Add NetworkIsolationKey parameter to preconnect NetworkContext API.

The only two consumers currently just pass in a key created using the
default contructor.  I'll hook up reasonable values to PreconnectManager
in followup CLs.

Bug: 966896
Change-Id: Ic4c69dea4a97795e41d6dcd90b85b531eadbbf1e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1670529
Commit-Queue: Matt Menke <mmenke@chromium.org>
Reviewed-by: Alexander Alekseev <alemate@chromium.org>
Reviewed-by: Shivani Sharma <shivanisha@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Alex Ilin <alexilin@chromium.org>
Reviewed-by: Tarun Bansal <tbansal@chromium.org>
Cr-Commit-Position: refs/heads/master@{#671945}

chrome/browser/chromeos/login/auth/auth_prewarmer.cc

@@ -6,6 +6,7 @@
 
 #include <stddef.h>
 
+#include "base/optional.h"
 #include "base/task/post_task.h"
 #include "chrome/browser/chromeos/login/helper.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
@@ -66,7 +67,7 @@ void AuthPrewarmer::DoPrewarm() {
   if (network_context) {
     // Do nothing if NetworkContext isn't available.
     network_context->PreconnectSockets(kConnectionsNeeded, url, kLoadFlags,
-                                       kShouldUsePrivacyMode);
+                                       kShouldUsePrivacyMode, base::nullopt);
   }
   if (!completion_callback_.is_null()) {
     base::PostTaskWithTraits(FROM_HERE, {content::BrowserThread::UI},

chrome/browser/predictors/preconnect_manager.cc

@@ -7,6 +7,7 @@
 #include <utility>
 
 #include "base/bind.h"
+#include "base/optional.h"
 #include "base/task/post_task.h"
 #include "base/trace_event/trace_event.h"
 #include "chrome/browser/predictors/resource_prefetch_predictor.h"
@@ -160,8 +161,9 @@ void PreconnectManager::PreconnectUrl(const GURL& url,
                  net::LOAD_DO_NOT_SEND_AUTH_DATA;
   }
 
-  network_context->PreconnectSockets(num_sockets, url, load_flags,
-                                     privacy_mode);
+  // TODO(mmenke): Use an appropriate NetworkIsolationKey().
+  network_context->PreconnectSockets(num_sockets, url, load_flags, privacy_mode,
+                                     base::nullopt);
 }
 
 std::unique_ptr<ResolveHostClientImpl> PreconnectManager::PreresolveUrl(

chrome/browser/predictors/preconnect_manager_unittest.cc

@@ -19,6 +19,7 @@
 #include "chrome/test/base/testing_profile.h"
 #include "content/public/test/test_browser_thread_bundle.h"
 #include "net/base/load_flags.h"
+#include "net/base/network_isolation_key.h"
 #include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
 #include "services/network/test/test_network_context.h"
 #include "testing/gmock/include/gmock/gmock.h"
@@ -133,11 +134,13 @@ class MockNetworkContext : public network::TestNetworkContext {
   void EnableProxyTesting() { enabled_proxy_testing_ = true; }
 
   MOCK_METHOD1(ResolveHostProxy, void(const std::string& host));
-  MOCK_METHOD4(PreconnectSockets,
+  MOCK_METHOD5(PreconnectSockets,
                void(uint32_t num_streams,
                     const GURL& url,
                     int32_t load_flags,
-                    bool privacy_mode_enabled));
+                    bool privacy_mode_enabled,
+                    const base::Optional<net::NetworkIsolationKey>&
+                        network_isolation_key));
 
  private:
   bool IsHangingHost(const GURL& url) const {
@@ -210,7 +213,9 @@ TEST_F(PreconnectManagerTest, TestStartOneUrlPreconnect) {
   preconnect_manager_->Start(main_frame_url,
                              {PreconnectRequest(url_to_preconnect, 1)});
   EXPECT_CALL(*mock_network_context_,
-              PreconnectSockets(1, url_to_preconnect, kNormalLoadFlags, false));
+              PreconnectSockets(1, url_to_preconnect, kNormalLoadFlags,
+                                false /* privacy_mode_enabled */,
+                                base::Optional<net::NetworkIsolationKey>()));
   EXPECT_CALL(*mock_delegate_, PreconnectFinishedProxy(main_frame_url));
   mock_network_context_->CompleteHostLookup(url_to_preconnect.host(), net::OK);
 }
@@ -243,15 +248,17 @@ TEST_F(PreconnectManagerTest, TestStartOneUrlPreconnect_MultipleTimes) {
   VerifyAndClearExpectations();
 
