zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-08-15 05:54:06 +02:00
Code Issues Projects Releases Packages Wiki Activity

Improve the uniform_rapid_suspension command (#739)

Browse source 
- Reuse DS record format processing from the create/update domain commands
  (BIND format, commonly used in URS requests)
- Remove the CLIENT_HOLD status from domains that have it (this blocks us from
  serving the new nameservers and DS record)
This commit is contained in:
Michael Muller 2020-08-04 11:06:02 -04:00 committed by GitHub
parent e1db4a6c3a
commit b0189ba1f7
9 changed files with 324 additions and 151 deletions
Download patch file Download diff file Expand all files Collapse all files

65
core/src/test/java/google/registry/tools/UniformRapidSuspensionCommandTest.java
View file

@ -71,7 +71,7 @@ class UniformRapidSuspensionCommandTest
runCommandForced(
"--domain_name=evil.tld",
"--hosts=urs1.example.com,urs2.example.com",
"--dsdata={\"keyTag\":1,\"alg\":1,\"digestType\":1,\"digest\":\"abc\"}");
"--dsdata=1 1 1 abcd");
eppVerifier
.expectClientId("CharlestonRoad")
.expectSuperuser()
@ -79,10 +79,9 @@ class UniformRapidSuspensionCommandTest
assertInStdout("uniform_rapid_suspension --undo");
assertInStdout("--domain_name evil.tld");
assertInStdout("--hosts ns1.example.com,ns2.example.com");
assertInStdout("--dsdata "
+ "{\"keyTag\":1,\"algorithm\":2,\"digestType\":3,\"digest\":\"DEAD\"},"
+ "{\"keyTag\":4,\"algorithm\":5,\"digestType\":6,\"digest\":\"BEEF\"}");
assertInStdout("--dsdata 1 2 3 DEAD,4 5 6 BEEF");
assertNotInStdout("--locks_to_preserve");
assertNotInStdout("--restore_client_hold");
}
@Test
@ -122,6 +121,29 @@ class UniformRapidSuspensionCommandTest
assertInStdout("--locks_to_preserve serverDeleteProhibited");
}
@Test
void testCommand_removeClientHold() throws Exception {
persistResource(
newDomainBase("evil.tld")
.asBuilder()
.addStatusValue(StatusValue.CLIENT_HOLD)
.addNameserver(ns1.createVKey())
.addNameserver(ns2.createVKey())
.build());
runCommandForced(
"--domain_name=evil.tld",
"--hosts=urs1.example.com,urs2.example.com",
"--dsdata=1 1 1 abcd");
eppVerifier
.expectClientId("CharlestonRoad")
.expectSuperuser()
.verifySent("uniform_rapid_suspension_with_client_hold.xml");
assertInStdout("uniform_rapid_suspension --undo");
assertInStdout("--domain_name evil.tld");
assertInStdout("--hosts ns1.example.com,ns2.example.com");
assertInStdout("--restore_client_hold");
}
@Test
void testUndo_removesLocksReplacesHostsAndDsData() throws Exception {
persistDomainWithHosts(urs1, urs2);
@ -149,6 +171,21 @@ class UniformRapidSuspensionCommandTest
assertNotInStdout("--undo"); // Undo shouldn't print a new undo command.
}
@Test
void testUndo_restoresClientHolds() throws Exception {
persistDomainWithHosts(urs1, urs2);
runCommandForced(
"--domain_name=evil.tld",
"--undo",
"--hosts=ns1.example.com,ns2.example.com",
"--restore_client_hold");
eppVerifier
.expectClientId("CharlestonRoad")
.expectSuperuser()
.verifySent("uniform_rapid_suspension_undo_client_hold.xml");
assertNotInStdout("--undo"); // Undo shouldn't print a new undo command.
}
@Test
void testFailure_locksToPreserveWithoutUndo() {
persistActiveDomain("evil.tld");
@ -177,11 +214,10 @@ class UniformRapidSuspensionCommandTest
IllegalArgumentException thrown =
assertThrows(
IllegalArgumentException.class,
() ->
runCommandForced(
"--domain_name=evil.tld",
"--dsdata={\"keyTag\":1,\"alg\":1,\"digestType\":1,\"digest\":\"abc\",\"foo\":1}"));
assertThat(thrown).hasMessageThat().contains("Incorrect fields on --dsdata JSON");
() -> runCommandForced("--domain_name=evil.tld", "--dsdata=1 1 1 abc 1"));
assertThat(thrown)
.hasMessageThat()
.contains("dsRecord 1 1 1 abc 1 should have 4 parts, but has 5");
}
@Test
@ -190,11 +226,8 @@ class UniformRapidSuspensionCommandTest
IllegalArgumentException thrown =
assertThrows(
IllegalArgumentException.class,
() ->
runCommandForced(
"--domain_name=evil.tld",
"--dsdata={\"keyTag\":1,\"alg\":1,\"digestType\":1}"));
assertThat(thrown).hasMessageThat().contains("Incorrect fields on --dsdata JSON");
() -> runCommandForced("--domain_name=evil.tld", "--dsdata=1 1 1"));
assertThat(thrown).hasMessageThat().contains("dsRecord 1 1 1 should have 4 parts, but has 3");
}
@Test
@ -203,7 +236,7 @@ class UniformRapidSuspensionCommandTest
IllegalArgumentException thrown =
assertThrows(
IllegalArgumentException.class,
() -> runCommandForced("--domain_name=evil.tld", "--dsdata=[1,2,3]"));
assertThat(thrown).hasMessageThat().contains("Invalid --dsdata JSON");
() -> runCommandForced("--domain_name=evil.tld", "--dsdata=1,2,3"));
assertThat(thrown).hasMessageThat().contains("dsRecord 1 should have 4 parts, but has 1");
}
}

