blob: 23f2074d8eeafd1c1ed9dec9a339104429bad407 [file] [log] [blame] [edit]
// Copyright 2018 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
package session
import (
"context"
"github.com/golang/protobuf/proto"
"chromiumos/policy/enterprise_management"
"chromiumos/tast/local/chrome"
"chromiumos/tast/local/session"
"chromiumos/tast/testing"
)
func init() {
testing.AddTest(&testing.Test{
Func: OwnershipTaken,
Desc: "Sign in and ensure that ownership of the device is taken",
Contacts: []string{
"mnissler@chromium.org", // session_manager owner
"hidehiko@chromium.org", // Tast port author
},
SoftwareDeps: []string{"chrome"},
Attr: []string{"group:mainline"},
})
}
func OwnershipTaken(ctx context.Context, s *testing.State) {
const (
testUser = "ownership_test@chromium.org"
testPass = "testme"
)
if err := session.SetUpDevice(ctx); err != nil {
s.Fatal("Failed to reset device ownership: ", err)
}
sm, err := session.NewSessionManager(ctx)
if err != nil {
s.Fatal("Failed to create session_manager binding: ", err)
}
if err := session.PrepareChromeForPolicyTesting(ctx, sm); err != nil {
s.Fatal("Failed to prepare Chrome for testing: ", err)
}
wp, err := sm.WatchPropertyChangeComplete(ctx)
if err != nil {
s.Fatal("Failed to start watching PropertyChangeComplete signal: ", err)
}
defer wp.Close(ctx)
ws, err := sm.WatchSetOwnerKeyComplete(ctx)
if err != nil {
s.Fatal("Failed to start watching SetOwnerKeyComplete signal: ", err)
}
defer ws.Close(ctx)
user, ret := func() (string, *enterprise_management.PolicyFetchResponse) {
cr, err := chrome.New(ctx)
if err != nil {
s.Fatal("Failed to log in with Chrome: ", err)
}
defer cr.Close(ctx)
select {
case <-wp.Signals:
case <-ws.Signals:
case <-ctx.Done():
s.Fatal("Timed out waiting for PropertyChangeComplete or SetOwnerKeyComplete signal: ", ctx.Err())
}
ret, err := sm.RetrievePolicyEx(ctx, session.DevicePolicyDescriptor())
if err != nil {
s.Fatal("Failed to retrieve policy: ", err)
}
return cr.NormalizedUser(), ret
}()
if ret.PolicyData == nil {
s.Fatal("PolicyFetchResponse does not contain PolicyData")
}
pol := &enterprise_management.PolicyData{}
if err = proto.Unmarshal(ret.PolicyData, pol); err != nil {
s.Fatal("Failed to parse PolicyData: ", err)
}
if polUser, err := session.NormalizeEmail(pol.GetUsername(), true); polUser != user {
if err != nil {
s.Fatalf("Failed to normalize username %q: %v", pol.GetUsername(), err)
}
s.Fatalf("Unexpected user: got %s; want %s", polUser, user)
}
settings := &enterprise_management.ChromeDeviceSettingsProto{}
if err = proto.Unmarshal(pol.PolicyValue, settings); err != nil {
s.Fatal("Failed to parse PolicyValue: ", err)
}
if !settings.AllowNewUsers.GetAllowNewUsers() {
s.Fatal("AllowNewUsers should be true")
}
found := false
// TODO(crbug.com/1103816) - remove whitelist support when no longer
// supported by DMServer.
if settings.UserWhitelist != nil && settings.UserAllowlist == nil {
for _, u := range settings.UserWhitelist.UserWhitelist {
if normUser, _ := session.NormalizeEmail(u, true); normUser == user {
found = true
break
}
}
} else {
for _, u := range settings.UserAllowlist.UserAllowlist {
if normUser, _ := session.NormalizeEmail(u, true); normUser == user {
found = true
break
}
}
}
if !found {
s.Fatal("User is not found in the allowlist")
}
}