Make DnsWriter truly atomic

Right now - if there's an error during DnsWriter.publish*, all the publish from before that error will be committed, while all the publish after that error will not. More than that - in some writers partial publishes can be committed, depending on implementation. This defines a new contract that publish* are only committed when .commit is called. That way any error will simply mean no publish is committed. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=165708063
2025-05-15 08:57:12 +02:00 · 2017-08-18 08:27:34 -07:00 · 2017-08-18 08:27:34 -07:00 · d5ac03aae4
commit d5ac03aae4
parent fcb554947c
8 changed files with 204 additions and 90 deletions
--- a/java/google/registry/dns/writer/DnsWriter.java
+++ b/java/google/registry/dns/writer/DnsWriter.java
@ -17,16 +17,18 @@ package google.registry.dns.writer;
 /**
 * Transaction object for sending an atomic batch of updates for a single zone to the DNS server.
 *
+ * <p>All updates are tentative until commit is called. If commit isn't called, no change will
+ * happen.
+ *
 * <p>Here's an example of how you would publish updates for a domain and host:
 * <pre>
 * &#064;Inject Provider&lt;DnsWriter&gt; dnsWriter;
- * try (DnsWriter writer = dnsWriter.get()) {
- *   writer.publishDomain(domainName);
- *   writer.publishHost(hostName);
- * }
+ * writer.publishDomain(domainName);
+ * writer.publishHost(hostName);
+ * writer.commit();
 * </pre>
 */
-public interface DnsWriter extends AutoCloseable {
+public interface DnsWriter {

  /**
   * Loads {@code domainName} from Datastore and publishes its NS/DS records to the DNS server.
@ -34,6 +36,9 @@ public interface DnsWriter extends AutoCloseable {
   * and a DS record for each delegation signer stored in the registry for the supplied domain name.
   * If the domain is deleted or is in a "non-publish" state then any existing records are deleted.
   *
+   * This must NOT actually perform any action, instead it should stage the action so that it's
+   * performed when {@link #commit()} is called.
+   *
   * @param domainName the fully qualified domain name, with no trailing dot
   */
  void publishDomain(String domainName);
@ -46,11 +51,28 @@ public interface DnsWriter extends AutoCloseable {
   * the existing records are deleted. Assumes that this method will only be called for in-bailiwick
   * hosts. The registry does not have addresses for other hosts.
   *
+   * This must NOT actually perform any action, instead it should stage the action so that it's
+   * performed when {@link #commit()} is called.
+   *
   * @param hostName the fully qualified host name, with no trailing dot
   */
  void publishHost(String hostName);

-  /** Commits the updates to the DNS server atomically. */
-  @Override
-  void close();
+  /**
+   * Commits the updates to the DNS server atomically.
+   *
+   * <p>The user is responsible for making sure commit() isn't called twice. Implementations are
+   * encouraged to throw an error if commit() is called twice.
+   *
+   * <p>Here's an example of how you would do that
+   * <pre>
+   * private boolean committed = false;
+   * void commit() {
+   *   checkState(!committed, "commit() has already been called");
+   *   committed = true;
+   *   // ... actual commit implementation
+   * }
+   * </pre>
+   */
+  void commit();
 }