   // Now, restart the preconnect request.
-  EXPECT_CALL(
-      *mock_network_context_,
-      PreconnectSockets(1, requests.back().origin, kNormalLoadFlags, false));
+  EXPECT_CALL(*mock_network_context_,
+              PreconnectSockets(1, requests.back().origin, kNormalLoadFlags,
+                                false /* privacy_mode_enabled */,
+                                base::Optional<net::NetworkIsolationKey>()));
   EXPECT_CALL(*mock_network_context_,
               ResolveHostProxy(requests.back().origin.host()));
   for (size_t i = 0; i < count; ++i) {
-    EXPECT_CALL(
-        *mock_network_context_,
-        PreconnectSockets(1, requests[i].origin, kNormalLoadFlags, false));
+    EXPECT_CALL(*mock_network_context_,
+                PreconnectSockets(1, requests[i].origin, kNormalLoadFlags,
+                                  false /* privacy_mode_enabled */,
+                                  base::Optional<net::NetworkIsolationKey>()));
     EXPECT_CALL(*mock_network_context_,
                 ResolveHostProxy(requests[i].origin.host()));
   }
@@ -286,9 +293,10 @@ TEST_F(PreconnectManagerTest, TestTwoConcurrentMainFrameUrls_MultipleTimes) {
   }
   EXPECT_CALL(*mock_delegate_, PreconnectFinishedProxy(main_frame_url_1));
   for (size_t i = 0; i < count - 1; ++i) {
-    EXPECT_CALL(
-        *mock_network_context_,
-        PreconnectSockets(1, requests[i].origin, kNormalLoadFlags, false));
+    EXPECT_CALL(*mock_network_context_,
+                PreconnectSockets(1, requests[i].origin, kNormalLoadFlags,
+                                  false /* privacy_mode_enabled */,
+                                  base::Optional<net::NetworkIsolationKey>()));
   }
 
   preconnect_manager_->Start(
@@ -326,10 +334,12 @@ TEST_F(PreconnectManagerTest, TestTwoConcurrentMainFrameUrls_MultipleTimes) {
 
   EXPECT_CALL(*mock_network_context_,
               PreconnectSockets(1, requests[count - 1].origin, kNormalLoadFlags,
-                                false));
-  EXPECT_CALL(
-      *mock_network_context_,
-      PreconnectSockets(1, requests[count].origin, kNormalLoadFlags, false));
+                                false /* privacy_mode_enabled */,
+                                base::Optional<net::NetworkIsolationKey>()));
+  EXPECT_CALL(*mock_network_context_,
+              PreconnectSockets(1, requests[count].origin, kNormalLoadFlags,
+                                false /* privacy_mode_enabled */,
+                                base::Optional<net::NetworkIsolationKey>()));
 
