.
   EXPECT_CALL(store_delegate_, OnComponentCloudPolicyStoreUpdated());
-  store_->Purge(POLICY_DOMAIN_EXTENSIONS, base::Bind(&True));
+  store_->Purge(base::BindRepeating(&True));
   Mock::VerifyAndClearExpectations(&store_delegate_);
 
   // No policies are served anymore.