Change UserPolicy to PUBLIC on WHOIS and EPP endpoints

------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=193407195
2025-07-21 18:26:12 +02:00 · 2018-04-18 13:29:15 -07:00 · 2018-04-18 13:29:15 -07:00 · f289259101
commit f289259101
parent 77bfa5f4b8
8 changed files with 15 additions and 32 deletions
--- a/java/google/registry/flows/EppTlsAction.java
+++ b/java/google/registry/flows/EppTlsAction.java
@ -29,7 +29,7 @@ import javax.servlet.http.HttpSession;
@Action(
  path = "/_dr/epp",
  method = Method.POST,
-  auth = Auth.AUTH_INTERNAL_OR_ADMIN
+  auth = Auth.AUTH_PUBLIC_OR_INTERNAL
 )
 public class EppTlsAction implements Runnable {

--- a/java/google/registry/proxy/terraform/example_config.tf
+++ b/java/google/registry/proxy/terraform/example_config.tf
@ -9,7 +9,6 @@ terraform {
 module "proxy" {
  source                   = "../../modules"
  proxy_project_name       = "YOUR_PROXY_PROJECT"
-  nomulus_project_name     = "YOUR_NOMULUS_GPROJECT"
  gcr_project_name         = "YOUR_GCR_PROJECT"
  proxy_domain_name        = "YOUR_PROXY_DOMAIN"
  proxy_certificate_bucket = "YOU_CERTIFICATE_BUCKET"
--- a/java/google/registry/proxy/terraform/modules/iam.tf
+++ b/java/google/registry/proxy/terraform/modules/iam.tf
@ -3,12 +3,6 @@ resource "google_service_account" "proxy_service_account" {
  display_name = "Nomulus proxy service account"
 }

-resource "google_project_iam_member" "nomulus_project_viewer" {
-  project = "${var.nomulus_project_name}"
-  role    = "roles/viewer"
-  member  = "serviceAccount:${google_service_account.proxy_service_account.email}"
-}
-
 resource "google_project_iam_member" "gcr_storage_viewer" {
  project = "${var.gcr_project_name}"
  role    = "roles/storage.objectViewer"
--- a/java/google/registry/proxy/terraform/modules/input.tf
+++ b/java/google/registry/proxy/terraform/modules/input.tf
@ -1,9 +1,6 @@
 # GCP project in which the proxy runs.
 variable "proxy_project_name" {}

-# GCP project in which Nomulus runs.
-variable "nomulus_project_name" {}
-
 # GCP project from which the proxy image is pulled.
 variable "gcr_project_name" {}

--- a/java/google/registry/request/auth/Auth.java
+++ b/java/google/registry/request/auth/Auth.java
@ -56,6 +56,17 @@ public enum Auth {
      AuthLevel.USER,
      UserPolicy.PUBLIC),

+  /**
+   * Allows anyone access, as long as they use OAuth to authenticate.
+   *
+   * Also allows access from App Engine task-queue. Note that OAuth client ID still needs to be
+   * whitelisted in the config file for OAuth-based authentication to succeed.
+   */
+  AUTH_PUBLIC_OR_INTERNAL(
+      ImmutableList.of(AuthMethod.INTERNAL, AuthMethod.API),
+      AuthLevel.APP,
+      UserPolicy.PUBLIC),
+
  /**
   * Allows only admins or App Engine task-queue access.
   */
--- a/java/google/registry/whois/WhoisAction.java
+++ b/java/google/registry/whois/WhoisAction.java
@ -49,7 +49,7 @@ import org.joda.time.DateTime;
 * @see WhoisHttpAction
 * @see <a href="http://www.ietf.org/rfc/rfc3912.txt">RFC 3912: WHOIS Protocol Specification</a>
 */
-@Action(path = "/_dr/whois", method = POST, auth = Auth.AUTH_INTERNAL_OR_ADMIN)
+@Action(path = "/_dr/whois", method = POST, auth = Auth.AUTH_PUBLIC_OR_INTERNAL)
 public class WhoisAction implements Runnable {

  private static final FormattingLogger logger = FormattingLogger.getLoggerForCallerClass();