mirror of
https://github.com/google/nomulus.git
synced 2025-05-14 16:37:13 +02:00
Remove per-domain nameserver restrictions in reserved lists
This also removes the related setting on the Registry entity. We never used either of these, and keeping them around in our codebase just adds complexity for no purpose. We already achieve the goals of this feature by restricting nameservers on entire TLDs and by registry-locking important domain names. This is also two fewer things we'll have to worry about carrying over to the new schema in Registry 3.0. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=243816241
This commit is contained in:
mcilwain
jianglai
parent
3b1d38e1e6
commit
55f8e0efad
15 changed files with 24 additions and 794 deletions
|
|
@ -345,15 +345,10 @@ An EPP flow that creates a new domain resource.
|
|||
* Resource linked to this domain does not exist.
|
||||
* 2304
|
||||
* The claims period for this TLD has ended.
|
||||
* Requested domain does not have nameserver-restricted reservation for a
|
||||
TLD that requires such a reservation to create domains.
|
||||
* Requested domain is reserved.
|
||||
* Linked resource in pending delete prohibits operation.
|
||||
* Requested domain requires a claims notice.
|
||||
* Nameservers are not whitelisted for this domain.
|
||||
* Nameservers are not whitelisted for this TLD.
|
||||
* Nameservers not specified for domain with nameserver-restricted
|
||||
reservation.
|
||||
* Nameservers not specified for domain on TLD with nameserver whitelist.
|
||||
* The requested domain name is on the premium price list, and this
|
||||
registrar has blocked premium registrations.
|
||||
|
|
@ -762,11 +757,6 @@ statuses are updated at once.
|
|||
* Linked resource in pending delete prohibits operation.
|
||||
* Nameservers are not whitelisted for this TLD.
|
||||
* Nameservers not specified for domain on TLD with nameserver whitelist.
|
||||
* Nameservers are not whitelisted for this domain.
|
||||
* Nameservers not specified for domain with nameserver-restricted
|
||||
reservation.
|
||||
* Requested domain does not have nameserver-restricted reservation for a
|
||||
TLD that requires such a reservation to create domains.
|
||||
* Registrant is not whitelisted for this TLD.
|
||||
* 2306
|
||||
* Cannot add and remove the same value.
|
||||
|
|
|
|||
|
|
@ -1,12 +1,10 @@
|
|||
# Example of a reserved list file. This is simply a CSV file with 2-3
|
||||
# columns: sub-domain name and reservation type and (in the case of the
|
||||
# NAMESERVER_RESTRICTED type) a colon-separated list of nameservers. See
|
||||
# columns: sub-domain name and reservation type. See
|
||||
# java/google/registry/model/registry/label/ReserverationType for the complete
|
||||
# set of reservation types.
|
||||
#
|
||||
# These are manipulated using the "nomulus" tool
|
||||
# {create,update,delete,list}_reserved_list commands.
|
||||
nsrestric,NAMESERVER_RESTRICTED,foo.example.com:bar.example.com
|
||||
sunrise,ALLOWED_IN_SUNRISE
|
||||
specific,RESERVED_FOR_SPECIFIC_USE
|
||||
anchor,RESERVED_FOR_ANCHOR_TENANT
|
||||
|
|
|
|||
|
|
@ -26,7 +26,6 @@ import static google.registry.flows.domain.DomainFlowUtils.isAnchorTenant;
|
|||
import static google.registry.flows.domain.DomainFlowUtils.isReserved;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.isValidReservedCreate;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.validateCreateCommandContactsAndNameservers;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.validateDomainAllowedOnCreateRestrictedTld;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.validateDomainName;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.validateDomainNameWithIdnTables;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.validateFeeChallenge;
|
||||
|
|
@ -43,8 +42,6 @@ import static google.registry.flows.domain.DomainFlowUtils.verifyRegistrarIsActi
|
|||
import static google.registry.flows.domain.DomainFlowUtils.verifyUnitIsYears;
|
||||
import static google.registry.model.EppResourceUtils.createDomainRepoId;
|
||||
import static google.registry.model.eppcommon.StatusValue.SERVER_HOLD;
|
||||
import static google.registry.model.eppcommon.StatusValue.SERVER_TRANSFER_PROHIBITED;
|
||||
import static google.registry.model.eppcommon.StatusValue.SERVER_UPDATE_PROHIBITED;
|
||||
import static google.registry.model.ofy.ObjectifyService.ofy;
|
||||
import static google.registry.model.registry.Registry.TldState.GENERAL_AVAILABILITY;
|
||||
import static google.registry.model.registry.Registry.TldState.START_DATE_SUNRISE;
|
||||
|
|
@ -142,7 +139,6 @@ import org.joda.time.Duration;
|
|||
* @error {@link DomainFlowUtils.CurrencyValueScaleException}
|
||||
* @error {@link DomainFlowUtils.DashesInThirdAndFourthException}
|
||||
* @error {@link DomainFlowUtils.DomainLabelTooLongException}
|
||||
* @error {@link DomainFlowUtils.DomainNotAllowedForTldWithCreateRestrictionException}
|
||||
* @error {@link DomainFlowUtils.DomainReservedException}
|
||||
* @error {@link DomainFlowUtils.DuplicateContactForRoleException}
|
||||
* @error {@link DomainFlowUtils.EmptyDomainNamePartException}
|
||||
|
|
@ -167,9 +163,7 @@ import org.joda.time.Duration;
|
|||
* @error {@link DomainFlowUtils.MissingContactTypeException}
|
||||
* @error {@link DomainFlowUtils.MissingRegistrantException}
|
||||
* @error {@link DomainFlowUtils.MissingTechnicalContactException}
|
||||
* @error {@link DomainFlowUtils.NameserversNotAllowedForDomainException}
|
||||
* @error {@link DomainFlowUtils.NameserversNotAllowedForTldException}
|
||||
* @error {@link DomainFlowUtils.NameserversNotSpecifiedForNameserverRestrictedDomainException}
|
||||
* @error {@link DomainFlowUtils.NameserversNotSpecifiedForTldWithNameserverWhitelistException}
|
||||
* @error {@link DomainFlowUtils.PremiumNameBlockedException}
|
||||
* @error {@link DomainFlowUtils.RegistrantNotAllowedException}
|
||||
|
|
@ -227,9 +221,6 @@ public class DomainCreateFlow implements TransactionalFlow {
|
|||
String domainLabel = domainName.parts().get(0);
|
||||
Registry registry = Registry.get(domainName.parent().toString());
|
||||
validateCreateCommandContactsAndNameservers(command, registry, domainName);
|
||||
if (registry.getDomainCreateRestricted()) {
|
||||
validateDomainAllowedOnCreateRestrictedTld(domainName);
|
||||
}
|
||||
TldState tldState = registry.getTldState(now);
|
||||
Optional<LaunchCreateExtension> launchCreate =
|
||||
eppInput.getSingleExtension(LaunchCreateExtension.class);
|
||||
|
|
@ -322,9 +313,6 @@ public class DomainCreateFlow implements TransactionalFlow {
|
|||
}
|
||||
|
||||
ImmutableSet.Builder<StatusValue> statuses = new ImmutableSet.Builder<>();
|
||||
if (registry.getDomainCreateRestricted()) {
|
||||
statuses.add(SERVER_UPDATE_PROHIBITED, SERVER_TRANSFER_PROHIBITED);
|
||||
}
|
||||
if (getReservationTypes(domainName).contains(NAME_COLLISION)) {
|
||||
statuses.add(SERVER_HOLD);
|
||||
entitiesToSave.add(
|
||||
|
|
|
|||
|
|
@ -32,10 +32,8 @@ import static google.registry.model.registry.Registry.TldState.GENERAL_AVAILABIL
|
|||
import static google.registry.model.registry.Registry.TldState.PREDELEGATION;
|
||||
import static google.registry.model.registry.Registry.TldState.START_DATE_SUNRISE;
|
||||
import static google.registry.model.registry.label.ReservationType.FULLY_BLOCKED;
|
||||
import static google.registry.model.registry.label.ReservationType.NAMESERVER_RESTRICTED;
|
||||
import static google.registry.model.registry.label.ReservationType.RESERVED_FOR_ANCHOR_TENANT;
|
||||
import static google.registry.model.registry.label.ReservationType.RESERVED_FOR_SPECIFIC_USE;
|
||||
import static google.registry.model.registry.label.ReservedList.getAllowedNameservers;
|
||||
import static google.registry.pricing.PricingEngineProxy.isDomainPremium;
|
||||
import static google.registry.util.CollectionUtils.nullToEmpty;
|
||||
import static google.registry.util.DateTimeUtils.END_OF_TIME;
|
||||
|
|
@ -344,12 +342,6 @@ public class DomainFlowUtils {
|
|||
throw new NameserversNotSpecifiedForTldWithNameserverWhitelistException(
|
||||
domainName.toString());
|
||||
}
|
||||
// For domains with a nameserver restricted reservation, they must have at least 1 nameserver.
