summaryrefslogtreecommitdiff
path: root/chromium/docs/enterprise
diff options
context:
space:
mode:
Diffstat (limited to 'chromium/docs/enterprise')
-rw-r--r--chromium/docs/enterprise/add_new_policy.md55
-rwxr-xr-xchromium/docs/enterprise/extension_query.py43
-rwxr-xr-xchromium/docs/enterprise/extension_query_py2.py38
3 files changed, 92 insertions, 44 deletions
diff --git a/chromium/docs/enterprise/add_new_policy.md b/chromium/docs/enterprise/add_new_policy.md
index d90cd69ff71..9c5f400f583 100644
--- a/chromium/docs/enterprise/add_new_policy.md
+++ b/chromium/docs/enterprise/add_new_policy.md
@@ -37,10 +37,12 @@ Usually you need a policy when
sure you get the version and feature flags (such as dynamic_refresh and
supported_on) right.
- Here are the most used attributes. Please note that, all attributes
- below other than `supported_on` and `default_for_enterprise_users` do
- not change the code behavior.
- - `supported_on`: It controls the platform and Chrome milestone the
- policy supports.
+ below other than `supported_on`, `future_on' and
+ `default_for_enterprise_users` do not change the code behavior.
+ - `supported_on` and `future_on`: They control the platforms that the
+ policy supports. `supported_on` is used for released platforms with
+ milestone range while `future_on` is used for unreleased platforms.
+ See **Launch a policy** below for more information.
- `default_for_enterprise_users`: Its value is applied as a mandatory
policy for managed users on Chrome OS unless a different setting is
explicitly set.
@@ -51,9 +53,6 @@ Usually you need a policy when
- `can_be_recommended`: It tells the admin whether they can mark the
policy as recommended and allow the user to override it in the UI,
using a command line switch or an extension.
- - `future`: It hides the policy from auto-generated templates and
- documentation. It's used when your policy needs multiple milestone
- development.
- The complete list of attributes and their expected values can be found in
the
[policy_templates.json](https://cs.chromium.org/chromium/src/components/policy/resources/policy_templates.json).
@@ -152,6 +151,33 @@ Usually you need a policy when
10. If your policy has interactions with other policies, make sure to document,
test and cover these by automated tests.
+## Launch a policy
+1. When adding a new policy, put the platforms it will be supported in the
+ `future_on` list.
+ - The policy is hidden from any auto-generated template or documentation on
+ those platforms.
+ - The policy will also be unavailable on Beta and Stable channel unless it's
+ enabled specifically by
+ [EnableExperimentalPolicies](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=EnableExperimentalPolicies)
+ policy.
+2. Implement the policy, get launch approval if necessary.
+3. If the policy needs to be tested with small set of users first, keep the
+ platforms in the `future_on` list and running the tester program with the
+ [EnableExperimentalPolicies](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=EnableExperimentalPolicies)
+ policy.
+4. Move the launched platforms from `future_on` to `supported_on` and set the
+ 'since_version' of those platforms to the milestone for which the launch
+ approval was granted.
+5. If the 'since_version' is set to a earlier milestone, you need to merge
+ back all necessary commits.
+
+**Do not use finch to control policy launch process.**
+
+Policies are inherently switches that admins will turn on if they need. Getting
+inconsistent behavior based on factors outside of their control only causes
+confusion and is source for support requests. Use the step 3 above if the policy
+needs external testers before being officially announced.
+
## Examples
Here is an example based on the instructions above. It's a good, simple place to
@@ -221,6 +247,7 @@ The presubmit checks perform the following verifications:
before a new stable release has rolled out. Normally such a change
should eventually be merged into the stable branch before the
release.
+ 3. `supported_on` list is empty.
2. If the policy is considered **unreleased**, all changes to it are allowed.
@@ -261,6 +288,15 @@ The presubmit checks perform the following verifications:
1. Dictionary policies can have some of their "required" fields removed
in order to be less restrictive.
+4. A policy is **partially released** if both `supported_on` and
+ `future_on` list are not empty.
+
+5. The **partially released** policy is considered as a **released** policy
+ and only the `future_on` list can be modified freely. However, any
+ platform in the `supported_on` list cannot be moved back to the `future_on`
+ list.
+
+
## Cloud Policy
**For Googlers only**: The Cloud Policy will be maintained by the Admin console
@@ -292,4 +328,7 @@ than regular consumer behavior.
### Additional Notes
-1. policy_templates.json is actually a Python dictionary even though the file name contains *json*.
+1. policy_templates.json is actually a Python dictionary even though the file
+ name contains *json*.
+2. The `future_on` flag can disable policy on Beta of Stable channel only if the
+ policy value is copied to `PrefService` in Step 3 of **Adding a new policy**.
diff --git a/chromium/docs/enterprise/extension_query.py b/chromium/docs/enterprise/extension_query.py
index c1a23974efc..f1e6dd1c758 100755
--- a/chromium/docs/enterprise/extension_query.py
+++ b/chromium/docs/enterprise/extension_query.py
@@ -1,5 +1,5 @@
#!/usr/bin/env python
-# Copyright (c) 2020 The Chromium Authors. All rights reserved.
