Add more test with local policy test server.

1) PolicyTestServer can be configured not to ask for device attributes during enrollment. 2) PolicyTestServer can be configured to produce specific HTTP error codes during enrollment Bug: 950471 Change-Id: Ie49080260bfc4d07ae46b3f64a72df750a09913d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1556804 Commit-Queue: Denis Kuznetsov <antrim@chromium.org> Reviewed-by: Roman Sorokin [CET] <rsorokin@chromium.org> Cr-Commit-Position: refs/heads/master@{#648697}

Add more test with local policy test server.
1) PolicyTestServer can be configured not to ask for device attributes during enrollment. 2) PolicyTestServer can be configured to produce specific HTTP error codes during enrollment Bug: 950471 Change-Id: Ie49080260bfc4d07ae46b3f64a72df750a09913d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1556804 Commit-Queue: Denis Kuznetsov <antrim@chromium.org> Reviewed-by: Roman Sorokin [CET] <rsorokin@chromium.org> Cr-Commit-Position: refs/heads/master@{#648697}
b01bc6b2 · Denis Kuznetsov · Commit Bot · 318c3ed4 · b01bc6b2 · b01bc6b2
Commit b01bc6b2 authored Apr 08, 2019 by Denis Kuznetsov Committed by Commit Bot Apr 08, 2019
6 changed files
--- a/chrome/browser/chromeos/login/enrollment/enrollment_local_policy_server_browsertest.cc
+++ b/chrome/browser/chromeos/login/enrollment/enrollment_local_policy_server_browsertest.cc
@@ -19,12 +19,14 @@
 #include "chrome/browser/chromeos/login/wizard_controller.h"
 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
 #include "chrome/browser/policy/test/local_policy_test_server.h"
+#include "chrome/grit/generated_resources.h"
 #include "chromeos/attestation/mock_attestation_flow.h"
 #include "chromeos/constants/chromeos_switches.h"
 #include "chromeos/cryptohome/async_method_caller.h"
 #include "chromeos/dbus/cryptohome/fake_cryptohome_client.h"
 #include "chromeos/dbus/dbus_thread_manager.h"
 #include "components/policy/core/common/policy_switches.h"
+#include "components/strings/grit/components_strings.h"

 namespace chromeos {

@@ -55,6 +57,7 @@ class EnrollmentLocalPolicyServerBase : public OobeBaseTest {
    fake_gaia_.SetupFakeGaiaForLogin(FakeGaiaMixin::kFakeUserEmail,
                                     FakeGaiaMixin::kFakeUserGaiaId,
                                     FakeGaiaMixin::kFakeRefreshToken);
+    policy_server_.SetUpdateDeviceAttributesPermission(false);
    OobeBaseTest::SetUpOnMainThread();
  }

@@ -82,7 +85,16 @@ class EnrollmentLocalPolicyServerBase : public OobeBaseTest {
    return auto_enrollment_screen;
  }

-  LocalPolicyTestServerMixin local_policy_mixin_{&mixin_host_};
+  void TriggerEnrollmentAndSignInSuccessfully() {
+    host()->StartWizard(OobeScreen::SCREEN_OOBE_ENROLLMENT);
+    OobeScreenWaiter(OobeScreen::SCREEN_OOBE_ENROLLMENT).Wait();
+
+    ASSERT_FALSE(StartupUtils::IsDeviceRegistered());
+    enrollment_screen()->OnLoginDone(FakeGaiaMixin::kFakeUserEmail,
+                                     FakeGaiaMixin::kFakeAuthCode);
+  }
+
+  LocalPolicyTestServerMixin policy_server_{&mixin_host_};
  test::EnrollmentUIMixin enrollment_ui_{&mixin_host_};
  FakeGaiaMixin fake_gaia_{&mixin_host_, embedded_test_server()};

@@ -129,12 +141,18 @@ class AutoEnrollmentLocalPolicyServer : public EnrollmentLocalPolicyServerBase {