|
||||
ImmutableSet<String> domainNameserversWhitelist = getAllowedNameservers(domainName);
|
||||
if (!domainNameserversWhitelist.isEmpty() && count == 0) {
|
||||
throw new NameserversNotSpecifiedForNameserverRestrictedDomainException(
|
||||
domainName.toString());
|
||||
}
|
||||
if (count > MAX_NAMESERVERS_PER_DOMAIN) {
|
||||
throw new TooManyNameserversException(
|
||||
String.format("Only %d nameservers are allowed per domain", MAX_NAMESERVERS_PER_DOMAIN));
|
||||
|
|
@ -424,34 +416,6 @@ public class DomainFlowUtils {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Validates if the requested nameservers can be set on the requested domain.
|
||||
*
|
||||
* @param domainName the domain to be created.
|
||||
* @param fullyQualifiedHostNames the set of nameservers to be set on the domain.
|
||||
* @throws EppException
|
||||
*/
|
||||
static void validateNameserversAllowedOnDomain(
|
||||
InternetDomainName domainName, Set<String> fullyQualifiedHostNames) throws EppException {
|
||||
ImmutableSet<ReservationType> reservationTypes = getReservationTypes(domainName);
|
||||
if (reservationTypes.contains(NAMESERVER_RESTRICTED)) {
|
||||
ImmutableSet<String> allowedNameservers = getAllowedNameservers(domainName);
|
||||
Set<String> disallowedNameservers = difference(fullyQualifiedHostNames, allowedNameservers);
|
||||
if (!disallowedNameservers.isEmpty()) {
|
||||
throw new NameserversNotAllowedForDomainException(disallowedNameservers);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/** Validates if the requested domain can be reated on a domain create restricted TLD. */
|
||||
static void validateDomainAllowedOnCreateRestrictedTld(InternetDomainName domainName)
|
||||
throws EppException {
|
||||
ImmutableSet<ReservationType> reservationTypes = getReservationTypes(domainName);
|
||||
if (!reservationTypes.contains(NAMESERVER_RESTRICTED)) {
|
||||
throw new DomainNotAllowedForTldWithCreateRestrictionException(domainName.toString());
|
||||
}
|
||||
}
|
||||
|
||||
static void verifyNotReserved(InternetDomainName domainName, boolean isSunrise)
|
||||
throws EppException {
|
||||
if (isReserved(domainName, isSunrise)) {
|
||||
|
|
@ -915,7 +879,6 @@ public class DomainFlowUtils {
|
|||
ImmutableSet<String> fullyQualifiedHostNames = command.getNameserverFullyQualifiedHostNames();
|
||||
validateNameserversCountForTld(tld, domainName, fullyQualifiedHostNames.size());
|
||||
validateNameserversAllowedOnTld(tld, fullyQualifiedHostNames);
|
||||
validateNameserversAllowedOnDomain(domainName, fullyQualifiedHostNames);
|
||||
}
|
||||
|
||||
/** Validate the secDNS extension, if present. */
|
||||
|
|
@ -1330,21 +1293,6 @@ public class DomainFlowUtils {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Requested domain does not have nameserver-restricted reservation for a TLD that requires such a
|
||||
* reservation to create domains.
|
||||
*/
|
||||
static class DomainNotAllowedForTldWithCreateRestrictionException
|
||||
extends StatusProhibitsOperationException {
|
||||
public DomainNotAllowedForTldWithCreateRestrictionException(String domainName) {
|
||||
super(
|
||||
String.format(
|
||||
"%s is not allowed without a nameserver-restricted reservation"
|
||||
+ " for a TLD that requires such reservation",
|
||||
domainName));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* The requested domain name is on the premium price list, and this registrar has blocked premium
|
||||
* registrations.
|
||||
|
|
@ -1437,17 +1385,6 @@ public class DomainFlowUtils {
|
|||
}
|
||||
}
|
||||
|
||||
/** Nameservers are not whitelisted for this domain. */
|
||||
public static class NameserversNotAllowedForDomainException
|
||||
extends StatusProhibitsOperationException {
|
||||
public NameserversNotAllowedForDomainException(Set<String> fullyQualifiedHostNames) {
|
||||
super(
|
||||
String.format(
|
||||
"Nameservers '%s' are not whitelisted for this domain",
|
||||
Joiner.on(',').join(fullyQualifiedHostNames)));
|
||||
}
|
||||
}
|
||||
|
||||
/** Nameservers not specified for domain on TLD with nameserver whitelist. */
|
||||
public static class NameserversNotSpecifiedForTldWithNameserverWhitelistException
|
||||
extends StatusProhibitsOperationException {
|
||||
|
|
@ -1460,18 +1397,6 @@ public class DomainFlowUtils {
|
|||
}
|
||||
}
|
||||
|
||||
/** Nameservers not specified for domain with nameserver-restricted reservation. */
|
||||
public static class NameserversNotSpecifiedForNameserverRestrictedDomainException
|
||||
extends StatusProhibitsOperationException {
|
||||
public NameserversNotSpecifiedForNameserverRestrictedDomainException(String domain) {
|
||||
super(
|
||||
String.format(
|
||||
"At least one nameserver must be specified for domain %s"
|
||||
+ " on a TLD with nameserver restriction",
|
||||
domain));
|
||||
}
|
||||
}
|
||||
|
||||
/** Command is not allowed in the current registry phase. */
|
||||
public static class BadCommandForRegistryPhaseException extends CommandUseErrorException {
|
||||
public BadCommandForRegistryPhaseException() {
|
||||
|
|
|
|||
|
|
@ -29,10 +29,8 @@ import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToT
|
|||
import static google.registry.flows.domain.DomainFlowUtils.cloneAndLinkReferences;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.updateDsData;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.validateContactsHaveTypes;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.validateDomainAllowedOnCreateRestrictedTld;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.validateDsData;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.validateFeesAckedIfPresent;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.validateNameserversAllowedOnDomain;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.validateNameserversAllowedOnTld;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.validateNameserversCountForTld;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.validateNoDuplicateContacts;
|
||||
|
|
@ -41,7 +39,6 @@ import static google.registry.flows.domain.DomainFlowUtils.validateRequiredConta
|
|||
import static google.registry.flows.domain.DomainFlowUtils.verifyClientUpdateNotProhibited;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.verifyNotInPendingDelete;
|
||||
import static google.registry.model.ofy.ObjectifyService.ofy;
|
||||
import static google.registry.util.CollectionUtils.nullToEmpty;
|
||||
|
||||
import com.google.common.collect.ImmutableSet;
|
||||
import com.google.common.net.InternetDomainName;
|
||||
|
|
@ -112,9 +109,6 @@ import org.joda.time.DateTime;
|
|||
* @error {@link DomainFlowUtils.MissingRegistrantException}
|
||||
* @error {@link DomainFlowUtils.NameserversNotAllowedForTldException}
|
||||
* @error {@link DomainFlowUtils.NameserversNotSpecifiedForTldWithNameserverWhitelistException}
|
||||
* @error {@link DomainFlowUtils.NameserversNotAllowedForDomainException}
|
||||
* @error {@link DomainFlowUtils.NameserversNotSpecifiedForNameserverRestrictedDomainException}
|
||||
* @error {@link DomainFlowUtils.DomainNotAllowedForTldWithCreateRestrictionException}
|
||||
* @error {@link DomainFlowUtils.NotAuthorizedForTldException}
|
||||
* @error {@link DomainFlowUtils.RegistrantNotAllowedException}
|
||||
* @error {@link DomainFlowUtils.SecDnsAllUsageException}
|
||||
|
|
@ -216,13 +210,6 @@ public final class DomainUpdateFlow implements TransactionalFlow {
|
|||
validateRegistrantAllowedOnTld(tld, command.getInnerChange().getRegistrantContactId());
|
||||
validateNameserversAllowedOnTld(
|
||||
tld, add.getNameserverFullyQualifiedHostNames());
|
||||
InternetDomainName domainName =
|
||||
InternetDomainName.from(existingDomain.getFullyQualifiedDomainName());
|
||||
if (registry.getDomainCreateRestricted()) {
|
||||
validateDomainAllowedOnCreateRestrictedTld(domainName);
|
||||
}
|
||||
validateNameserversAllowedOnDomain(
|
||||
domainName, nullToEmpty(add.getNameserverFullyQualifiedHostNames()));
|
||||
}
|
||||
|
||||
private HistoryEntry buildHistoryEntry(DomainBase existingDomain, DateTime now) {
|
||||
|
|
@ -262,11 +249,6 @@ public final class DomainUpdateFlow implements TransactionalFlow {
|
|||
.removeContacts(remove.getContacts())
|
||||
.setRegistrant(firstNonNull(change.getRegistrant(), domain.getRegistrant()))
|
||||
.setAuthInfo(firstNonNull(change.getAuthInfo(), domain.getAuthInfo()));
|
||||
if (Registry.get(domain.getTld()).getDomainCreateRestricted()) {
|
||||
domainBuilder
|
||||
.addStatusValue(StatusValue.SERVER_TRANSFER_PROHIBITED)
|
||||
.addStatusValue(StatusValue.SERVER_UPDATE_PROHIBITED);
|
||||
}
|
||||
return domainBuilder.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -55,7 +55,6 @@ import google.registry.model.common.TimedTransitionProperty.TimedTransition;
|
|||
import google.registry.model.domain.fee.BaseFee.FeeType;
|
||||
import google.registry.model.domain.fee.Fee;
|
||||
import google.registry.model.registry.label.PremiumList;
|
||||
import google.registry.model.registry.label.ReservationType;
|
||||
import google.registry.model.registry.label.ReservedList;
|
||||
import google.registry.util.Idn;
|
||||
import java.util.Optional;
|
||||
|
|
@ -329,12 +328,6 @@ public class Registry extends ImmutableObject implements Buildable {
|
|||
/** Whether the pull queue that writes to authoritative DNS is paused for this TLD. */
|
||||
boolean dnsPaused = DEFAULT_DNS_PAUSED;
|
||||
|
||||
/**
|
||||
* Whether only domains with {@link ReservationType#NAMESERVER_RESTRICTED} reservation type in a
|
||||
* reserved list can be registered on this TLD.
