Add the App Engine service used in the Action definition

Our goal is to be able to address every Action by looking at the class itself, and to make it clearer at a glance what you need to access the Action's endpoint

Currently, we can know from the @Action annotation:
- the endpoint path
- the Method needed
- the authentication level needed

This CL adds the service where the Action is hosted, which also translates to the URL.

NOTE - currently we don't have any Action hosted on multiple services. I don't think we will ever need it (since they do the same thing no matter which service they are on, so why host it twice?), but if we do we'll have to update the code to allow it.

The next step after this is to make sure all the @Parameters are defined on the Action itself, and then we will be able to craft access to the endpoint programatically (or at least verify at run-time we crafted a correct URL)

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=229375735

java/google/registry/backup/CommitLogCheckpointAction.java

@@ -34,19 +34,19 @@ import org.joda.time.DateTime;
 /**
  * Action that saves commit log checkpoints to Datastore and kicks off a diff export task.
  *
- * <p>We separate computing and saving the checkpoint from exporting it because the export to GCS
- * is retryable but should not require the computation of a new checkpoint. Saving the checkpoint
- * and enqueuing the export task are done transactionally, so any checkpoint that is saved will be
+ * <p>We separate computing and saving the checkpoint from exporting it because the export to GCS is
+ * retryable but should not require the computation of a new checkpoint. Saving the checkpoint and
+ * enqueuing the export task are done transactionally, so any checkpoint that is saved will be
  * exported to GCS very soon.
  *
  * <p>This action's supported method is GET rather than POST because it gets invoked via cron.
  */
 @Action(
+    service = Action.Service.BACKEND,
     path = "/_dr/cron/commitLogCheckpoint",
     method = Action.Method.GET,
     automaticallyPrintOk = true,
-  auth = Auth.AUTH_INTERNAL_ONLY
-)
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public final class CommitLogCheckpointAction implements Runnable {
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();

java/google/registry/backup/DeleteOldCommitLogsAction.java

@@ -53,20 +53,18 @@ import org.joda.time.Duration;
  * except to reconstruct point-in-time snapshots of the database. To make that possible, {@link
  * EppResource}s have a {@link EppResource#getRevisions} method that returns the commit logs for
  * older points in time. But that functionality is not useful after a certain amount of time, e.g.
- * thirty days, so unneeded revisions are deleted
- * (see {@link CommitLogRevisionsTranslatorFactory}). This leaves commit logs in the system that are
- * unneeded (have no revisions pointing to them). So this task runs periodically to delete the
- * "orphan" commit logs.
+ * thirty days, so unneeded revisions are deleted (see {@link CommitLogRevisionsTranslatorFactory}).
+ * This leaves commit logs in the system that are unneeded (have no revisions pointing to them). So
+ * this task runs periodically to delete the "orphan" commit logs.
  *
  * <p>This action runs a mapreduce that goes over all existing {@link EppResource} and all {@link
  * CommitLogManifest} older than commitLogDatastreRetention, and erases the commit logs aren't in an
  * EppResource.
- *
  */
 @Action(
+    service = Action.Service.BACKEND,
     path = "/_dr/task/deleteOldCommitLogs",
-  auth = Auth.AUTH_INTERNAL_ONLY
-)
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public final class DeleteOldCommitLogsAction implements Runnable {
 
   private static final int NUM_MAP_SHARDS = 20;

java/google/registry/backup/ExportCommitLogDiffAction.java

@@ -60,11 +60,11 @@ import org.joda.time.DateTime;
 
 /** Action that exports the diff between two commit log checkpoints to GCS. */
 @Action(
+    service = Action.Service.BACKEND,
     path = ExportCommitLogDiffAction.PATH,
     method = Action.Method.POST,
     automaticallyPrintOk = true,
-  auth = Auth.AUTH_INTERNAL_ONLY
-)
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public final class ExportCommitLogDiffAction implements Runnable {
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();

java/google/registry/backup/RestoreCommitLogsAction.java

@@ -57,11 +57,11 @@ import org.joda.time.DateTime;
 
 /** Restore Registry 2 commit logs from GCS to Datastore. */
 @Action(
+    service = Action.Service.TOOLS,
     path = RestoreCommitLogsAction.PATH,
     method = Action.Method.POST,
     automaticallyPrintOk = true,
-  auth = Auth.AUTH_INTERNAL_OR_ADMIN
-)
+    auth = Auth.AUTH_INTERNAL_OR_ADMIN)
 public class RestoreCommitLogsAction implements Runnable {
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();

java/google/registry/batch/DeleteContactsAndHostsAction.java

@@ -107,7 +107,10 @@ import org.joda.time.Duration;
  * A mapreduce that processes batch asynchronous deletions of contact and host resources by mapping
  * over all domains and checking for any references to the contacts/hosts in pending deletion.
  */
-@Action(path = "/_dr/task/deleteContactsAndHosts", auth = Auth.AUTH_INTERNAL_ONLY)
+@Action(
+    service = Action.Service.BACKEND,
+    path = "/_dr/task/deleteContactsAndHosts",
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public class DeleteContactsAndHostsAction implements Runnable {
 
   static final String KIND_CONTACT = getKind(ContactResource.class);

java/google/registry/batch/DeleteLoadTestDataAction.java

@@ -44,13 +44,17 @@ import javax.inject.Inject;
  * Hard deletes load-test ContactResources, HostResources, their subordinate history entries, and
  * the associated ForeignKey and EppResourceIndex entities.
  *
- * <p>This only deletes contacts and hosts, NOT domains. To delete domains, use
- * {@link DeleteLoadTestDataAction} and pass it the TLD(s) that the load test domains were created
- * on. Note that DeleteLoadTestDataAction is safe enough to run in production whereas this mapreduce
- * is not, but this one does not need to be runnable in production because load testing isn't run
- * against production.
+ * <p>This only deletes contacts and hosts, NOT domains. To delete domains, use {@link
+ * DeleteLoadTestDataAction} and pass it the TLD(s) that the load test domains were created on. Note
+ * that DeleteLoadTestDataAction is safe enough to run in production whereas this mapreduce is not,
+ * but this one does not need to be runnable in production because load testing isn't run against
+ * production.
  */
-@Action(path = "/_dr/task/deleteLoadTestData", method = POST, auth = Auth.AUTH_INTERNAL_ONLY)
+@Action(
+    service = Action.Service.BACKEND,
+    path = "/_dr/task/deleteLoadTestData",
+    method = POST,
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public class DeleteLoadTestDataAction implements Runnable {
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();

java/google/registry/batch/DeleteProberDataAction.java

@@ -64,10 +64,10 @@ import org.joda.time.Duration;
  * <p>See: https://www.youtube.com/watch?v=xuuv0syoHnM
  */
 @Action(
+    service = Action.Service.BACKEND,
     path = "/_dr/task/deleteProberData",
     method = POST,
-  auth = Auth.AUTH_INTERNAL_ONLY
-)
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public class DeleteProberDataAction implements Runnable {
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();

java/google/registry/batch/ExpandRecurringBillingEventsAction.java

@@ -67,15 +67,14 @@ import org.joda.time.DateTime;
 /**
  * A mapreduce that expands {@link Recurring} billing events into synthetic {@link OneTime} events.
  *
- * <p>The cursor used throughout this mapreduce (overridden if necessary using the parameter
- * {@code cursorTime}) represents the inclusive lower bound on the range of billing times that will
- * be expanded as a result of the job (the exclusive upper bound being the execution time of the
- * job).
+ * <p>The cursor used throughout this mapreduce (overridden if necessary using the parameter {@code
+ * cursorTime}) represents the inclusive lower bound on the range of billing times that will be
+ * expanded as a result of the job (the exclusive upper bound being the execution time of the job).
  */
 @Action(
+    service = Action.Service.BACKEND,
     path = "/_dr/task/expandRecurringBillingEvents",
-  auth = Auth.AUTH_INTERNAL_ONLY
-)
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public class ExpandRecurringBillingEventsAction implements Runnable {
 
   public static final String PARAM_CURSOR_TIME = "cursorTime";

java/google/registry/batch/RefreshDnsOnHostRenameAction.java

@@ -73,9 +73,9 @@ import org.joda.time.Duration;
 
 /** Performs batched DNS refreshes for applicable domains following a host rename. */
 @Action(
+    service = Action.Service.BACKEND,
     path = "/_dr/task/refreshDnsOnHostRename",
-  auth = Auth.AUTH_INTERNAL_ONLY
-)
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public class RefreshDnsOnHostRenameAction implements Runnable {
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();

java/google/registry/batch/ResaveAllEppResourcesAction.java

@@ -40,9 +40,9 @@ import javax.inject.Inject;
  * which only admin users can do.
  */
 @Action(
+    service = Action.Service.BACKEND,
     path = "/_dr/task/resaveAllEppResources",
-  auth = Auth.AUTH_INTERNAL_OR_ADMIN
-)
+    auth = Auth.AUTH_INTERNAL_OR_ADMIN)
 public class ResaveAllEppResourcesAction implements Runnable {
 