   mock_network_context_->CompleteHostLookup(requests[count - 1].origin.host(),
                                             net::OK);
@@ -387,12 +397,14 @@ TEST_F(PreconnectManagerTest,
   EXPECT_CALL(*mock_network_context_,
               ResolveHostProxy(url_to_preconnect_2.host()));
   EXPECT_CALL(*mock_delegate_, PreconnectFinishedProxy(main_frame_url_2));
-  EXPECT_CALL(
-      *mock_network_context_,
-      PreconnectSockets(1, url_to_preconnect_1, kNormalLoadFlags, false));
-  EXPECT_CALL(
-      *mock_network_context_,
-      PreconnectSockets(1, url_to_preconnect_2, kNormalLoadFlags, false));
+  EXPECT_CALL(*mock_network_context_,
+              PreconnectSockets(1, url_to_preconnect_1, kNormalLoadFlags,
+                                false /* privacy_mode_enabled */,
+                                base::Optional<net::NetworkIsolationKey>()));
+  EXPECT_CALL(*mock_network_context_,
+              PreconnectSockets(1, url_to_preconnect_2, kNormalLoadFlags,
+                                false /* privacy_mode_enabled */,
+                                base::Optional<net::NetworkIsolationKey>()));
   preconnect_manager_->Start(main_frame_url_2,
                              {PreconnectRequest(url_to_preconnect_1, 1),
                               PreconnectRequest(url_to_preconnect_2, 1)});
@@ -433,12 +445,14 @@ TEST_F(PreconnectManagerTest,
               ResolveHostProxy(url_to_preconnect_1.host()));
   EXPECT_CALL(*mock_network_context_,
               ResolveHostProxy(url_to_preconnect_2.host()));
-  EXPECT_CALL(
-      *mock_network_context_,
-      PreconnectSockets(1, url_to_preconnect_1, kNormalLoadFlags, false));
-  EXPECT_CALL(
-      *mock_network_context_,
-      PreconnectSockets(1, url_to_preconnect_2, kNormalLoadFlags, false));
+  EXPECT_CALL(*mock_network_context_,
+              PreconnectSockets(1, url_to_preconnect_1, kNormalLoadFlags,
+                                false /* privacy_mode_enabled */,
+                                base::Optional<net::NetworkIsolationKey>()));
+  EXPECT_CALL(*mock_network_context_,
+              PreconnectSockets(1, url_to_preconnect_2, kNormalLoadFlags,
+                                false /* privacy_mode_enabled */,
+                                base::Optional<net::NetworkIsolationKey>()));
   EXPECT_CALL(*mock_delegate_, PreconnectFinishedProxy(main_frame_url));
   preconnect_manager_->Start(main_frame_url,
                              {PreconnectRequest(url_to_preconnect_1, 1),
@@ -519,9 +533,10 @@ TEST_F(PreconnectManagerTest, TestTwoConcurrentMainFrameUrls) {
 
   preconnect_manager_->Stop(main_frame_url2);
   // Stopping the second url shouldn't stop the first one.
-  EXPECT_CALL(
-      *mock_network_context_,
-      PreconnectSockets(1, url_to_preconnect1, kNormalLoadFlags, false));
+  EXPECT_CALL(*mock_network_context_,
+              PreconnectSockets(1, url_to_preconnect1, kNormalLoadFlags,
+                                false /* privacy_mode_enabled */,
+                                base::Optional<net::NetworkIsolationKey>()));
   EXPECT_CALL(*mock_delegate_, PreconnectFinishedProxy(main_frame_url1));
   mock_network_context_->CompleteHostLookup(url_to_preconnect1.host(), net::OK);
   // No preconnect for the second url.
@@ -546,9 +561,10 @@ TEST_F(PreconnectManagerTest, TestTwoConcurrentSameHostMainFrameUrls) {
   preconnect_manager_->Start(main_frame_url2,
                              {PreconnectRequest(url_to_preconnect2, 1)});
 
-  EXPECT_CALL(
-      *mock_network_context_,
-      PreconnectSockets(1, url_to_preconnect1, kNormalLoadFlags, false));
+  EXPECT_CALL(*mock_network_context_,
+              PreconnectSockets(1, url_to_preconnect1, kNormalLoadFlags,
+                                false /* privacy_mode_enabled */,
+                                base::Optional<net::NetworkIsolationKey>()));
   EXPECT_CALL(*mock_delegate_, PreconnectFinishedProxy(main_frame_url1));
   mock_network_context_->CompleteHostLookup(url_to_preconnect1.host(), net::OK);
 }
@@ -588,7 +604,8 @@ TEST_F(PreconnectManagerTest, TestStartPreconnectUrl) {
 
   EXPECT_CALL(
       *mock_network_context_,
-      PreconnectSockets(1, origin, kPrivateLoadFlags, !allow_credentials));
+      PreconnectSockets(1, origin, kPrivateLoadFlags, !allow_credentials,
+                        base::Optional<net::NetworkIsolationKey>()));
   mock_network_context_->CompleteHostLookup(origin.host(), net::OK);
 
   // Non http url shouldn't be preconnected.
@@ -642,7 +659,9 @@ TEST_F(PreconnectManagerTest, TestSuccessfulProxyLookup) {
                              {PreconnectRequest(url_to_preconnect, 1)});
 
