Note that the Bazel closure rules run the linter at head, while fixjs/cider/critique/etc run the released version, so they will complain about the formatting introduced by this CL until a new release is out.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=237358273
- Created configs for Proxy server, GKE, and terraform
- Created sans_list file for use with tarsier client
- Updated allowedClients in registry server
TODO: Update dr-bashrc to support crash environment
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=236659249
Changed the order of the create registrar form fields and updated the delegate email and country code labels to be more intuitive
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=236354256
This removes the "create Domain/Host/Contact" forms that were supposed to be used instead of regular EPPs for CC-TLD that wanted to support it.
We're removing it because we don't use it and want to reduce unneeded code for the registry 3.0 migration.
Also, this is a security risk, as it allowed to do "billable actions" (creating a new domain for example) with the only authentication being access to the registrar's G Suite account.
This bypassed the certificate, IP whitelist, and EPP password, which is bad.
PUBLIC:
Remove the web console EPP endpoint
This removes the "create Domain/Host/Contact" forms that were supposed to be used instead of regular EPPs for CC-TLD that wanted to support it.
We're removing it because we don't use it and want to reduce unneeded code for the registry 3.0 migration.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=236244195
Super users can look up auth info in Datastore or BigQuery backup anyway.
Requiring it only adds friction when using the super user extension, without
any additional security benefit.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=235786090
We set the initial value to the "icann referral email", but registrars can change it later if they want.
Although this value isn't strictly required, we assume it exists in the spec11 report.
Also changed the name of the contact email from "email" to "consoleUserEmail"
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=235734200
This CL fixes .bzl files to make them compatible with the next versions of Bazel. This is done by running the following command on all the .bzl files:
buildifier --lint=fix --warnings=attr-non-empty,attr-single-file,ctx-actions,output-group
More information: []
Tested:
tap_presubmit
Some tests failed; test failures are believed to be unrelated to this CL
BEGIN_PUBLIC
Internal cleanup
END_PUBLIC
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=235192309
We are moving toward using GitHub as the source of truth for the domain registry project (Nomulus). As such, the piper location will soon be deleted, along with it the terraform configs. These files are copied to the canonical location []
Note that the files under modules will still be present in the open source code base as it allows open source users to set up the project quickly. The files under envs are specific to each actual project and is removed entirely from the open source code (it was excluded by MOE before).
Some files are renamed to conform to the newly established terraform code style.
There was a remaining regarding using latchkey to set up IAM policies that I intend to punt for now. I imagine if we decide to use latchkey, it means that the IAM related terraform configs will be removed for the Annealing set up. However we would still like to leave that in the open source configs such that it still is a one-stop shop to set up your project.
The automation mode is set to DRYRUN so that there are no accidental changes to our projects during .dev launch. It will be changed back later.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=234838043
Otherwise, registrars will never receive a notification through EPP that a
domain has been synchronously deleted by us.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=234172289
This makes it consistent with the parameter of the same name on the tld commands.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=234148699
Icann reports have 3 parameter-provided injections:
- yearMonth
- subdir
- reportType
We move all of them away from the "inner classes" and only @Inject them in the Actions themselves.
This has 2 benefits:
- it's much clearer what all the parameter inputs of the Actions are
- the "inner injected classes" don't assume anything about the Action that uses them - they will work just as well for JSON actions as for "regular" actions.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=233625765
I should have caught this in the review, but [] is loading *ALL*
contacts individually from Datastore on every domain update. This will add a
large number of Datastore round trips and thus significantly reduce update
performance.
This CL changes the behavior to *ONLY* load contacts when there is a duplicate
(which is needed to determine the contact's display name to generate the error
message), and loads all of them in a single batch rather than individually.
This also makes some minor changes around domain getters returning empty sets
instead of null.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=233128140
This change also added a test to verify that EPP request to modify
both contacts and registrant at same time can be handled as expected.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=232935690
This is to remind the user that the function actually uses cache, and also
for naming consistency with EppResourceUtils.loadByForeignKeyCached().