|
||||
*/
|
||||
boolean domainCreateRestricted;
|
||||
|
||||
/**
|
||||
* The length of the add grace period for this TLD.
|
||||
*
|
||||
|
|
@ -454,13 +447,6 @@ public class Registry extends ImmutableObject implements Buildable {
|
|||
return driveFolderId;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns true if only domains with nameserver restricted reservation on this TLD can be created.
|
||||
*/
|
||||
public boolean getDomainCreateRestricted() {
|
||||
return domainCreateRestricted;
|
||||
}
|
||||
|
||||
public Duration getAddGracePeriodLength() {
|
||||
return addGracePeriodLength;
|
||||
}
|
||||
|
|
@ -646,11 +632,6 @@ public class Registry extends ImmutableObject implements Buildable {
|
|||
return this;
|
||||
}
|
||||
|
||||
public Builder setDomainCreateRestricted(boolean domainCreateRestricted) {
|
||||
getInstance().domainCreateRestricted = domainCreateRestricted;
|
||||
return this;
|
||||
}
|
||||
|
||||
public Builder setPremiumPricingEngine(String pricingEngineClass) {
|
||||
getInstance().pricingEngineClassName = checkArgumentNotNull(pricingEngineClass);
|
||||
return this;
|
||||
|
|
|
|||
|
|
@ -34,33 +34,32 @@ public enum ReservationType {
|
|||
// label has multiple reservation types, its message is the that of the one with the highest
|
||||
// severity.
|
||||
|
||||
/** Nameservers on the domain are restricted to a given set. */
|
||||
NAMESERVER_RESTRICTED("Nameserver restricted", 0),
|
||||
|
||||
/** The domain can only be registered during sunrise, and is reserved thereafter. */
|
||||
ALLOWED_IN_SUNRISE("Reserved", 1),
|
||||
ALLOWED_IN_SUNRISE("Reserved", 0),
|
||||
|
||||
/** The domain can only be registered by providing a specific token. */
|
||||
RESERVED_FOR_SPECIFIC_USE("Reserved", 2),
|
||||
RESERVED_FOR_SPECIFIC_USE("Reserved", 1),
|
||||
|
||||
/** The domain is for an anchor tenant and can only be registered using a specific token. */
|
||||
RESERVED_FOR_ANCHOR_TENANT("Reserved", 3),
|
||||
RESERVED_FOR_ANCHOR_TENANT("Reserved", 2),
|
||||
|
||||
/**
|
||||
* The domain can only be registered during sunrise for defensive purposes, and will never
|
||||
* resolve.
|
||||
*/
|
||||
NAME_COLLISION("Cannot be delegated", 4),
|
||||
NAME_COLLISION("Cannot be delegated", 3),
|
||||
|
||||
/** The domain can never be registered. */
|
||||
FULLY_BLOCKED("Reserved", 5);
|
||||
FULLY_BLOCKED("Reserved", 4);
|
||||
|
||||
@Nullable
|
||||
private final String messageForCheck;
|
||||
|
||||
ReservationType(@Nullable String messageForCheck, int severity) {
|
||||
this.messageForCheck = messageForCheck;
|
||||
checkState(ordinal() == severity);
|
||||
checkState(
|
||||
ordinal() == severity,
|
||||
"ReservationType enum values aren't defined in severity order");
|
||||
}
|
||||
|
||||
@Nullable
|
||||
|
|
|
|||
|
|
@ -21,20 +21,16 @@ import static google.registry.config.RegistryConfig.getDomainLabelListCacheDurat
|
|||
import static google.registry.model.common.EntityGroupRoot.getCrossTldKey;
|
||||
import static google.registry.model.ofy.ObjectifyService.ofy;
|
||||
import static google.registry.model.registry.label.ReservationType.FULLY_BLOCKED;
|
||||
import static google.registry.model.registry.label.ReservationType.NAMESERVER_RESTRICTED;
|
||||
import static google.registry.util.CollectionUtils.nullToEmpty;
|
||||
import static java.util.concurrent.TimeUnit.MILLISECONDS;
|
||||
import static org.joda.time.DateTimeZone.UTC;
|
||||
|
||||
import com.google.common.base.Joiner;
|
||||
import com.google.common.base.Splitter;
|
||||
import com.google.common.cache.CacheBuilder;
|
||||
import com.google.common.cache.CacheLoader;
|
||||
import com.google.common.cache.LoadingCache;
|
||||
import com.google.common.collect.ImmutableMap;
|
||||
import com.google.common.collect.ImmutableSet;
|
||||
import com.google.common.collect.Sets;
|
||||
import com.google.common.net.InternetDomainName;
|
||||
import com.google.common.util.concurrent.UncheckedExecutionException;
|
||||
import com.googlecode.objectify.Key;
|
||||
import com.googlecode.objectify.annotation.Embed;
|
||||
|
|
@ -47,7 +43,6 @@ import google.registry.model.registry.label.DomainLabelMetrics.MetricsReservedLi
|
|||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Optional;
|
||||
import java.util.Set;
|
||||
import java.util.concurrent.ExecutionException;
|
||||
import javax.annotation.Nullable;
|
||||
import org.joda.time.DateTime;
|
||||
|
|
@ -74,18 +69,6 @@ public final class ReservedList
|
|||
|
||||
ReservationType reservationType;
|
||||
|
||||
/**
|
||||
* Contains a comma-delimited list of the fully qualified hostnames of the nameservers that can
|
||||
* be set on a domain with this label (only applicable to NAMESERVER_RESTRICTED).
|
||||
*
|
||||
* <p>A String field is persisted because Objectify 4 does not allow multi-dimensional
|
||||
* collections in embedded entities.
|
||||
*
|
||||
* @see <a
|
||||
* href="https://github.com/objectify/objectify-legacy-wiki/blob/v4/Entities.wiki#embedding.">Embedding</a>
|
||||
*/
|
||||
String allowedNameservers;
|
||||
|
||||
/** Mapper for use with @Mapify */
|
||||
static class LabelMapper implements Mapper<String, ReservedListEntry> {
|
||||
|
||||
|
|
@ -95,41 +78,14 @@ public final class ReservedList
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a {@link ReservedListEntry} from label, reservation type, and optionally additional
|
||||
* restrictions
|
||||
*
|
||||
* <p>The additional restricitno can be the authCode for anchor tenant or the allowed
|
||||
* nameservers (in a colon-separated string) for nameserver-restricted domains.