+# Copyright 2020 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Transform CBCM Takeout API Data (Python3)."""
@@ -8,6 +8,7 @@ import argparse
import csv
import json
import sys
+import time
import google_auth_httplib2
@@ -41,26 +42,20 @@ def ComputeExtensionsList(extensions_list, data):
key = key + ' @ ' + extension['version']
if key not in extensions_list:
current_extension = {
- 'name':
- extension['name'],
- 'permissions':
- extension['permissions']
- if 'permissions' in extension else '',
- 'installed':
- set(),
- 'disabled':
- set(),
- 'forced':
- set()
+ 'name': extension.get('name', ''),
+ 'permissions': extension.get('permissions', ''),
+ 'installed': set(),
+ 'disabled': set(),
+ 'forced': set()
}
else:
current_extension = extensions_list[key]
machine_name = device['machineName']
current_extension['installed'].add(machine_name)
- if 'installType' in extension and extension['installType'] == 3:
+ if extension.get('installType', '') == 'ADMIN':
current_extension['forced'].add(machine_name)
- if 'disabled' in extension and extension['disabled']:
+ if extension.get('disabled', False):
current_extension['disabled'].add(machine_name)
extensions_list[key] = current_extension
@@ -170,11 +165,21 @@ def main(args):
browsers_processed = 0
while True:
print('Making request to server ...')
- response = http.request(base_request_url + '?' + request_parameters,
- 'GET')[1]
- if isinstance(response, bytes):
- response = response.decode('utf-8')
- data = json.loads(response)
+
+ retrycount = 0
+ while retrycount < 5:
+ response = http.request(base_request_url + '?' + request_parameters,
+ 'GET')[1]
+
+ if isinstance(response, bytes):
+ response = response.decode('utf-8')
+ data = json.loads(response)
+ if 'browsers' not in data:
+ print('Response error, retrying...')
+ time.sleep(3)
+ retrycount += 1
+ else:
+ break
browsers_in_data = len(data['browsers'])
print('Request returned %s results, analyzing ...' % (browsers_in_data))
diff --git a/chromium/docs/enterprise/extension_query_py2.py b/chromium/docs/enterprise/extension_query_py2.py
index 73856278e65..2bf496b85e9 100755
--- a/chromium/docs/enterprise/extension_query_py2.py
+++ b/chromium/docs/enterprise/extension_query_py2.py
@@ -1,8 +1,7 @@
#!/usr/bin/env python
-# Copyright (c) 2020 The Chromium Authors. All rights reserved.
+# Copyright 2020 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
-
"""Transform CBCM Takeout API Data (Python2)."""
from __future__ import print_function
@@ -44,30 +43,25 @@ def ComputeExtensionsList(extensions_list, data):
key = key + ' @ ' + extension['version']
if key not in extensions_list:
current_extension = {
- 'name':
- extension['name'],
- 'permissions':
- extension['permissions']
- if 'permissions' in extension else '',
- 'installed':
- set(),
- 'disabled':
- set(),
- 'forced':
- set()
+ 'name': extension.get('name', ''),
+ 'permissions': extension.get('permissions', ''),
+ 'installed': set(),
+ 'disabled': set(),
+ 'forced': set()
}
else:
current_extension = extensions_list[key]
machine_name = device['machineName']
current_extension['installed'].add(machine_name)
- if 'installType' in extension and extension['installType'] == 3:
+ if extension.get('installType', '') == 'ADMIN':
current_extension['forced'].add(machine_name)
- if 'disabled' in extension and extension['disabled']:
+ if extension.get('disabled', False):
current_extension['disabled'].add(machine_name)
extensions_list[key] = current_extension
+
def ToUtf8(data):
"""Ensures all the values in |data| are encoded as UTF-8.
@@ -84,6 +78,7 @@ def ToUtf8(data):
entry[prop] = unicode(value).encode('utf-8')
yield entry
+
def DictToList(data, key_name='id'):
"""Converts a dict into a list.
@@ -181,8 +176,17 @@ def main(args):
browsers_processed = 0
while True:
print('Making request to server ...')
- data = json.loads(
- http.request(base_request_url + '?' + request_parameters, 'GET')[1])
+ retrycount = 0
+ while retrycount < 5:
+ data = json.loads(
+ http.request(base_request_url + '?' + request_parameters, 'GET')[1])
+
+ if 'browsers' not in data:
+ print('Response error, retrying...')
+ time.sleep(3)
+ retrycount += 1
+ else:
+ break
browsers_in_data = len(data['browsers'])
print('Request returned %s results, analyzing ...' % (browsers_in_data))
View Lorry Controller Status