New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 662417 link

Starred by 3 users
Status: Verified
Owner:
ljusten@chromium.org
Closed: Oct 2017
Cc:
dskaram@chromium.org
Components:
EstimatedDays: ----
NextAction: 2017-01-01
OS: Chrome
Pri: 1
Type: Bug



Sign in to add a comment

Remove unsupported Chrome OS policies

Project Member Reported by tnagel@chromium.org, Nov 4 2016 
- Adding a flag to policy_templates.json
- Update scripts to use flagged policies only
- Update authpolicy unit tests and policy conversion

Comment 1 by tnagel@chromium.org, Nov 4 2016

NextAction: 2017-01-01

Comment 2 by ljusten@chromium.org, Nov 10 2016

Labels: M-56

Comment 3 by tnagel@chromium.org, Nov 21 2016

Labels: -M-56 M-57

Comment 4 by tnagel@chromium.org, Nov 21 2016

Labels: V1

Comment 5 by tnagel@chromium.org, Jan 9 2017

Labels: Enterprise-Triaged

Comment 6 by ljusten@chromium.org, Jan 18 2017

Labels: -Pri-3 Pri-2

Comment 7 by ljusten@chromium.org, May 22 2017

Labels: -Pri-2 Pri-3

Comment 8 by ljusten@chromium.org, Jun 29 2017

Labels: -M-57 -V1

Comment 9 by ljusten@chromium.org, Aug 8 2017 

Mail from Oct 04 2016 discussed toggling which policies work for cloud/ad management (gcm=Google Cloud Management):
- Bool flag not sufficient, we want 3 states (gcm only, ad only, both)
- Extending 'supported_on' to allow chrome_os.gcm/ad/* would be more work to implement and water down the meaning (currently, stuff after the dot is the platform)
Conclusion:
- Introduce supported_cros_management = [ 'gcm', 'ad' ]

Comment 10 by ljusten@chromium.org, Aug 9 2017

Summary: Remove unsupported Chrome OS policies (was: Go through list of CrOS policies and tag unsupported ones.)

Comment 11 by ljusten@chromium.org, Aug 9 2017

Description: Show this description

Comment 13 by ljusten@chromium.org, Aug 9 2017

Labels: -Pri-3 M-62 Pri-1

Comment 14 by ljusten@chromium.org, Aug 9 2017

Status: Started (was: Assigned)
Project Member

Comment 15 by bugdroid1@chromium.org, Sep 26 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/0bcc67ba5c5023cf77e828b26cebcde5c07cecd6

commit 0bcc67ba5c5023cf77e828b26cebcde5c07cecd6
Author: Lutz Justen <ljusten@chromium.org>
Date: Tue Sep 26 19:24:33 2017

Remove unsupported Chrome OS policies

Introduces a setting in policy_templates.json to specify whether a
Chrome OS policy is managed by Google cloud management ('gc') or by
Active Directory ('ad'). Sets a bunch of policies to 'gc'-only that
don't work for Active Directory (e.g. device reporting, kiosk).

The following changes for 'gc'-only policies:
- The authpolicy daemon, which converts Active Directory GPO to
  policy protobufs, ignores them, see CL:608134.
- They are not included in Chrome OS ADMX templates since they're
  specified with Google's web UI, not through Active Directory GPO.
- Likewise, the HTML docs don't show example values, registry
  locations etc.

BUG= chromium:662417 
TEST=components/policy/tools/template_writers/test_suite_all.py
     Checked ADMX and HTML docs from
     ninja -C out/Release -j 2000 policy_templates

Change-Id: Ib02ae8095c1052efb44a957e47b4b7628a4bdda5
Reviewed-on: https://chromium-review.googlesource.com/677289
Commit-Queue: Lutz Justen <ljusten@chromium.org>
Reviewed-by: Maksim Ivanov <emaxx@chromium.org>
Cr-Commit-Position: refs/heads/master@{#504456}
[modify] https://crrev.com/0bcc67ba5c5023cf77e828b26cebcde5c07cecd6/components/policy/resources/policy_templates.json
[modify] https://crrev.com/0bcc67ba5c5023cf77e828b26cebcde5c07cecd6/components/policy/tools/generate_policy_source.py
[modify] https://crrev.com/0bcc67ba5c5023cf77e828b26cebcde5c07cecd6/components/policy/tools/syntax_check_policy_template_json.py
[modify] https://crrev.com/0bcc67ba5c5023cf77e828b26cebcde5c07cecd6/components/policy/tools/template_writers/writers/adm_writer_unittest.py
[modify] https://crrev.com/0bcc67ba5c5023cf77e828b26cebcde5c07cecd6/components/policy/tools/template_writers/writers/chromeos_adml_writer.py
[modify] https://crrev.com/0bcc67ba5c5023cf77e828b26cebcde5c07cecd6/components/policy/tools/template_writers/writers/chromeos_adml_writer_unittest.py
[modify] https://crrev.com/0bcc67ba5c5023cf77e828b26cebcde5c07cecd6/components/policy/tools/template_writers/writers/chromeos_admx_writer.py
[modify] https://crrev.com/0bcc67ba5c5023cf77e828b26cebcde5c07cecd6/components/policy/tools/template_writers/writers/chromeos_admx_writer_unittest.py
[modify] https://crrev.com/0bcc67ba5c5023cf77e828b26cebcde5c07cecd6/components/policy/tools/template_writers/writers/doc_writer.py
[modify] https://crrev.com/0bcc67ba5c5023cf77e828b26cebcde5c07cecd6/components/policy/tools/template_writers/writers/doc_writer_unittest.py
[modify] https://crrev.com/0bcc67ba5c5023cf77e828b26cebcde5c07cecd6/components/policy/tools/template_writers/writers/json_writer_unittest.py
[modify] https://crrev.com/0bcc67ba5c5023cf77e828b26cebcde5c07cecd6/components/policy/tools/template_writers/writers/reg_writer_unittest.py
[modify] https://crrev.com/0bcc67ba5c5023cf77e828b26cebcde5c07cecd6/components/policy/tools/template_writers/writers/template_writer.py

