1) Clean up alpha config to only allow alpha proxy, removing test proxy client id.
2) Add sandbox service account client id to sandbox config.
3) Add sandbox config to nomulus and proxy, remove TEST environment, which is not being used anymore. (Test now uses LOCAL.)
4) Add sandbox kubenetes config
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=193400909
1) Change annealing target to watch for sandbox terraform config instead of test.
2) Delete terraform config for test project, as this project will be turned down.
3) Do not ask annealing to watch for alpha project terraform config, as we intend to change alpha regularly and manually.
4) Make terraform output display both service account email and client id.
5) Change canary node ports to 3100X, as 4000X is out of range for kubernetes.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=193383457
Canary proxies are not receiving real traffic but can be useful when testing Nomulus deployment (probers will probe canary proxy and compare metrics with production proxy). This CL added a separate load balancer for a canary proxy, running on the same clusters as production proxy.
The canary proxies have their own IP addresses, but are not assigned domain names. Probers will directly connect to these endpoints by IP.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=193234937
This gets around a bug in Spinnaker where the namespace, if missing in the manifest, is set to "spinnaker".
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=192825895
This allows a registrar to check domain availability even if the fee extension is not set. To obtain the premium price or create the domain, the fee extension is still needed.
PS: I believe the previous tests are erroneous anyway. It is the presence of fee extensions in the check request that we were looking for. Checking if the extension is declared during login has no bearing on the results.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=192778137
Five per minute just isn't working well enough on environments with lots of
entities (e.g. alpha and sandbox right now), and there doesn't seem to be a
real need to enforce such a low throttle. The mapreduce queue, for instance,
has 500/s (effectively no throttle).
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=192474962
The optional code has been around for a while, we can get rid of it now.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=192344612
Because of the objectify cache, after the first "read, change, write" of the
first mutation - the second mutation would "read" the original value, which
would then fail to be written with the error "Entity changed since init()".
This was specifically seen in the "UpdateRegistrarCommand", but likely affected
other commands as well.
Clearing the cache before each command solves this issue.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=192328213
This hard-deletes all contacts and hosts owned by a specific set of registrar
client IDs, currently just "proxy".
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=192325211
This makes them consistent with every other command, which uses the format
verb_noun.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=192301468
This also removes RDE tasks that shouldn't/can't run on non-production environments, like upload/reporting.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=192177779
This is in preparation for merging and then removing
RegistrarPremiumPriceAckAction.
This includes:
test that the data the UI sent isn't stale
---------------------------------------------
Our system is "read, modify, write". However, if between the "read" and the "write" someone else changed the registry, my write will undo their change even if I didn't touch any of their fields.
To solve that - we use the "lastUpdateTime" timestamp of the registrar. the UI reads it with the rest of the data, and sends it back on "write". We will now make sure the registrar currently in datastore has the same timestamp.
support premium-price-ack flag
---------------------------------
Add support for reading and writing this flag. We still won't be using it - that's in a followup CL, but we support it.
support changing the URL
------------------------
Add changing the URL in the UI, under the "whois" section
Will replace the Ack endpoint with this (and remove that endpoint) in a followup CL
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=192154078
This is accomplished by making all non-mutating commands function with dry run set
to true, which also has the pleasurable side effect of not prompting for dry-run
mutating commands either, which also do nothing different/special on the second
run.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=192149150
We don't want people to accidentally run commands on prod thinking they were on
Alpha / Sandbox.
To do that - we add 2 safeguards:
1) when on prod, the shell has a strong RED "PRODUCTION" in the commandline, while on alpha/sandbox it's green.
2) if a prod shell is idle for > 1h, it exits. So don't accidentally use a prod shell from a long time ago.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=191931731
Currently the example whitelist IP is 1.1.1.1/24, which is illegal. Changed to
1.1.1.0/24, which is legal
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=191900036
After writing a flag on the shell, pressing "tab" will print out the
documentation for that flag.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=191899137
This allows us to not ship the proxy with certificates/private keys. The secret is still encrypted by KMS. Reading the secret only happens once when the first EPP request comes in, which should not incur any tangible performance penalty.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=191771680
This allows us to not obtain a certificate and encrypt it with KMS when running the proxy locally during development.