   @Inject MapreduceRunner mrRunner;

java/google/registry/batch/ResaveEntityAction.java

@@ -38,7 +38,11 @@ import org.joda.time.DateTime;
  *
  * <p>{@link EppResource}s will be projected forward to the current time.
  */
-@Action(path = ResaveEntityAction.PATH, auth = Auth.AUTH_INTERNAL_OR_ADMIN, method = Method.POST)
+@Action(
+    service = Action.Service.BACKEND,
+    path = ResaveEntityAction.PATH,
+    auth = Auth.AUTH_INTERNAL_OR_ADMIN,
+    method = Method.POST)
 public class ResaveEntityAction implements Runnable {
 
   public static final String PATH = "/_dr/task/resaveEntity";

java/google/registry/cron/CommitLogFanoutAction.java

@@ -30,10 +30,10 @@ import javax.inject.Inject;
 
 /** Action for fanning out cron tasks for each commit log bucket. */
 @Action(
+    service = Action.Service.BACKEND,
     path = "/_dr/cron/commitLogFanout",
     automaticallyPrintOk = true,
-  auth = Auth.AUTH_INTERNAL_ONLY
-)
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public final class CommitLogFanoutAction implements Runnable {
 
   public static final String BUCKET_PARAM = "bucket";

java/google/registry/cron/TldFanoutAction.java

@@ -63,28 +63,31 @@ import javax.inject.Inject;
  *
  * <ul>
  *   <li>{@code endpoint} (Required) URL path of servlet to launch. This may contain pathargs.
- * <li>{@code queue} (Required) Name of the App Engine push queue to which this task should be sent.
+ *   <li>{@code queue} (Required) Name of the App Engine push queue to which this task should be
+ *       sent.
  *   <li>{@code forEachRealTld} Launch the task in each real TLD namespace.
  *   <li>{@code forEachTestTld} Launch the task in each test TLD namespace.
  *   <li>{@code runInEmpty} Launch the task once, without the TLD argument.
  *   <li>{@code exclude} TLDs to exclude.
  *   <li>{@code jitterSeconds} Randomly delay each task by up to this many seconds.
- * <li>Any other parameters specified will be passed through as POST parameters to the called task.
+ *   <li>Any other parameters specified will be passed through as POST parameters to the called
+ *       task.
  * </ul>
  *
  * <h3>Patharg Reference</h3>
  *
  * <p>The following values may be specified inside the "endpoint" param.
+ *
  * <ul>
- * <li>{@code :tld} Substituted with an ASCII tld, if tld fanout is enabled.
- *   This patharg is mostly useful for aesthetic purposes, since tasks are already namespaced.
+ *   <li>{@code :tld} Substituted with an ASCII tld, if tld fanout is enabled. This patharg is
+ *       mostly useful for aesthetic purposes, since tasks are already namespaced.
  * </ul>
  */
 @Action(
+    service = Action.Service.BACKEND,
     path = "/_dr/cron/fanout",
     automaticallyPrintOk = true,
-  auth = Auth.AUTH_INTERNAL_ONLY
-)
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public final class TldFanoutAction implements Runnable {
 
   /** A set of control params to TldFanoutAction that aren't passed down to the executing action. */

java/google/registry/dns/PublishDnsUpdatesAction.java

@@ -48,11 +48,11 @@ import org.joda.time.Duration;
 
 /** Task that sends domain and host updates to the DNS server. */
 @Action(
+    service = Action.Service.BACKEND,
     path = PublishDnsUpdatesAction.PATH,
     method = POST,
     automaticallyPrintOk = true,
-  auth = Auth.AUTH_INTERNAL_ONLY
-)
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public final class PublishDnsUpdatesAction implements Runnable, Callable<Void> {
 
   public static final String PATH = "/_dr/task/publishDnsUpdates";

java/google/registry/dns/ReadDnsQueueAction.java

@@ -77,10 +77,10 @@ import org.joda.time.Duration;
  * </ul>
  */
 @Action(
+    service = Action.Service.BACKEND,
     path = "/_dr/cron/readDnsQueue",
     automaticallyPrintOk = true,
-  auth = Auth.AUTH_INTERNAL_ONLY
-)
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public final class ReadDnsQueueAction implements Runnable {
 
   private static final String PARAM_JITTER_SECONDS = "jitterSeconds";

java/google/registry/dns/RefreshDnsAction.java

@@ -32,10 +32,10 @@ import javax.inject.Inject;
 
 /** Action that manually triggers refresh of DNS information. */
 @Action(
+    service = Action.Service.BACKEND,
     path = "/_dr/dnsRefresh",
     automaticallyPrintOk = true,
-  auth = Auth.AUTH_INTERNAL_ONLY
-)
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public final class RefreshDnsAction implements Runnable {
 
   @Inject Clock clock;

java/google/registry/export/BackupDatastoreAction.java

@@ -43,6 +43,7 @@ import javax.inject.Inject;
  * </ol>
  */
 @Action(
+    service = Action.Service.BACKEND,
     path = BackupDatastoreAction.PATH,
     method = POST,
     automaticallyPrintOk = true,

java/google/registry/export/BigqueryPollJobAction.java

@@ -47,11 +47,11 @@ import org.joda.time.Duration;
  * completion state; otherwise it will return a failure code so that the task will be retried.
  */
 @Action(
+    service = Action.Service.BACKEND,
     path = BigqueryPollJobAction.PATH,
     method = {Action.Method.GET, Action.Method.POST},
     automaticallyPrintOk = true,
-  auth = Auth.AUTH_INTERNAL_ONLY
-)
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public class BigqueryPollJobAction implements Runnable {
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();

java/google/registry/export/CheckBackupAction.java

@@ -55,6 +55,7 @@ import org.joda.time.format.PeriodFormat;
  * Action that checks the status of a snapshot, and if complete, trigger loading it into BigQuery.
  */
 @Action(
+    service = Action.Service.BACKEND,
     path = CheckBackupAction.PATH,
     method = {POST, GET},
     automaticallyPrintOk = true,

java/google/registry/export/CheckSnapshotAction.java

@@ -47,11 +47,11 @@ import org.joda.time.format.PeriodFormat;
  * Action that checks the status of a snapshot, and if complete, trigger loading it into BigQuery.
  */
 @Action(
+    service = Action.Service.BACKEND,
     path = CheckSnapshotAction.PATH,
     method = {POST, GET},
     automaticallyPrintOk = true,
-  auth = Auth.AUTH_INTERNAL_ONLY
-)
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public class CheckSnapshotAction implements Runnable {
 
   /** Parameter names for passing parameters into this action. */

java/google/registry/export/ExportDomainListsAction.java

@@ -61,7 +61,11 @@ import org.joda.time.DateTime;
  * <p>Each TLD's active domain names are exported as a newline-delimited flat text file with the
  * name TLD.txt into the domain-lists bucket. Note that this overwrites the files in place.
  */
-@Action(path = "/_dr/task/exportDomainLists", method = POST, auth = Auth.AUTH_INTERNAL_ONLY)
+@Action(
+    service = Action.Service.BACKEND,
+    path = "/_dr/task/exportDomainLists",
+    method = POST,
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public class ExportDomainListsAction implements Runnable {
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();

java/google/registry/export/ExportPremiumTermsAction.java

@@ -45,7 +45,11 @@ import java.util.SortedSet;
 import javax.inject.Inject;
 
 /** Action that exports the premium terms list for a TLD to Google Drive. */
-@Action(path = "/_dr/task/exportPremiumTerms", method = POST, auth = Auth.AUTH_INTERNAL_ONLY)
+@Action(
+    service = Action.Service.BACKEND,
+    path = "/_dr/task/exportPremiumTerms",
+    method = POST,
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public class ExportPremiumTermsAction implements Runnable {
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();

java/google/registry/export/ExportReservedTermsAction.java

@@ -34,10 +34,10 @@ import javax.inject.Inject;
 
 /** Action that exports the publicly viewable reserved terms list for a TLD to Google Drive. */
 @Action(
+    service = Action.Service.BACKEND,
     path = "/_dr/task/exportReservedTerms",
     method = POST,
-  auth = Auth.AUTH_INTERNAL_ONLY
-)
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public class ExportReservedTermsAction implements Runnable {
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();

java/google/registry/export/ExportSnapshotAction.java

@@ -39,11 +39,11 @@ import javax.inject.Inject;
  * </ol>
  */
 @Action(
+    service = Action.Service.BACKEND,
     path = ExportSnapshotAction.PATH,
     method = POST,
     automaticallyPrintOk = true,
-  auth = Auth.AUTH_INTERNAL_ONLY
-)
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public class ExportSnapshotAction implements Runnable {
 