|
||||
*/
|
||||
/** Creates a {@link ReservedListEntry} from a label, reservation type, and optional comment. */
|
||||
public static ReservedListEntry create(
|
||||
String label,
|
||||
ReservationType reservationType,
|
||||
@Nullable String allowedNameservers,
|
||||
@Nullable String comment) {
|
||||
ReservedListEntry.Builder entry =
|
||||
new ReservedListEntry.Builder()
|
||||
String label, ReservationType reservationType, @Nullable String comment) {
|
||||
return new ReservedListEntry.Builder()
|
||||
.setLabel(label)
|
||||
.setReservationType(reservationType)
|
||||
.setComment(comment)
|
||||
.setReservationType(reservationType);
|
||||
checkArgument(
|
||||
(reservationType == NAMESERVER_RESTRICTED) ^ (allowedNameservers == null),
|
||||
"Allowed nameservers must be specified for NAMESERVER_RESTRICTED reservations only");
|
||||
if (allowedNameservers != null) {
|
||||
entry.setAllowedNameservers(
|
||||
ImmutableSet.copyOf(Splitter.on(':').trimResults().split(allowedNameservers)));
|
||||
}
|
||||
return entry.build();
|
||||
}
|
||||
|
||||
private static void checkNameserversAreValid(Set<String> nameservers) {
|
||||
// A domain name with fewer than two parts cannot be a hostname, as a nameserver should be.
|
||||
nameservers.forEach(
|
||||
(ns) ->
|
||||
checkArgument(
|
||||
InternetDomainName.from(ns).parts().size() >= 3,
|
||||
"%s is not a valid nameserver hostname",
|
||||
ns));
|
||||
.build();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -137,10 +93,6 @@ public final class ReservedList
|
|||
return reservationType;
|
||||
}
|
||||
|
||||
public ImmutableSet<String> getAllowedNameservers() {
|
||||
return ImmutableSet.copyOf(Splitter.on(',').splitToList(allowedNameservers));
|
||||
}
|
||||
|
||||
@Override
|
||||
public ReservedListEntry.Builder asBuilder() {
|
||||
return new ReservedListEntry.Builder(clone(this));
|
||||
|
|
@ -156,12 +108,6 @@ public final class ReservedList
|
|||
super(instance);
|
||||
}
|
||||
|
||||
ReservedListEntry.Builder setAllowedNameservers(Set<String> allowedNameservers) {
|
||||
checkNameserversAreValid(allowedNameservers);
|
||||
getInstance().allowedNameservers = Joiner.on(',').join(allowedNameservers);
|
||||
return this;
|
||||
}
|
||||
|
||||
ReservedListEntry.Builder setReservationType(ReservationType reservationType) {
|
||||
getInstance().reservationType = reservationType;
|
||||
return this;
|
||||
|
|
@ -225,22 +171,6 @@ public final class ReservedList
|
|||
.collect(toImmutableSet());
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the set of nameservers that can be set on the given domain.
|
||||
*
|
||||
* <p>The allowed nameservers are the intersection of all allowed nameservers for the given domain
|
||||
* across all reserved lists. Returns an empty set if not applicable, i. e. the label for the
|
||||
* domain is not set with {@code NAMESERVER_RESTRICTED} reservation type.
|
||||
*/
|
||||
public static ImmutableSet<String> getAllowedNameservers(InternetDomainName domainName) {
|
||||
return getReservedListEntries(domainName.parts().get(0), domainName.parent().toString())
|
||||
.stream()
|
||||
.filter((entry) -> entry.reservationType == NAMESERVER_RESTRICTED)
|
||||
.map(ReservedListEntry::getAllowedNameservers)
|
||||
.reduce((types1, types2) -> Sets.intersection(types1, types2).immutableCopy())
|
||||
.orElse(ImmutableSet.of());
|
||||
}
|
||||
|
||||
/**
|
||||
* Helper function to retrieve the entries associated with this label and TLD, or an empty set if
|
||||
* no such entry exists.
|
||||
|
|
@ -327,8 +257,7 @@ public final class ReservedList
|
|||
"Could not parse line in reserved list: %s", originalLine);
|
||||
String label = parts.get(0);
|
||||
ReservationType reservationType = ReservationType.valueOf(parts.get(1));
|
||||
String restrictions = (parts.size() > 2) ? parts.get(2) : null;
|
||||
return ReservedListEntry.create(label, reservationType, restrictions, comment);
|
||||
return ReservedListEntry.create(label, reservationType, comment);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -197,14 +197,6 @@ abstract class CreateOrUpdateTldCommand extends MutatingCommand {
|
|||
description = "Override restrictions on reserved list naming")
|
||||
boolean overrideReservedListRules;
|
||||
|
||||
@Nullable
|
||||
@Parameter(
|
||||
names = {"--domain_create_restricted"},
|
||||
description = "If only domains with nameserver restricted reservation can be created",
|
||||
arity = 1
|
||||
)
|
||||
Boolean domainCreateRestricted;
|
||||
|
||||
@Nullable
|
||||
@Parameter(
|
||||
names = "--claims_period_end",
|
||||
|
|
@ -331,7 +323,6 @@ abstract class CreateOrUpdateTldCommand extends MutatingCommand {
|
|||
Optional.ofNullable(tldType).ifPresent(builder::setTldType);
|
||||
Optional.ofNullable(lordnUsername).ifPresent(u -> builder.setLordnUsername(u.orElse(null)));
|
||||
Optional.ofNullable(claimsPeriodEnd).ifPresent(builder::setClaimsPeriodEnd);
|
||||
Optional.ofNullable(domainCreateRestricted).ifPresent(builder::setDomainCreateRestricted);
|
||||
Optional.ofNullable(numDnsPublishShards).ifPresent(builder::setNumDnsPublishLocks);
|
||||
|
||||
if (premiumListName != null) {
|
||||
|
|
|
|||
|
|
@ -23,11 +23,8 @@ import static google.registry.model.billing.BillingEvent.Flag.SUNRISE;
|
|||
import static google.registry.model.domain.fee.Fee.FEE_EXTENSION_URIS;
|
||||
import static google.registry.model.domain.token.AllocationToken.TokenType.SINGLE_USE;
|
||||
import static google.registry.model.domain.token.AllocationToken.TokenType.UNLIMITED_USE;
|
||||
import static google.registry.model.eppcommon.StatusValue.OK;
|
||||
import static google.registry.model.eppcommon.StatusValue.PENDING_DELETE;
|
||||
import static google.registry.model.eppcommon.StatusValue.SERVER_HOLD;
|
||||
import static google.registry.model.eppcommon.StatusValue.SERVER_TRANSFER_PROHIBITED;
|
||||
import static google.registry.model.eppcommon.StatusValue.SERVER_UPDATE_PROHIBITED;
|
||||
import static google.registry.model.ofy.ObjectifyService.ofy;
|
||||
import static google.registry.model.registry.Registry.TldState.GENERAL_AVAILABILITY;
|
||||
import static google.registry.model.registry.Registry.TldState.PREDELEGATION;
|
||||
|
|
@ -92,7 +89,6 @@ import google.registry.flows.domain.DomainFlowUtils.CurrencyValueScaleException;
|
|||
import google.registry.flows.domain.DomainFlowUtils.DashesInThirdAndFourthException;
|
||||
import google.registry.flows.domain.DomainFlowUtils.DomainLabelTooLongException;
|
||||
import google.registry.flows.domain.DomainFlowUtils.DomainNameExistsAsTldException;
|
||||
import google.registry.flows.domain.DomainFlowUtils.DomainNotAllowedForTldWithCreateRestrictionException;
|
||||
import google.registry.flows.domain.DomainFlowUtils.DomainReservedException;
|
||||
import google.registry.flows.domain.DomainFlowUtils.DuplicateContactForRoleException;
|
||||
import google.registry.flows.domain.DomainFlowUtils.EmptyDomainNamePartException;
|
||||
|
|
@ -117,9 +113,7 @@ import google.registry.flows.domain.DomainFlowUtils.MissingClaimsNoticeException
|
|||
import google.registry.flows.domain.DomainFlowUtils.MissingContactTypeException;
|
||||
import google.registry.flows.domain.DomainFlowUtils.MissingRegistrantException;
|
||||
import google.registry.flows.domain.DomainFlowUtils.MissingTechnicalContactException;
|
||||
import google.registry.flows.domain.DomainFlowUtils.NameserversNotAllowedForDomainException;
|
||||
import google.registry.flows.domain.DomainFlowUtils.NameserversNotAllowedForTldException;
|
||||
