mv com/google/domain/registry google/registry

This change renames directories in preparation for the great package
rename. The repository is now in a broken state because the code
itself hasn't been updated. However this should ensure that git
correctly preserves history for each file.

java/google/registry/groups/BUILD

@@ -0,0 +1,25 @@
+package(
+    default_visibility = ["//java/com/google/domain/registry:registry_project"],
+)
+
+
+java_library(
+    name = "groups",
+    srcs = glob(["*.java"]),
+    deps = [
+        "//apiserving/discoverydata/admin:admin_directory_v1",
+        "//apiserving/discoverydata/groupssettings",
+        "//java/com/google/api/client/googleapis/auth/oauth2",
+        "//java/com/google/api/client/googleapis/json",
+        "//java/com/google/common/annotations",
+        "//java/com/google/common/base",
+        "//java/com/google/common/collect",
+        "//java/com/google/domain/registry/config",
+        "//java/com/google/domain/registry/request",
+        "//java/com/google/domain/registry/util",
+        "//third_party/java/dagger",
+        "//third_party/java/joda_time",
+        "//third_party/java/jsr305_annotations",
+        "//third_party/java/servlet/servlet_api",
+    ],
+)

java/google/registry/groups/DirectoryGroupsConnection.java

@@ -0,0 +1,171 @@
+// Copyright 2016 The Domain Registry Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.domain.registry.groups;
+
+import static com.google.domain.registry.util.CollectionUtils.nullToEmpty;
+import static javax.servlet.http.HttpServletResponse.SC_CONFLICT;
+import static javax.servlet.http.HttpServletResponse.SC_NOT_FOUND;
+
+import com.google.api.client.googleapis.json.GoogleJsonError;
+import com.google.api.client.googleapis.json.GoogleJsonResponseException;
+import com.google.api.services.admin.directory.Directory;
+import com.google.api.services.admin.directory.model.Group;
+import com.google.api.services.admin.directory.model.Member;
+import com.google.api.services.admin.directory.model.Members;
+import com.google.api.services.groupssettings.Groupssettings;
+import com.google.api.services.groupssettings.model.Groups;
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Strings;
+import com.google.common.collect.ImmutableSet;
+import com.google.domain.registry.config.ConfigModule.Config;
+import com.google.domain.registry.util.FormattingLogger;
+
+import java.io.IOException;
+import java.util.Set;
+
+import javax.inject.Inject;
+
+/**
+ * Class encapsulating methods to access Google Groups API.
+ */
+public class DirectoryGroupsConnection implements GroupsConnection {
+
+  // NOTE: These error message strings were determined empirically. The API documentation contains
+  // no mention of what happens in error conditions. Here be dragons.
+  private static final String GROUP_NOT_FOUND_MSG = "Resource Not Found: groupKey";
+  private static final String MEMBER_NOT_FOUND_MSG = "Resource Not Found: memberKey";
+  private static final String MEMBER_ALREADY_EXISTS_MSG = "Member already exists.";
+
+  private static final FormattingLogger logger = FormattingLogger.getLoggerForCallerClass();
+  private static final Groups defaultGroupPermissions = getDefaultGroupPermissions();
+
+  @VisibleForTesting
+  static Groups getDefaultGroupPermissions() {
+    Groups permissions = new Groups();
+    permissions.setAllowExternalMembers(Boolean.TRUE.toString());
+    permissions.setWhoCanPostMessage("ALL_MANAGERS_CAN_POST");
+    permissions.setWhoCanViewGroup("ALL_MANAGERS_CAN_VIEW");
+    permissions.setWhoCanViewMembership("ALL_MANAGERS_CAN_VIEW");
+    permissions.setWhoCanJoin("INVITED_CAN_JOIN");
+    permissions.setWhoCanInvite("ALL_MANAGERS_CAN_INVITE");
+    return permissions;
+  }
+
+  @Inject Directory directory;
+  @Inject Groupssettings groupsSettings;
+  @Inject @Config("googleAppsAdminEmailAddress") String googleAppsAdminEmailAddress;
+  @Inject DirectoryGroupsConnection() {}
+
+  @Override
+  public void addMemberToGroup(String groupKey, String email, Role role) throws IOException {
+    // Documentation for this API call:
+    // https://developers.google.com/admin-sdk/directory/v1/reference/members/insert
+    Member member = new Member();
+    member.setEmail(email);
+    member.setRole(role.toString());
+    try {
+      directory.members().insert(groupKey, member).execute();
+    } catch (GoogleJsonResponseException e) {
+      // If the member is already in the group, ignore the error, get the existing member, and
+      // return it.
+      GoogleJsonError err = e.getDetails();
+      if (err.getCode() == SC_NOT_FOUND && err.getMessage().equals(GROUP_NOT_FOUND_MSG)) {
+        logger.infofmt(
+            e,
+            "Creating group %s during addition of member %s because the group doesn't exist.",
+            groupKey,
+            email);
+        createGroup(groupKey);
+        addMemberToGroup(groupKey, email, role);
+      } else if (err.getCode() == SC_NOT_FOUND && err.getMessage().equals(MEMBER_NOT_FOUND_MSG)) {
+        throw new RuntimeException(String.format(
+            "Adding member %s to group %s failed because the member wasn't found.",
+            email,
+            groupKey), e);
+      } else if (err.getCode() == SC_CONFLICT
+          && err.getMessage().equals(MEMBER_ALREADY_EXISTS_MSG)) {
+        // This error case usually happens when an email address is already a member of the gorup,
+        // but it is bouncing incoming emails. It won't show up in the members list API call, but
+        // will throw a "Member already exists" error message if you attempt to add it again. The
+        // correct thing to do is log an info message when this happens and then ignore it.
+        logger.infofmt(
+            e,
+            "Could not add email %s to group %s because it is already a member "
+                + "(likely because the email address is bouncing incoming messages).",
+            email,
+            groupKey);
+      } else {
+        throw e;
+      }
+    }
+  }
+
+  @Override
+  public void removeMemberFromGroup(String groupKey, String email) throws IOException {
+    // Documentation for this API call:
+    // https://developers.google.com/admin-sdk/directory/v1/reference/members/delete
+    directory.members().delete(groupKey, email).execute();
+  }
+
+  @Override
+  public Set<String> getMembersOfGroup(String groupKey) throws IOException {
+    // Documentation for this API call:
+    // https://developers.google.com/admin-sdk/directory/v1/reference/members/list
+    try {
+      ImmutableSet.Builder<String> allMembers = new ImmutableSet.Builder<>();
+      Directory.Members.List listRequest =
+          directory.members().list(groupKey).setRoles(Role.MEMBER.toString());
+      do {
+        Members currentPage = listRequest.execute();
+        for (Member member : nullToEmpty(currentPage.getMembers())) {
+          allMembers.add(member.getEmail());
+        }
+        listRequest.setPageToken(currentPage.getNextPageToken());
+      } while (!Strings.isNullOrEmpty(listRequest.getPageToken()));
+      return allMembers.build();
+    } catch (GoogleJsonResponseException e) {
+      if (e.getDetails() != null 
+          && e.getDetails().getCode() == SC_NOT_FOUND
+          && e.getDetails().getMessage().equals(GROUP_NOT_FOUND_MSG)) {
+        return ImmutableSet.of();
+      } else {
+        throw e;
+      }
+    }
+  }
+
+  @Override
+  public Group createGroup(String groupKey) throws IOException {
+    // Documentation for this API call:
+    // https://developers.google.com/admin-sdk/directory/v1/reference/groups/insert
+    Group group = new Group();
+    group.setEmail(groupKey);
+    try {
+      Group createdGroup = directory.groups().insert(group).execute();
+      addMemberToGroup(groupKey, googleAppsAdminEmailAddress, Role.OWNER);
+      groupsSettings.groups().patch(groupKey, defaultGroupPermissions).execute();
+      return createdGroup;
+    } catch (GoogleJsonResponseException e) {
+      // Ignore the error thrown if the group already exists.
+      if (e.getDetails().getCode() == SC_CONFLICT
+          && e.getDetails().getMessage().equals("Entity already exists.")) {
+        logger.infofmt(e, "Could not create group %s because it already exists.", groupKey);
+        return directory.groups().get(groupKey).execute();
+      } else {
+        throw e;
+      }
+    }
+  }
+}

