Added UserCloudPolicyManager::ShutdownAndRemovePolicy()

BUG=143272
TEST=Sign out, see policy disappear.


Review URL: https://chromiumcodereview.appspot.com/10854213

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@152383 0039d316-1c4b-4281-b951-d872f2087c98

chrome/browser/policy/cloud_policy_store.cc

@@ -15,6 +15,13 @@ CloudPolicyStore::CloudPolicyStore()
 
 CloudPolicyStore::~CloudPolicyStore() {}
 
+void CloudPolicyStore::Clear() {
+  RemoveStoredPolicy();
+  policy_.reset();
+  policy_map_.Clear();
+  NotifyStoreLoaded();
+}
+
 void CloudPolicyStore::AddObserver(CloudPolicyStore::Observer* observer) {
   observers_.AddObserver(observer);
 }

chrome/browser/policy/cloud_policy_store.h

@@ -87,6 +87,10 @@ class CloudPolicyStore {
   // failure.
   virtual void Load() = 0;
 
+  // Deletes any existing policy blob and notifies observers via OnStoreLoaded()
+  // that the blob has changed. Virtual for mocks.
+  virtual void Clear();
+
   // Registers an observer to be notified when policy changes.
   void AddObserver(Observer* observer);
 
@@ -104,6 +108,9 @@ class CloudPolicyStore {
   void NotifyStoreLoaded();
   void NotifyStoreError();
 
+  // Invoked by Clear() to remove stored policy.
+  virtual void RemoveStoredPolicy() = 0;
+
   // Decoded version of the currently effective policy.
   PolicyMap policy_map_;
 

chrome/browser/policy/mock_cloud_policy_store.h

@@ -17,6 +17,8 @@ class MockCloudPolicyStore : public CloudPolicyStore {
 
   MOCK_METHOD1(Store, void(const enterprise_management::PolicyFetchResponse&));
   MOCK_METHOD0(Load, void(void));
+  MOCK_METHOD0(Clear, void(void));
+  MOCK_METHOD0(RemoveStoredPolicy, void(void));
 
   // Publish the protected members.
   using CloudPolicyStore::NotifyStoreLoaded;

chrome/browser/policy/user_cloud_policy_manager.cc

@@ -95,12 +95,9 @@ void UserCloudPolicyManager::Initialize(PrefService* prefs,
   }
 }
 
-void UserCloudPolicyManager::Shutdown() {
-  refresh_scheduler_.reset();
-  if (service_.get())
-    service_->client()->RemoveObserver(this);
-  service_.reset();
-  prefs_ = NULL;
+void UserCloudPolicyManager::ShutdownAndRemovePolicy() {
+  Shutdown();
+  store_->Clear();
 }
 
 void UserCloudPolicyManager::CancelWaitForPolicyFetch() {
@@ -196,4 +193,12 @@ void UserCloudPolicyManager::OnRefreshComplete() {
   CheckAndPublishPolicy();
 }
 
+void UserCloudPolicyManager::Shutdown() {
+  refresh_scheduler_.reset();
+  if (service_.get())
+    service_->client()->RemoveObserver(this);
+  service_.reset();
+  prefs_ = NULL;
+}
+
 }  // namespace policy

chrome/browser/policy/user_cloud_policy_manager.h

@@ -40,13 +40,17 @@ class UserCloudPolicyManager : public ConfigurationPolicyProvider,
                                                    bool wait_for_policy_fetch);
 
   // Initializes the cloud connection. |local_prefs| and |service| must stay
-  // valid until Shutdown() gets called. Virtual for mocking.
+  // valid until this object is deleted or ShutdownAndRemovePolicy() gets
+  // called. Virtual for mocking.
   virtual void Initialize(PrefService* local_prefs,
                           DeviceManagementService* service,
                           UserAffiliation user_affiliation);
 
-  // Virtual for mocks.
-  virtual void Shutdown();
+  // Shuts down the UserCloudPolicyManager (removes and stops refreshing the
+  // cached cloud policy). This is typically called when a profile is being
+  // disassociated from a given user (e.g. during signout). No policy will be
+  // provided by this object until the next time Initialize() is invoked.
+  void ShutdownAndRemovePolicy();
 
   // Cancels waiting for the policy fetch and flags the
   // ConfigurationPolicyProvider ready (assuming all other initialization tasks
@@ -87,6 +91,10 @@ class UserCloudPolicyManager : public ConfigurationPolicyProvider,
   // Completion handler for policy refresh operations.
   void OnRefreshComplete();
 