import google.registry.flows.domain.DomainFlowUtils.NameserversNotSpecifiedForNameserverRestrictedDomainException;
|
||||
import google.registry.flows.domain.DomainFlowUtils.NameserversNotSpecifiedForTldWithNameserverWhitelistException;
|
||||
import google.registry.flows.domain.DomainFlowUtils.NotAuthorizedForTldException;
|
||||
import google.registry.flows.domain.DomainFlowUtils.PremiumNameBlockedException;
|
||||
|
|
@ -1788,194 +1782,6 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase<DomainCreateFlow,
|
|||
doSuccessfulTest();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSuccess_domainNameserverRestricted_allNameserversAllowed() throws Exception {
|
||||
persistContactsAndHosts();
|
||||
persistResource(
|
||||
Registry.get("tld")
|
||||
.asBuilder()
|
||||
.setReservedLists(
|
||||
persistReservedList(
|
||||
"reserved",
|
||||
"example,NAMESERVER_RESTRICTED,"
|
||||
+ "ns1.example.net:ns2.example.net:ns3.example.net"))
|
||||
.build());
|
||||
doSuccessfulTest();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testFailure_domainNameserverRestricted_noNameservers() {
|
||||
setEppInput("domain_create_no_hosts_or_dsdata.xml", ImmutableMap.of("DOMAIN", "example.tld"));
|
||||
persistContactsAndHosts();
|
||||
persistResource(
|
||||
Registry.get("tld")
|
||||
.asBuilder()
|
||||
.setReservedLists(
|
||||
persistReservedList(
|
||||
"reserved",
|
||||
"example,NAMESERVER_RESTRICTED,"
|
||||
+ "ns1.example.net:ns2.example.net:ns3.example.net"))
|
||||
.build());
|
||||
EppException thrown =
|
||||
assertThrows(
|
||||
NameserversNotSpecifiedForNameserverRestrictedDomainException.class, this::runFlow);
|
||||
assertAboutEppExceptions().that(thrown).marshalsToXml();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testFailure_domainNameserverRestricted_someNameserversDisallowed() {
|
||||
persistContactsAndHosts();
|
||||
persistResource(
|
||||
Registry.get("tld")
|
||||
.asBuilder()
|
||||
.setReservedLists(
|
||||
persistReservedList(
|
||||
"reserved", "example,NAMESERVER_RESTRICTED,ns2.example.net:ns3.example.net"))
|
||||
.build());
|
||||
NameserversNotAllowedForDomainException thrown =
|
||||
assertThrows(NameserversNotAllowedForDomainException.class, this::runFlow);
|
||||
assertThat(thrown).hasMessageThat().contains("ns1.example.net");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testFailure_domainCreateRestricted_domainNotReserved() {
|
||||
persistContactsAndHosts();
|
||||
persistResource(
|
||||
Registry.get("tld")
|
||||
.asBuilder()
|
||||
.setDomainCreateRestricted(true)
|
||||
.setReservedLists(
|
||||
persistReservedList(
|
||||
"reserved", "lol,NAMESERVER_RESTRICTED,ns1.example.net:ns2.example.net"))
|
||||
.build());
|
||||
DomainNotAllowedForTldWithCreateRestrictionException thrown =
|
||||
assertThrows(DomainNotAllowedForTldWithCreateRestrictionException.class, this::runFlow);
|
||||
assertThat(thrown).hasMessageThat().contains("example.tld");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSuccess_domainCreateNotRestricted_domainNotReserved() throws Exception {
|
||||
persistContactsAndHosts();
|
||||
persistResource(
|
||||
Registry.get("tld")
|
||||
.asBuilder()
|
||||
.setReservedLists(
|
||||
persistReservedList(
|
||||
"reserved", "lol,NAMESERVER_RESTRICTED,ns1.example.net:ns2.example.net"))
|
||||
.build());
|
||||
doSuccessfulTest();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSuccess_tldAndDomainNameserversWhitelistBothSatisfied() throws Exception {
|
||||
persistContactsAndHosts();
|
||||
persistResource(
|
||||
Registry.get("tld")
|
||||
.asBuilder()
|
||||
.setDomainCreateRestricted(true)
|
||||
.setAllowedFullyQualifiedHostNames(
|
||||
ImmutableSet.of("ns1.example.net", "ns2.example.net", "ns3.example.net"))
|
||||
.setReservedLists(
|
||||
persistReservedList(
|
||||
"reserved",
|
||||
"example,NAMESERVER_RESTRICTED,"
|
||||
+ "ns1.example.net:ns2.example.net:ns4.example.net"))
|
||||
.build());
|
||||
doSuccessfulTest();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testFailure_domainNameserversAllowed_tldNameserversDisallowed() {
|
||||
persistContactsAndHosts();
|
||||
persistResource(
|
||||
Registry.get("tld")
|
||||
.asBuilder()
|
||||
.setAllowedFullyQualifiedHostNames(
|
||||
ImmutableSet.of("ns2.example.net", "ns3.example.net", "ns4.example.net"))
|
||||
.setReservedLists(
|
||||
persistReservedList(
|
||||
"reserved",
|
||||
"example,NAMESERVER_RESTRICTED,"
|
||||
+ "ns1.example.net:ns2.example.net:ns3.example.net"))
|
||||
.build());
|
||||
NameserversNotAllowedForTldException thrown =
|
||||
assertThrows(NameserversNotAllowedForTldException.class, this::runFlow);
|
||||
assertThat(thrown).hasMessageThat().contains("ns1.example.net");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testFailure_domainNameserversDisallowed_tldNameserversAllowed() {
|
||||
persistContactsAndHosts();
|
||||
persistResource(
|
||||
Registry.get("tld")
|
||||
.asBuilder()
|
||||
.setAllowedFullyQualifiedHostNames(
|
||||
ImmutableSet.of("ns1.example.net", "ns2.example.net", "ns3.example.net"))
|
||||
.setReservedLists(
|
||||
persistReservedList(
|
||||
"reserved",
|
||||
"example,NAMESERVER_RESTRICTED,"
|
||||
+ "ns2.example.net:ns3.example.net:ns4.example.net"))
|
||||
.build());
|
||||
NameserversNotAllowedForDomainException thrown =
|
||||
assertThrows(NameserversNotAllowedForDomainException.class, this::runFlow);
|
||||
assertThat(thrown).hasMessageThat().contains("ns1.example.net");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testFailure_tldNameserversAllowed_domainCreateRestricted_domainNotReserved() {
|
||||
persistContactsAndHosts();
|
||||
persistResource(
|
||||
Registry.get("tld")
|
||||
.asBuilder()
|
||||
.setDomainCreateRestricted(true)
|
||||
.setAllowedFullyQualifiedHostNames(
|
||||
ImmutableSet.of("ns1.example.net", "ns2.example.net", "ns3.example.net"))
|
||||
.setReservedLists(
|
||||
persistReservedList(
|
||||
"reserved",
|
||||
"lol,NAMESERVER_RESTRICTED,"
|
||||
+ "ns1.example.net:ns2.example.net:ns3.example.net"))
|
||||
.build());
|
||||
DomainNotAllowedForTldWithCreateRestrictionException thrown =
|
||||
assertThrows(DomainNotAllowedForTldWithCreateRestrictionException.class, this::runFlow);
|
||||
assertThat(thrown).hasMessageThat().contains("example.tld");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSuccess_domainCreateRestricted_serverStatusSet() throws Exception {
|
||||
persistContactsAndHosts();
|
||||
persistResource(
|
||||
Registry.get("tld")
|
||||
.asBuilder()
|
||||
.setDomainCreateRestricted(true)
|
||||
.setReservedLists(
|
||||
persistReservedList(
|
||||
"reserved",
|
||||
"example,NAMESERVER_RESTRICTED,"
|
||||
+ "ns1.example.net:ns2.example.net:ns3.example.net"))
|
||||
.build());
|
||||
doSuccessfulTest();
|
||||
assertThat(reloadResourceByForeignKey().getStatusValues())
|
||||
.containsExactly(SERVER_UPDATE_PROHIBITED, SERVER_TRANSFER_PROHIBITED);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSuccess_domainCreateNotRestricted_serverStatusNotSet() throws Exception {
|
||||
persistContactsAndHosts();
|
||||
persistResource(
|
||||
Registry.get("tld")
|
||||
.asBuilder()
|
||||
.setReservedLists(
|
||||
persistReservedList(
|
||||
"reserved",
|
||||
"example,NAMESERVER_RESTRICTED,"
|
||||
+ "ns1.example.net:ns2.example.net:ns3.example.net"))
|
||||
.build());
|
||||
doSuccessfulTest();
|
||||
assertThat(reloadResourceByForeignKey().getStatusValues()).containsExactly(OK);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testFailure_eapFee_combined() {
|
||||
setEppInput("domain_create_eap_combined_fee.xml", ImmutableMap.of("FEE_VERSION", "0.6"));