   EXPECT_CALL(*mock_network_context_,
-              PreconnectSockets(1, url_to_preconnect, kNormalLoadFlags, false));
+              PreconnectSockets(1, url_to_preconnect, kNormalLoadFlags,
+                                false /* privacy_mode_enabled */,
+                                base::Optional<net::NetworkIsolationKey>()));
   EXPECT_CALL(*mock_delegate_, PreconnectFinishedProxy(main_frame_url));
   mock_network_context_->CompleteProxyLookup(url_to_preconnect,
                                              GetIndirectProxyInfo());
@@ -669,10 +688,13 @@ TEST_F(PreconnectManagerTest, TestSuccessfulHostLookupAfterProxyLookupFailure) {
   Mock::VerifyAndClearExpectations(mock_network_context_.get());
 
   EXPECT_CALL(*mock_network_context_,
-              PreconnectSockets(1, url_to_preconnect, kNormalLoadFlags, false));
-  EXPECT_CALL(
-      *mock_network_context_,
-      PreconnectSockets(1, url_to_preconnect2, kNormalLoadFlags, false));
+              PreconnectSockets(1, url_to_preconnect, kNormalLoadFlags,
+                                false /* privacy_mode_enabled */,
+                                base::Optional<net::NetworkIsolationKey>()));
+  EXPECT_CALL(*mock_network_context_,
+              PreconnectSockets(1, url_to_preconnect2, kNormalLoadFlags,
+                                false /* privacy_mode_enabled */,
+                                base::Optional<net::NetworkIsolationKey>()));
   EXPECT_CALL(*mock_delegate_, PreconnectFinishedProxy(main_frame_url));
   mock_network_context_->CompleteHostLookup(url_to_preconnect.host(), net::OK);
   mock_network_context_->CompleteHostLookup(url_to_preconnect2.host(), net::OK);

services/network/network_context.cc

@@ -41,6 +41,7 @@
 #include "net/base/load_flags.h"
 #include "net/base/net_errors.h"
 #include "net/base/network_delegate.h"
+#include "net/base/network_isolation_key.h"
 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
 #include "net/cert/cert_verifier.h"
 #include "net/cert/ct_verify_result.h"
@@ -1559,10 +1560,12 @@ void NetworkContext::VerifyCertificateForTesting(
       request, net::NetLogWithSource());
 }
 
-void NetworkContext::PreconnectSockets(uint32_t num_streams,
-                                       const GURL& original_url,
-                                       int32_t load_flags,
-                                       bool privacy_mode_enabled) {
+void NetworkContext::PreconnectSockets(
+    uint32_t num_streams,
+    const GURL& original_url,
+    int32_t load_flags,
+    bool privacy_mode_enabled,
+    const base::Optional<net::NetworkIsolationKey>& network_isolation_key) {
   GURL url = GetHSTSRedirect(original_url);
 
   // |PreconnectSockets| may receive arguments from the renderer, which is not
@@ -1581,9 +1584,11 @@ void NetworkContext::PreconnectSockets(uint32_t num_streams,
   request_info.extra_headers.SetHeader(net::HttpRequestHeaders::kUserAgent,
                                        user_agent);
 
+  request_info.load_flags = load_flags;
   request_info.privacy_mode = privacy_mode_enabled ? net::PRIVACY_MODE_ENABLED
                                                    : net::PRIVACY_MODE_DISABLED;
-  request_info.load_flags = load_flags;
+  if (network_isolation_key)
+    request_info.network_isolation_key = *network_isolation_key;
 
   net::HttpTransactionFactory* factory =
       url_request_context_->http_transaction_factory();

services/network/network_context.h

@@ -321,7 +321,9 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) NetworkContext
   void PreconnectSockets(uint32_t num_streams,
                          const GURL& url,
                          int32_t load_flags,
-                         bool privacy_mode_enabled) override;
+                         bool privacy_mode_enabled,
+                         const base::Optional<net::NetworkIsolationKey>&
+                             network_isolation_key) override;
   void CreateP2PSocketManager(
       mojom::P2PTrustedSocketManagerClientPtr client,
       mojom::P2PTrustedSocketManagerRequest trusted_socket_manager,

services/network/network_context_unittest.cc

@@ -53,6 +53,7 @@
 #include "net/base/ip_endpoint.h"
 #include "net/base/net_errors.h"
 #include "net/base/network_change_notifier.h"
+#include "net/base/network_isolation_key.h"
 #include "net/base/proxy_server.h"
 #include "net/base/test_completion_callback.h"
 #include "net/cert/cert_verify_result.h"
@@ -79,6 +80,7 @@
 #include "net/proxy_resolution/proxy_config.h"
 #include "net/proxy_resolution/proxy_info.h"
 #include "net/proxy_resolution/proxy_resolution_service.h"
+#include "net/socket/client_socket_pool.h"
 #include "net/socket/transport_client_socket_pool.h"
 #include "net/test/cert_test_util.h"
 #include "net/test/embedded_test_server/controllable_http_response.h"
@@ -3484,8 +3486,9 @@ TEST_F(NetworkContextTest, PreconnectOne) {
   test_server.SetConnectionListener(&connection_listener);
   ASSERT_TRUE(test_server.Start());
 