Comment 16 by ljusten@chromium.org, Sep 26 2017 

TODO:
- Uprev protofiles
- Check that in together with CL:608134
Project Member

Comment 17 by bugdroid1@chromium.org, Oct 11 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/d943c2b1dcdb366005bb792c378f2d34ff35f9bf

commit d943c2b1dcdb366005bb792c378f2d34ff35f9bf
Author: Lutz Justen <ljusten@chromium.org>
Date: Wed Oct 11 17:53:30 2017

authpolicy: Remove unsupported device policies

Removes a bunch of device policies that got marked as supported for
Google cloud management only, see CL:677289. Since authpolicy is the
policy broker for Active Directory management (it translates GPO to
proto), it should not touch those policies.

CQ-DEPEND=CL:695121

BUG= chromium:662417 
TEST=cros_run_unit_tests --board=amd64-generic --packages authpolicy

Change-Id: I92d6c8d185d13226e3f1f1893ce7e0f7be82a6bd
Reviewed-on: https://chromium-review.googlesource.com/608134
Commit-Ready: Lutz Justen <ljusten@chromium.org>
Tested-by: Lutz Justen <ljusten@chromium.org>
Reviewed-by: Roman Sorokin <rsorokin@chromium.org>

[modify] https://crrev.com/d943c2b1dcdb366005bb792c378f2d34ff35f9bf/authpolicy/policy/device_policy_encoder.cc
[modify] https://crrev.com/d943c2b1dcdb366005bb792c378f2d34ff35f9bf/authpolicy/authpolicy_unittest.cc
[modify] https://crrev.com/d943c2b1dcdb366005bb792c378f2d34ff35f9bf/authpolicy/policy/device_policy_encoder_unittest.cc
[modify] https://crrev.com/d943c2b1dcdb366005bb792c378f2d34ff35f9bf/authpolicy/policy/preg_policy_encoder_unittest.cc
[modify] https://crrev.com/d943c2b1dcdb366005bb792c378f2d34ff35f9bf/authpolicy/policy/device_policy_encoder.h

Comment 18 by ljusten@chromium.org, Oct 18 2017

Status: Fixed (was: Started)

Comment 19 by ibezmenov@chromium.org, Apr 24 2018

Status: Verified (was: Fixed)
Verified, authpolicyd fetches and parses Device and User policies using Active Directory GPO:

2018-04-24T14:22:26.681492-07:00 INFO authpolicyd[8343]: #033[41;1;97mReceived 'RefreshDevicePolicy' request#033[0m
2018-04-24T14:22:32.102479-07:00 INFO authpolicyd[8343]: Getting device GPO list for device account
2018-04-24T14:22:44.811438-07:00 INFO authpolicyd[8343]: Device policy fetch and parsing succeeded
2018-04-24T14:22:44.812014-07:00 INFO authpolicyd[8343]: #033[41;1;97mReceived 'RefreshUserPolicy' request#033[0m
2018-04-24T14:22:50.136232-07:00 INFO authpolicyd[8343]: Getting user GPO list for user account
2018-04-24T14:22:59.249760-07:00 INFO authpolicyd[8343]: User policy fetch and parsing succeeded
2018-04-24T14:22:59.250606-07:00 INFO authpolicyd[8343]: All 1 calls to StoreUnsignedPolicyEx succeeded.
2018-04-24T14:22:59.264659-07:00 INFO authpolicyd[8343]: All 1 calls to StoreUnsignedPolicyEx succeeded.

Chrome OS: 10575.12.0
Chrome: 67.0.3396.16
Device: Santa

Sign in to add a comment