|
||||
|
|
|
|||
|
|
@ -31,7 +31,6 @@ import static google.registry.testing.DatastoreHelper.persistActiveDomain;
|
|||
import static google.registry.testing.DatastoreHelper.persistActiveHost;
|
||||
import static google.registry.testing.DatastoreHelper.persistActiveSubordinateHost;
|
||||
import static google.registry.testing.DatastoreHelper.persistDeletedDomain;
|
||||
import static google.registry.testing.DatastoreHelper.persistReservedList;
|
||||
import static google.registry.testing.DatastoreHelper.persistResource;
|
||||
import static google.registry.testing.DomainBaseSubject.assertAboutDomains;
|
||||
import static google.registry.testing.EppExceptionSubject.assertAboutEppExceptions;
|
||||
|
|
@ -53,7 +52,6 @@ import google.registry.flows.ResourceFlowUtils.AddRemoveSameValueException;
|
|||
import google.registry.flows.ResourceFlowUtils.ResourceDoesNotExistException;
|
||||
import google.registry.flows.ResourceFlowUtils.ResourceNotOwnedException;
|
||||
import google.registry.flows.ResourceFlowUtils.StatusNotClientSettableException;
|
||||
import google.registry.flows.domain.DomainFlowUtils.DomainNotAllowedForTldWithCreateRestrictionException;
|
||||
import google.registry.flows.domain.DomainFlowUtils.DuplicateContactForRoleException;
|
||||
import google.registry.flows.domain.DomainFlowUtils.EmptySecDnsUpdateException;
|
||||
import google.registry.flows.domain.DomainFlowUtils.FeesMismatchException;
|
||||
|
|
@ -65,9 +63,7 @@ import google.registry.flows.domain.DomainFlowUtils.MissingAdminContactException
|
|||
import google.registry.flows.domain.DomainFlowUtils.MissingContactTypeException;
|
||||
import google.registry.flows.domain.DomainFlowUtils.MissingRegistrantException;
|
||||
import google.registry.flows.domain.DomainFlowUtils.MissingTechnicalContactException;
|
||||
import google.registry.flows.domain.DomainFlowUtils.NameserversNotAllowedForDomainException;
|
||||
import google.registry.flows.domain.DomainFlowUtils.NameserversNotAllowedForTldException;
|
||||
import google.registry.flows.domain.DomainFlowUtils.NameserversNotSpecifiedForNameserverRestrictedDomainException;
|
||||
import google.registry.flows.domain.DomainFlowUtils.NameserversNotSpecifiedForTldWithNameserverWhitelistException;
|
||||
import google.registry.flows.domain.DomainFlowUtils.NotAuthorizedForTldException;
|
||||
import google.registry.flows.domain.DomainFlowUtils.RegistrantNotAllowedException;
|
||||
|
|
@ -1157,7 +1153,8 @@ public class DomainUpdateFlowTest extends ResourceFlowTestCase<DomainUpdateFlow,
|
|||
}
|
||||
|
||||
@Test
|
||||
public void testFailure_newNameserverNotWhitelisted() throws Exception {
|
||||
public void testFailure_addedNameserverDisallowedInTld()
|
||||
throws Exception {
|
||||
persistReferencedEntities();
|
||||
persistDomain();
|
||||
persistResource(
|
||||
|
|
@ -1165,8 +1162,9 @@ public class DomainUpdateFlowTest extends ResourceFlowTestCase<DomainUpdateFlow,
|
|||
.asBuilder()
|
||||
.setAllowedFullyQualifiedHostNames(ImmutableSet.of("ns1.example.foo"))
|
||||
.build());
|
||||
clock.advanceOneMilli();
|
||||
EppException thrown = assertThrows(NameserversNotAllowedForTldException.class, this::runFlow);
|
||||
NameserversNotAllowedForTldException thrown =
|
||||
assertThrows(NameserversNotAllowedForTldException.class, this::runFlow);
|
||||
assertThat(thrown).hasMessageThat().contains("ns2.example.foo");
|
||||
assertAboutEppExceptions().that(thrown).marshalsToXml();
|
||||
}
|
||||
|
||||
|
|
@ -1299,226 +1297,6 @@ public class DomainUpdateFlowTest extends ResourceFlowTestCase<DomainUpdateFlow,
|
|||
assertAboutEppExceptions().that(thrown).marshalsToXml();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSuccess_domainNameserverRestricted_addedNameserverAllowed() throws Exception {
|
||||
persistReferencedEntities();
|
||||
persistDomain();
|
||||
persistResource(
|
||||
Registry.get("tld")
|
||||
.asBuilder()
|
||||
.setReservedLists(
|
||||
persistReservedList(
|
||||
"reserved", "example,NAMESERVER_RESTRICTED,ns1.example.foo:ns2.example.foo"))
|
||||
.build());
|
||||
doSuccessfulTest();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testFailure_domainNameserverRestricted_addedNameserverDisallowed() throws Exception {
|
||||
persistReferencedEntities();
|
||||
persistDomain();
|
||||
persistResource(
|
||||
Registry.get("tld")
|
||||
.asBuilder()
|
||||
.setReservedLists(
|
||||
persistReservedList(
|
||||
"reserved", "example,NAMESERVER_RESTRICTED,ns1.example.foo:ns3.example.foo"))
|
||||
.build());
|
||||
NameserversNotAllowedForDomainException thrown =
|
||||
assertThrows(NameserversNotAllowedForDomainException.class, this::runFlow);
|
||||
assertThat(thrown).hasMessageThat().contains("ns2.example.foo");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testFailure_domainNameserverRestricted_removeLastNameserver() throws Exception {
|
||||
persistReferencedEntities();
|
||||
persistDomain();
|
||||
setEppInput("domain_update_remove_nameserver.xml");
|
||||
persistResource(
|
||||
Registry.get("tld")
|
||||
.asBuilder()
|
||||
.setReservedLists(
|
||||
persistReservedList(
|
||||
"reserved", "example,NAMESERVER_RESTRICTED,ns1.example.foo:ns2.example.foo"))
|
||||
.build());
|
||||
EppException thrown =
|
||||
assertThrows(
|
||||
NameserversNotSpecifiedForNameserverRestrictedDomainException.class, this::runFlow);
|
||||
assertAboutEppExceptions().that(thrown).marshalsToXml();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSuccess_domainNameserverRestricted_removeNameservers() throws Exception {
|
||||
setEppInput("domain_update_remove_nameserver.xml");
|
||||
persistReferencedEntities();
|
||||
persistDomain();
|
||||
persistResource(
|
||||
reloadResourceByForeignKey()
|
||||
.asBuilder()
|
||||
.addNameserver(
|
||||
Key.create(
|
||||
loadByForeignKey(HostResource.class, "ns2.example.foo", clock.nowUtc()).get()))
|
||||
.build());
|
||||
persistResource(
|
||||
Registry.get("tld")
|
||||
.asBuilder()
|
||||
.setReservedLists(
|
||||
persistReservedList(
|
||||
"reserved", "example,NAMESERVER_RESTRICTED,ns1.example.foo:ns2.example.foo"))
|
||||
.build());
|
||||
assertThat(reloadResourceByForeignKey().getNameservers())
|
||||
.contains(
|
||||
Key.create(
|
||||
loadByForeignKey(HostResource.class, "ns1.example.foo", clock.nowUtc()).get()));
|
||||
clock.advanceOneMilli();
|
||||
runFlow();
|
||||
assertThat(reloadResourceByForeignKey().getNameservers())
|
||||
.doesNotContain(
|
||||
Key.create(
|
||||
loadByForeignKey(HostResource.class, "ns1.example.foo", clock.nowUtc()).get()));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSuccess_domainCreateRestricted_addedNameserverNotAllowed() throws Exception {
|
||||
persistReferencedEntities();
|
||||
persistDomain();
|
||||
persistResource(
|
||||
Registry.get("tld")
|
||||
.asBuilder()
|
||||
.setReservedLists(
|
||||
persistReservedList(
|
||||
"reserved", "example,NAMESERVER_RESTRICTED,ns1.example.foo:ns3.example.foo"))
|
||||
.build());
|
||||
NameserversNotAllowedForDomainException thrown =
|
||||
assertThrows(NameserversNotAllowedForDomainException.class, this::runFlow);
|
||||
assertThat(thrown).hasMessageThat().contains("ns2.example.foo");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSuccess_addedNameserversAllowedInTldAndDomainNameserversWhitelists()
|
||||
throws Exception {
|
||||
persistReferencedEntities();
|
||||
persistDomain();
|
||||
persistResource(
|
||||
Registry.get("tld")
|
||||
.asBuilder()
|
||||
.setAllowedFullyQualifiedHostNames(
|
||||
ImmutableSet.of("ns1.example.foo", "ns2.example.foo"))
|
||||