 // Simple manual enrollment.
 IN_PROC_BROWSER_TEST_F(EnrollmentLocalPolicyServerBase, ManualEnrollment) {
-  host()->StartWizard(OobeScreen::SCREEN_OOBE_ENROLLMENT);
-  OobeScreenWaiter(OobeScreen::SCREEN_OOBE_ENROLLMENT).Wait();
+  TriggerEnrollmentAndSignInSuccessfully();
+
+  enrollment_ui_.WaitForStep(test::ui::kEnrollmentStepSuccess);
+  EXPECT_TRUE(StartupUtils::IsDeviceRegistered());
+}

-  ASSERT_FALSE(StartupUtils::IsDeviceRegistered());
-  enrollment_screen()->OnLoginDone(FakeGaiaMixin::kFakeUserEmail,
-                                   FakeGaiaMixin::kFakeAuthCode);
+// Simple manual enrollment with device attributes prompt.
+IN_PROC_BROWSER_TEST_F(EnrollmentLocalPolicyServerBase,
+                       ManualEnrollmentWithDeviceAttributes) {
+  policy_server_.SetUpdateDeviceAttributesPermission(true);
+
+  TriggerEnrollmentAndSignInSuccessfully();

  enrollment_ui_.WaitForStep(test::ui::kEnrollmentStepDeviceAttributes);
  enrollment_ui_.SubmitDeviceAttributes(test::values::kAssetId,
@@ -148,18 +166,11 @@ IN_PROC_BROWSER_TEST_F(EnrollmentLocalPolicyServerBase, ManualEnrollment) {
 // so no license selection UI should be displayed.
 IN_PROC_BROWSER_TEST_F(EnrollmentLocalPolicyServerBase,
                       ManualEnrollmentWithSingleLicense) {
-  local_policy_mixin_.ExpectAvailableLicenseCount(
-      5 /* perpetual */, 0 /* annual */, 0 /* kiosk */);
-  host()->StartWizard(OobeScreen::SCREEN_OOBE_ENROLLMENT);
-  OobeScreenWaiter(OobeScreen::SCREEN_OOBE_ENROLLMENT).Wait();
+  policy_server_.ExpectAvailableLicenseCount(5 /* perpetual */, 0 /* annual */,
+                                             0 /* kiosk */);

-  ASSERT_FALSE(StartupUtils::IsDeviceRegistered());
-  enrollment_screen()->OnLoginDone(FakeGaiaMixin::kFakeUserEmail,
-                                   FakeGaiaMixin::kFakeAuthCode);
+  TriggerEnrollmentAndSignInSuccessfully();

-  enrollment_ui_.WaitForStep(test::ui::kEnrollmentStepDeviceAttributes);
-  enrollment_ui_.SubmitDeviceAttributes(test::values::kAssetId,
-                                        test::values::kLocation);
  enrollment_ui_.WaitForStep(test::ui::kEnrollmentStepSuccess);
  EXPECT_TRUE(StartupUtils::IsDeviceRegistered());
 }
@@ -168,26 +179,152 @@ IN_PROC_BROWSER_TEST_F(EnrollmentLocalPolicyServerBase,
 // Enrollment selection UI should be displayed during enrollment.
 IN_PROC_BROWSER_TEST_F(EnrollmentLocalPolicyServerBase,
                       ManualEnrollmentWithMultipleLicenses) {
-  local_policy_mixin_.ExpectAvailableLicenseCount(
-      5 /* perpetual */, 5 /* annual */, 5 /* kiosk */);
-  host()->StartWizard(OobeScreen::SCREEN_OOBE_ENROLLMENT);
-  OobeScreenWaiter(OobeScreen::SCREEN_OOBE_ENROLLMENT).Wait();
+  policy_server_.ExpectAvailableLicenseCount(5 /* perpetual */, 5 /* annual */,
+                                             5 /* kiosk */);