   /** Queue to use for enqueuing the task that will actually launch the backup. */

java/google/registry/export/LoadSnapshotAction.java

@@ -51,10 +51,10 @@ import org.joda.time.DateTime;
 
 /** Action to load a Datastore snapshot from Google Cloud Storage into BigQuery. */
 @Action(
+    service = Action.Service.BACKEND,
     path = LoadSnapshotAction.PATH,
     method = POST,
-  auth = Auth.AUTH_INTERNAL_ONLY
-)
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public class LoadSnapshotAction implements Runnable {
 
   /** Parameter names for passing parameters into the servlet. */

java/google/registry/export/SyncGroupMembersAction.java

@@ -52,10 +52,10 @@ import javax.inject.Inject;
  * <p>This uses the <a href="https://developers.google.com/admin-sdk/directory/">Directory API</a>.
  */
 @Action(
+    service = Action.Service.BACKEND,
     path = "/_dr/task/syncGroupMembers",
     method = POST,
-  auth = Auth.AUTH_INTERNAL_ONLY
-)
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public final class SyncGroupMembersAction implements Runnable {
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();

java/google/registry/export/UpdateSnapshotViewAction.java

@@ -35,7 +35,11 @@ import java.io.IOException;
 import javax.inject.Inject;
 
 /** Update a well-known view to point at a certain Datastore snapshot table in BigQuery. */
-@Action(path = UpdateSnapshotViewAction.PATH, method = POST, auth = Auth.AUTH_INTERNAL_ONLY)
+@Action(
+    service = Action.Service.BACKEND,
+    path = UpdateSnapshotViewAction.PATH,
+    method = POST,
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public class UpdateSnapshotViewAction implements Runnable {
 
   /** Headers for passing parameters into the servlet. */

java/google/registry/export/UploadDatastoreBackupAction.java

@@ -48,7 +48,11 @@ import java.io.IOException;
 import javax.inject.Inject;
 
 /** Action to load a Datastore backup from Google Cloud Storage into BigQuery. */
-@Action(path = UploadDatastoreBackupAction.PATH, method = POST, auth = Auth.AUTH_INTERNAL_ONLY)
+@Action(
+    service = Action.Service.BACKEND,
+    path = UploadDatastoreBackupAction.PATH,
+    method = POST,
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public class UploadDatastoreBackupAction implements Runnable {
 
   /** Parameter names for passing parameters into the servlet. */

java/google/registry/export/sheet/SyncRegistrarsSheetAction.java

@@ -57,10 +57,10 @@ import org.joda.time.Duration;
  * @see SyncRegistrarsSheet
  */
 @Action(
+    service = Action.Service.BACKEND,
     path = SyncRegistrarsSheetAction.PATH,
     method = POST,
-  auth = Auth.AUTH_INTERNAL_ONLY
-)
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public class SyncRegistrarsSheetAction implements Runnable {
 
   private enum Result {

java/google/registry/flows/CheckApiAction.java

@@ -69,7 +69,7 @@ import org.joda.time.DateTime;
  * user controlled, lest it open an XSS vector. Do not modify this to return the domain name in the
  * response.
  */
-@Action(path = "/check", auth = Auth.AUTH_PUBLIC_ANONYMOUS)
+@Action(service = Action.Service.PUBAPI, path = "/check", auth = Auth.AUTH_PUBLIC_ANONYMOUS)
 public class CheckApiAction implements Runnable {
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();

java/google/registry/flows/EppConsoleAction.java

@@ -27,10 +27,10 @@ import javax.servlet.http.HttpSession;
 
 /** Runs EPP from the console and requires GAE user authentication. */
 @Action(
+    service = Action.Service.DEFAULT,
     path = "/registrar-xhr",
     method = Method.POST,
-  auth = Auth.AUTH_PUBLIC_LOGGED_IN
-)
+    auth = Auth.AUTH_PUBLIC_LOGGED_IN)
 public class EppConsoleAction implements Runnable {
 
   @Inject @Payload byte[] inputXmlBytes;

java/google/registry/flows/EppTlsAction.java

@@ -27,10 +27,10 @@ import javax.servlet.http.HttpSession;
  * to RFC 5730. Commands must be requested via POST.
  */
 @Action(
+    service = Action.Service.DEFAULT,
     path = "/_dr/epp",
     method = Method.POST,
-  auth = Auth.AUTH_PUBLIC_OR_INTERNAL
-)
+    auth = Auth.AUTH_PUBLIC_OR_INTERNAL)
 public class EppTlsAction implements Runnable {
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();

java/google/registry/flows/EppToolAction.java

@@ -30,10 +30,10 @@ import javax.servlet.http.HttpServletRequest;
 
 /** Runs EPP commands directly without logging in, verifying an XSRF token from the tool. */
 @Action(
+    service = Action.Service.TOOLS,
     path = EppToolAction.PATH,
     method = Method.POST,
-  auth = Auth.AUTH_INTERNAL_OR_ADMIN
-)
+    auth = Auth.AUTH_INTERNAL_OR_ADMIN)
 public class EppToolAction implements Runnable {
 
   public static final String PATH = "/_dr/epptool";

java/google/registry/loadtest/LoadTestAction.java

@@ -52,11 +52,11 @@ import org.joda.time.DateTime;
  * least one must be specified in order for load testing to do anything.
  */
 @Action(
+    service = Action.Service.TOOLS,
     path = LoadTestAction.PATH,
     method = Action.Method.POST,
     automaticallyPrintOk = true,
-  auth = Auth.AUTH_INTERNAL_OR_ADMIN
-)
+    auth = Auth.AUTH_INTERNAL_OR_ADMIN)
 public class LoadTestAction implements Runnable {
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();

java/google/registry/rdap/RdapAutnumAction.java

@@ -31,11 +31,11 @@ import javax.inject.Inject;
  * ARIN, not domain registries.
  */
 @Action(
+    service = Action.Service.PUBAPI,
     path = RdapAutnumAction.PATH,
     method = {GET, HEAD},
     isPrefix = true,
-  auth = Auth.AUTH_PUBLIC_ANONYMOUS
-)
+    auth = Auth.AUTH_PUBLIC_ANONYMOUS)
 public class RdapAutnumAction extends RdapActionBase {
 
   public static final String PATH = "/rdap/autnum/";

java/google/registry/rdap/RdapDomainAction.java

@@ -35,11 +35,11 @@ import org.joda.time.DateTime;
 
 /** RDAP (new WHOIS) action for domain requests. */
 @Action(
+    service = Action.Service.PUBAPI,
     path = RdapDomainAction.PATH,
     method = {GET, HEAD},
     isPrefix = true,
-  auth = Auth.AUTH_PUBLIC
-)
+    auth = Auth.AUTH_PUBLIC)
 public class RdapDomainAction extends RdapActionBase {
 
   public static final String PATH = "/rdap/domain/";

java/google/registry/rdap/RdapDomainSearchAction.java

@@ -67,10 +67,10 @@ import org.joda.time.DateTime;
  *     Data Access Protocol (RDAP)</a>
  */
 @Action(
+    service = Action.Service.PUBAPI,
     path = RdapDomainSearchAction.PATH,
     method = {GET, HEAD},
-  auth = Auth.AUTH_PUBLIC
-)
+    auth = Auth.AUTH_PUBLIC)
 public class RdapDomainSearchAction extends RdapSearchActionBase {
 
   static final String PATH = "/rdap/domains";

java/google/registry/rdap/RdapEntityAction.java

@@ -46,11 +46,11 @@ import org.joda.time.DateTime;
  * Registrar ID registry. The type value of the publicID object MUST be equal to IANA Registrar ID.
  */
 @Action(
+    service = Action.Service.PUBAPI,
     path = RdapEntityAction.PATH,
     method = {GET, HEAD},
     isPrefix = true,
-  auth = Auth.AUTH_PUBLIC
-)
+    auth = Auth.AUTH_PUBLIC)
 public class RdapEntityAction extends RdapActionBase {
 
   public static final String PATH = "/rdap/entity/";

java/google/registry/rdap/RdapEntitySearchAction.java

@@ -75,10 +75,10 @@ import org.joda.time.DateTime;
  *     Data Access Protocol (RDAP)</a>
  */
 @Action(
+    service = Action.Service.PUBAPI,
     path = RdapEntitySearchAction.PATH,
     method = {GET, HEAD},
-  auth = Auth.AUTH_PUBLIC
-)
+    auth = Auth.AUTH_PUBLIC)
 public class RdapEntitySearchAction extends RdapSearchActionBase {
 
   public static final String PATH = "/rdap/entities";

java/google/registry/rdap/RdapHelpAction.java

@@ -27,11 +27,11 @@ import javax.inject.Inject;
 