2
core/src/test/resources/google/registry/tools/server/uniform_rapid_suspension.xml
View file

@ -31,7 +31,7 @@
<secDNS:keyTag>1</secDNS:keyTag>
<secDNS:alg>1</secDNS:alg>
<secDNS:digestType>1</secDNS:digestType>
<secDNS:digest>abc</secDNS:digest>
<secDNS:digest>ABCD</secDNS:digest>
</secDNS:dsData>
</secDNS:add>
</secDNS:update>

38
core/src/test/resources/google/registry/tools/server/uniform_rapid_suspension_undo_client_hold.xml Normal file
View file

@ -0,0 +1,38 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
<command>
<update>
<domain:update xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
<domain:name>evil.tld</domain:name>
<domain:add>
<domain:ns>
<domain:hostObj>ns1.example.com</domain:hostObj>
<domain:hostObj>ns2.example.com</domain:hostObj>
</domain:ns>
<domain:status s="clientHold" />
</domain:add>
<domain:rem>
<domain:ns>
<domain:hostObj>urs1.example.com</domain:hostObj>
<domain:hostObj>urs2.example.com</domain:hostObj>
</domain:ns>
<domain:status s="serverDeleteProhibited" />
<domain:status s="serverTransferProhibited" />
<domain:status s="serverUpdateProhibited" />
</domain:rem>
</domain:update>
</update>
<extension>
<secDNS:update xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.1">
<secDNS:rem>
<secDNS:all>true</secDNS:all>
</secDNS:rem>
</secDNS:update>
<metadata:metadata xmlns:metadata="urn:google:params:xml:ns:metadata-1.0">
<metadata:reason>Undo Uniform Rapid Suspension</metadata:reason>
<metadata:requestedByRegistrar>false</metadata:requestedByRegistrar>
</metadata:metadata>
</extension>
<clTRID>RegistryTool</clTRID>
</command>
</epp>

46
core/src/test/resources/google/registry/tools/server/uniform_rapid_suspension_with_client_hold.xml Normal file
View file

@ -0,0 +1,46 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
<command>
<update>
<domain:update xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
<domain:name>evil.tld</domain:name>
<domain:add>
<domain:ns>
<domain:hostObj>urs1.example.com</domain:hostObj>
<domain:hostObj>urs2.example.com</domain:hostObj>
</domain:ns>
<domain:status s="serverDeleteProhibited"/>
<domain:status s="serverTransferProhibited"/>
<domain:status s="serverUpdateProhibited"/>
</domain:add>
<domain:rem>
<domain:ns>
<domain:hostObj>ns2.example.com</domain:hostObj>
<domain:hostObj>ns1.example.com</domain:hostObj>
</domain:ns>
<domain:status s="clientHold"/>
</domain:rem>
</domain:update>
</update>
<extension>
<secDNS:update xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.1">
<secDNS:rem>
<secDNS:all>true</secDNS:all>
</secDNS:rem>
<secDNS:add>
<secDNS:dsData>
<secDNS:keyTag>1</secDNS:keyTag>
<secDNS:alg>1</secDNS:alg>
<secDNS:digestType>1</secDNS:digestType>
<secDNS:digest>ABCD</secDNS:digest>
</secDNS:dsData>
</secDNS:add>
</secDNS:update>
<metadata:metadata xmlns:metadata="urn:google:params:xml:ns:metadata-1.0">
<metadata:reason>Uniform Rapid Suspension</metadata:reason>
<metadata:requestedByRegistrar>false</metadata:requestedByRegistrar>
</metadata:metadata>
</extension>
<clTRID>RegistryTool</clTRID>
</command>
</epp>