-  ASSERT_FALSE(StartupUtils::IsDeviceRegistered());
-  enrollment_screen()->OnLoginDone(FakeGaiaMixin::kFakeUserEmail,
-                                   FakeGaiaMixin::kFakeAuthCode);
+  TriggerEnrollmentAndSignInSuccessfully();

  enrollment_ui_.WaitForStep(test::ui::kEnrollmentStepLicenses);
  enrollment_ui_.SelectEnrollmentLicense(test::values::kLicenseTypeAnnual);
  enrollment_ui_.UseSelectedLicense();

-  enrollment_ui_.WaitForStep(test::ui::kEnrollmentStepDeviceAttributes);
-  enrollment_ui_.SubmitDeviceAttributes(test::values::kAssetId,
-                                        test::values::kLocation);
  enrollment_ui_.WaitForStep(test::ui::kEnrollmentStepSuccess);
  EXPECT_TRUE(StartupUtils::IsDeviceRegistered());
 }

+// Negative scenarios: see different HTTP error codes in
+// device_management_service.cc
+
+// Error during enrollment : 402 - missing licenses.
+IN_PROC_BROWSER_TEST_F(EnrollmentLocalPolicyServerBase,
+                       EnrollmentErrorNoLicenses) {
+  policy_server_.SetExpectedDeviceEnrollmentError(402);
+
+  TriggerEnrollmentAndSignInSuccessfully();
+
+  enrollment_ui_.WaitForStep(test::ui::kEnrollmentStepError);
+  enrollment_ui_.ExpectErrorMessage(
+      IDS_ENTERPRISE_ENROLLMENT_MISSING_LICENSES_ERROR, /* can retry */ true);
+  enrollment_ui_.RetryAfterError();
+  EXPECT_FALSE(StartupUtils::IsDeviceRegistered());
+}
+
+// Error during enrollment : 403 - management not allowed.
+IN_PROC_BROWSER_TEST_F(EnrollmentLocalPolicyServerBase,
+                       EnrollmentErrorManagementNotAllowed) {
+  policy_server_.SetExpectedDeviceEnrollmentError(403);
+
+  TriggerEnrollmentAndSignInSuccessfully();
+
+  enrollment_ui_.WaitForStep(test::ui::kEnrollmentStepError);
+  enrollment_ui_.ExpectErrorMessage(
+      IDS_ENTERPRISE_ENROLLMENT_AUTH_ACCOUNT_ERROR, /* can retry */ true);
+  enrollment_ui_.RetryAfterError();
+  EXPECT_FALSE(StartupUtils::IsDeviceRegistered());
+}
+
+// Error during enrollment : 405 - invalid device serial.
+IN_PROC_BROWSER_TEST_F(EnrollmentLocalPolicyServerBase,
+                       EnrollmentErrorInvalidDeviceSerial) {
+  policy_server_.SetExpectedDeviceEnrollmentError(405);
+
+  TriggerEnrollmentAndSignInSuccessfully();
+
+  enrollment_ui_.WaitForStep(test::ui::kEnrollmentStepError);
+  // TODO (antrim, rsorokin): find out why it makes sense to retry here?
+  enrollment_ui_.ExpectErrorMessage(
+      IDS_POLICY_DM_STATUS_SERVICE_INVALID_SERIAL_NUMBER,
+      /* can retry */ true);
+  enrollment_ui_.RetryAfterError();
+  EXPECT_FALSE(StartupUtils::IsDeviceRegistered());
+}
+
+// Error during enrollment : 406 - domain mismatch
+IN_PROC_BROWSER_TEST_F(EnrollmentLocalPolicyServerBase,
+                       EnrollmentErrorDomainMismatch) {
+  policy_server_.SetExpectedDeviceEnrollmentError(406);
+
+  TriggerEnrollmentAndSignInSuccessfully();
+
+  enrollment_ui_.WaitForStep(test::ui::kEnrollmentStepError);
+  enrollment_ui_.ExpectErrorMessage(
+      IDS_ENTERPRISE_ENROLLMENT_DOMAIN_MISMATCH_ERROR, /* can retry */ true);
+  enrollment_ui_.RetryAfterError();
+  EXPECT_FALSE(StartupUtils::IsDeviceRegistered());
+}
+
+// Error during enrollment : 409 - Device ID is already in use