 /** RDAP (new WHOIS) action for help requests. */
 @Action(
+    service = Action.Service.PUBAPI,
     path = RdapHelpAction.PATH,
     method = {GET, HEAD},
     isPrefix = true,
-  auth = Auth.AUTH_PUBLIC_ANONYMOUS
-)
+    auth = Auth.AUTH_PUBLIC_ANONYMOUS)
 public class RdapHelpAction extends RdapActionBase {
 
   public static final String PATH = "/rdap/help";

java/google/registry/rdap/RdapIpAction.java

@@ -31,11 +31,11 @@ import javax.inject.Inject;
  * ARIN, not domain registries.
  */
 @Action(
+    service = Action.Service.PUBAPI,
     path = RdapIpAction.PATH,
     method = {GET, HEAD},
     isPrefix = true,
-  auth = Auth.AUTH_PUBLIC_ANONYMOUS
-)
+    auth = Auth.AUTH_PUBLIC_ANONYMOUS)
 public class RdapIpAction extends RdapActionBase {
 
   public static final String PATH = "/rdap/ip/";

java/google/registry/rdap/RdapNameserverAction.java

@@ -35,11 +35,11 @@ import org.joda.time.DateTime;
 
 /** RDAP (new WHOIS) action for nameserver requests. */
 @Action(
+    service = Action.Service.PUBAPI,
     path = RdapNameserverAction.PATH,
     method = {GET, HEAD},
     isPrefix = true,
-  auth = Auth.AUTH_PUBLIC_ANONYMOUS
-)
+    auth = Auth.AUTH_PUBLIC_ANONYMOUS)
 public class RdapNameserverAction extends RdapActionBase {
 
   public static final String PATH = "/rdap/nameserver/";

java/google/registry/rdap/RdapNameserverSearchAction.java

@@ -57,10 +57,10 @@ import org.joda.time.DateTime;
  *     Data Access Protocol (RDAP)</a>
  */
 @Action(
+    service = Action.Service.PUBAPI,
     path = RdapNameserverSearchAction.PATH,
     method = {GET, HEAD},
-  auth = Auth.AUTH_PUBLIC_ANONYMOUS
-)
+    auth = Auth.AUTH_PUBLIC_ANONYMOUS)
 public class RdapNameserverSearchAction extends RdapSearchActionBase {
 
   public static final String PATH = "/rdap/nameservers";

java/google/registry/rde/BrdaCopyAction.java

@@ -49,14 +49,16 @@ import org.joda.time.DateTime;
  * This bucket is special because a separate script will rsync it to the third party escrow provider
  * SFTP server. This is why the internal staging files are stored in the separate RDE bucket.
  *
- * @see <a href="http://newgtlds.icann.org/en/applicants/agb/agreement-approved-09jan14-en.htm">Registry Agreement</a>
+ * @see <a
+ *     href="http://newgtlds.icann.org/en/applicants/agb/agreement-approved-09jan14-en.htm">Registry
+ *     Agreement</a>
  */
 @Action(
+    service = Action.Service.BACKEND,
     path = BrdaCopyAction.PATH,
     method = POST,
     automaticallyPrintOk = true,
-  auth = Auth.AUTH_INTERNAL_ONLY
-)
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public final class BrdaCopyAction implements Runnable {
 
   static final String PATH = "/_dr/task/brdaCopy";

java/google/registry/rde/RdeReportAction.java

@@ -50,10 +50,10 @@ import org.joda.time.Duration;
  * Action that uploads a small XML RDE report to ICANN after {@link RdeUploadAction} has finished.
  */
 @Action(
+    service = Action.Service.BACKEND,
     path = RdeReportAction.PATH,
     method = POST,
-  auth = Auth.AUTH_INTERNAL_ONLY
-)
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public final class RdeReportAction implements Runnable, EscrowTask {
 
   static final String PATH = "/_dr/task/rdeReport";

java/google/registry/rde/RdeStagingAction.java

@@ -78,8 +78,8 @@ import org.joda.time.Duration;
  * <p>Once a deposit is successfully generated, an {@link RdeUploadAction} is enqueued which will
  * upload it via SFTP to the third-party escrow provider.
  *
- * <p>To generate escrow deposits manually and locally, use the {@code nomulus} tool command
- * {@code GenerateEscrowDepositCommand}.
+ * <p>To generate escrow deposits manually and locally, use the {@code nomulus} tool command {@code
+ * GenerateEscrowDepositCommand}.
  *
  * <h3>Logging</h3>
  *
@@ -95,9 +95,9 @@ import org.joda.time.Duration;
  * <p>If a deposit fails, an error is emitted to the logs for each broken entity. It tells you the
  * key and shows you its representation in lenient XML.
  *
- * <p>Failed deposits will be retried indefinitely. This is because RDE and BRDA each have a
- * {@link Cursor} for each TLD. Even if the cursor lags for days, it'll catch up gradually on its
- * own, once the data becomes valid.
+ * <p>Failed deposits will be retried indefinitely. This is because RDE and BRDA each have a {@link
+ * Cursor} for each TLD. Even if the cursor lags for days, it'll catch up gradually on its own, once
+ * the data becomes valid.
  *
  * <p>The third-party escrow provider will validate each deposit we send them. They do both schema
  * validation and reference checking.
@@ -143,21 +143,24 @@ import org.joda.time.Duration;
  *
  * <h3>Determinism</h3>
  *
- * <p>The filename of an escrow deposit is determistic for a given (TLD, watermark,
- * {@linkplain RdeMode mode}) triplet. Its generated contents is deterministic in all the ways that
- * we care about. Its view of the database is strongly consistent.
+ * <p>The filename of an escrow deposit is determistic for a given (TLD, watermark, {@linkplain
+ * RdeMode mode}) triplet. Its generated contents is deterministic in all the ways that we care
+ * about. Its view of the database is strongly consistent.
  *
  * <p>This is because:
+ *
  * <ol>
  *   <li>{@code EppResource} queries are strongly consistent thanks to {@link EppResourceIndex}
  *   <li>{@code EppResource} entities are rewinded to the point-in-time of the watermark
  * </ol>
  *
  * <p>Here's what's not deterministic:
+ *
  * <ul>
  *   <li>Ordering of XML fragments. We don't care about this.
  *   <li>Information about registrars. There's no point-in-time for these objects. So in order to
- *   guarantee referential correctness of your deposits, you must never delete a registrar entity.
+ *       guarantee referential correctness of your deposits, you must never delete a registrar
+ *       entity.
  * </ul>
  *
  * <h3>Manual Operation</h3>
@@ -167,6 +170,7 @@ import org.joda.time.Duration;
  * will be stored in a subdirectory of the "manual" directory, to avoid overwriting regular deposit
  * files. Cursors and revision numbers will not be updated, and the upload task will not be kicked
  * off. The parameters are:
+ *
  * <ul>
  *   <li>manual: if present and true, manual operation is indicated
  *   <li>directory: the subdirectory of "manual" into which the files should be placed
@@ -181,14 +185,16 @@ import org.joda.time.Duration;
  * set to false). The revision parameter is optional in manual operation, and must be absent for
  * standard operation.
  *
- * @see <a href="https://tools.ietf.org/html/draft-arias-noguchi-registry-data-escrow-06">Registry Data Escrow Specification</a>
- * @see <a href="https://tools.ietf.org/html/draft-arias-noguchi-dnrd-objects-mapping-05">Domain Name Registration Data Objects Mapping</a>
+ * @see <a href="https://tools.ietf.org/html/draft-arias-noguchi-registry-data-escrow-06">Registry
+ *     Data Escrow Specification</a>
+ * @see <a href="https://tools.ietf.org/html/draft-arias-noguchi-dnrd-objects-mapping-05">Domain
+ *     Name Registration Data Objects Mapping</a>
  */
 @Action(
+    service = Action.Service.BACKEND,
     path = RdeStagingAction.PATH,
     method = {GET, POST},
-  auth = Auth.AUTH_INTERNAL_ONLY
-)
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public final class RdeStagingAction implements Runnable {
 
   public static final String PATH = "/_dr/task/rdeStaging";

java/google/registry/rde/RdeUploadAction.java

@@ -76,14 +76,14 @@ import org.joda.time.Duration;
  * <p>This action is invoked by {@link RdeStagingAction} once it's created the files we need. The
  * date is calculated from {@link CursorType#RDE_UPLOAD}.
  *
- * <p>Once this action completes, it rolls the cursor forward a day and triggers
- * {@link RdeReportAction}.
+ * <p>Once this action completes, it rolls the cursor forward a day and triggers {@link
+ * RdeReportAction}.
  */
 @Action(
+    service = Action.Service.BACKEND,
     path = RdeUploadAction.PATH,
     method = POST,
-  auth = Auth.AUTH_INTERNAL_ONLY
-)
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public final class RdeUploadAction implements Runnable, EscrowTask {
 
