Fix in-baliwick nameserver check bug in CloudDnsWriter

In publishDomain, we load the subordinate hosts of the domain from datastore and compare its nameservers to them. For any nameserver that is in-baliwick, we call publishSubordinateHost on it and stage the A/AAAA records of the host for publication.

This is superior to the old approach where we use hostName.endsWith(domainName) to check if a nameserver is in-baliwick because it will mistake ns.another-example.tld as a subordinate host of example.tld. It is also better than checking hostName.endsWith("." + domainName), which will catch false positives as above, but falls short in a corner case where the nameserver has been deleted before its superordinate domain's record is updated. In that case, subordinateHosts.cotains(hostName) will be false but hostName.endsWith("." + domainName) will still be true.

Note that we still use the suffix check in filterGlueRecords because it is filtering on existing records from Cloud DNS. It is even advantageous to do so because if there were (and there shouldn't be if everything is consistent) any orphaned glue records (suffix matches to the domain, but not actually in its subordinate host list), they would be retained by the filter and therefore be deleted when the staged changes are committed.

Also fixed a few tests that should have failed had we checked subrodinate hosts....

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=184732005

java/google/registry/dns/writer/clouddns/CloudDnsWriter.java

@@ -67,8 +67,8 @@ import org.joda.time.Duration;
 public class CloudDnsWriter extends BaseDnsWriter {
 
   /**
-   * The name of the dns writer, as used in {@code Registry.dnsWriter}. Remember to change
-   * the value on affected Registry objects to prevent runtime failures.
+   * The name of the dns writer, as used in {@code Registry.dnsWriter}. Remember to change the value
+   * on affected Registry objects to prevent runtime failures.
    */
   public static final String NAME = "CloudDnsWriter";
 
@@ -153,16 +153,16 @@ public class CloudDnsWriter extends BaseDnsWriter {
       }
     }
 
-
     // Construct NS records (if any).
     Set<String> nameserverData = domainResource.get().loadNameserverFullyQualifiedHostNames();
+    Set<String> subordinateHosts = domainResource.get().getSubordinateHosts();
     if (!nameserverData.isEmpty()) {
       HashSet<String> nsRrData = new HashSet<>();
       for (String hostName : nameserverData) {
         nsRrData.add(getAbsoluteHostName(hostName));
 
         // Construct glue records for subordinate NS hostnames (if any)
-        if (hostName.endsWith(domainName)) {
+        if (subordinateHosts.contains(hostName)) {
           publishSubordinateHost(hostName);
         }
       }
@@ -285,19 +285,15 @@ public class CloudDnsWriter extends BaseDnsWriter {
     logger.info("Wrote to Cloud DNS");
   }
 
-  /**
-   * Returns the glue records for in-bailiwick nameservers for the given domain+records.
-   */
+  /** Returns the glue records for in-bailiwick nameservers for the given domain+records. */
   private Stream<String> filterGlueRecords(String domainName, Stream<ResourceRecordSet> records) {
     return records
         .filter(record -> record.getType().equals("NS"))
         .flatMap(record -> record.getRrdatas().stream())
-        .filter(hostName -> hostName.endsWith(domainName) && !hostName.equals(domainName));
+        .filter(hostName -> hostName.endsWith("." + domainName) && !hostName.equals(domainName));
   }
 
-  /**
-   * Mutate the zone with the provided {@code desiredRecords}.
-   */
+  /** Mutate the zone with the provided {@code desiredRecords}. */
   @VisibleForTesting
   void mutateZone(ImmutableMap<String, ImmutableSet<ResourceRecordSet>> desiredRecords) {
     // Fetch all existing records for names that this writer is trying to modify