+IN_PROC_BROWSER_TEST_F(EnrollmentLocalPolicyServerBase,
+                       EnrollmentErrorDeviceIDConflict) {
+  policy_server_.SetExpectedDeviceEnrollmentError(409);
+
+  TriggerEnrollmentAndSignInSuccessfully();
+
+  enrollment_ui_.WaitForStep(test::ui::kEnrollmentStepError);
+  // TODO (antrim, rsorokin): find out why it makes sense to retry here?
+  enrollment_ui_.ExpectErrorMessage(
+      IDS_POLICY_DM_STATUS_SERVICE_DEVICE_ID_CONFLICT, /* can retry */ true);
+  enrollment_ui_.RetryAfterError();
+  EXPECT_FALSE(StartupUtils::IsDeviceRegistered());
+}
+
+// Error during enrollment : 412 - Activation is pending
+IN_PROC_BROWSER_TEST_F(EnrollmentLocalPolicyServerBase,
+                       EnrollmentErrorActivationIsPending) {
+  policy_server_.SetExpectedDeviceEnrollmentError(412);
+
+  TriggerEnrollmentAndSignInSuccessfully();
+
+  enrollment_ui_.WaitForStep(test::ui::kEnrollmentStepError);
+  enrollment_ui_.ExpectErrorMessage(
+      IDS_POLICY_DM_STATUS_SERVICE_ACTIVATION_PENDING, /* can retry */ true);
+  enrollment_ui_.RetryAfterError();
+  EXPECT_FALSE(StartupUtils::IsDeviceRegistered());
+}
+
+// Error during enrollment : 417 - Consumer account with packaged license.
+IN_PROC_BROWSER_TEST_F(EnrollmentLocalPolicyServerBase,
+                       EnrollmentErrorConsumerAccountWithPackagedLicense) {
+  policy_server_.SetExpectedDeviceEnrollmentError(417);
+
+  TriggerEnrollmentAndSignInSuccessfully();
+
+  enrollment_ui_.WaitForStep(test::ui::kEnrollmentStepError);
+  enrollment_ui_.ExpectErrorMessage(
+      IDS_ENTERPRISE_ENROLLMENT_CONSUMER_ACCOUNT_WITH_PACKAGED_LICENSE,
+      /* can retry */ true);
+  enrollment_ui_.RetryAfterError();
+  EXPECT_FALSE(StartupUtils::IsDeviceRegistered());
+}
+
+// Error during enrollment : 500 - Consumer account with packaged license.
+IN_PROC_BROWSER_TEST_F(EnrollmentLocalPolicyServerBase,
+                       EnrollmentErrorServerError) {
+  policy_server_.SetExpectedDeviceEnrollmentError(500);
+
+  TriggerEnrollmentAndSignInSuccessfully();
+
+  enrollment_ui_.WaitForStep(test::ui::kEnrollmentStepError);
+  enrollment_ui_.ExpectErrorMessage(IDS_POLICY_DM_STATUS_TEMPORARY_UNAVAILABLE,
+                                    /* can retry */ true);
+  enrollment_ui_.RetryAfterError();
+  EXPECT_FALSE(StartupUtils::IsDeviceRegistered());
+}
+
+// Error during enrollment : Strange HTTP response from server.
+IN_PROC_BROWSER_TEST_F(EnrollmentLocalPolicyServerBase,
+                       EnrollmentErrorServerIsDrunk) {
+  policy_server_.SetExpectedDeviceEnrollmentError(12345);
+
+  TriggerEnrollmentAndSignInSuccessfully();
+
+  enrollment_ui_.WaitForStep(test::ui::kEnrollmentStepError);
+  enrollment_ui_.ExpectErrorMessage(IDS_POLICY_DM_STATUS_HTTP_STATUS_ERROR,
+                                    /* can retry */ true);
+  enrollment_ui_.RetryAfterError();
+  EXPECT_FALSE(StartupUtils::IsDeviceRegistered());
+}
+
 // No state keys on the server. Auto enrollment check should proceed to login.
 IN_PROC_BROWSER_TEST_F(AutoEnrollmentLocalPolicyServer, AutoEnrollmentCheck) {
  host()->StartWizard(OobeScreen::SCREEN_AUTO_ENROLLMENT_CHECK);
@@ -196,7 +333,7 @@ IN_PROC_BROWSER_TEST_F(AutoEnrollmentLocalPolicyServer, AutoEnrollmentCheck) {

 // State keys are present but restore mode is not requested.
 IN_PROC_BROWSER_TEST_F(AutoEnrollmentLocalPolicyServer, ReenrollmentNone) {
-  EXPECT_TRUE(local_policy_mixin_.SetDeviceStateRetrievalResponse(
+  EXPECT_TRUE(policy_server_.SetDeviceStateRetrievalResponse(
      state_keys_broker(),
      enterprise_management::DeviceStateRetrievalResponse::RESTORE_MODE_NONE,
      kTestDomain));
@@ -206,7 +343,7 @@ IN_PROC_BROWSER_TEST_F(AutoEnrollmentLocalPolicyServer, ReenrollmentNone) {

 // Reenrollment requested. User can skip.
 IN_PROC_BROWSER_TEST_F(AutoEnrollmentLocalPolicyServer, ReenrollmentRequested) {
-  EXPECT_TRUE(local_policy_mixin_.SetDeviceStateRetrievalResponse(
+  EXPECT_TRUE(policy_server_.SetDeviceStateRetrievalResponse(
      state_keys_broker(),
      enterprise_management::DeviceStateRetrievalResponse::
          RESTORE_MODE_REENROLLMENT_REQUESTED,
@@ -219,7 +356,7 @@ IN_PROC_BROWSER_TEST_F(AutoEnrollmentLocalPolicyServer, ReenrollmentRequested) {

 // Reenrollment forced. User can not skip.
 IN_PROC_BROWSER_TEST_F(AutoEnrollmentLocalPolicyServer, ReenrollmentForced) {
-  EXPECT_TRUE(local_policy_mixin_.SetDeviceStateRetrievalResponse(
+  EXPECT_TRUE(policy_server_.SetDeviceStateRetrievalResponse(
      state_keys_broker(),
      enterprise_management::DeviceStateRetrievalResponse::
          RESTORE_MODE_REENROLLMENT_ENFORCED,
@@ -235,7 +372,7 @@ IN_PROC_BROWSER_TEST_F(AutoEnrollmentLocalPolicyServer, ReenrollmentForced) {

 // Device is disabled.
 IN_PROC_BROWSER_TEST_F(AutoEnrollmentLocalPolicyServer, DeviceDisabled) {
-  EXPECT_TRUE(local_policy_mixin_.SetDeviceStateRetrievalResponse(
+  EXPECT_TRUE(policy_server_.SetDeviceStateRetrievalResponse(
      state_keys_broker(),
      enterprise_management::DeviceStateRetrievalResponse::
          RESTORE_MODE_DISABLED,
@@ -247,14 +384,14 @@ IN_PROC_BROWSER_TEST_F(AutoEnrollmentLocalPolicyServer, DeviceDisabled) {
 // Attestation enrollment.
 IN_PROC_BROWSER_TEST_F(AutoEnrollmentLocalPolicyServer, Attestation) {
  SetFakeAttestationFlow();
-  EXPECT_TRUE(local_policy_mixin_.SetDeviceStateRetrievalResponse(
+  EXPECT_TRUE(policy_server_.SetDeviceStateRetrievalResponse(
      state_keys_broker(),
      enterprise_management::DeviceStateRetrievalResponse::
          RESTORE_MODE_REENROLLMENT_ZERO_TOUCH,
      kTestDomain));

  host()->StartWizard(OobeScreen::SCREEN_AUTO_ENROLLMENT_CHECK);
-  enrollment_ui_.WaitForStep(test::ui::kEnrollmentStepDeviceAttributes);
+  enrollment_ui_.WaitForStep(test::ui::kEnrollmentStepSuccess);
  EXPECT_TRUE(StartupUtils::IsDeviceRegistered());
 }


--- a/chrome/browser/chromeos/login/test/enrollment_ui_mixin.cc
+++ b/chrome/browser/chromeos/login/test/enrollment_ui_mixin.cc
@@ -7,12 +7,15 @@
 #include "chrome/browser/chromeos/login/enrollment/enrollment_screen.h"
 #include "chrome/browser/chromeos/login/test/js_checker.h"
 #include "chrome/browser/chromeos/login/test/test_predicate_waiter.h"
+#include "ui/base/l10n/l10n_util.h"

 namespace chromeos {
 namespace test {

 namespace ui {

+const char kEnrollmentStepSignin[] = "signin";
+const char kEnrollmentStepWorking[] = "working";
 const char kEnrollmentStepSuccess[] = "success";
 const char kEnrollmentStepError[] = "error";
 const char kEnrollmentStepLicenses[] = "license";
@@ -36,6 +39,7 @@ const char kLocation[] = "location";
 namespace {

 const char* const kAllSteps[] = {
+    ui::kEnrollmentStepSignin,   ui::kEnrollmentStepWorking,
    ui::kEnrollmentStepLicenses, ui::kEnrollmentStepDeviceAttributes,
    ui::kEnrollmentStepSuccess,  ui::kEnrollmentStepADJoin,
    ui::kEnrollmentStepError,    ui::kEnrollmentStepADJoinError};
@@ -45,6 +49,9 @@ std::string StepVisibleExpression(const std::string& step) {
         "').length > 0";
 }

+const std::initializer_list<base::StringPiece> kEnrollmentErrorRetryButtonPath =
+    {"oauth-enroll-error-card", "submitButton"};
+
 }  // namespace

 EnrollmentUIMixin::EnrollmentUIMixin(InProcessBrowserTestMixinHost* host)
@@ -76,6 +83,25 @@ void EnrollmentUIMixin::UseSelectedLicense() {
  OobeJS().TapOnPath({"oauth-enroll-license-ui", "next"});
 }

+void EnrollmentUIMixin::ExpectErrorMessage(int error_message_id,
+                                           bool can_retry) {
+  const std::string element_path =
+      GetOobeElementPath({"oauth-enroll-error-card"});
+  const std::string message = OobeJS().GetString(element_path + ".textContent");
+  ASSERT_TRUE(std::string::npos !=
+              message.find(l10n_util::GetStringUTF8(error_message_id)));
+  if (can_retry) {
+    OobeJS().ExpectVisiblePath(kEnrollmentErrorRetryButtonPath);
+  } else {
+    OobeJS().ExpectHiddenPath(kEnrollmentErrorRetryButtonPath);
+  }
+}
+
+void EnrollmentUIMixin::RetryAfterError() {
+  OobeJS().TapOnPath(kEnrollmentErrorRetryButtonPath);
+  WaitForStep(ui::kEnrollmentStepSignin);
+}
+
 void EnrollmentUIMixin::SubmitDeviceAttributes(const std::string& asset_id,
                                               const std::string& location) {
  OobeJS().TypeIntoPath(asset_id, {"oauth-enroll-asset-id"});

--- a/chrome/browser/chromeos/login/test/enrollment_ui_mixin.h
+++ b/chrome/browser/chromeos/login/test/enrollment_ui_mixin.h
@@ -51,6 +51,9 @@ class EnrollmentUIMixin : public InProcessBrowserTestMixin {
  void WaitForStep(const std::string& step);
  bool IsStepDisplayed(const std::string& step);