   static final String PATH = "/_dr/task/rdeUpload";

java/google/registry/rde/imports/RdeContactImportAction.java

@@ -45,9 +45,9 @@ import javax.inject.Inject;
  * <p>Specify the escrow file to import with the "path" parameter.
  */
 @Action(
+    service = Action.Service.BACKEND,
     path = "/_dr/task/importRdeContacts",
-  auth = Auth.AUTH_INTERNAL_ONLY
-)
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public class RdeContactImportAction implements Runnable {
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();

java/google/registry/rde/imports/RdeDomainImportAction.java

@@ -69,9 +69,9 @@ import org.joda.time.DateTime;
  * <p>Specify the escrow file to import with the "path" parameter.
  */
 @Action(
+    service = Action.Service.BACKEND,
     path = "/_dr/task/importRdeDomains",
-  auth = Auth.AUTH_INTERNAL_ONLY
-)
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public class RdeDomainImportAction implements Runnable {
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();

java/google/registry/rde/imports/RdeHostImportAction.java

@@ -45,9 +45,9 @@ import javax.inject.Inject;
  * <p>Specify the escrow file to import with the "path" parameter.
  */
 @Action(
+    service = Action.Service.BACKEND,
     path = "/_dr/task/importRdeHosts",
-  auth = Auth.AUTH_INTERNAL_ONLY
-)
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public class RdeHostImportAction implements Runnable {
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();

java/google/registry/rde/imports/RdeHostLinkAction.java

@@ -56,9 +56,9 @@ import org.joda.time.DateTime;
  * <p>Specify the escrow file to import with the "path" parameter.
  */
 @Action(
+    service = Action.Service.BACKEND,
     path = "/_dr/task/linkRdeHosts",
-  auth = Auth.AUTH_INTERNAL_ONLY
-)
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public class RdeHostLinkAction implements Runnable {
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();

java/google/registry/reporting/billing/CopyDetailReportsAction.java

@@ -39,7 +39,11 @@ import java.util.Optional;
 import javax.inject.Inject;
 
 /** Copy all registrar detail reports in a given bucket's subdirectory from GCS to Drive. */
-@Action(path = CopyDetailReportsAction.PATH, method = POST, auth = Auth.AUTH_INTERNAL_OR_ADMIN)
+@Action(
+    service = Action.Service.BACKEND,
+    path = CopyDetailReportsAction.PATH,
+    method = POST,
+    auth = Auth.AUTH_INTERNAL_OR_ADMIN)
 public final class CopyDetailReportsAction implements Runnable {
 
   public static final String PATH = "/_dr/task/copyDetailReports";

java/google/registry/reporting/billing/GenerateInvoicesAction.java

@@ -46,7 +46,11 @@ import org.joda.time.YearMonth;
  * staged at gs://<projectId>-beam/templates/invoicing. The pipeline then generates invoices for the
  * month and stores them on GCS.
  */
-@Action(path = GenerateInvoicesAction.PATH, method = POST, auth = Auth.AUTH_INTERNAL_ONLY)
+@Action(
+    service = Action.Service.BACKEND,
+    path = GenerateInvoicesAction.PATH,
+    method = POST,
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public class GenerateInvoicesAction implements Runnable {
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();

java/google/registry/reporting/billing/PublishInvoicesAction.java

@@ -43,10 +43,15 @@ import org.joda.time.YearMonth;
  * <p>This relies on the retry semantics in {@code queue.xml} to ensure proper upload, in spite of
  * fluctuations in generation timing.
  *
- * @see <a href=https://cloud.google.com/dataflow/docs/reference/rest/v1b3/projects.jobs#Job.JobState>
+ * @see <a
+ *     href=https://cloud.google.com/dataflow/docs/reference/rest/v1b3/projects.jobs#Job.JobState>
  *     Job States</a>
  */
-@Action(path = PublishInvoicesAction.PATH, method = POST, auth = Auth.AUTH_INTERNAL_OR_ADMIN)
+@Action(
+    service = Action.Service.BACKEND,
+    path = PublishInvoicesAction.PATH,
+    method = POST,
+    auth = Auth.AUTH_INTERNAL_OR_ADMIN)
 public class PublishInvoicesAction implements Runnable {
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();

java/google/registry/reporting/icann/IcannReportingStagingAction.java

@@ -55,7 +55,11 @@ import org.joda.time.YearMonth;
  * <p>reportTypes: the type of reports to generate. You can specify either 'activity' or
  * 'transactions'. Defaults to generating both.
  */
-@Action(path = IcannReportingStagingAction.PATH, method = POST, auth = Auth.AUTH_INTERNAL_ONLY)
+@Action(
+    service = Action.Service.BACKEND,
+    path = IcannReportingStagingAction.PATH,
+    method = POST,
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public final class IcannReportingStagingAction implements Runnable {
 
   static final String PATH = "/_dr/task/icannReportingStaging";

java/google/registry/reporting/icann/IcannReportingUploadAction.java

@@ -52,7 +52,11 @@ import javax.inject.Inject;
  * example: "manual/dir" means reports will be stored under gs://[project-id]-reporting/manual/dir.
  * Defaults to "icann/monthly/[last month in yyyy-MM format]".
  */
-@Action(path = IcannReportingUploadAction.PATH, method = POST, auth = Auth.AUTH_INTERNAL_OR_ADMIN)
+@Action(
+    service = Action.Service.BACKEND,
+    path = IcannReportingUploadAction.PATH,
+    method = POST,
+    auth = Auth.AUTH_INTERNAL_OR_ADMIN)
 public final class IcannReportingUploadAction implements Runnable {
 
   static final String PATH = "/_dr/task/icannReportingUpload";

java/google/registry/reporting/spec11/GenerateSpec11ReportAction.java

@@ -43,7 +43,11 @@ import org.joda.time.LocalDate;
  * <p>This action runs the {@link google.registry.beam.spec11.Spec11Pipeline} template, which
  * generates the specified month's Spec11 report and stores it on GCS.
  */
-@Action(path = GenerateSpec11ReportAction.PATH, method = POST, auth = Auth.AUTH_INTERNAL_ONLY)
+@Action(
+    service = Action.Service.BACKEND,
+    path = GenerateSpec11ReportAction.PATH,
+    method = POST,
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public class GenerateSpec11ReportAction implements Runnable {
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();

java/google/registry/reporting/spec11/PublishSpec11ReportAction.java

@@ -52,7 +52,11 @@ import org.json.JSONException;
  * <p>This calls {@link Spec11EmailUtils#emailSpec11Reports(SoyTemplateInfo, String, Set)} on
  * success or {@link Spec11EmailUtils#sendAlertEmail(String, String)} on failure.
  */
-@Action(path = PublishSpec11ReportAction.PATH, method = POST, auth = Auth.AUTH_INTERNAL_OR_ADMIN)
+@Action(
+    service = Action.Service.BACKEND,
+    path = PublishSpec11ReportAction.PATH,
+    method = POST,
+    auth = Auth.AUTH_INTERNAL_OR_ADMIN)
 public class PublishSpec11ReportAction implements Runnable {
 
   static final String PATH = "/_dr/task/publishSpec11";

java/google/registry/request/Action.java

@@ -28,6 +28,28 @@ public @interface Action {
   /** HTTP methods recognized by the request processor. */
   enum Method { GET, HEAD, POST }
 
+  /** App Engine services supported by the request processor. */
+  enum Service {
+    DEFAULT("default"),
+    TOOLS("tools"),
+    BACKEND("backend"),
+    PUBAPI("pubapi");
+
+    private final String serviceId;
+
+    Service(String serviceId) {
+      this.serviceId = serviceId;
+    }
+
+    /** Returns the actual service id in App Engine. */
+    public String getServiceId() {
+      return serviceId;
+    }
+  }
+
+  /** Which App Engine service this action lives on. */
+  Service service();
+
   /** HTTP path to serve the action from. The path components must be percent-escaped. */
   String path();
 

java/google/registry/request/RouterDisplayHelper.java

@@ -14,9 +14,11 @@
 
 package google.registry.request;
 
+import static com.google.common.collect.ImmutableList.toImmutableList;
 import static java.util.stream.Collectors.joining;
 
 import com.google.common.base.Joiner;
+import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.Streams;
 import java.util.Map;
@@ -62,6 +64,18 @@ public class RouterDisplayHelper {
     return formatRoutes(Router.extractRoutesFromComponent(componentClass).values());
   }
 