-  network_context->PreconnectSockets(1, test_server.base_url(),
-                                     net::LOAD_NORMAL, true);
+  network_context->PreconnectSockets(
+      1, test_server.base_url(), net::LOAD_NORMAL,
+      true /* privacy_mode_enabled */, net::NetworkIsolationKey());
   connection_listener.WaitForAcceptedConnections(1u);
 }
 
@@ -3500,7 +3503,8 @@ TEST_F(NetworkContextTest, PreconnectHSTS) {
 
   const GURL server_http_url = GetHttpUrlFromHttps(test_server.base_url());
   network_context->PreconnectSockets(1, server_http_url, net::LOAD_NORMAL,
-                                     true);
+                                     true /* privacy_mode_enabled */,
+                                     net::NetworkIsolationKey());
   connection_listener.WaitForAcceptedConnections(1u);
 
   int num_sockets = GetSocketCountForGroup(
@@ -3513,7 +3517,8 @@ TEST_F(NetworkContextTest, PreconnectHSTS) {
   network_context->url_request_context()->transport_security_state()->AddHSTS(
       server_http_url.host(), expiry, false);
   network_context->PreconnectSockets(1, server_http_url, net::LOAD_NORMAL,
-                                     true);
+                                     true /* privacy_mode_enabled */,
+                                     net::NetworkIsolationKey());
   connection_listener.WaitForAcceptedConnections(1u);
 
   // If HSTS weren't respected, the initial connection would have been reused.
@@ -3532,8 +3537,9 @@ TEST_F(NetworkContextTest, PreconnectZero) {
   test_server.SetConnectionListener(&connection_listener);
   ASSERT_TRUE(test_server.Start());
 
-  network_context->PreconnectSockets(0, test_server.base_url(),
-                                     net::LOAD_NORMAL, true);
+  network_context->PreconnectSockets(
+      0, test_server.base_url(), net::LOAD_NORMAL,
+      true /* privacy_mode_enabled */, net::NetworkIsolationKey());
   base::RunLoop().RunUntilIdle();
 
   int num_sockets =
@@ -3553,8 +3559,9 @@ TEST_F(NetworkContextTest, PreconnectTwo) {
   test_server.SetConnectionListener(&connection_listener);
   ASSERT_TRUE(test_server.Start());
 
-  network_context->PreconnectSockets(2, test_server.base_url(),
-                                     net::LOAD_NORMAL, true);
+  network_context->PreconnectSockets(
+      2, test_server.base_url(), net::LOAD_NORMAL,
+      true /* privacy_mode_enabled */, net::NetworkIsolationKey());
   connection_listener.WaitForAcceptedConnections(2u);
 
   int num_sockets =
@@ -3571,8 +3578,9 @@ TEST_F(NetworkContextTest, PreconnectFour) {
   test_server.SetConnectionListener(&connection_listener);
   ASSERT_TRUE(test_server.Start());
 
-  network_context->PreconnectSockets(4, test_server.base_url(),
-                                     net::LOAD_NORMAL, true);
+  network_context->PreconnectSockets(
+      4, test_server.base_url(), net::LOAD_NORMAL,
+      true /* privacy_mode_enabled */, net::NetworkIsolationKey());
 
   connection_listener.WaitForAcceptedConnections(4u);
 
@@ -3594,8 +3602,9 @@ TEST_F(NetworkContextTest, PreconnectMax) {
       GetSocketPoolInfo(network_context.get(), "max_sockets_per_group");
   EXPECT_GT(76, max_num_sockets);
 
-  network_context->PreconnectSockets(76, test_server.base_url(),
-                                     net::LOAD_NORMAL, true);
+  network_context->PreconnectSockets(
+      76, test_server.base_url(), net::LOAD_NORMAL,
+      true /* privacy_mode_enabled */, net::NetworkIsolationKey());
 
