Add "pubapi" App Engine service for check API, WHOIS, and RDAP

The migration plan is as follows:
1. This CL, which adds the new "pubapi" service that serves the check API, WHOIS, and RDAP.
2a. Update our public facing sites to switch over to use the new service.
2b. (either order) Rewrite the check API to remove dependencies on flows.
3. ... eventually, once the frontend service is no longer being hit by this traffic, remove its handling of these public endpoints.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=197716346

java/google/registry/module/pubapi/BUILD

@@ -0,0 +1,43 @@
+package(
+    default_visibility = ["//java/google/registry:registry_project"],
+)
+
+licenses(["notice"])  # Apache 2.0
+
+java_library(
+    name = "pubapi",
+    srcs = glob(["*.java"]),
+    deps = [
+        "//java/google/registry/config",
+        "//java/google/registry/dns",
+        "//java/google/registry/flows",
+        "//java/google/registry/keyring/api",
+        "//java/google/registry/keyring/kms",
+        "//java/google/registry/monitoring/whitebox",
+        "//java/google/registry/rdap",
+        "//java/google/registry/request",
+        "//java/google/registry/request:modules",
+        "//java/google/registry/request/auth",
+        "//java/google/registry/util",
+        "//java/google/registry/whois",
+        "@com_google_appengine_api_1_0_sdk",
+        "@com_google_code_findbugs_jsr305",
+        "@com_google_dagger",
+        "@com_google_guava",
+        "@com_google_monitoring_client_metrics",
+        "@javax_servlet_api",
+        "@org_bouncycastle_bcpkix_jdk15on",
+    ],
+)
+
+# This rule is used so bazel can generate "frontend_jar_deploy.jar" (which
+# contains transitive dependencies) for deployment to App Engine. It MUST
+# explicitly depend upon upon anything loaded at runtime, e.g. old servlets
+# referenced by the module's web.xml file, that isn't statically linked above.
+java_binary(
+    name = "pubapi_jar",
+    create_executable = 0,
+    runtime_deps = [
+        ":pubapi",
+    ],
+)

java/google/registry/module/pubapi/PubApiComponent.java

@@ -0,0 +1,71 @@
+// Copyright 2018 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package google.registry.module.pubapi;
+
+import com.google.monitoring.metrics.MetricReporter;
+import dagger.Component;
+import dagger.Lazy;
+import google.registry.config.RegistryConfig.ConfigModule;
+import google.registry.flows.ServerTridProviderModule;
+import google.registry.flows.custom.CustomLogicFactoryModule;
+import google.registry.keyring.api.KeyModule;
+import google.registry.keyring.kms.KmsModule;
+import google.registry.module.pubapi.PubApiRequestComponent.PubApiRequestComponentModule;
+import google.registry.monitoring.whitebox.StackdriverModule;
+import google.registry.request.Modules.AppIdentityCredentialModule;
+import google.registry.request.Modules.GoogleCredentialModule;
+import google.registry.request.Modules.Jackson2Module;
+import google.registry.request.Modules.ModulesServiceModule;
+import google.registry.request.Modules.NetHttpTransportModule;
+import google.registry.request.Modules.UrlFetchTransportModule;
+import google.registry.request.Modules.UseAppIdentityCredentialForGoogleApisModule;
+import google.registry.request.Modules.UserServiceModule;
+import google.registry.request.auth.AuthModule;
+import google.registry.util.SystemClock.SystemClockModule;
+import google.registry.util.SystemSleeper.SystemSleeperModule;
+import javax.inject.Singleton;
+
+/** Dagger component with instance lifetime for "pubapi" App Engine module. */
+@Singleton
+@Component(
+  modules = {
+    // TODO(b/79692981): Remove flow-related includes once check API is rewritten to not wrap flow.
+    AppIdentityCredentialModule.class,
+    AuthModule.class,
+    ConfigModule.class,
+    CustomLogicFactoryModule.class,
+    google.registry.keyring.api.DummyKeyringModule.class,
+    PubApiMetricsModule.class,
+    PubApiRequestComponentModule.class,
+    GoogleCredentialModule.class,
+    Jackson2Module.class,
+    KeyModule.class,
+    KmsModule.class,
+    ModulesServiceModule.class,
+    NetHttpTransportModule.class,
+    ServerTridProviderModule.class,
+    StackdriverModule.class,
+    SystemClockModule.class,
+    SystemSleeperModule.class,
+    UrlFetchTransportModule.class,
+    UseAppIdentityCredentialForGoogleApisModule.class,
+    UserServiceModule.class,
+  }
+)
+interface PubApiComponent {
+  PubApiRequestHandler requestHandler();
+
+  Lazy<MetricReporter> metricReporter();
+}

java/google/registry/module/pubapi/PubApiMetricsModule.java

@@ -0,0 +1,25 @@
+// Copyright 2018 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package google.registry.module.pubapi;
+
+import dagger.Module;
+import javax.inject.Singleton;
+
+/**
+ * Dagger module for injecting metrics. All metrics should have {@link Singleton} scope to avoid
+ * being recreated per-request, as the metrics generally track cumulative values.
+ */
+@Module
+public class PubApiMetricsModule {}