+  public static ImmutableList<String> extractHumanReadableRoutesWithWrongService(
+      Class<?> componentClass, Action.Service expectedService) {
+    return Router.extractRoutesFromComponent(componentClass).values().stream()
+        .filter(route -> route.action().service() != expectedService)
+        .map(
+            route ->
+                String.format(
+                    "%s (%s%s)",
+                    route.actionClass(), route.action().service(), route.action().path()))
+        .collect(toImmutableList());
+  }
+
   private static String getFormatString(Map<String, Integer> columnWidths) {
     return String.format(
         FORMAT,

java/google/registry/tmch/NordnUploadAction.java

@@ -68,6 +68,7 @@ import org.joda.time.Duration;
  * @see NordnVerifyAction
  */
 @Action(
+    service = Action.Service.BACKEND,
     path = NordnUploadAction.PATH,
     method = Action.Method.POST,
     automaticallyPrintOk = true,

java/google/registry/tmch/NordnVerifyAction.java

@@ -42,21 +42,21 @@ import javax.inject.Inject;
 /**
  * NORDN CSV uploading system, verify operation.
  *
- * <p>Every three hours (max twenty-six hours) we generate CSV files for each TLD which we need
- * to upload to MarksDB. The upload is a two-phase process. We send the CSV data as a POST request
- * and get back a 202 Accepted. This response will give us a URL in the Location header, where
- * we'll check back later for the actual result.
+ * <p>Every three hours (max twenty-six hours) we generate CSV files for each TLD which we need to
+ * upload to MarksDB. The upload is a two-phase process. We send the CSV data as a POST request and
+ * get back a 202 Accepted. This response will give us a URL in the Location header, where we'll
+ * check back later for the actual result.
  *
  * @see NordnUploadAction
  * @see <a href="http://tools.ietf.org/html/draft-lozano-tmch-func-spec-08#section-5.2.3.3">
  *     http://tools.ietf.org/html/draft-lozano-tmch-func-spec-08#section-5.2.3.3</a>
  */
 @Action(
+    service = Action.Service.BACKEND,
     path = NordnVerifyAction.PATH,
     method = Action.Method.POST,
     automaticallyPrintOk = true,
-  auth = Auth.AUTH_INTERNAL_ONLY
-)
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public final class NordnVerifyAction implements Runnable {
 
   static final String PATH = "/_dr/task/nordnVerify";

java/google/registry/tmch/TmchCrlAction.java

@@ -28,11 +28,11 @@ import javax.inject.Inject;
 
 /** Action to download the latest ICANN TMCH CRL from MarksDB. */
 @Action(
+    service = Action.Service.BACKEND,
     path = "/_dr/task/tmchCrl",
     method = POST,
     automaticallyPrintOk = true,
-  auth = Auth.AUTH_INTERNAL_ONLY
-)
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public final class TmchCrlAction implements Runnable {
 
   @Inject Marksdb marksdb;

java/google/registry/tmch/TmchDnlAction.java

@@ -30,11 +30,11 @@ import org.bouncycastle.openpgp.PGPException;
 
 /** Action to download the latest domain name list (aka claims list) from MarksDB. */
 @Action(
+    service = Action.Service.BACKEND,
     path = "/_dr/task/tmchDnl",
     method = POST,
     automaticallyPrintOk = true,
-  auth = Auth.AUTH_INTERNAL_ONLY
-)
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public final class TmchDnlAction implements Runnable {
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();

java/google/registry/tmch/TmchSmdrlAction.java

@@ -30,11 +30,11 @@ import org.bouncycastle.openpgp.PGPException;
 
 /** Action to download the latest signed mark revocation list from MarksDB. */
 @Action(
+    service = Action.Service.BACKEND,
     path = "/_dr/task/tmchSmdrl",
     method = POST,
     automaticallyPrintOk = true,
-  auth = Auth.AUTH_INTERNAL_ONLY
-)
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public final class TmchSmdrlAction implements Runnable {
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();

java/google/registry/tools/AppEngineConnection.java

@@ -33,6 +33,7 @@ import com.google.common.net.MediaType;
 import com.google.re2j.Matcher;
 import com.google.re2j.Pattern;
 import google.registry.config.RegistryConfig;
+import google.registry.request.Action.Service;
 import java.io.IOException;
 import java.io.InputStreamReader;
 import java.net.URL;
@@ -65,24 +66,6 @@ class AppEngineConnection {
     this.requestFactory = requestFactory;
   }
 
-  enum Service {
-    DEFAULT("default"),
-    TOOLS("tools"),
-    BACKEND("backend"),
-    PUBAPI("pubapi");
-
-    private final String serviceId;
-
-    Service(String serviceId) {
-      this.serviceId = serviceId;
-    }
-
-    /** Returns the actual service id in App Engine. */
-    String getServiceId() {
-      return serviceId;
-    }
-  }
-
   /** Returns a copy of this connection that talks to a different service. */
   public AppEngineConnection withService(Service service) {
     return new AppEngineConnection(service, requestFactory);

java/google/registry/tools/CurlCommand.java

@@ -26,7 +26,7 @@ import com.google.common.base.Splitter;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.net.MediaType;
-import google.registry.tools.AppEngineConnection.Service;
+import google.registry.request.Action.Service;
 import java.util.List;
 
 @Parameters(separators = " =", commandDescription = "Send an HTTP command to the nomulus server.")

java/google/registry/tools/SetNumInstancesCommand.java

@@ -31,7 +31,7 @@ import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.ImmutableSetMultimap;
 import com.google.common.flogger.FluentLogger;
 import google.registry.config.RegistryConfig.Config;
-import google.registry.tools.AppEngineConnection.Service;
+import google.registry.request.Action.Service;
 import google.registry.util.AppEngineServiceUtils;
 import java.io.IOException;
 import java.util.List;

java/google/registry/tools/server/CreateGroupsAction.java

@@ -41,10 +41,10 @@ import javax.inject.Inject;
 
 /** Action that creates Google Groups for a registrar's mailing lists. */
 @Action(
+    service = Action.Service.TOOLS,
     path = CreateGroupsAction.PATH,
     method = POST,
-  auth = Auth.AUTH_INTERNAL_OR_ADMIN
-)
+    auth = Auth.AUTH_INTERNAL_OR_ADMIN)
 public class CreateGroupsAction implements Runnable {
 
   public static final String PATH = "/_dr/admin/createGroups";

java/google/registry/tools/server/CreatePremiumListAction.java

@@ -35,10 +35,10 @@ import javax.inject.Inject;
  * command.
  */
 @Action(
+    service = Action.Service.TOOLS,
     path = CreatePremiumListAction.PATH,
     method = POST,
-  auth = Auth.AUTH_INTERNAL_OR_ADMIN
-)
+    auth = Auth.AUTH_INTERNAL_OR_ADMIN)
 public class CreatePremiumListAction extends CreateOrUpdatePremiumListAction {
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();

java/google/registry/tools/server/DeleteEntityAction.java

@@ -48,9 +48,9 @@ import javax.inject.Inject;
  * exists an entity-specific deletion command, then use that one instead.
  */
 @Action(
+    service = Action.Service.TOOLS,
     path = DeleteEntityAction.PATH,
-  auth = Auth.AUTH_INTERNAL_OR_ADMIN
-)
+    auth = Auth.AUTH_INTERNAL_OR_ADMIN)
 public class DeleteEntityAction implements Runnable {
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();

java/google/registry/tools/server/GenerateZoneFilesAction.java

@@ -65,14 +65,14 @@ import org.joda.time.Duration;
  * MapReduce that requests generation of BIND zone files for a set of TLDs at a given time.
  *
  * <p>Zone files for each requested TLD are written to GCS. TLDs without entries produce zone files
- * with only a header. The export time must be at least two minutes in the past and no more than
- * 29 days in the past, and must be at midnight UTC.
+ * with only a header. The export time must be at least two minutes in the past and no more than 29
+ * days in the past, and must be at midnight UTC.
  */
 @Action(
+    service = Action.Service.TOOLS,
     path = GenerateZoneFilesAction.PATH,
     method = POST,
-  auth = Auth.AUTH_INTERNAL_OR_ADMIN
-)
+    auth = Auth.AUTH_INTERNAL_OR_ADMIN)
 public class GenerateZoneFilesAction implements Runnable, JsonActionRunner.JsonAction {
 
   public static final String PATH = "/_dr/task/generateZoneFiles";

java/google/registry/tools/server/KillAllCommitLogsAction.java

@@ -45,10 +45,10 @@ import javax.inject.Inject;
  * the drastic consequences of accidental execution.
  */
 @Action(
+    service = Action.Service.TOOLS,
     path = "/_dr/task/killAllCommitLogs",
     method = POST,
-  auth = Auth.AUTH_INTERNAL_ONLY
-)
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public class KillAllCommitLogsAction implements Runnable {
 
   @Inject MapreduceRunner mrRunner;

java/google/registry/tools/server/KillAllEppResourcesAction.java

@@ -41,10 +41,10 @@ import javax.inject.Inject;
  * the drastic consequences of accidental execution.
  */
 @Action(
+    service = Action.Service.TOOLS,
     path = "/_dr/task/killAllEppResources",
     method = POST,
-  auth = Auth.AUTH_INTERNAL_ONLY
-)
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public class KillAllEppResourcesAction implements Runnable {
 