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=232870846
We figure out the TLD state so that we properly check whether or not we can provision sunrise domains in that TLD. We also change the message slightly so that it's a bit more clear when we aren't in sunrise.
Note: it is deliberate that NAME_COLLISION reservations are provisionable in sunrise.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=232742813
The redacted text for the email field displays a longer prompt to
contact the registrar, per the request filed at b/123573370.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=232716133
We want to make it clear what query (or POST) inputs the user needs to / can give for each Action. That means moving all the @Injects of these parameters to the Actions themselves instead of injecting them in "hidden" indirect dependencies.
This has the extra benefit of allowing these indirect dependencies to work for JSON Actions as well, since the "regular" way we @Inject parameters can corrupt the POST JSON data.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=232540758
These files will have errors later when we run the Google Java Format plugin over their entirety (e.g. a situation where fixed indentation leads to a line that's longer than 100 characters). It's simpler to fix them now so we won't have to fix them later.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=232353791
Right now it's logging the raw bytes, which look like:
response data: [65, 117, 116, 104, 111, 114, 105, 122, 97, 116, 105, 111, 110, 32, 114, 101, 113, 117, 105, 114, 101, 100]
We'd rather convert it to ASCII characters (what the NORDN service uses) before
logging it, so that it'd instead look like:
response data: Authorization required
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=231998658
The daily template is the only one that needs it but we can always pass it in without issue.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=231295089
This should have been deleted in [] when the underlying entity was
deleted, but it was missed. It's been a no-op since then. This is just cleanup.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=231293033
This code was never finished or fully working anyway. It would require
substantial reworking for the Registry 3.0 migration because it's closely tied
to the Datastore model and App Engine MapReduce framework, both of which will be
going away. We can bring back some of these deleted test files as necessary
if/when we rewrite RDE import for the new schema.
On the plus side, in a relational database, RDE import will be much simpler.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=231265578
They are passed around in the format username:password, whereas just saying
"login" implies it's just a username and not necessarily also a secret
password. Putting password in the variable name makes it obvious what this is
and reduces the likelihood of anyone ever logging it or otherwise using it
inappropriately.
Note that this does not require data migrations as the actual key used to store
the data in KMS remains unchanged.
This is a follow-up to []
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=231253964
This will help us to debug the current MarksDB issue. This also throws an explicit error earlier when attempting to connect to MarksDB without login credentials being specified, which we know will fail.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=231236317
We now display the results of each check in addition to the overall result.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=231051913
The most common issues were:
* Arrays.asList() shouldn't be called with a single parameter.
* Broken Javadoc @links.
* Unnecessary casts and type declarations.
* Unnecessary unused variable initializations.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=230994311
Most common:
- Unnecessary parentheses and operator precedence clarify (self-explanatory)
- Reference equality--there were a few instances of using == or != improperly
- Qualification of Builder (and similar) imports so that it's clear which type of Builder we're referring to
- Marking some immutable classes with @Immutable since EP desires that all enums be deeply immutable
- String.split() having "surprising behavior"
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=230971531
This view used to point to the latest datastore backup
using the deprecated export mechanism, which has been
disabled. We will point this view to the new backups.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=230930872
This eliminates the use of Objectify polymorphism for EPP resources entirely
(yay!), which makes the Registry 3.0 database migration easier.
It is unfortunate that the naming parallelism of EppResources is lost between
ContactResource, HostResource, and DomainResource, but the actual type as far as
Datastore was concerned was DomainBase all along, and it would be a much more
substantial data migration to allow us to continue using the class name
DomainResource now that we're no longer using Objectify polymorphism. This
simply isn't worth it.
This also removes the polymorphic Datastore indexes (which will no longer
function as of this change). The non-polymorphic replacement indexes were added
in []
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=230930546
This is currently erroring out on entities that fail to load properly through Objectify (e.g. because their entity type is no longer registered). The proper thing to do is to catch the error, log it, and fall back to the raw Datastore operation, which will succeed.
The exact Exception this is designed to catch is:
com.google.apphosting.runtime.jetty9.JettyLogger warn: /_dr/admin/deleteEntity (JettyLogger.java:29)
java.lang.IllegalStateException: No registered subclass for discriminator 'DomainApplication'
at com.googlecode.objectify.v4.impl.PolymorphicEntityMetadata.getConcrete(PolymorphicEntityMetadata.java:133)
at com.googlecode.objectify.v4.impl.PolymorphicEntityMetadata.load(PolymorphicEntityMetadata.java:164)
at com.googlecode.objectify.v4.impl.LoadEngine.load(LoadEngine.java:220)
at com.googlecode.objectify.v4.impl.LoadEngine$1.nowUncached(LoadEngine.java:178)
at com.googlecode.objectify.v4.impl.LoadEngine$1.nowUncached(LoadEngine.java:164)
at com.googlecode.objectify.v4.util.ResultCache.now(ResultCache.java:30)
at com.googlecode.objectify.v4.impl.Round$1.nowUncached(Round.java:73)
at com.googlecode.objectify.v4.util.ResultCache.now(ResultCache.java:30)
at com.googlecode.objectify.v4.LoadResult.now(LoadResult.java:25)
at google.registry.tools.server.DeleteEntityAction.loadOfyEntity(DeleteEntityAction.java:103)
at google.registry.tools.server.DeleteEntityAction.run(DeleteEntityAction.java:74)
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=230737553
These indxes do not include the ^i field like the current ones do.
We'll need these so that we can properly index into the DomainBase entities once
DomainResource is merged into them (which will cause us to lose the value of the
^i field).
The migration plan is to push next week's release with these new indexes, then
run the re-save all EPP resources action to populate them, and then eventually
remove the ^i versions of the indexes, retaining only these newly added ones,
once the DomainBase/DomainResource merge is accomplished.
TESTED=Deployed to alpha, ran the re-save all EPP resources mapreduce, and
verified that the new indexes were populated.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=229992464
For now, it only displays a status of "Passed: true|false" or an error message in simple text. In further work we will make the UI nicer.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=229971564
Remove the GoogleInternal designator on the premium/reserved list tests, move
the lists themselves under the config/files directory, and fix all of the
surrounding infrastructure.
The lists do not get exported. Only the "example.txt" list does, allowing the
test to function on the open source build.
TESTED:
Verified that the gradle build works and that only the example.txt file is exported.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=229940659
There was no reason to have several different modules all providing a single
thing. This approach, which creates a single UtilsModule for everything in the
util package, is cleaner. This also removes provisioning of Random and
StringGenerator objects in RegistryConfig.ConfigModule, which don't belong
there because they aren't configuration options.
This also removes insecure random entirely; it was only used in a
single place to generate 24 bytes a couple times per day. We can live with the
lower speed if it means we don't have to worry about multiple types of Random,
or possibly using an insecure random accidentally in a place that security
actually does matter.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=229751915
This console is only to be used by Admins (either GAE admins for this project, or Support accounts). It is for "internal" use only, not for use by the registrars themselves.
To prevent abuse, the registrar is created in a non-functional PENDING state and can only be made functional from the nomulus shell tool.
While in "PENDING" state, the registrar can be updated from the registrar-console by admins.
Also - moving all the web consoles to the same directory (moving the otesetup/* files into registrar/)
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=229681011
Currently, the TLD is a "hidden" part of the metric - we record it, but by looking at the call site you can't see that we record it.
Also, it's injected from the query / POST parameter, so we might not even be aware of what the value is and it might not be the value we wanted.
Instead, making it explicit in the Metric call. That way it's also more similar to the "logging" statements that record the same data but have to explicitly output the TLD.
It also makes the tests better, as we test that we indeed record the correct TLD
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=229550115
This removes the configuration ability on both Registry and Registrar entities
to allow operations on premium domains to succeed without acking the fees using
the fee extension. We only ever used this ability during the minna launch, and
it was a fiasco. We have no intention of ever allowing creation, renewal,
transfer, restoring, etc. of premium domains without acking the fees ever again,
and haven't done so since 2013, so removing this ability allows us to simplify
our code, data model, and tests.
Note that all TLDs in our production system currently require price ACKing
anyway, so from an external partner perspective this commit is a noop.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=229423650