   // Wait until |max_num_sockets| have been connected.
   connection_listener.WaitForAcceptedConnections(max_num_sockets);
@@ -3610,6 +3619,45 @@ TEST_F(NetworkContextTest, PreconnectMax) {
   ASSERT_EQ(num_sockets, max_num_sockets);
 }
 
+// Make sure preconnects for the same URL but with different network isolation
+// keys are not merged.
+TEST_F(NetworkContextTest, PreconnectNetworkIsolationKey) {
+  base::test::ScopedFeatureList feature_list;
+  feature_list.InitAndEnableFeature(
+      net::features::kPartitionConnectionsByNetworkIsolationKey);
+
+  std::unique_ptr<NetworkContext> network_context =
+      CreateContextWithParams(CreateContextParams());
+
+  ConnectionListener connection_listener;
+  net::EmbeddedTestServer test_server;
+  test_server.SetConnectionListener(&connection_listener);
+  ASSERT_TRUE(test_server.Start());
+
+  const net::NetworkIsolationKey kKey1(
+      url::Origin::Create(GURL("http://foo.test")));
+  const net::NetworkIsolationKey kKey2(
+      url::Origin::Create(GURL("http://bar.test")));
+  network_context->PreconnectSockets(1, test_server.base_url(),
+                                     net::LOAD_NORMAL,
+                                     true /* privacy_mode_enabled */, kKey1);
+  network_context->PreconnectSockets(2, test_server.base_url(),
+                                     net::LOAD_NORMAL,
+                                     true /* privacy_mode_enabled */, kKey2);
+  connection_listener.WaitForAcceptedConnections(3u);
+
+  net::ClientSocketPool::GroupId group_id1(
+      test_server.host_port_pair(), net::ClientSocketPool::SocketType::kHttp,
+      net::PrivacyMode::PRIVACY_MODE_ENABLED, kKey1);
+  EXPECT_EQ(
+      1, GetSocketCountForGroup(network_context.get(), group_id1.ToString()));
+  net::ClientSocketPool::GroupId group_id2(
+      test_server.host_port_pair(), net::ClientSocketPool::SocketType::kHttp,
+      net::PrivacyMode::PRIVACY_MODE_ENABLED, kKey2);
+  EXPECT_EQ(
+      2, GetSocketCountForGroup(network_context.get(), group_id2.ToString()));
+}
+
 // This tests both ClostAllConnetions and CloseIdleConnections.
 TEST_F(NetworkContextTest, CloseConnections) {
   // Have to close all connections first, as CloseIdleConnections leaves around

services/network/public/mojom/network_context.mojom

@@ -856,10 +856,14 @@ interface NetworkContext {
   // |privacy_mode_enabled| is also passed into the HttpRequestInfo class: if
   // it is true, then the request must be sent over a connection that cannot be
   // tracked by the server.
+  // |network_isolation_key| specifies the NetworkIsolationKey to associate
+  // with the preconnected sockets. The sockets will only be used for requests
+  // associated with the same key.
   PreconnectSockets(uint32 num_streams,
                     url.mojom.Url url,
                     int32 load_flags,
-                    bool privacy_mode_enabled);
+                    bool privacy_mode_enabled,
+                    NetworkIsolationKey? network_isolation_key);
 
   // Creates a P2PSocketManager instance, used for WebRTC.
   CreateP2PSocketManager(P2PTrustedSocketManagerClient client,

services/network/test/test_network_context.h

@@ -27,6 +27,10 @@
 #include "services/network/public/mojom/websocket.mojom.h"
 #include "url/origin.h"
 
+namespace net {
+class NetworkIsolationKey;
+}
+
 namespace network {
 
 // Noop implementation of mojom::NetworkContext.  Useful to override to create
@@ -186,7 +190,9 @@ class TestNetworkContext : public mojom::NetworkContext {
   void PreconnectSockets(uint32_t num_streams,
                          const GURL& url,
                          int32_t load_flags,
-                         bool privacy_mode_enabled) override {}
+                         bool privacy_mode_enabled,
+                         const base::Optional<net::NetworkIsolationKey>&
+                             network_isolation_key) override {}
   void CreateP2PSocketManager(
       mojom::P2PTrustedSocketManagerClientPtr client,
       mojom::P2PTrustedSocketManagerRequest trusted_socket_manager,