Added flag for enterprise zero-touch enrollment and force enrollment if

its value is the string forced. BUG=624187,b/29833682 Review-Url: https://codereview.chromium.org/2107033002 Cr-Commit-Position: refs/heads/master@{#403278}
Denger-Network · Jun 30, 2016 · 00baf53 · 00baf53
1 parent c36b54a
commit 00baf53
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 4 deletions.
diff --git a/chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.cc b/chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.cc
@@ -52,10 +52,14 @@ namespace policy {
 
 namespace {
 
+// Well-known requisition types.
 const char kNoRequisition[] = "none";
 const char kRemoraRequisition[] = "remora";
 const char kSharkRequisition[] = "shark";
 
+// Zero-touch enrollment flag values.
+const char kZeroTouchEnrollmentForced[] = "forced";
+
 // These are the machine serial number keys that we check in order until we
 // find a non-empty serial number. The VPD spec says the serial number should be
 // in the "serial_number" key for v2+ VPDs. However, legacy devices used a
@@ -136,6 +140,7 @@ void DeviceCloudPolicyManagerChromeOS::Initialize(PrefService* local_state) {
                  base::Unretained(this)));
 
   InitializeRequisition();
+  InitializeEnrollment();
 }
 
 void DeviceCloudPolicyManagerChromeOS::AddDeviceCloudPolicyManagerObserver(
@@ -175,8 +180,7 @@ void DeviceCloudPolicyManagerChromeOS::SetDeviceRequisition(
         local_state_->ClearPref(prefs::kDeviceEnrollmentAutoStart);
         local_state_->ClearPref(prefs::kDeviceEnrollmentCanExit);
       } else {
-        local_state_->SetBoolean(prefs::kDeviceEnrollmentAutoStart, true);
-        local_state_->SetBoolean(prefs::kDeviceEnrollmentCanExit, false);
+        SetDeviceEnrollmentAutoStart();
       }
     }
   }
@@ -320,8 +324,7 @@ void DeviceCloudPolicyManagerChromeOS::InitializeRequisition() {
                               requisition);
       if (requisition == kRemoraRequisition ||
           requisition == kSharkRequisition) {
-        local_state_->SetBoolean(prefs::kDeviceEnrollmentAutoStart, true);
-        local_state_->SetBoolean(prefs::kDeviceEnrollmentCanExit, false);
+        SetDeviceEnrollmentAutoStart();
       } else {
         local_state_->SetBoolean(
             prefs::kDeviceEnrollmentAutoStart,
@@ -336,6 +339,21 @@ void DeviceCloudPolicyManagerChromeOS::InitializeRequisition() {
   }
 }
 
+void DeviceCloudPolicyManagerChromeOS::InitializeEnrollment() {
+  // Enrollment happens during OOBE only.
+  if (chromeos::StartupUtils::IsOobeCompleted())
+    return;
+
+  base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
+  if (command_line->HasSwitch(
+          chromeos::switches::kEnterpriseEnableZeroTouchEnrollment) &&
+      command_line->GetSwitchValueASCII(
+          chromeos::switches::kEnterpriseEnableZeroTouchEnrollment) ==
+          kZeroTouchEnrollmentForced) {
+    SetDeviceEnrollmentAutoStart();
+  }
+}
+
 void DeviceCloudPolicyManagerChromeOS::NotifyConnected() {
   FOR_EACH_OBSERVER(
       Observer, observers_, OnDeviceCloudPolicyManagerConnected());

diff --git a/chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h b/chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h
@@ -119,6 +119,8 @@ class DeviceCloudPolicyManagerChromeOS : public CloudPolicyManager {
 
   // Initializes requisition settings at OOBE with values from VPD.
   void InitializeRequisition();
+  // Initializes enrollment settings at OOBE with values from flags.
+  void InitializeEnrollment();
 
   void NotifyConnected();
   void NotifyDisconnected();

diff --git a/chromeos/chromeos_switches.cc b/chromeos/chromeos_switches.cc
@@ -210,6 +210,10 @@ const char kEnterpriseEnrollmentInitialModulus[] =
 const char kEnterpriseEnrollmentModulusLimit[] =
     "enterprise-enrollment-modulus-limit";
 
+// Enables the zero-touch enterprise enrollment flow.
+const char kEnterpriseEnableZeroTouchEnrollment[] =
+    "enterprise-enable-zero-touch-enrollment";
+
 // Enables the chromecast support for video player app.
 const char kEnableVideoPlayerChromecastSupport[] =
     "enable-video-player-chromecast-support";

diff --git a/chromeos/chromeos_switches.h b/chromeos/chromeos_switches.h
@@ -81,6 +81,7 @@ CHROMEOS_EXPORT extern const char kEnterpriseDisableArc[];
 CHROMEOS_EXPORT extern const char kEnterpriseEnableForcedReEnrollment[];
 CHROMEOS_EXPORT extern const char kEnterpriseEnrollmentInitialModulus[];
 CHROMEOS_EXPORT extern const char kEnterpriseEnrollmentModulusLimit[];
+CHROMEOS_EXPORT extern const char kEnterpriseEnableZeroTouchEnrollment[];
 CHROMEOS_EXPORT extern const char kFirstExecAfterBoot[];
 CHROMEOS_EXPORT extern const char kForceFirstRunUI[];
 CHROMEOS_EXPORT extern const char kForceLoginManagerInTests[];