java/google/registry/groups/DirectoryModule.java

@@ -0,0 +1,62 @@
+// Copyright 2016 The Domain Registry Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.domain.registry.groups;
+
+import static dagger.Provides.Type.SET_VALUES;
+
+import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
+import com.google.api.services.admin.directory.Directory;
+import com.google.api.services.admin.directory.DirectoryScopes;
+import com.google.common.collect.ImmutableSet;
+import com.google.domain.registry.config.ConfigModule.Config;
+import com.google.domain.registry.request.DelegatedOAuthScopes;
+
+import dagger.Module;
+import dagger.Provides;
+
+import java.util.Set;
+
+import javax.inject.Named;
+
+/**
+ * Dagger module for the Google {@link Directory} service.
+ *
+ * @see com.google.domain.registry.config.ConfigModule
+ * @see com.google.domain.registry.request.Modules.UrlFetchTransportModule
+ * @see com.google.domain.registry.request.Modules.Jackson2Module
+ * @see com.google.domain.registry.request.Modules.AppIdentityCredentialModule
+ * @see com.google.domain.registry.request.Modules.UseAppIdentityCredentialForGoogleApisModule
+ */
+@Module
+public final class DirectoryModule {
+
+  /** Provides OAuth2 scopes for the Directory service needed by Domain Registry. */
+  @Provides(type = SET_VALUES)
+  @DelegatedOAuthScopes
+  static Set<String> provideDirectoryOAuthScopes() {
+    return ImmutableSet.of(
+        DirectoryScopes.ADMIN_DIRECTORY_GROUP_MEMBER,
+        DirectoryScopes.ADMIN_DIRECTORY_GROUP);
+  }
+
+  @Provides
+  static Directory provideDirectory(
+      @Named("delegatedAdmin") GoogleCredential credential,
+      @Config("projectId") String projectId) {
+    return new Directory.Builder(credential.getTransport(), credential.getJsonFactory(), credential)
+        .setApplicationName(projectId)
+        .build();
+  }
+}