   @Inject MapreduceRunner mrRunner;

java/google/registry/tools/server/ListDomainsAction.java

@@ -41,6 +41,7 @@ import org.joda.time.DateTime;
 
 /** An action that lists domains, for use by the {@code nomulus list_domains} command. */
 @Action(
+    service = Action.Service.TOOLS,
     path = ListDomainsAction.PATH,
     method = {GET, POST},
     auth = Auth.AUTH_INTERNAL_OR_ADMIN)

java/google/registry/tools/server/ListHostsAction.java

@@ -32,10 +32,10 @@ import org.joda.time.DateTime;
 
 /** An action that lists hosts, for use by the {@code nomulus list_hosts} command. */
 @Action(
+    service = Action.Service.TOOLS,
     path = ListHostsAction.PATH,
     method = {GET, POST},
-  auth = Auth.AUTH_INTERNAL_OR_ADMIN
-)
+    auth = Auth.AUTH_INTERNAL_OR_ADMIN)
 public final class ListHostsAction extends ListObjectsAction<HostResource> {
 
   public static final String PATH = "/_dr/admin/list/hosts";

java/google/registry/tools/server/ListPremiumListsAction.java

@@ -29,10 +29,10 @@ import javax.inject.Inject;
  * An action that lists premium lists, for use by the {@code nomulus list_premium_lists} command.
  */
 @Action(
+    service = Action.Service.TOOLS,
     path = ListPremiumListsAction.PATH,
     method = {GET, POST},
-  auth = Auth.AUTH_INTERNAL_OR_ADMIN
-)
+    auth = Auth.AUTH_INTERNAL_OR_ADMIN)
 public final class ListPremiumListsAction extends ListObjectsAction<PremiumList> {
 
   public static final String PATH = "/_dr/admin/list/premiumLists";

java/google/registry/tools/server/ListRegistrarsAction.java

@@ -27,10 +27,10 @@ import javax.inject.Inject;
 
 /** An action that lists registrars, for use by the {@code nomulus list_registrars} command. */
 @Action(
+    service = Action.Service.TOOLS,
     path = ListRegistrarsAction.PATH,
     method = {GET, POST},
-  auth = Auth.AUTH_INTERNAL_OR_ADMIN
-)
+    auth = Auth.AUTH_INTERNAL_OR_ADMIN)
 public final class ListRegistrarsAction extends ListObjectsAction<Registrar> {
 
   public static final String PATH = "/_dr/admin/list/registrars";

java/google/registry/tools/server/ListReservedListsAction.java

@@ -27,10 +27,10 @@ import javax.inject.Inject;
 
 /** A that lists reserved lists, for use by the {@code nomulus list_reserved_lists} command. */
 @Action(
+    service = Action.Service.TOOLS,
     path = ListReservedListsAction.PATH,
     method = {GET, POST},
-  auth = Auth.AUTH_INTERNAL_OR_ADMIN
-)
+    auth = Auth.AUTH_INTERNAL_OR_ADMIN)
 public final class ListReservedListsAction extends ListObjectsAction<ReservedList> {
 
   public static final String PATH = "/_dr/admin/list/reservedLists";

java/google/registry/tools/server/ListTldsAction.java

@@ -31,10 +31,10 @@ import org.joda.time.DateTime;
 
 /** An action that lists top-level domains, for use by the {@code nomulus list_tlds} command. */
 @Action(
+    service = Action.Service.TOOLS,
     path = ListTldsAction.PATH,
     method = {GET, POST},
-  auth = Auth.AUTH_INTERNAL_OR_ADMIN
-)
+    auth = Auth.AUTH_INTERNAL_OR_ADMIN)
 public final class ListTldsAction extends ListObjectsAction<Registry> {
 
   public static final String PATH = "/_dr/admin/list/tlds";

java/google/registry/tools/server/PollMapreduceAction.java

@@ -30,7 +30,11 @@ import google.registry.request.auth.Auth;
 import javax.inject.Inject;
 
 /** Action to poll the status of a mapreduce job. */
-@Action(path = PollMapreduceAction.PATH, method = POST, auth = Auth.AUTH_INTERNAL_ONLY)
+@Action(
+    service = Action.Service.TOOLS,
+    path = PollMapreduceAction.PATH,
+    method = POST,
+    auth = Auth.AUTH_INTERNAL_ONLY)
 public class PollMapreduceAction implements Runnable {
 
   public static final String PATH = "/_dr/task/pollMapreduce";

java/google/registry/tools/server/RefreshDnsForAllDomainsAction.java

@@ -48,9 +48,9 @@ import org.joda.time.DateTimeZone;
  * which only admin users can do.
  */
 @Action(
+    service = Action.Service.TOOLS,
     path = "/_dr/task/refreshDnsForAllDomains",
-  auth = Auth.AUTH_INTERNAL_OR_ADMIN
-)
+    auth = Auth.AUTH_INTERNAL_OR_ADMIN)
 public class RefreshDnsForAllDomainsAction implements Runnable {
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();

java/google/registry/tools/server/ResaveAllHistoryEntriesAction.java

@@ -38,9 +38,9 @@ import javax.inject.Inject;
  * which only admin users can do.
  */
 @Action(
+    service = Action.Service.TOOLS,
     path = "/_dr/task/resaveAllHistoryEntries",
-  auth = Auth.AUTH_INTERNAL_OR_ADMIN
-)
+    auth = Auth.AUTH_INTERNAL_OR_ADMIN)
 public class ResaveAllHistoryEntriesAction implements Runnable {
 
   @Inject MapreduceRunner mrRunner;

java/google/registry/tools/server/UpdatePremiumListAction.java

@@ -33,10 +33,10 @@ import javax.inject.Inject;
  * command.
  */
 @Action(
+    service = Action.Service.TOOLS,
     path = UpdatePremiumListAction.PATH,
     method = POST,
-  auth = Auth.AUTH_INTERNAL_OR_ADMIN
-)
+    auth = Auth.AUTH_INTERNAL_OR_ADMIN)
 public class UpdatePremiumListAction extends CreateOrUpdatePremiumListAction {
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();

java/google/registry/tools/server/VerifyOteAction.java

@@ -34,6 +34,7 @@ import javax.inject.Inject;
  * OT&E commands that have been run just previously to verification may not be picked up yet.
  */
 @Action(
+    service = Action.Service.TOOLS,
     path = VerifyOteAction.PATH,
     method = Action.Method.POST,
     auth = Auth.AUTH_INTERNAL_OR_ADMIN)

java/google/registry/ui/server/otesetup/ConsoleOteSetupAction.java

@@ -61,6 +61,7 @@ import javax.servlet.http.HttpServletRequest;
  * Methods), separate this class to 2 Actions.
  */
 @Action(
+    service = Action.Service.DEFAULT,
     path = ConsoleOteSetupAction.PATH,
     method = {Method.POST, Method.GET},
     auth = Auth.AUTH_PUBLIC)

java/google/registry/ui/server/registrar/ConsoleUiAction.java

@@ -52,10 +52,7 @@ import javax.inject.Inject;
 import javax.servlet.http.HttpServletRequest;
 
 /** Action that serves Registrar Console single HTML page (SPA). */
-@Action(
-  path = ConsoleUiAction.PATH,
-  auth = Auth.AUTH_PUBLIC
-)
+@Action(service = Action.Service.DEFAULT, path = ConsoleUiAction.PATH, auth = Auth.AUTH_PUBLIC)
 public final class ConsoleUiAction implements Runnable {
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();

java/google/registry/ui/server/registrar/OteStatusAction.java

@@ -41,7 +41,11 @@ import javax.inject.Inject;
  * Admin servlet that allows creating or updating a registrar. Deletes are not allowed so as to
  * preserve history.
  */
-@Action(path = OteStatusAction.PATH, method = Action.Method.POST, auth = Auth.AUTH_PUBLIC_LOGGED_IN)
+@Action(
+    service = Action.Service.DEFAULT,
+    path = OteStatusAction.PATH,
+    method = Action.Method.POST,
+    auth = Auth.AUTH_PUBLIC_LOGGED_IN)
 public final class OteStatusAction implements Runnable, JsonActionRunner.JsonAction {
 
   public static final String PATH = "/registrar-ote-status";

java/google/registry/ui/server/registrar/RegistrarSettingsAction.java

@@ -70,10 +70,10 @@ import org.joda.time.DateTime;
  * preserve history.
  */
 @Action(
+    service = Action.Service.DEFAULT,
     path = RegistrarSettingsAction.PATH,
     method = Action.Method.POST,
-  auth = Auth.AUTH_PUBLIC_LOGGED_IN
-)
+    auth = Auth.AUTH_PUBLIC_LOGGED_IN)
 public class RegistrarSettingsAction implements Runnable, JsonActionRunner.JsonAction {
 