.setReservedLists(
|
||||
persistReservedList(
|
||||
"reserved", "example,NAMESERVER_RESTRICTED,ns1.example.foo:ns2.example.foo"))
|
||||
.build());
|
||||
doSuccessfulTest();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testFailure_addedNameserversAllowedInTld_disallowedInDomainNameserversWhitelists()
|
||||
throws Exception {
|
||||
persistReferencedEntities();
|
||||
persistDomain();
|
||||
persistResource(
|
||||
Registry.get("tld")
|
||||
.asBuilder()
|
||||
.setAllowedFullyQualifiedHostNames(
|
||||
ImmutableSet.of("ns1.example.foo", "ns2.example.foo"))
|
||||
.setReservedLists(
|
||||
persistReservedList("reserved", "example,NAMESERVER_RESTRICTED,ns1.example.foo"))
|
||||
.build());
|
||||
NameserversNotAllowedForDomainException thrown =
|
||||
assertThrows(NameserversNotAllowedForDomainException.class, this::runFlow);
|
||||
assertThat(thrown).hasMessageThat().contains("ns2.example.foo");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testFailure_addedNameserversDisallowedInTld_AllowedInDomainNameserversWhitelists()
|
||||
throws Exception {
|
||||
persistReferencedEntities();
|
||||
persistDomain();
|
||||
persistResource(
|
||||
Registry.get("tld")
|
||||
.asBuilder()
|
||||
.setAllowedFullyQualifiedHostNames(ImmutableSet.of("ns1.example.foo"))
|
||||
.setReservedLists(
|
||||
persistReservedList(
|
||||
"reserved", "example,NAMESERVER_RESTRICTED,ns1.example.foo:ns2.example.foo"))
|
||||
.build());
|
||||
NameserversNotAllowedForTldException thrown =
|
||||
assertThrows(NameserversNotAllowedForTldException.class, this::runFlow);
|
||||
assertThat(thrown).hasMessageThat().contains("ns2.example.foo");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testFailure_tldNameserversAllowed_domainCreateRestricted_domainNotReserved()
|
||||
throws Exception {
|
||||
persistReferencedEntities();
|
||||
persistDomain();
|
||||
persistResource(
|
||||
Registry.get("tld")
|
||||
.asBuilder()
|
||||
.setDomainCreateRestricted(true)
|
||||
.setAllowedFullyQualifiedHostNames(
|
||||
ImmutableSet.of("ns1.example.foo", "ns2.example.foo"))
|
||||
.setReservedLists(
|
||||
persistReservedList(
|
||||
"reserved", "lol,NAMESERVER_RESTRICTED,ns1.example.foo:ns2.example.foo"))
|
||||
.build());
|
||||
EppException thrown =
|
||||
assertThrows(DomainNotAllowedForTldWithCreateRestrictionException.class, this::runFlow);
|
||||
assertAboutEppExceptions().that(thrown).marshalsToXml();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testFailure_domainCreateRestricted_domainNotReserved() throws Exception {
|
||||
persistReferencedEntities();
|
||||
persistDomain();
|
||||
persistResource(
|
||||
Registry.get("tld")
|
||||
.asBuilder()
|
||||
.setDomainCreateRestricted(true)
|
||||
.setReservedLists(
|
||||
persistReservedList(
|
||||
"reserved", "lol,NAMESERVER_RESTRICTED,ns1.example.foo:ns2.example.foo"))
|
||||
.build());
|
||||
EppException thrown =
|
||||
assertThrows(DomainNotAllowedForTldWithCreateRestrictionException.class, this::runFlow);
|
||||
assertAboutEppExceptions().that(thrown).marshalsToXml();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSuccess_domainCreateNotRestricted_domainNotReserved() throws Exception {
|
||||
persistReferencedEntities();
|
||||
persistDomain();
|
||||
persistResource(
|
||||
Registry.get("tld")
|
||||
.asBuilder()
|
||||
.setReservedLists(
|
||||
persistReservedList(
|
||||
"reserved", "lol,NAMESERVER_RESTRICTED,ns1.example.foo:ns2.example.foo"))
|
||||
.build());
|
||||
doSuccessfulTest();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSuccess_domainCreateRestricted_reApplyServerProhibitedStatusCodes()
|
||||
throws Exception {
|
||||
persistReferencedEntities();
|
||||
persistDomain();
|
||||
persistResource(
|
||||
Registry.get("tld")
|
||||
.asBuilder()
|
||||
.setDomainCreateRestricted(true)
|
||||
.setReservedLists(
|
||||
persistReservedList(
|
||||
"reserved", "example,NAMESERVER_RESTRICTED,ns1.example.foo:ns2.example.foo"))
|
||||
.build());
|
||||
doSuccessfulTest();
|
||||
assertAboutDomains()
|
||||
.that(reloadResourceByForeignKey())
|
||||
.hasStatusValue(SERVER_UPDATE_PROHIBITED)
|
||||
.and()
|
||||
.hasStatusValue(StatusValue.SERVER_TRANSFER_PROHIBITED);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSuccess_domainCreateNotRestricted_doNotApplyServerProhibitedStatusCodes()
|
||||
throws Exception {
|
||||
|
|
|
|||
|
|
@ -23,9 +23,7 @@ import static google.registry.model.registry.label.DomainLabelMetrics.reservedLi
|
|||
import static google.registry.model.registry.label.DomainLabelMetrics.reservedListProcessingTime;
|
||||
import static google.registry.model.registry.label.ReservationType.ALLOWED_IN_SUNRISE;
|
||||
import static google.registry.model.registry.label.ReservationType.FULLY_BLOCKED;
|
||||
import static google.registry.model.registry.label.ReservationType.NAMESERVER_RESTRICTED;
|
||||
import static google.registry.model.registry.label.ReservationType.NAME_COLLISION;
|
||||
import static google.registry.model.registry.label.ReservedList.getAllowedNameservers;
|
||||
import static google.registry.model.registry.label.ReservedList.getReservationTypes;
|
||||
import static google.registry.testing.DatastoreHelper.createTld;
|
||||
import static google.registry.testing.DatastoreHelper.persistReservedList;
|
||||
|
|
@ -34,7 +32,6 @@ import static google.registry.testing.JUnitBackports.assertThrows;
|
|||
|
||||
import com.google.common.collect.ImmutableList;
|
||||
import com.google.common.collect.ImmutableSet;
|
||||
import com.google.common.net.InternetDomainName;
|
||||
import google.registry.model.ofy.Ofy;
|
||||
import google.registry.model.registry.Registry;
|
||||
import google.registry.model.registry.label.ReservedList.ReservedListEntry;
|
||||
|
|
@ -115,38 +112,6 @@ public class ReservedListTest {
|
|||
verifyUnreservedCheckCount(26);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testGetAllowedNameservers() {
|
||||
ReservedList rl1 =
|
||||
persistReservedList(
|
||||
"reserved1",
|
||||
"lol,NAMESERVER_RESTRICTED,ns1.nameserver.com",
|
||||
"lol1,NAMESERVER_RESTRICTED,ns1.nameserver.com:ns2.domain.tld:ns3.domain.tld",
|
||||
"lol2,NAMESERVER_RESTRICTED,ns.name.tld # This is a comment");
|
||||
ReservedList rl2 =
|
||||
persistReservedList(
|
||||
"reserved2",
|
||||
"lol1,NAMESERVER_RESTRICTED,ns3.nameserver.com:ns2.domain.tld:ns3.domain.tld",
|
||||
"lol2,NAMESERVER_RESTRICTED,ns3.nameserver.com:ns4.domain.tld",
|
||||
"lol3,NAMESERVER_RESTRICTED,ns3.nameserver.com");
|
||||
ReservedList rl3 =
|
||||
persistReservedList(
|
||||
"reserved3", "lol1,NAMESERVER_RESTRICTED,ns3.domain.tld", "lol4,ALLOWED_IN_SUNRISE");
|
||||
persistResource(Registry.get("tld").asBuilder().setReservedLists(rl1, rl2, rl3).build());
|
||||
assertThat(getReservationTypes("lol", "tld")).containsExactly(NAMESERVER_RESTRICTED);
|
||||
assertThat(getReservationTypes("lol1", "tld")).containsExactly(NAMESERVER_RESTRICTED);
|
||||
assertThat(getReservationTypes("lol2", "tld")).containsExactly(NAMESERVER_RESTRICTED);
|
||||
assertThat(getReservationTypes("lol3", "tld")).containsExactly(NAMESERVER_RESTRICTED);
|
||||
assertThat(getAllowedNameservers(InternetDomainName.from("lol.tld")))
|
||||
.containsExactly("ns1.nameserver.com");
|
||||
assertThat(getAllowedNameservers(InternetDomainName.from("lol1.tld")))
|
||||
.containsExactly("ns3.domain.tld");
|
||||
assertThat(getAllowedNameservers(InternetDomainName.from("lol2.tld"))).isEmpty();
|
||||
assertThat(getAllowedNameservers(InternetDomainName.from("lol3.tld")))
|
||||
.containsExactly("ns3.nameserver.com");
|
||||