java/google/registry/module/pubapi/PubApiRequestComponent.java

@@ -0,0 +1,78 @@
+// Copyright 2018 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package google.registry.module.pubapi;
+
+import dagger.Module;
+import dagger.Subcomponent;
+import google.registry.dns.DnsModule;
+import google.registry.flows.CheckApiAction;
+import google.registry.flows.CheckApiAction.CheckApiModule;
+import google.registry.flows.FlowComponent;
+import google.registry.flows.TlsCredentials.EppTlsModule;
+import google.registry.monitoring.whitebox.WhiteboxModule;
+import google.registry.rdap.RdapAutnumAction;
+import google.registry.rdap.RdapDomainAction;
+import google.registry.rdap.RdapDomainSearchAction;
+import google.registry.rdap.RdapEntityAction;
+import google.registry.rdap.RdapEntitySearchAction;
+import google.registry.rdap.RdapHelpAction;
+import google.registry.rdap.RdapIpAction;
+import google.registry.rdap.RdapModule;
+import google.registry.rdap.RdapNameserverAction;
+import google.registry.rdap.RdapNameserverSearchAction;
+import google.registry.request.RequestComponentBuilder;
+import google.registry.request.RequestModule;
+import google.registry.request.RequestScope;
+import google.registry.whois.WhoisAction;
+import google.registry.whois.WhoisHttpAction;
+import google.registry.whois.WhoisModule;
+
+/** Dagger component with per-request lifetime for "pubapi" App Engine module. */
+@RequestScope
+@Subcomponent(
+    modules = {
+        CheckApiModule.class,
+        DnsModule.class,
+        EppTlsModule.class,
+        RdapModule.class,
+        RequestModule.class,
+        WhiteboxModule.class,
+        WhoisModule.class,
+    })
+interface PubApiRequestComponent {
+  CheckApiAction checkApiAction();
+  // TODO(b/79692981): Remove flow-related includes once check API is rewritten to not wrap flow.
+  FlowComponent.Builder flowComponentBuilder();
+  RdapAutnumAction rdapAutnumAction();
+  RdapDomainAction rdapDomainAction();
+  RdapDomainSearchAction rdapDomainSearchAction();
+  RdapEntityAction rdapEntityAction();
+  RdapEntitySearchAction rdapEntitySearchAction();
+  RdapHelpAction rdapHelpAction();
+  RdapIpAction rdapDefaultAction();
+  RdapNameserverAction rdapNameserverAction();
+  RdapNameserverSearchAction rdapNameserverSearchAction();
+  WhoisHttpAction whoisHttpAction();
+  WhoisAction whoisAction();
+
+  @Subcomponent.Builder
+  abstract class Builder implements RequestComponentBuilder<PubApiRequestComponent> {
+    @Override public abstract Builder requestModule(RequestModule requestModule);
+    @Override public abstract PubApiRequestComponent build();
+  }
+
+  @Module(subcomponents = PubApiRequestComponent.class)
+  class PubApiRequestComponentModule {}
+}

java/google/registry/module/pubapi/PubApiRequestHandler.java

@@ -0,0 +1,31 @@
+// Copyright 2018 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package google.registry.module.pubapi;
+
+import google.registry.request.RequestHandler;
+import google.registry.request.auth.RequestAuthenticator;
+import javax.inject.Inject;
+import javax.inject.Provider;
+
+/** Request handler for the frontend module. */
+public class PubApiRequestHandler extends RequestHandler<PubApiRequestComponent> {
+
+  @Inject
+  PubApiRequestHandler(
+      Provider<PubApiRequestComponent.Builder> componentBuilderProvider,
+      RequestAuthenticator requestAuthenticator) {
+    super(componentBuilderProvider, requestAuthenticator);
+  }
+}

java/google/registry/module/pubapi/PubApiServlet.java

@@ -0,0 +1,68 @@
+// Copyright 2018 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package google.registry.module.pubapi;
+
+import com.google.appengine.api.LifecycleManager;
+import com.google.monitoring.metrics.MetricReporter;
+import dagger.Lazy;
+import google.registry.util.FormattingLogger;
+import java.io.IOException;
+import java.security.Security;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
+/** Servlet that should handle all requests to our "default" App Engine module. */
+public final class PubApiServlet extends HttpServlet {
+
+  private static final PubApiComponent component = DaggerPubApiComponent.create();
+  private static final PubApiRequestHandler requestHandler = component.requestHandler();
+  private static final Lazy<MetricReporter> metricReporter = component.metricReporter();
+  private static final FormattingLogger logger = FormattingLogger.getLoggerForCallerClass();
+
+  @Override
+  public void init() {
+    Security.addProvider(new BouncyCastleProvider());
+
+    // If metric reporter failed to instantiate for any reason (bad keyring, bad json credential,
+    // etc), we log the error but keep the main thread running. Also the shutdown hook will only be
+    // registered if metric reporter starts up correctly.
+    try {
+      metricReporter.get().startAsync().awaitRunning(10, TimeUnit.SECONDS);
+      logger.info("Started up MetricReporter");
+      LifecycleManager.getInstance()
+          .setShutdownHook(
+              () -> {
+                try {
+                  metricReporter.get().stopAsync().awaitTerminated(10, TimeUnit.SECONDS);
+                  logger.info("Shut down MetricReporter");
+                } catch (TimeoutException e) {
+                  logger.severe(e, "Failed to stop MetricReporter.");
+                }
+              });
+    } catch (Exception e) {
+      logger.severe(e, "Failed to initialize MetricReporter.");
+    }
+  }
+
+  @Override
+  public void service(HttpServletRequest req, HttpServletResponse rsp) throws IOException {
+    logger.info("Received frontend request");
+    requestHandler.handleRequest(req, rsp);
+  }
+}

java/google/registry/module/pubapi/package-info.java

@@ -0,0 +1,16 @@
+// Copyright 2018 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+@javax.annotation.ParametersAreNonnullByDefault
+package google.registry.module.pubapi;