diff --git a/java/google/registry/tools/CreateCdnsTld.java b/java/google/registry/tools/CreateCdnsTld.java index dcad2c195..ddf21d497 100644 --- a/java/google/registry/tools/CreateCdnsTld.java +++ b/java/google/registry/tools/CreateCdnsTld.java @@ -63,6 +63,14 @@ class CreateCdnsTld extends ConfirmingCommand { @Override protected void init() { + // Sandbox talks to production Cloud DNS. As a result, we can't configure any domains with a + // suffix that might be used by customers on the same nameserver set. Limit the user to setting + // up *.test TLDs. + if (RegistryToolEnvironment.get() == RegistryToolEnvironment.SANDBOX + && !dnsName.endsWith(".test.")) { + throw new IllegalArgumentException("Sandbox TLDs must be of the form \"*.test.\""); + } + managedZone = new ManagedZone() .setDescription(description) diff --git a/javatests/google/registry/tools/CreateCdnsTldTest.java b/javatests/google/registry/tools/CreateCdnsTldTest.java index d98be1189..07323e42e 100644 --- a/javatests/google/registry/tools/CreateCdnsTldTest.java +++ b/javatests/google/registry/tools/CreateCdnsTldTest.java @@ -15,6 +15,7 @@ package google.registry.tools; import static com.google.common.truth.Truth.assertThat; +import static google.registry.testing.JUnitBackports.assertThrows; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; @@ -77,4 +78,13 @@ public class CreateCdnsTldTest extends CommandTestCase { ManagedZone zone = requestBody.getValue(); assertThat(zone).isEqualTo(createZone("cloud-dns-registry-test", "test run", "tld.", "tld.")); } + + @Test + public void testSandboxTldRestrictions() throws Exception { + IllegalArgumentException thrown = + assertThrows( + IllegalArgumentException.class, + () -> runCommandInEnvironment(RegistryToolEnvironment.SANDBOX, "--dns_name=foobar.")); + assertThat(thrown).hasMessageThat().contains("Sandbox TLDs must be of the form \"*.test.\""); + } }