zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-05-21 11:49:37 +02:00
Code Issues Projects Releases Packages Wiki Activity

Remove per-domain nameserver restrictions in reserved lists

Browse source 
This also removes the related setting on the Registry entity. We never used
either of these, and keeping them around in our codebase just adds complexity
for no purpose. We already achieve the goals of this feature by restricting
nameservers on entire TLDs and by registry-locking important domain names.

This is also two fewer things we'll have to worry about carrying over to the new
schema in Registry 3.0.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=243816241
This commit is contained in:
mcilwain 2019-04-16 08:57:07 -07:00 committed by jianglai
parent f6dbc4156a
commit ff3aeff0ed
15 changed files with 24 additions and 794 deletions
Download patch file Download diff file Expand all files Collapse all files

19
java/google/registry/model/registry/Registry.java
View file

@ -55,7 +55,6 @@ import google.registry.model.common.TimedTransitionProperty.TimedTransition;
import google.registry.model.domain.fee.BaseFee.FeeType;
import google.registry.model.domain.fee.Fee;
import google.registry.model.registry.label.PremiumList;
import google.registry.model.registry.label.ReservationType;
import google.registry.model.registry.label.ReservedList;
import google.registry.util.Idn;
import java.util.Optional;
@ -329,12 +328,6 @@ public class Registry extends ImmutableObject implements Buildable {
/** Whether the pull queue that writes to authoritative DNS is paused for this TLD. */
boolean dnsPaused = DEFAULT_DNS_PAUSED;
/**
* Whether only domains with {@link ReservationType#NAMESERVER_RESTRICTED} reservation type in a
* reserved list can be registered on this TLD.
*/
boolean domainCreateRestricted;
/**
* The length of the add grace period for this TLD.
*
@ -454,13 +447,6 @@ public class Registry extends ImmutableObject implements Buildable {
return driveFolderId;
}
/**
* Returns true if only domains with nameserver restricted reservation on this TLD can be created.
*/
public boolean getDomainCreateRestricted() {
return domainCreateRestricted;
}
public Duration getAddGracePeriodLength() {
return addGracePeriodLength;
}
@ -646,11 +632,6 @@ public class Registry extends ImmutableObject implements Buildable {
return this;
}
public Builder setDomainCreateRestricted(boolean domainCreateRestricted) {
getInstance().domainCreateRestricted = domainCreateRestricted;
return this;
}
public Builder setPremiumPricingEngine(String pricingEngineClass) {
getInstance().pricingEngineClassName = checkArgumentNotNull(pricingEngineClass);
return this;

17
java/google/registry/model/registry/label/ReservationType.java
View file

@ -34,33 +34,32 @@ public enum ReservationType {
// label has multiple reservation types, its message is the that of the one with the highest
// severity.
/** Nameservers on the domain are restricted to a given set. */
NAMESERVER_RESTRICTED("Nameserver restricted", 0),
/** The domain can only be registered during sunrise, and is reserved thereafter. */
ALLOWED_IN_SUNRISE("Reserved", 1),
ALLOWED_IN_SUNRISE("Reserved", 0),
/** The domain can only be registered by providing a specific token. */
RESERVED_FOR_SPECIFIC_USE("Reserved", 2),
RESERVED_FOR_SPECIFIC_USE("Reserved", 1),
/** The domain is for an anchor tenant and can only be registered using a specific token. */
RESERVED_FOR_ANCHOR_TENANT("Reserved", 3),
RESERVED_FOR_ANCHOR_TENANT("Reserved", 2),
/**
* The domain can only be registered during sunrise for defensive purposes, and will never
* resolve.
*/
NAME_COLLISION("Cannot be delegated", 4),
NAME_COLLISION("Cannot be delegated", 3),
/** The domain can never be registered. */
FULLY_BLOCKED("Reserved", 5);
FULLY_BLOCKED("Reserved", 4);
@Nullable
private final String messageForCheck;
ReservationType(@Nullable String messageForCheck, int severity) {
this.messageForCheck = messageForCheck;
checkState(ordinal() == severity);
checkState(
ordinal() == severity,
"ReservationType enum values aren't defined in severity order");
}
@Nullable