+  void ExpectErrorMessage(int error_message_id, bool can_retry);
+  void RetryAfterError();
+
  // Fills out the UI with device attribute information and submits it.
  void SubmitDeviceAttributes(const std::string& asset_id,
                              const std::string& location);

--- a/chrome/browser/chromeos/login/test/local_policy_test_server_mixin.cc
+++ b/chrome/browser/chromeos/login/test/local_policy_test_server_mixin.cc
@@ -77,6 +77,19 @@ void LocalPolicyTestServerMixin::ExpectAvailableLicenseCount(int perpetual,
  policy_test_server_->SetConfig(server_config_);
 }

+void LocalPolicyTestServerMixin::SetUpdateDeviceAttributesPermission(
+    bool allowed) {
+  server_config_.SetKey("allow_set_device_attributes", base::Value(allowed));
+  policy_test_server_->SetConfig(server_config_);
+}
+
+void LocalPolicyTestServerMixin::SetExpectedDeviceEnrollmentError(
+    int net_error_code) {
+  server_config_.SetKey("device_register_http_error",
+                        base::Value(net_error_code));
+  policy_test_server_->SetConfig(server_config_);
+}
+
 bool LocalPolicyTestServerMixin::UpdateDevicePolicy(
    const enterprise_management::ChromeDeviceSettingsProto& policy) {
  DCHECK(policy_test_server_);

--- a/chrome/browser/chromeos/login/test/local_policy_test_server_mixin.h
+++ b/chrome/browser/chromeos/login/test/local_policy_test_server_mixin.h
@@ -39,6 +39,13 @@ class LocalPolicyTestServerMixin : public InProcessBrowserTestMixin {
  // There should be at least one license type.
  void ExpectAvailableLicenseCount(int perpetual, int annual, int kiosk);

+  void SetUpdateDeviceAttributesPermission(bool allowed);
+
+  // Configures server to respond with particular error code during device
+  // registration.
+  // |net_error_code| - error code from device_management_service.cc.
+  void SetExpectedDeviceEnrollmentError(int net_error_code);
+
  // Set response for DeviceStateRetrievalRequest. Returns that if finds state
  // key passed in the request. State keys could be set by RegisterClient call
  // on policy test server.

--- a/chrome/browser/policy/test/policy_testserver.py
+++ b/chrome/browser/policy/test/policy_testserver.py
@@ -58,6 +58,8 @@ Example:
      "token": "abcd-ef01-123123123",
      "username": "admin@example.com"
   },
+   "device_register_http_error" : 902,
+   "allow_set_device_attributes" : false,
 }

 """
@@ -427,6 +429,9 @@ class PolicyRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
    if not auth:
      return (403, 'No authorization')

+    if 'device_register_http_error' in policy:
+      return (policy['device_register_http_error'], 'Preconfigured error')
+
    if ('managed_users' not in policy):
      return (500, 'Error in config - no managed users')
    username = self.server.ResolveUser(auth)
@@ -716,8 +721,15 @@ class PolicyRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
      A tuple of HTTP status code and response data to send to the client.
    """
    response = dm.DeviceManagementResponse()
+    policy = self.server.GetPolicies()
+    update_allowed = True
+    if ('allow_set_device_attributes' in policy):
+      update_allowed = policy['allow_set_device_attributes']
+
    response.device_attribute_update_permission_response.result = (
-        dm.DeviceAttributeUpdatePermissionResponse.ATTRIBUTE_UPDATE_ALLOWED)
+        dm.DeviceAttributeUpdatePermissionResponse.ATTRIBUTE_UPDATE_ALLOWED
+        if update_allowed else
+        dm.DeviceAttributeUpdatePermissionResponse.ATTRIBUTE_UPDATE_DISALLOWED)

    return (200, response)