+  // Frees the CloudPolicyService and stops refreshing policy. Any previously
+  // cached policy will continue to be served.
+  void Shutdown();
+
   // Whether to wait for a policy fetch to complete before reporting
   // IsInitializationComplete().
   bool wait_for_policy_fetch_;

chrome/browser/policy/user_cloud_policy_manager_unittest.cc

@@ -209,6 +209,19 @@ TEST_F(UserCloudPolicyManagerTest, Init) {
   EXPECT_TRUE(manager_->IsInitializationComplete());
 }
 
+TEST_F(UserCloudPolicyManagerTest, ShutdownAndRemovePolicy) {
+  // Load policy, make sure it goes away when ShutdownAndRemove() is called.
+  CreateManager(false);
+  store_->policy_map_.CopyFrom(policy_map_);
+  EXPECT_CALL(observer_, OnUpdatePolicy(manager_.get()));
+  store_->NotifyStoreLoaded();
+  EXPECT_TRUE(expected_bundle_.Equals(manager_->policies()));
+  EXPECT_TRUE(manager_->IsInitializationComplete());
+  EXPECT_CALL(*store_, Clear());
+  manager_->ShutdownAndRemovePolicy();
+  EXPECT_FALSE(manager_->cloud_policy_service());
+}
+
 TEST_F(UserCloudPolicyManagerTest, Update) {
   CreateManager(false);
   EXPECT_CALL(observer_, OnUpdatePolicy(manager_.get()));

chrome/browser/policy/user_cloud_policy_store.cc

@@ -28,6 +28,10 @@ void UserCloudPolicyStore::Load() {
   NotifyStoreLoaded();
 }
 
+void UserCloudPolicyStore::RemoveStoredPolicy() {
+  // TODO(atwilson): Remove policy from disk.
+}
+
 void UserCloudPolicyStore::Store(
     const enterprise_management::PolicyFetchResponse& policy) {
   // Stop any pending requests to store policy, then validate the new policy

chrome/browser/policy/user_cloud_policy_store.h

@@ -29,6 +29,9 @@ class UserCloudPolicyStore : public UserCloudPolicyStoreBase {
   virtual void Store(
       const enterprise_management::PolicyFetchResponse& policy) OVERRIDE;
 
+ protected:
+  virtual void RemoveStoredPolicy() OVERRIDE;
+
  private:
   // Starts policy blob validation. |callback| is invoked once validation is
   // complete.

chrome/browser/policy/user_cloud_policy_store_chromeos.cc

@@ -182,6 +182,13 @@ void UserCloudPolicyStoreChromeOS::Load() {
                  weak_factory_.GetWeakPtr()));
 }
 
+void UserCloudPolicyStoreChromeOS::RemoveStoredPolicy() {
+  // This should never be called on ChromeOS since it is not possible to sign
+  // out of a Profile. The underlying policy store is only removed if the
+  // Profile itself is deleted.
+  NOTREACHED();
+}
+
 void UserCloudPolicyStoreChromeOS::OnPolicyRetrieved(
     const std::string& policy_blob) {
   if (policy_blob.empty()) {

chrome/browser/policy/user_cloud_policy_store_chromeos.h

@@ -47,6 +47,9 @@ class UserCloudPolicyStoreChromeOS : public UserCloudPolicyStoreBase {
       const enterprise_management::PolicyFetchResponse& policy) OVERRIDE;
   virtual void Load() OVERRIDE;
 
+ protected:
+  virtual void RemoveStoredPolicy() OVERRIDE;
+
  private:
   // Called back from SessionManagerClient for policy load operations.
   void OnPolicyRetrieved(const std::string& policy_blob);

chrome/browser/policy/user_policy_signin_service.cc

@@ -107,7 +107,7 @@ void UserPolicySigninService::ConfigureUserCloudPolicyManager() {
 
   SigninManager* signin_manager = SigninManagerFactory::GetForProfile(profile_);
   if (signin_manager->GetAuthenticatedUsername().empty()) {
-    manager_->Shutdown();
+    manager_->ShutdownAndRemovePolicy();
   } else {
     if (!manager_->cloud_policy_service()) {
       // Make sure we've initialized the DeviceManagementService. It's OK to