Allow registrars to be completely DISABLED

Disabled registrar cannot perform any actions via EPP and cannot log in to the
registrar web console.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=239606389

javatests/google/registry/flows/domain/DomainCreateFlowTest.java

@@ -1467,26 +1467,26 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase<DomainCreateFlow,
 
   @Test
   public void testFailure_suspendedRegistrarCantCreateDomain() {
-    persistContactsAndHosts();
-    persistResource(
-        Registrar.loadByClientId("TheRegistrar")
-            .get()
-            .asBuilder()
-            .setState(State.SUSPENDED)
-            .build());
-    EppException thrown =
-        assertThrows(RegistrarMustBeActiveForThisOperationException.class, this::runFlow);
-    assertAboutEppExceptions().that(thrown).marshalsToXml();
+    doFailingTest_invalidRegistrarState(State.SUSPENDED);
   }
 
   @Test
   public void testFailure_pendingRegistrarCantCreateDomain() {
+    doFailingTest_invalidRegistrarState(State.PENDING);
+  }
+
+  @Test
+  public void testFailure_disabledRegistrarCantCreateDomain() {
+    doFailingTest_invalidRegistrarState(State.DISABLED);
+  }
+
+  private void doFailingTest_invalidRegistrarState(State registrarState) {
     persistContactsAndHosts();
     persistResource(
         Registrar.loadByClientId("TheRegistrar")
             .get()
             .asBuilder()
-            .setState(State.PENDING)
+            .setState(registrarState)
             .build());
     EppException thrown =
         assertThrows(RegistrarMustBeActiveForThisOperationException.class, this::runFlow);

javatests/google/registry/flows/domain/DomainRenewFlowTest.java

@@ -393,24 +393,25 @@ public class DomainRenewFlowTest extends ResourceFlowTestCase<DomainRenewFlow, D
 
   @Test
   public void testFailure_suspendedRegistrarCantRenewDomain() {
-    persistResource(
-        Registrar.loadByClientId("TheRegistrar")
-            .get()
-            .asBuilder()
-            .setState(State.SUSPENDED)
-            .build());
-    EppException thrown =
-        assertThrows(RegistrarMustBeActiveForThisOperationException.class, this::runFlow);
-    assertAboutEppExceptions().that(thrown).marshalsToXml();
+    doFailingTest_invalidRegistrarState(State.SUSPENDED);
   }
 
   @Test
   public void testFailure_pendingRegistrarCantRenewDomain() {
+    doFailingTest_invalidRegistrarState(State.PENDING);
+  }
+
+  @Test
+  public void testFailure_disabledRegistrarCantRenewDomain() {
+    doFailingTest_invalidRegistrarState(State.DISABLED);
+  }
+
+  private void doFailingTest_invalidRegistrarState(State registrarState) {
     persistResource(
         Registrar.loadByClientId("TheRegistrar")
             .get()
             .asBuilder()
-            .setState(State.PENDING)
+            .setState(registrarState)
             .build());
     EppException thrown =
         assertThrows(RegistrarMustBeActiveForThisOperationException.class, this::runFlow);

javatests/google/registry/flows/session/LoginFlowTestCase.java

@@ -123,6 +123,12 @@ public abstract class LoginFlowTestCase extends FlowTestCase<LoginFlow> {
     doFailingTest("login_valid.xml", RegistrarAccountNotActiveException.class);
   }
 
+  @Test
+  public void testFailure_disabledRegistrar() {
+    persistResource(getRegistrarBuilder().setState(State.DISABLED).build());
+    doFailingTest("login_valid.xml", RegistrarAccountNotActiveException.class);
+  }
+
   @Test
   public void testFailure_incorrectPassword() {
     persistResource(getRegistrarBuilder().setPassword("diff password").build());

javatests/google/registry/model/testdata/schema.txt

@@ -424,6 +424,7 @@ class google.registry.model.registrar.Registrar$BillingAccountEntry {
 }
 enum google.registry.model.registrar.Registrar$State {
   ACTIVE;
+  DISABLED;
   PENDING;
   SUSPENDED;
 }

javatests/google/registry/request/auth/AuthenticatedRegistrarAccessorTest.java

@@ -35,6 +35,7 @@ import com.google.common.testing.TestLogHandler;
 import dagger.Lazy;
 import google.registry.groups.GroupsConnection;
 import google.registry.model.registrar.Registrar;
+import google.registry.model.registrar.Registrar.State;
 import google.registry.request.auth.AuthenticatedRegistrarAccessor.RegistrarAccessDeniedException;
 import google.registry.testing.AppEngineRule;
 import google.registry.testing.InjectRule;
@@ -252,6 +253,21 @@ public class AuthenticatedRegistrarAccessorTest {
     verify(lazyGroupsConnection).get();
   }
 