   public static final String PATH = "/registrar-settings";

java/google/registry/whois/WhoisAction.java

@@ -49,7 +49,11 @@ import org.joda.time.DateTime;
  * @see WhoisHttpAction
  * @see <a href="http://www.ietf.org/rfc/rfc3912.txt">RFC 3912: WHOIS Protocol Specification</a>
  */
-@Action(path = "/_dr/whois", method = POST, auth = Auth.AUTH_PUBLIC_OR_INTERNAL)
+@Action(
+    service = Action.Service.PUBAPI,
+    path = "/_dr/whois",
+    method = POST,
+    auth = Auth.AUTH_PUBLIC_OR_INTERNAL)
 public class WhoisAction implements Runnable {
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();

java/google/registry/whois/WhoisHttpAction.java

@@ -95,7 +95,11 @@ import org.joda.time.Duration;
  *
  * @see WhoisAction
  */
-@Action(path = WhoisHttpAction.PATH, isPrefix = true, auth = Auth.AUTH_PUBLIC_ANONYMOUS)
+@Action(
+    service = Action.Service.PUBAPI,
+    path = WhoisHttpAction.PATH,
+    isPrefix = true,
+    auth = Auth.AUTH_PUBLIC_ANONYMOUS)
 public final class WhoisHttpAction implements Runnable {
 
   public static final String PATH = "/whois/";

javatests/google/registry/module/backend/BUILD

@@ -15,7 +15,9 @@ java_library(
     ],
     deps = [
         "//java/google/registry/module/backend",
+        "//java/google/registry/request",
         "//javatests/google/registry/testing",
+        "//third_party/java/truth",
         "@javax_servlet_api",
         "@junit",
         "@org_mockito_all",

javatests/google/registry/module/backend/BackendRequestComponentTest.java

@@ -14,6 +14,10 @@
 
 package google.registry.module.backend;
 
+import static com.google.common.truth.Truth.assertThat;
+
+import google.registry.request.Action;
+import google.registry.request.RouterDisplayHelper;
 import google.registry.testing.GoldenFileTestHelper;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -29,4 +33,12 @@ public class BackendRequestComponentTest {
         .describedAs("backend routing map")
         .isEqualToGolden(BackendRequestComponentTest.class, "backend_routing.txt");
   }
+
+  @Test
+  public void testRoutingService() {
+    assertThat(
+            RouterDisplayHelper.extractHumanReadableRoutesWithWrongService(
+                BackendRequestComponent.class, Action.Service.BACKEND))
+        .isEmpty();
+  }
 }

javatests/google/registry/module/frontend/BUILD

@@ -15,7 +15,9 @@ java_library(
     ],
     deps = [
         "//java/google/registry/module/frontend",
+        "//java/google/registry/request",
         "//javatests/google/registry/testing",
+        "//third_party/java/truth",
         "@javax_servlet_api",
         "@junit",
         "@org_mockito_all",

javatests/google/registry/module/frontend/FrontendRequestComponentTest.java

@@ -14,7 +14,10 @@
 
 package google.registry.module.frontend;
 
+import static com.google.common.truth.Truth.assertThat;
 
+import google.registry.request.Action;
+import google.registry.request.RouterDisplayHelper;
 import google.registry.testing.GoldenFileTestHelper;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -30,4 +33,12 @@ public class FrontendRequestComponentTest {
         .describedAs("frontend routing map")
         .isEqualToGolden(FrontendRequestComponentTest.class, "frontend_routing.txt");
   }
+
+  @Test
+  public void testRoutingService() {
+    assertThat(
+            RouterDisplayHelper.extractHumanReadableRoutesWithWrongService(
+                FrontendRequestComponent.class, Action.Service.DEFAULT))
+        .isEmpty();
+  }
 }

javatests/google/registry/module/pubapi/BUILD

@@ -15,7 +15,9 @@ java_library(
     ],
     deps = [
         "//java/google/registry/module/pubapi",
+        "//java/google/registry/request",
         "//javatests/google/registry/testing",
+        "//third_party/java/truth",
         "@javax_servlet_api",
         "@junit",
         "@org_mockito_all",

javatests/google/registry/module/pubapi/PubApiRequestComponentTest.java

@@ -14,7 +14,10 @@
 
 package google.registry.module.pubapi;
 
+import static com.google.common.truth.Truth.assertThat;
 
+import google.registry.request.Action;
+import google.registry.request.RouterDisplayHelper;
 import google.registry.testing.GoldenFileTestHelper;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -30,4 +33,12 @@ public class PubApiRequestComponentTest {
         .describedAs("pubapi routing map")
         .isEqualToGolden(PubApiRequestComponentTest.class, "pubapi_routing.txt");
   }
+
+  @Test
+  public void testRoutingService() {
+    assertThat(
+            RouterDisplayHelper.extractHumanReadableRoutesWithWrongService(
+                PubApiRequestComponent.class, Action.Service.PUBAPI))
+        .isEmpty();
+  }
 }

javatests/google/registry/module/tools/BUILD

@@ -15,7 +15,9 @@ java_library(
     ],
     deps = [
         "//java/google/registry/module/tools",
+        "//java/google/registry/request",
         "//javatests/google/registry/testing",
+        "//third_party/java/truth",
         "@javax_servlet_api",
         "@junit",
         "@org_mockito_all",

javatests/google/registry/module/tools/ToolsRequestComponentTest.java

@@ -14,6 +14,10 @@
 
 package google.registry.module.tools;
 
+import static com.google.common.truth.Truth.assertThat;
+
+import google.registry.request.Action;
+import google.registry.request.RouterDisplayHelper;
 import google.registry.testing.GoldenFileTestHelper;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -29,4 +33,12 @@ public class ToolsRequestComponentTest {
         .describedAs("tools routing map")
         .isEqualToGolden(ToolsRequestComponentTest.class, "tools_routing.txt");
   }
+
+  @Test
+  public void testRoutingService() {
+    assertThat(
+            RouterDisplayHelper.extractHumanReadableRoutesWithWrongService(
+                ToolsRequestComponent.class, Action.Service.TOOLS))
+        .isEmpty();
+  }
 }

javatests/google/registry/request/RequestHandlerTest.java

@@ -61,38 +61,38 @@ public final class RequestHandlerTest {
           .build();
 
   @Action(
+      service = Action.Service.DEFAULT,
       path = "/bumblebee",
       method = {GET, POST},
       isPrefix = true,
-    auth = AUTH_PUBLIC
-  )
+      auth = AUTH_PUBLIC)
   public static class BumblebeeTask implements Runnable {
     @Override
     public void run() {}
   }
 
   @Action(
+      service = Action.Service.DEFAULT,
       path = "/sloth",
       method = POST,
       automaticallyPrintOk = true,
-    auth = AUTH_PUBLIC
-  )
+      auth = AUTH_PUBLIC)
   public static class SlothTask implements Runnable {
     @Override
     public void run() {}
   }
 
   @Action(
+      service = Action.Service.DEFAULT,
       path = "/safe-sloth",
       method = {GET, POST},
-    auth = AUTH_PUBLIC
-  )
+      auth = AUTH_PUBLIC)
   public static class SafeSlothTask implements Runnable {
     @Override
     public void run() {}
   }
 
-  @Action(path = "/fail", auth = AUTH_PUBLIC)
+  @Action(service = Action.Service.DEFAULT, path = "/fail", auth = AUTH_PUBLIC)
   public static final class FailTask implements Runnable {
     @Override
     public void run() {
@@ -100,7 +100,7 @@ public final class RequestHandlerTest {
     }
   }
 
-  @Action(path = "/failAtConstruction", auth = AUTH_PUBLIC)
+  @Action(service = Action.Service.DEFAULT, path = "/failAtConstruction", auth = AUTH_PUBLIC)
   public static final class FailAtConstructionTask implements Runnable {
     public FailAtConstructionTask() {
       throw new ServiceUnavailableException("Fail at construction");
@@ -125,11 +125,7 @@ public final class RequestHandlerTest {
     }
   }
 
-  @Action(
-    path = "/auth/none",
-    auth = AUTH_PUBLIC,
-    method = GET
-  )
+  @Action(service = Action.Service.DEFAULT, path = "/auth/none", auth = AUTH_PUBLIC, method = GET)
   public class AuthNoneAction extends AuthBase {
     AuthNoneAction(AuthResult authResult) {
       super(authResult);
@@ -137,6 +133,7 @@ public final class RequestHandlerTest {
   }
 
   @Action(
+      service = Action.Service.DEFAULT,
       path = "/auth/adminUser",
       auth = AUTH_INTERNAL_OR_ADMIN,
       method = GET)