assertThat(getAllowedNameservers(InternetDomainName.from("lol4.tld"))).isEmpty();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testGetReservationTypes_concatsMultipleListsCorrectly() {
|
||||
ReservedList rl1 = persistReservedList(
|
||||
|
|
@ -352,70 +317,6 @@ public class ReservedListTest {
|
|||
IllegalArgumentException.class, () -> persistReservedList("tld", "lol,FULLY_BLOCKZ # yup"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSave_additionalRestrictionWithIncompatibleReservationType() {
|
||||
IllegalArgumentException thrown =
|
||||
assertThrows(
|
||||
IllegalArgumentException.class,
|
||||
() ->
|
||||
persistResource(
|
||||
Registry.get("tld")
|
||||
.asBuilder()
|
||||
.setReservedLists(
|
||||
ImmutableSet.of(
|
||||
persistReservedList("reserved1", "lol,FULLY_BLOCKED,foobar1")))
|
||||
.build()));
|
||||
assertThat(thrown)
|
||||
.hasMessageThat()
|
||||
.contains(
|
||||
"Allowed nameservers must be specified for NAMESERVER_RESTRICTED reservations only");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSave_badNameservers_invalidSyntax() {
|
||||
IllegalArgumentException thrown =
|
||||
assertThrows(
|
||||
IllegalArgumentException.class,
|
||||
() ->
|
||||
persistReservedList(
|
||||
"reserved1",
|
||||
"lol,NAMESERVER_RESTRICTED,ns1.domain.tld:ns2.domain.tld",
|
||||
"lol1,NAMESERVER_RESTRICTED,ns1.domain.tld:ns@.domain.tld"));
|
||||
assertThat(thrown).hasMessageThat().contains("Not a valid domain name: 'ns@.domain.tld'");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSave_badNameservers_tooFewPartsForHostname() {
|
||||
IllegalArgumentException thrown =
|
||||
assertThrows(
|
||||
IllegalArgumentException.class,
|
||||
() ->
|
||||
persistReservedList(
|
||||
"reserved1",
|
||||
"lol,NAMESERVER_RESTRICTED,ns1.domain.tld:ns2.domain.tld",
|
||||
"lol1,NAMESERVER_RESTRICTED,ns1.domain.tld:domain.tld"));
|
||||
assertThat(thrown).hasMessageThat().contains("domain.tld is not a valid nameserver hostname");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSave_noNameserversWithNameserverRestrictedReservation() {
|
||||
IllegalArgumentException thrown =
|
||||
assertThrows(
|
||||
IllegalArgumentException.class,
|
||||
() ->
|
||||
persistResource(
|
||||
Registry.get("tld")
|
||||
.asBuilder()
|
||||
.setReservedLists(
|
||||
ImmutableSet.of(
|
||||
persistReservedList("reserved1", "lol,NAMESERVER_RESTRICTED")))
|
||||
.build()));
|
||||
assertThat(thrown)
|
||||
.hasMessageThat()
|
||||
.contains(
|
||||
"Allowed nameservers must be specified for NAMESERVER_RESTRICTED reservations only");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testParse_cannotIncludeDuplicateLabels() {
|
||||
ReservedList rl = new ReservedList.Builder().setName("blah").build();
|
||||
|
|
@ -441,7 +342,7 @@ public class ReservedListTest {
|
|||
Exception e =
|
||||
assertThrows(
|
||||
IllegalArgumentException.class,
|
||||
() -> ReservedListEntry.create("UPPER.tld", FULLY_BLOCKED, null, null));
|
||||
() -> ReservedListEntry.create("UPPER.tld", FULLY_BLOCKED, null));
|
||||
assertThat(e).hasMessageThat().contains("must be in puny-coded, lower-case form");
|
||||
}
|
||||
|
||||
|
|
@ -450,7 +351,7 @@ public class ReservedListTest {
|
|||
Exception e =
|
||||
assertThrows(
|
||||
IllegalArgumentException.class,
|
||||
() -> ReservedListEntry.create("lower.みんな", FULLY_BLOCKED, null, null));
|
||||
() -> ReservedListEntry.create("lower.みんな", FULLY_BLOCKED, null));
|
||||
assertThat(e).hasMessageThat().contains("must be in puny-coded, lower-case form");
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -488,7 +488,6 @@ class google.registry.model.registry.Registry {
|
|||
@Id java.lang.String tldStrId;
|
||||
@Parent com.googlecode.objectify.Key<google.registry.model.common.EntityGroupRoot> parent;
|
||||
boolean dnsPaused;
|
||||
boolean domainCreateRestricted;
|
||||
boolean escrowEnabled;
|
||||
com.googlecode.objectify.Key<google.registry.model.registry.label.PremiumList> premiumList;
|
||||
google.registry.model.CreateAutoTimestamp creationTime;
|
||||
|
|
@ -561,7 +560,6 @@ class google.registry.model.registry.label.PremiumList$PremiumListRevision {
|
|||
enum google.registry.model.registry.label.ReservationType {
|
||||
ALLOWED_IN_SUNRISE;
|
||||
FULLY_BLOCKED;
|
||||
NAMESERVER_RESTRICTED;
|
||||
NAME_COLLISION;
|
||||
RESERVED_FOR_ANCHOR_TENANT;
|
||||
RESERVED_FOR_SPECIFIC_USE;
|
||||
|
|
@ -577,7 +575,6 @@ class google.registry.model.registry.label.ReservedList {
|
|||
class google.registry.model.registry.label.ReservedList$ReservedListEntry {
|
||||
@Id java.lang.String label;
|
||||
google.registry.model.registry.label.ReservationType reservationType;
|
||||
java.lang.String allowedNameservers;
|
||||
java.lang.String comment;
|
||||
}
|
||||
class google.registry.model.reporting.DomainTransactionRecord {
|
||||
|
|
|
|||
|
|
@ -68,7 +68,6 @@ public class CreateTldCommandTest extends CommandTestCase<CreateTldCommand> {
|
|||
assertThat(registry).isNotNull();
|
||||
assertThat(registry.getAddGracePeriodLength()).isEqualTo(Registry.DEFAULT_ADD_GRACE_PERIOD);
|
||||
assertThat(registry.getCreationTime()).isIn(Range.closed(before, after));
|
||||
assertThat(registry.getDomainCreateRestricted()).isFalse();
|
||||
assertThat(registry.getDnsWriters()).containsExactly("FooDnsWriter");
|
||||
assertThat(registry.getTldState(registry.getCreationTime())).isEqualTo(PREDELEGATION);
|
||||
assertThat(registry.getRedemptionGracePeriodLength())
|
||||
|
|
@ -441,16 +440,6 @@ public class CreateTldCommandTest extends CommandTestCase<CreateTldCommand> {
|
|||
.containsExactly("ns1.example.com", "ns2.example.com");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSuccess_setDomainCreateRestricted() throws Exception {
|
||||
runCommandForced(
|
||||
"--domain_create_restricted=true",
|
||||
"--roid_suffix=Q9JYB4C",
|
||||
"--dns_writers=FooDnsWriter",
|
||||
"xn--q9jyb4c");
|
||||
assertThat(Registry.get("xn--q9jyb4c").getDomainCreateRestricted()).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSuccess_setCommonReservedListOnTld() throws Exception {
|
||||
runSuccessfulReservedListsTest("common_abuse");
|
||||
|
|
|
|||
|
|
@ -398,30 +398,6 @@ public class UpdateTldCommandTest extends CommandTestCase<UpdateTldCommand> {
|
|||
.containsExactly("ns2.example.com");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSuccess_setTldToDomainCreateRestricted() throws Exception {
|
||||
persistResource(
|
||||
Registry.get("xn--q9jyb4c").asBuilder().setDomainCreateRestricted(false).build());
|
||||
runCommandForced("--domain_create_restricted=true", "xn--q9jyb4c");
|
||||
assertThat(Registry.get("xn--q9jyb4c").getDomainCreateRestricted()).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSuccess_unsetTldToDomainCreateRestricted() throws Exception {
|
||||
persistResource(
|
||||
Registry.get("xn--q9jyb4c").asBuilder().setDomainCreateRestricted(true).build());
|
||||
runCommandForced("--domain_create_restricted=false", "xn--q9jyb4c");
|
||||
assertThat(Registry.get("xn--q9jyb4c").getDomainCreateRestricted()).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSuccess_leaveDomainCreateRestrictedStatusUnchanged() throws Exception {
|
||||
persistResource(
|
||||
Registry.get("xn--q9jyb4c").asBuilder().setDomainCreateRestricted(true).build());
|
||||
runCommandForced("xn--q9jyb4c");
|
||||
assertThat(Registry.get("xn--q9jyb4c").getDomainCreateRestricted()).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testFailure_invalidAddGracePeriod() {
|
||||
IllegalArgumentException thrown =
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue