diff options
| author | sfeuz@chromium.org <sfeuz@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-06-01 17:48:55 +0000 |
|---|---|---|
| committer | sfeuz@chromium.org <sfeuz@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-06-01 17:48:55 +0000 |
| commit | 116deb51a276b9a871125e502e1c846e1061c848 (patch) | |
| tree | da726166fdeffc4f9a49932344c9f73fe8a8f15e /net/tools | |
| parent | a6e6910a717353139ce540da41ded6986c004ee3 (diff) | |
| download | chromium_src-116deb51a276b9a871125e502e1c846e1061c848.zip chromium_src-116deb51a276b9a871125e502e1c846e1061c848.tar.gz chromium_src-116deb51a276b9a871125e502e1c846e1061c848.tar.bz2 | |
Reloaded the device-management file before every policy request is answered.
BUG=none
TEST=Start DM-Testserver; start Chrome with CloudPolicy; Change device-management file; Trigger refetch (wait or restart Chrome); confirm that the changes in device_management got propagated.
Review URL: http://codereview.chromium.org/7054037
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@87494 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/tools')
| -rw-r--r-- | net/tools/testserver/device_management.py | 61 |
1 files changed, 37 insertions, 24 deletions
diff --git a/net/tools/testserver/device_management.py b/net/tools/testserver/device_management.py index 0bf7df3a..4cf2bba 100644 --- a/net/tools/testserver/device_management.py +++ b/net/tools/testserver/device_management.py @@ -15,28 +15,33 @@ The format of the file is JSON. The root dictionary contains a list under the key "managed_users". It contains auth tokens for which the server will claim that the user is managed. The token string "*" indicates that all users are claimed to be managed. Other keys in the root dictionary identify request -scopes. Each request scope is described by a dictionary that holds two +scopes. The user-request scope is described by a dictionary that holds two sub-dictionaries: "mandatory" and "recommended". Both these hold the policy definitions as key/value stores, their format is identical to what the Linux implementation reads from /etc. +The device-scope holds the policy-definition directly as key/value stores in the +protobuf-format. Example: { - "chromeos/device": { - "mandatory": { - "HomepageLocation" : "http://www.chromium.org" - }, - "recommended": { - "JavascriptEnabled": false, + "google/chromeos/device" : { + "guest_mode_enabled" : false + }, + "google/chromeos/user" : { + "mandatory" : { + "HomepageLocation" : "http://www.chromium.org", + "IncognitoEnabled" : false }, + "recommended" : { + "JavascriptEnabled": false + } }, - "managed_users": [ + "managed_users" : [ "secret123456" ] } - """ import cgi @@ -230,9 +235,10 @@ class RequestHandler(object): if not auth: return (403, 'No authorization') + policy = self._server.GetPolicies() chrome_initial_settings = dm.ChromeInitialSettingsProto() - if ('*' in self._server.policy['managed_users'] or - auth in self._server.policy['managed_users']): + if ('*' in policy['managed_users'] or + auth in policy['managed_users']): chrome_initial_settings.enrollment_provision = ( dm.ChromeInitialSettingsProto.MANAGED); else: @@ -279,7 +285,7 @@ class RequestHandler(object): # Respond only if the client requested policy for the cros/device scope, # since that's where chrome policy is supposed to live in. if msg.policy_scope == 'chromeos/device': - policy = self._server.policy['google/chromeos/user']['mandatory'] + policy = self._server.GetPolicies()['google/chromeos/user']['mandatory'] setting = response.policy_response.setting.add() setting.policy_key = 'chrome-policy' policy_value = dm.GenericSetting() @@ -444,18 +450,19 @@ class RequestHandler(object): # Response is only given if the scope is specified in the config file. # Normally 'google/chromeos/device' and 'google/chromeos/user' should be # accepted. + policy = self._server.GetPolicies() policy_value = '' if (msg.policy_type in token_info['allowed_policy_types'] and - msg.policy_type in self._server.policy): + msg.policy_type in policy): if msg.policy_type == 'google/chromeos/user': settings = cp.CloudPolicySettings() self.GatherUserPolicySettings(settings, - self._server.policy[msg.policy_type]) + policy[msg.policy_type]) policy_value = settings.SerializeToString() elif msg.policy_type == 'google/chromeos/device': settings = dp.ChromeDeviceSettingsProto() self.GatherDevicePolicySettings(settings, - self._server.policy[msg.policy_type]) + policy[msg.policy_type]) policy_value = settings.SerializeToString() # Figure out the key we want to use. If multiple keys are configured, the @@ -549,7 +556,7 @@ class TestServer(object): private_key_paths: List of paths to read private keys from. """ self._registered_tokens = {} - self.policy = {} + self.policy_path = policy_path # There is no way to for the testserver to know the user name belonging to # the GAIA auth token we received (short of actually talking to GAIA). To @@ -557,14 +564,6 @@ class TestServer(object): # the server should report to the client. self.username = policy_user - if json is None: - print 'No JSON module, cannot parse policy information' - else : - try: - self.policy = json.loads(open(policy_path).read()) - except IOError: - print 'Failed to load policy from %s' % policy_path - self.keys = [] if private_key_paths: # Load specified keys from the filesystem. @@ -595,6 +594,20 @@ class TestServer(object): pubkey = asn1der.Sequence([ algorithm, asn1der.Bitstring(rsa_pubkey) ]) entry['public_key'] = pubkey; + def GetPolicies(self): + """Returns the policies to be used, reloaded form the backend file every + time this is called. + """ + policy = {} + if json is None: + print 'No JSON module, cannot parse policy information' + else : + try: + policy = json.loads(open(self.policy_path).read()) + except IOError: + print 'Failed to load policy from %s' % self.policy_path + return policy + def HandleRequest(self, path, headers, request): """Handles a request. |