Enforce abuse WHOIS contact for REAL registrars when adding TLDs

We do not enforce this for non-REAL registrars or in any environment other than UNITTEST or PRODUCTION. This is similar but separate to [] since we can add allowed TLDs in either location.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=239510275

java/google/registry/model/registrar/Registrar.java

@@ -561,6 +561,16 @@ public class Registrar extends ImmutableObject implements Buildable, Jsonifiable
         .collect(toImmutableSortedSet(CONTACT_EMAIL_COMPARATOR));
   }
 
+  /**
+   * Returns the {@link RegistrarContact} that is the WHOIS abuse contact for this registrar, or
+   * empty if one does not exist.
+   */
+  public Optional<RegistrarContact> getWhoisAbuseContact() {
+    return getContacts().stream()
+        .filter(RegistrarContact::getVisibleInDomainWhoisAsAbuse)
+        .findFirst();
+  }
+
   private Iterable<RegistrarContact> getContactsIterable() {
     return ofy().load().type(RegistrarContact.class).ancestor(Registrar.this);
   }

java/google/registry/tools/CreateOrUpdateRegistrarCommand.java

@@ -258,6 +258,8 @@ abstract class CreateOrUpdateRegistrarCommand extends MutatingCommand {
   @Nullable
   abstract Registrar getOldRegistrar(String clientId);
 
+  abstract void checkModifyAllowedTlds(@Nullable Registrar oldRegistrar);
+
   protected void initRegistrarCommand() {}
 
   @Override
@@ -300,9 +302,12 @@ abstract class CreateOrUpdateRegistrarCommand extends MutatingCommand {
       if (driveFolderId != null) {
         builder.setDriveFolderId(driveFolderId.orElse(null));
       }
+      if (!allowedTlds.isEmpty() || !addAllowedTlds.isEmpty()) {
+        checkModifyAllowedTlds(oldRegistrar);
+      }
       if (!allowedTlds.isEmpty()) {
-        checkArgument(addAllowedTlds.isEmpty(),
-            "Can't specify both --allowedTlds and --addAllowedTlds");
+        checkArgument(
+            addAllowedTlds.isEmpty(), "Can't specify both --allowedTlds and --addAllowedTlds");
         ImmutableSet.Builder<String> allowedTldsBuilder = new ImmutableSet.Builder<>();
         for (String allowedTld : allowedTlds) {
           allowedTldsBuilder.add(canonicalizeDomainName(allowedTld));

java/google/registry/tools/CreateRegistrarCommand.java

@@ -30,6 +30,7 @@ import com.beust.jcommander.Parameter;
 import com.beust.jcommander.Parameters;
 import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.Streams;
+import google.registry.config.RegistryEnvironment;
 import google.registry.model.registrar.Registrar;
 import java.util.ArrayList;
 import java.util.List;
@@ -86,14 +87,28 @@ final class CreateRegistrarCommand extends CreateOrUpdateRegistrarCommand
             .filter(registrar -> normalizeClientId(registrar.getClientId()).equals(clientId))
             .collect(toCollection(ArrayList::new));
     if (!collisions.isEmpty()) {
-      throw new IllegalArgumentException(String.format(
-          "The registrar client identifier %s normalizes identically to existing registrar %s",
-          clientId,
-          collisions.get(0).getClientId()));
+      throw new IllegalArgumentException(
+          String.format(
+              "The registrar client identifier %s normalizes identically to existing registrar %s",
+              clientId, collisions.get(0).getClientId()));
     }
     return null;
   }
 
+  @Override
+  void checkModifyAllowedTlds(@Nullable Registrar oldRegistrar) {
+    // When creating a registrar, only allow allowed-TLD modification if we're in a non-PRODUCTION
+    // environment and/or the registrar is not REAL
+    checkArgument(
+        !RegistryEnvironment.PRODUCTION.equals(RegistryEnvironment.get())
+            || !Registrar.Type.REAL.equals(registrarType),
+        "Cannot add allowed TLDs when creating a REAL registrar in a production environment."
+            + " Please create the registrar without allowed TLDs, then use `nomulus"
+            + " registrar_contact` to create a registrar contact for it that is visible as the"
+            + " abuse contact in WHOIS. Then use `nomulus update_registrar` to add the allowed"
+            + " TLDs.");
+  }
+
   @Override
   protected String postExecute() {
     if (!createGoogleGroups) {

java/google/registry/tools/UpdateRegistrarCommand.java

@@ -14,10 +14,13 @@
 
 package google.registry.tools;
 
+import static google.registry.util.PreconditionsUtils.checkArgumentNotNull;
 import static google.registry.util.PreconditionsUtils.checkArgumentPresent;
 
 import com.beust.jcommander.Parameters;
+import google.registry.config.RegistryEnvironment;
 import google.registry.model.registrar.Registrar;
+import javax.annotation.Nullable;
 
 /** Command to update a Registrar. */
 @Parameters(separators = " =", commandDescription = "Update registrar account(s)")
@@ -28,4 +31,22 @@ final class UpdateRegistrarCommand extends CreateOrUpdateRegistrarCommand {
     return checkArgumentPresent(
         Registrar.loadByClientId(clientId), "Registrar %s not found", clientId);
   }
+
+  @Override
+  void checkModifyAllowedTlds(@Nullable Registrar oldRegistrar) {
+    // Only allow modifying allowed TLDs if we're in a non-PRODUCTION environment, if the registrar
+    // is not REAL, or the registrar has a WHOIS abuse contact set.
+    checkArgumentNotNull(oldRegistrar, "Old registrar was not present during modification");
+
+    boolean isRealRegistrar =
+        Registrar.Type.REAL.equals(registrarType)
+            || (Registrar.Type.REAL.equals(oldRegistrar.getType()) && registrarType == null);
+    if (RegistryEnvironment.PRODUCTION.equals(RegistryEnvironment.get()) && isRealRegistrar) {
+      checkArgumentPresent(
+          oldRegistrar.getWhoisAbuseContact(),
+          "Cannot modify allowed TLDs if there is no WHOIS abuse contact set. Please use the"
+              + " \"nomulus registrar_contact\" command on this registrar to set a WHOIS abuse"
+              + " contact.");
+    }
+  }
 }