From 0dc7ab99d76232ca70b09751b5ef9c3b035bed41 Mon Sep 17 00:00:00 2001
From: Weimin Yu <weiminyu@google.com>
Date: Tue, 25 Nov 2025 14:41:44 -0500
Subject: [PATCH] Update CreateCdnsTld command for RST Tests (#2891)

Add a flag indicating that a Sandbox TLD should use the production
servers.

No additional TLD name pattern checks. Cloud DNS has an allowlist for
names that may use production servers.

Also updated default descriptive name generation: dropping the trailing
'.', and replacing remaining dots with '_'.
---
 .../google/registry/tools/CreateCdnsTld.java  | 29 ++++++++++++---
 .../registry/tools/CreateCdnsTldTest.java     | 37 ++++++++++++++++++-
 2 files changed, 60 insertions(+), 6 deletions(-)

diff --git a/core/src/main/java/google/registry/tools/CreateCdnsTld.java b/core/src/main/java/google/registry/tools/CreateCdnsTld.java
index 0c8b66afd..8ab6bbc86 100644
--- a/core/src/main/java/google/registry/tools/CreateCdnsTld.java
+++ b/core/src/main/java/google/registry/tools/CreateCdnsTld.java
@@ -21,6 +21,8 @@ import com.beust.jcommander.Parameters;
 import com.google.api.services.dns.Dns;
 import com.google.api.services.dns.model.ManagedZone;
 import com.google.api.services.dns.model.ManagedZoneDnsSecConfig;
+import com.google.common.base.Joiner;
+import com.google.common.base.Splitter;
 import google.registry.config.RegistryConfig.Config;
 import jakarta.inject.Inject;
 import java.io.IOException;
@@ -52,6 +54,13 @@ final class CreateCdnsTld extends ConfirmingCommand {
       description = "In Sandbox, skip the dns_name format check.")
   boolean skipSandboxTldCheck;
 
+  @Parameter(
+      names = "--use_prod_name_servers_in_sandbox",
+      description =
+          "In Sandbox, create zone on the production name servers, e.g., for ICANN tests. "
+              + "Ignored in other environments.")
+  boolean useProdNameServersInSandbox;
+
   @Inject
   @Config("projectId")
   String projectId;
@@ -77,15 +86,25 @@ final class CreateCdnsTld extends ConfirmingCommand {
       }
     }
 
+    String nameServerSetName;
+    if (RegistryToolEnvironment.get().equals(RegistryToolEnvironment.PRODUCTION)) {
+      nameServerSetName = "cloud-dns-registry";
+    } else if (RegistryToolEnvironment.get().equals(RegistryToolEnvironment.SANDBOX)
+        && useProdNameServersInSandbox) {
+      nameServerSetName = "cloud-dns-registry";
+    } else {
+      nameServerSetName = "cloud-dns-registry-test";
+    }
+
     managedZone =
         new ManagedZone()
             .setDescription(description)
-            .setNameServerSet(
-                RegistryToolEnvironment.get() == RegistryToolEnvironment.PRODUCTION
-                    ? "cloud-dns-registry"
-                    : "cloud-dns-registry-test")
+            .setNameServerSet(nameServerSetName)
             .setDnsName(dnsName)
-            .setName((name != null) ? name : dnsName)
+            .setName(
+                (name != null)
+                    ? name
+                    : Joiner.on('_').join(Splitter.on('.').omitEmptyStrings().split(dnsName)))
             .setDnssecConfig(new ManagedZoneDnsSecConfig().setNonExistence("nsec").setState("on"));
   }
 
diff --git a/core/src/test/java/google/registry/tools/CreateCdnsTldTest.java b/core/src/test/java/google/registry/tools/CreateCdnsTldTest.java
index 4a36ff986..577ba410e 100644
--- a/core/src/test/java/google/registry/tools/CreateCdnsTldTest.java
+++ b/core/src/test/java/google/registry/tools/CreateCdnsTldTest.java
@@ -71,7 +71,7 @@ class CreateCdnsTldTest extends CommandTestCase<CreateCdnsTld> {
   void testNameDefault() throws Exception {
     runCommand("--dns_name=tld.", "--description=test run", "--force");
     ManagedZone zone = requestBody.getValue();
-    assertThat(zone).isEqualTo(createZone("cloud-dns-registry-test", "test run", "tld.", "tld."));
+    assertThat(zone).isEqualTo(createZone("cloud-dns-registry-test", "test run", "tld.", "tld"));
   }
 
   @Test
@@ -109,4 +109,39 @@ class CreateCdnsTldTest extends CommandTestCase<CreateCdnsTld> {
         "--description=test run",
         "--force");
   }
+
+  @Test
+  void testSandbox_defaultNameServer() throws Exception {
+    runCommandInEnvironment(
+        RegistryToolEnvironment.SANDBOX,
+        "--dns_name=abc.test.",
+        "--description=test run",
+        "--force");
+    ManagedZone zone = requestBody.getValue();
+    assertThat(zone.getNameServerSet()).isEqualTo("cloud-dns-registry-test");
+  }
+
+  @Test
+  void testSandbox_useProdNameServer() throws Exception {
+    runCommandInEnvironment(
+        RegistryToolEnvironment.SANDBOX,
+        "--use_prod_name_servers_in_sandbox",
+        "--dns_name=abc.test.",
+        "--description=test run",
+        "--force");
+    ManagedZone zone = requestBody.getValue();
+    assertThat(zone.getNameServerSet()).isEqualTo("cloud-dns-registry");
+  }
+
+  @Test
+  void testProdNameServerFlag_ignoredIfNotSandbox() throws Exception {
+    runCommandInEnvironment(
+        RegistryToolEnvironment.QA,
+        "--use_prod_name_servers_in_sandbox",
+        "--dns_name=abc.test.",
+        "--description=test run",
+        "--force");
+    ManagedZone zone = requestBody.getValue();
+    assertThat(zone.getNameServerSet()).isEqualTo("cloud-dns-registry-test");
+  }
 }