Also updated FOSS build dagger version.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=191746309
The registrar security console failed because it assumed the email is a
required field for the registrar, but it isn't (at least - create_registrar
doesn't require an email, and update_registrar lets you remove the email).
Fixed by allowing it to *remain* unset if it was unset originally, but if it was set - it's required.
There are more fixes needed, but they aren't related to the email, so they will wait for the next CL
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=191623034
This also reduces the interval of the commitLogCheckpoint cron job to once
every three minutes, as this job needs to load all commit log bucket entities.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=191613858
Even though you couldn't run a "shell" inside a "shell", the completion still
assumed you could :(
On the way - fixing error on empty lines: when you just press "enter", the shell should ignore it rather than try to run it as a command (and getting an error, obviously)
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=191605029
For some reason the auto-formatting didn't happen when these files are first checked in.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=191589487
This should prevent having issues with hot key paths on entities that
experience a heavy WHOIS volume (e.g. contacts that registrars reuse on
many domains).
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=191506124
Using the jline open-source library.
We save the history between invocations to ~/.nomulus_history
We add some simple completions:
- first argument completes to command name
- all other arguments complete to the command parameters, or filename
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=191501023
When running create_cdns_tld in "production" mode, specify the Cloud DNS
production namespace instead of the staging namespace.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=191451390
Also increases the number of commit log buckets on alpha to 397 and correspondingly
reduces the frequency of commit log diff exporting to once every 3 minutes.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=191440586
JCommander doesn't seem to reset objects when it populates them with data from
an argument list during command processing, so recreate the command objects
every time we do a run().
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=191332392
These servlets are converted to actions during daggerization. Calling them servers are misleading.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=190942237
Before this change the output looks like this:
registrar1 - Num actions: 93 - Reqs passed: 16/16 - Overall: PASS
registrar2 - Num actions: 47 - Reqs passed: 6/16 - Overall: FAIL
After this change the output looks like this:
registrar1 - # actions: 93 - Reqs: [----------------] 16/16 - Overall: PASS
registrar2 - # actions: 47 - Reqs: [...--.-...-...--] 6/16 - Overall: FAIL
The status of each test is displayed as a hyphen (passing) or a period (failing),
and the tests are always displayed in the same order so it's easier to get an overall
view of whether registrars are struggling with the same tests.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=190776935
Caching turns out to be an anti-pattern for the console. If we use it, changes from the user just get obliterated by the older, cached version the next time the console refreshes (and it happens to refresh after every update). Caching is also not very useful here, as the amount of database access driven by the console is very small.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=190650931
With terraform (https://terraform.io) we can convert most of the infrastructure setup into code. This simplifies setting up a new proxy as well as providing reproducibility in the setup, eliminating human errors as much as possible.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=190634711
Datastore has a non-zero chance of failing on reads. A map-reduce with too many
failures will eventually give up. As a result, any map-reduce that goes over a
large number of datastore entities is almost guaranteed to fail.
Since we expect to have a large number of EppResources, we make sure to wrap
all datastore reads with some retrying mechanism to reduce the number of
transient failures that propagate to Map-Reduce.
This feature already existed for CommitLogManifestReader, we refactor the code to use the same retrying mechanism in EppResource readers.
Also removed the transactNew around the reads because looking at the source - it doesn't actually do anything we need (doesn't retry on any failure other than concurrency failure)
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=190633281
We already have verifications that a domain application was created in sunrise
- which checks for end-date sunrise. Start-date sunrise has checks that a
domain (not application) was created. There's no need to specifically check for
a signed mark, since a successful domain create during sunrise must have a
signed mark in it.
Also removed the requirement for end-date sunrise / landrush testing.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=190551080