java/google/registry/groups/GroupsConnection.java

@@ -0,0 +1,62 @@
+// Copyright 2016 The Domain Registry Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.domain.registry.groups;
+
+import com.google.api.client.googleapis.json.GoogleJsonResponseException;
+import com.google.api.services.admin.directory.model.Group;
+
+import java.io.IOException;
+import java.util.Set;
+
+/**
+ * Interface for common operations on Groups.
+ */
+public interface GroupsConnection {
+
+  /** The role of a member in a group. */
+  public enum Role {
+    MEMBER,
+    MANAGER,
+    OWNER
+  }
+
+  /**
+   * Adds a member to the specified group with the given role. This function is idempotent; if the
+   * member already exists in the group, then it returns normally. If the group doesn't exist, then
+   * it is created.
+   */
+  public void addMemberToGroup(String groupKey, String email, Role role) throws IOException;
+
+  /**
+   * Removes a member from the specified group, or throws {@link GoogleJsonResponseException} if the
+   * member doesn't exist.
+   */
+  public void removeMemberFromGroup(String groupKey, String email) throws IOException;
+
+  /**
+   * Returns all of the members of the specified group. Note that it gets members only; not owners
+   * or managers. Returns an empty set if the group in question does not exist.
+   */
+  public Set<String> getMembersOfGroup(String groupKey) throws IOException;
+
+  /**
+   * Creates a group with the given email address (groupKey) that is open for external members to
+   * join, and returns it. This function is idempotent; if the given group already exists, then this
+   * function returns as normal without error (and without modifying the existing group in any way,
+   * including permissions on who is able to join). The configured admin owner for the Google App is
+   * automatically added as an owner.
+   */
+  public Group createGroup(String groupKey) throws IOException;
+}

java/google/registry/groups/GroupsModule.java

@@ -0,0 +1,28 @@
+// Copyright 2016 The Domain Registry Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.domain.registry.groups;
+
+import dagger.Module;
+import dagger.Provides;
+
+/** Dagger module for groups package. */
+@Module
+public final class GroupsModule {
+
+  @Provides
+  static GroupsConnection provideGroupsConnection(DirectoryGroupsConnection connection) {
+    return connection;
+  }
+}

java/google/registry/groups/GroupssettingsModule.java

@@ -0,0 +1,61 @@
+// Copyright 2016 The Domain Registry Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.domain.registry.groups;
+
+import static dagger.Provides.Type.SET_VALUES;
+
+import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
+import com.google.api.services.groupssettings.Groupssettings;
+import com.google.api.services.groupssettings.GroupssettingsScopes;
+import com.google.common.collect.ImmutableSet;
+import com.google.domain.registry.config.ConfigModule.Config;
+import com.google.domain.registry.request.DelegatedOAuthScopes;
+
+import dagger.Module;
+import dagger.Provides;
+
+import java.util.Set;
+
+import javax.inject.Named;
+
+/**
+ * Dagger module for the Google {@link Groupssettings} service.
+ *
+ * @see com.google.domain.registry.config.ConfigModule
+ * @see com.google.domain.registry.request.Modules.UrlFetchTransportModule
+ * @see com.google.domain.registry.request.Modules.Jackson2Module
+ * @see com.google.domain.registry.request.Modules.AppIdentityCredentialModule
+ * @see com.google.domain.registry.request.Modules.UseAppIdentityCredentialForGoogleApisModule
+ */
+@Module
+public final class GroupssettingsModule {
+
+  /** Provides OAuth2 scopes for the Groupssettings service needed by Domain Registry. */
+  @Provides(type = SET_VALUES)
+  @DelegatedOAuthScopes
+  static Set<String> provideGroupssettingsOAuthScopes() {
+    return ImmutableSet.of(GroupssettingsScopes.APPS_GROUPS_SETTINGS);
+  }
+
+  @Provides
+  static Groupssettings provideGroupssettings(
+      @Named("delegatedAdmin") GoogleCredential credential,
+      @Config("projectId") String projectId) {
+    return new Groupssettings
+        .Builder(credential.getTransport(), credential.getJsonFactory(), credential)
+        .setApplicationName(projectId)
+        .build();
+  }
+}