87
java/google/registry/model/registry/label/ReservedList.java
View file

@ -21,20 +21,16 @@ import static google.registry.config.RegistryConfig.getDomainLabelListCacheDurat
import static google.registry.model.common.EntityGroupRoot.getCrossTldKey;
import static google.registry.model.ofy.ObjectifyService.ofy;
import static google.registry.model.registry.label.ReservationType.FULLY_BLOCKED;
import static google.registry.model.registry.label.ReservationType.NAMESERVER_RESTRICTED;
import static google.registry.util.CollectionUtils.nullToEmpty;
import static java.util.concurrent.TimeUnit.MILLISECONDS;
import static org.joda.time.DateTimeZone.UTC;
import com.google.common.base.Joiner;
import com.google.common.base.Splitter;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import com.google.common.net.InternetDomainName;
import com.google.common.util.concurrent.UncheckedExecutionException;
import com.googlecode.objectify.Key;
import com.googlecode.objectify.annotation.Embed;
@ -47,7 +43,6 @@ import google.registry.model.registry.label.DomainLabelMetrics.MetricsReservedLi
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import javax.annotation.Nullable;
import org.joda.time.DateTime;
@ -74,18 +69,6 @@ public final class ReservedList
ReservationType reservationType;
/**
* Contains a comma-delimited list of the fully qualified hostnames of the nameservers that can
* be set on a domain with this label (only applicable to NAMESERVER_RESTRICTED).
*
* <p>A String field is persisted because Objectify 4 does not allow multi-dimensional
* collections in embedded entities.
*
* @see <a
* href="https://github.com/objectify/objectify-legacy-wiki/blob/v4/Entities.wiki#embedding.">Embedding</a>
*/
String allowedNameservers;
/** Mapper for use with @Mapify */
static class LabelMapper implements Mapper<String, ReservedListEntry> {
@ -95,41 +78,14 @@ public final class ReservedList
}
}
/**
* Creates a {@link ReservedListEntry} from label, reservation type, and optionally additional
* restrictions
*
* <p>The additional restricitno can be the authCode for anchor tenant or the allowed
* nameservers (in a colon-separated string) for nameserver-restricted domains.
*/
/** Creates a {@link ReservedListEntry} from a label, reservation type, and optional comment. */
public static ReservedListEntry create(
String label,
ReservationType reservationType,
@Nullable String allowedNameservers,
@Nullable String comment) {
ReservedListEntry.Builder entry =
new ReservedListEntry.Builder()
.setLabel(label)
.setComment(comment)
.setReservationType(reservationType);
checkArgument(
(reservationType == NAMESERVER_RESTRICTED) ^ (allowedNameservers == null),
"Allowed nameservers must be specified for NAMESERVER_RESTRICTED reservations only");
if (allowedNameservers != null) {
entry.setAllowedNameservers(
ImmutableSet.copyOf(Splitter.on(':').trimResults().split(allowedNameservers)));
}
return entry.build();
}
private static void checkNameserversAreValid(Set<String> nameservers) {
// A domain name with fewer than two parts cannot be a hostname, as a nameserver should be.
nameservers.forEach(
(ns) ->
checkArgument(
InternetDomainName.from(ns).parts().size() >= 3,
"%s is not a valid nameserver hostname",
ns));
String label, ReservationType reservationType, @Nullable String comment) {
return new ReservedListEntry.Builder()
.setLabel(label)
.setReservationType(reservationType)
.setComment(comment)
.build();
}
@Override
@ -137,10 +93,6 @@ public final class ReservedList
return reservationType;
}
public ImmutableSet<String> getAllowedNameservers() {
return ImmutableSet.copyOf(Splitter.on(',').splitToList(allowedNameservers));
}
@Override
public ReservedListEntry.Builder asBuilder() {
return new ReservedListEntry.Builder(clone(this));
@ -156,12 +108,6 @@ public final class ReservedList
super(instance);
}
ReservedListEntry.Builder setAllowedNameservers(Set<String> allowedNameservers) {
checkNameserversAreValid(allowedNameservers);
getInstance().allowedNameservers = Joiner.on(',').join(allowedNameservers);
return this;
}
ReservedListEntry.Builder setReservationType(ReservationType reservationType) {
getInstance().reservationType = reservationType;
return this;
@ -225,22 +171,6 @@ public final class ReservedList
.collect(toImmutableSet());
}
/**
* Returns the set of nameservers that can be set on the given domain.
*
* <p>The allowed nameservers are the intersection of all allowed nameservers for the given domain
* across all reserved lists. Returns an empty set if not applicable, i. e. the label for the
* domain is not set with {@code NAMESERVER_RESTRICTED} reservation type.
*/
public static ImmutableSet<String> getAllowedNameservers(InternetDomainName domainName) {
return getReservedListEntries(domainName.parts().get(0), domainName.parent().toString())
.stream()
.filter((entry) -> entry.reservationType == NAMESERVER_RESTRICTED)
.map(ReservedListEntry::getAllowedNameservers)
.reduce((types1, types2) -> Sets.intersection(types1, types2).immutableCopy())
.orElse(ImmutableSet.of());
}
/**
* Helper function to retrieve the entries associated with this label and TLD, or an empty set if
* no such entry exists.
@ -327,8 +257,7 @@ public final class ReservedList
"Could not parse line in reserved list: %s", originalLine);
String label = parts.get(0);
ReservationType reservationType = ReservationType.valueOf(parts.get(1));
String restrictions = (parts.size() > 2) ? parts.get(2) : null;
return ReservedListEntry.create(label, reservationType, restrictions, comment);
return ReservedListEntry.create(label, reservationType, comment);
}
@Override