+  @Test
+  public void testGetRegistrarForUser_registrarIsDisabled_isNotAdmin() {
+    persistResource(
+        Registrar.loadByClientId("TheRegistrar")
+            .get()
+            .asBuilder()
+            .setState(State.DISABLED)
+            .build());
+    expectGetRegistrarFailure(
+        CLIENT_ID_WITH_CONTACT,
+        USER,
+        "user user@gmail.com doesn't have access to registrar TheRegistrar");
+    verify(lazyGroupsConnection).get();
+  }
+
   /** Fail loading registrar if user doesn't have access to it, even if it's not REAL. */
   @Test
   public void testGetRegistrarForUser_noAccess_isNotAdmin_notReal() {
@@ -302,6 +318,21 @@ public class AuthenticatedRegistrarAccessorTest {
     verifyZeroInteractions(lazyGroupsConnection);
   }
 
+  @Test
+  public void testGetRegistrarForUser_registrarIsDisabled_isAdmin() throws Exception {
+    persistResource(
+        Registrar.loadByClientId("NewRegistrar")
+            .get()
+            .asBuilder()
+            .setState(State.DISABLED)
+            .build());
+    expectGetRegistrarSuccess(
+        REAL_CLIENT_ID_WITHOUT_CONTACT,
+        GAE_ADMIN,
+        "admin admin@gmail.com has [OWNER, ADMIN] access to registrar NewRegistrar.");
+    verifyZeroInteractions(lazyGroupsConnection);
+  }
+
   /** Succeed loading non-REAL registrar for admin. */
   @Test
   public void testGetRegistrarForUser_notInContacts_isAdmin_notReal() throws Exception {

javatests/google/registry/tools/ValidateLoginCredentialsCommandTest.java

@@ -14,6 +14,7 @@
 
 package google.registry.tools;
 
+import static com.google.common.truth.Truth.assertThat;
 import static google.registry.model.registrar.Registrar.State.ACTIVE;
 import static google.registry.testing.DatastoreHelper.createTld;
 import static google.registry.testing.DatastoreHelper.loadRegistrar;
@@ -26,6 +27,8 @@ import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableSet;
 import google.registry.flows.EppException;
 import google.registry.flows.TransportCredentials.BadRegistrarPasswordException;
+import google.registry.model.registrar.Registrar;
+import google.registry.model.registrar.Registrar.State;
 import google.registry.testing.CertificateSamples;
 import google.registry.util.CidrAddressBlock;
 import org.junit.Before;
@@ -62,6 +65,28 @@ public class ValidateLoginCredentialsCommandTest
         "--ip_address=" + CLIENT_IP);
   }
 
+  @Test
+  public void testFailure_registrarIsDisabled() {
+    persistResource(
+        Registrar.loadByClientId("NewRegistrar")
+            .get()
+            .asBuilder()
+            .setState(State.DISABLED)
+            .build());
+    IllegalStateException thrown =
+        assertThrows(
+            IllegalStateException.class,
+            () ->
+                runCommand(
+                    "--client=NewRegistrar",
+                    "--password=" + PASSWORD,
+                    "--cert_hash=" + CERT_HASH,
+                    "--ip_address=" + CLIENT_IP));
+    assertThat(thrown)
+        .hasMessageThat()
+        .isEqualTo("Registrar NewRegistrar has non-live state: DISABLED");
+  }
+
   @Test
   public void testFailure_loginWithBadPassword() {
     EppException thrown =

javatests/google/registry/ui/server/registrar/BUILD

@@ -27,6 +27,7 @@ java_library(
         "//javatests/google/registry/testing",
         "//third_party/objectify:objectify-v4_1",
         "@com_google_appengine_api_1_0_sdk",
+        "@com_google_dagger",
         "@com_google_flogger",
         "@com_google_flogger_system_backend",
         "@com_google_guava",

javatests/google/registry/ui/server/registrar/ConsoleUiActionTest.java

@@ -92,7 +92,7 @@ public class ConsoleUiActionTest {
   }
 
   @After
-  public void tearDown() throws Exception {
+  public void tearDown() {
     assertThat(RegistrarConsoleMetrics.consoleRequestMetric).hasNoOtherValues();
   }
 

javatests/google/registry/webdriver/RegistrarConsoleScreenshotTest.java

@@ -23,6 +23,7 @@ import static google.registry.util.DateTimeUtils.START_OF_TIME;
 import com.google.common.collect.ImmutableMap;
 import com.googlecode.objectify.ObjectifyFilter;
 import google.registry.model.ofy.OfyFilter;
+import google.registry.model.registrar.Registrar.State;
 import google.registry.module.frontend.FrontendServlet;
 import google.registry.server.RegistryTestServer;
 import google.registry.testing.CertificateSamples;
@@ -257,6 +258,17 @@ public class RegistrarConsoleScreenshotTest {
     driver.diffPage("edit");
   }
 
+  @Test
+  public void index_registrarDisabled() throws Throwable {
+    server.runInAppEngineEnvironment(
+        () ->
+            persistResource(
+                loadRegistrar("TheRegistrar").asBuilder().setState(State.DISABLED).build()));
+    driver.get(server.getUrl("/registrar"));
+    driver.waitForElement(By.tagName("h1"));
+    driver.diffPage("view");
+  }
+
   @Test
   public void settingsWhois() throws Throwable {
     driver.get(server.getUrl("/registrar#whois-settings"));