Skip to content

Refactor updating enterprise policies#321

Draft
1rneh wants to merge 38 commits intoenterprise-mainfrom
refactor-remote-policies-update
Draft

Refactor updating enterprise policies#321
1rneh wants to merge 38 commits intoenterprise-mainfrom
refactor-remote-policies-update

Conversation

@1rneh
Copy link
Contributor

@1rneh 1rneh commented Jan 8, 2026

  • Refactor updating remote policies
  • Fix merging policies of a combined provider when remote policies are updated

@1rneh 1rneh requested a review from a team January 8, 2026 09:42
gcp
gcp reviewed Jan 9, 2026
View reviewed changes
gcp
gcp reviewed Jan 9, 2026
View reviewed changes
toolkit/components/enterprisepolicies/EnterprisePoliciesParent.sys.mjs
);

if (!isValid) {
continue;
Copy link
Contributor

@gcp gcp Jan 9, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will cause the policy to be removed because it doesn't go in parsedPolicies, unclear if that is what you want.

Copy link
Contributor Author

@1rneh 1rneh Jan 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point! I didn't change that behavior. But let's re-think this :)

We have two options when encountering invalid parameters:

  • Policy is currently active: We can remove the policy or keep it active with unchanged parameters. I think I prefer the latter. It's seems more intentional. In both ways we can warn in the logs about invalid parameters.
  • Policy is currently inactive: Do nothing.

Copy link
Member

@Mossop Mossop Feb 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This function is only called during initialization though so the policy cannot already be active here. The question is what happens later when the policies are updated if this invalid policy isn't listed in _parsedPolicies. It looks to me like you don't want it in _parsedPolicies because that would then cause us to try to call an onRemove handler for the policy even though we haven't actually applied it.

Copy link
Contributor Author

@1rneh 1rneh Feb 13, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, it's also to avoid calling the onRemove callback when it's not applied. Additionally we probably want to avoid removing a valid policy if a remote policy update includes that policy with invalid parameters.

Instead we could add another property valid : true/false to each policy entry in _parsedPolicies and take that into account when activating/updating policies.

@1rneh 1rneh requested a review from Mossop January 22, 2026 15:12
@1rneh 1rneh requested a review from gcp January 22, 2026 16:00
@1rneh

This comment was marked as outdated.

Sign in to view
@1rneh 1rneh requested a review from mkaply January 22, 2026 17:21
Mossop
Mossop reviewed Jan 23, 2026
View reviewed changes
Mossop
Mossop requested changes Jan 23, 2026
View reviewed changes
gcp
gcp requested changes Jan 23, 2026
View reviewed changes
toolkit/components/enterprisepolicies/EnterprisePoliciesParent.sys.mjs
},

get status() {
return this._status;
Copy link
Contributor

@gcp gcp Jan 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given how error prone updating _status is, maybe we can add some sanity checks here for inconsistent status?

Copy link
Contributor Author

@1rneh 1rneh Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is _status error prone?

Copy link
Contributor

@gcp gcp Feb 17, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IIRC part of the review pointed out mistakes in updating _status. So the idea is to add some checks/assertions here to make catching any bugs easier, by checking if _status matches with the state of the rest of the object?

Copy link
Contributor

@gcp gcp Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The trigger was this: #321 (comment)

Copy link
Contributor

@gcp gcp Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also this: #321 (comment)

@lissyx
Copy link
Contributor

lissyx commented Jan 23, 2026

Question: What should we do with the tests under browser/components/enterprisepolicies? Is it enough to run them with local policies?

(I have not had a look at the PR yet so this may be invalid) From past experience I ran several times in regressions I introduced with remote fetching that broke some policies. So I think we should try and run with both, but maybe not right now, and maybe we'd like to scope them in a flagged suite, maybe enterprise subsuite for mochtest browser and xpcshell ?

@1rneh 1rneh requested review from Mossop and gcp February 9, 2026 13:52
@1rneh
Copy link
Contributor Author

1rneh commented Feb 9, 2026

What should we do with the tests under browser/components/enterprisepolicies? Is it enough to run them with local policies?

From an offline conversation with @mkaply:

Tests under /browser/components/enterprisepolicies/ cover each policy logic. Tests under /toolkit/components/enterprisepolicies/ test the policy engine. We should test whether each policy is applied correctly when provided remotely after startup (not during engine initialization).

@1rneh
Copy link
Contributor Author

1rneh commented Feb 12, 2026

This PR is growing and entails quite a lot of entangled changes and therefore difficult to split into multiple patches:

Note:
Leave out the tests in your review for now. I just noticed that I have removed Testing.servePolicyWithJson but it's still used in the /browser/components/enterprisepolicies/ tests. I will have to fix this first.

Mossop
Mossop requested changes Feb 12, 2026
View reviewed changes
toolkit/components/enterprisepolicies/EnterprisePoliciesParent.sys.mjs
);

if (!isValid) {
continue;
Copy link
Member

@Mossop Mossop Feb 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This function is only called during initialization though so the policy cannot already be active here. The question is what happens later when the policies are updated if this invalid policy isn't listed in _parsedPolicies. It looks to me like you don't want it in _parsedPolicies because that would then cause us to try to call an onRemove handler for the policy even though we haven't actually applied it.

mkaply
mkaply approved these changes Feb 12, 2026
View reviewed changes
Copy link
Contributor

@mkaply mkaply left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've asked some questions and made a few suggestions, but assuming this pasts the tests (and you've addressed Mossop's questions), this seems good.

@1rneh 1rneh marked this pull request as draft February 19, 2026 14:58
@gcp gcp mentioned this pull request Feb 20, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Mossop Mossop Mossop requested changes

@mkaply mkaply mkaply approved these changes

@gcp gcp Awaiting requested review from gcp

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@1rneh @lissyx @mkaply @Mossop @gcp