From 4e013603bea5fe686a423a2311afea4715abee5d Mon Sep 17 00:00:00 2001 From: Lai Jiang Date: Thu, 22 Aug 2024 09:10:56 -0400 Subject: [PATCH] Make GKE networking work more properly (#2531) --- build.gradle | 1 + .../registry/config/RegistryConfig.java | 18 +- .../config/RegistryConfigSettings.java | 3 +- .../registry/config/files/default-config.yaml | 23 ++- .../google/registry/dns/RefreshDnsAction.java | 2 +- .../env/common/backend/WEB-INF/web.xml | 2 +- .../registry/module/RegistryComponent.java | 4 +- .../registry/module/RequestComponent.java | 28 +-- .../frontend/FrontendRequestComponent.java | 4 +- .../java/google/registry/request/Action.java | 45 ++++- .../registry/request/RequestHandler.java | 24 ++- .../registry/request/RouterDisplayHelper.java | 26 ++- .../registry/request/auth/AuthModule.java | 45 +++-- .../OidcTokenAuthenticationMechanism.java | 61 +++---- .../ui/server/console/ConsoleApiAction.java | 1 - .../ConsoleApiParams.java | 2 +- .../console/ConsoleDomainGetAction.java | 3 +- .../console/ConsoleDomainListAction.java | 3 +- .../console/ConsoleDumDownloadAction.java | 3 +- .../console/ConsoleEppPasswordAction.java | 3 +- .../ConsoleModule.java} | 6 +- .../console/ConsoleRegistryLockAction.java | 3 +- .../ConsoleRegistryLockVerifyAction.java | 3 +- .../console/ConsoleUpdateRegistrarAction.java | 3 +- .../server/console/ConsoleUserDataAction.java | 3 +- .../ui/server/console/RegistrarsAction.java | 3 +- .../console/settings/ContactAction.java | 4 +- .../console/settings/SecurityAction.java | 4 +- .../settings/WhoisRegistrarFieldsAction.java | 4 +- .../registrar/RegistryLockGetAction.java | 2 +- .../registry/module/RequestComponentTest.java | 52 ++++-- .../registry/request/RequestHandlerTest.java | 1 + .../OidcTokenAuthenticationMechanismTest.java | 35 ++-- .../testing/ConsoleApiParamsUtils.java | 2 +- .../console/ConsoleDomainGetActionTest.java | 1 - .../console/ConsoleDomainListActionTest.java | 1 - .../console/ConsoleDumDownloadActionTest.java | 1 - .../console/ConsoleEppPasswordActionTest.java | 4 +- .../ConsoleRegistryLockActionTest.java | 1 - .../ConsoleRegistryLockVerifyActionTest.java | 1 - .../ConsoleUpdateRegistrarActionTest.java | 4 +- .../console/ConsoleUserDataActionTest.java | 1 - .../server/console/RegistrarsActionTest.java | 4 +- .../console/settings/ContactActionTest.java | 6 +- .../console/settings/SecurityActionTest.java | 6 +- .../WhoisRegistrarFieldsActionTest.java | 6 +- .../module/backend/backend_routing.txt | 76 ++++---- .../registry/module/bsa/bsa_routing.txt | 10 +- .../module/frontend/frontend_routing.txt | 44 ++--- .../registry/module/pubapi/pubapi_routing.txt | 26 +-- .../google/registry/module/routing.txt | 168 +++++++++--------- .../registry/module/tools/tools_routing.txt | 28 +-- jetty/build.gradle | 2 +- jetty/deploy-nomulus-for-env.sh | 24 ++- jetty/kubernetes/gateway/nomulus-gateway.yaml | 17 ++ .../gateway/nomulus-route-backend.yaml | 47 +++++ .../nomulus-route-console.yaml} | 36 ++-- .../gateway/nomulus-route-frontend.yaml | 35 ++++ .../gateway/nomulus-route-pubapi.yaml | 44 +++++ jetty/kubernetes/nomulus-backend.yaml | 60 +++++++ jetty/kubernetes/nomulus-console.yaml | 60 +++++++ ...-deployment.yaml => nomulus-frontend.yaml} | 40 +++-- jetty/kubernetes/nomulus-pubapi.yaml | 60 +++++++ jetty/kubernetes/nomulus-service.yaml | 22 --- projects.gradle | 6 + 65 files changed, 842 insertions(+), 425 deletions(-) rename core/src/main/java/google/registry/ui/server/{registrar => console}/ConsoleApiParams.java (96%) rename core/src/main/java/google/registry/ui/server/{registrar/RegistrarConsoleModule.java => console/ConsoleModule.java} (98%) create mode 100644 jetty/kubernetes/gateway/nomulus-gateway.yaml create mode 100644 jetty/kubernetes/gateway/nomulus-route-backend.yaml rename jetty/kubernetes/{nomulus-gateway.yaml => gateway/nomulus-route-console.yaml} (53%) create mode 100644 jetty/kubernetes/gateway/nomulus-route-frontend.yaml create mode 100644 jetty/kubernetes/gateway/nomulus-route-pubapi.yaml create mode 100644 jetty/kubernetes/nomulus-backend.yaml create mode 100644 jetty/kubernetes/nomulus-console.yaml rename jetty/kubernetes/{nomulus-deployment.yaml => nomulus-frontend.yaml} (72%) create mode 100644 jetty/kubernetes/nomulus-pubapi.yaml delete mode 100644 jetty/kubernetes/nomulus-service.yaml diff --git a/build.gradle b/build.gradle index bdaf9431f..17af9e867 100644 --- a/build.gradle +++ b/build.gradle @@ -119,6 +119,7 @@ if (environment == '') { rootProject.ext.environment = environment rootProject.ext.gcpProject = gcpProject +rootProject.ext.baseDomain = baseDomains[environment] rootProject.ext.prodOrSandboxEnv = environment in ['production', 'sandbox'] // Function to verify that the deployment parameters have been set. diff --git a/core/src/main/java/google/registry/config/RegistryConfig.java b/core/src/main/java/google/registry/config/RegistryConfig.java index 6fd282867..d26d6f32d 100644 --- a/core/src/main/java/google/registry/config/RegistryConfig.java +++ b/core/src/main/java/google/registry/config/RegistryConfig.java @@ -119,6 +119,18 @@ public final class RegistryConfig { return config.gcpProject.projectIdNumber; } + @Provides + @Config("backendServiceIds") + public static Map provideBackendServiceIds(RegistryConfigSettings config) { + return config.gcpProject.backendServiceIds; + } + + @Provides + @Config("baseDomain") + public static String provideBaseDomain(RegistryConfigSettings config) { + return config.gcpProject.baseDomain; + } + @Provides @Config("locationId") public static String provideLocationId(RegistryConfigSettings config) { @@ -1259,12 +1271,6 @@ public final class RegistryConfig { return config.auth.oauthClientId; } - @Provides - @Config("fallbackOauthClientId") - public static String provideFallbackOauthClientId(RegistryConfigSettings config) { - return config.auth.fallbackOauthClientId; - } - /** * Provides the OAuth scopes required for accessing Google APIs using the default credential. */ diff --git a/core/src/main/java/google/registry/config/RegistryConfigSettings.java b/core/src/main/java/google/registry/config/RegistryConfigSettings.java index 2385851ab..781eba482 100644 --- a/core/src/main/java/google/registry/config/RegistryConfigSettings.java +++ b/core/src/main/java/google/registry/config/RegistryConfigSettings.java @@ -56,13 +56,14 @@ public class RegistryConfigSettings { public String bsaServiceUrl; public String toolsServiceUrl; public String pubapiServiceUrl; + public Map backendServiceIds; + public String baseDomain; } /** Configuration options for authenticating users. */ public static class Auth { public List allowedServiceAccountEmails; public String oauthClientId; - public String fallbackOauthClientId; } /** Configuration options for accessing Google APIs. */ diff --git a/core/src/main/java/google/registry/config/files/default-config.yaml b/core/src/main/java/google/registry/config/files/default-config.yaml index 1c5ddc104..906a9f1f8 100644 --- a/core/src/main/java/google/registry/config/files/default-config.yaml +++ b/core/src/main/java/google/registry/config/files/default-config.yaml @@ -1,5 +1,5 @@ # This is the default configuration file for Nomulus. Do not make changes to it -# unless you are writing new features that requires you to. To customize an +# unless you are writing new features that require you to. To customize an # individual deployment or environment, create a nomulus-config.yaml file in the # WEB-INF/ directory overriding only the values you wish to change. You may need # to override some of these values to configure and enable some services used in @@ -24,6 +24,17 @@ gcpProject: toolsServiceUrl: https://tools.example.com pubapiServiceUrl: https://pubapi.example.com + # The backend service IDs created when setting up GKE routes. They will be included in the + # audience field in the JWT that IAP creates. + # See: https://cloud.google.com/iap/docs/signed-headers-howto#verifying_the_jwt_payload + backendServiceIds: + frontend: 12345 + backend: 12345 + pubapi: 12345 + console: 12345 + + # The base domain name of the registry service. Services are reachable at [service].baseDomain. + baseDomain: registry.test gSuite: # Publicly accessible domain name of the running G Suite instance. @@ -328,25 +339,21 @@ caching: # Note: Only allowedServiceAccountEmails and oauthClientId should be configured. # Other fields are related to OAuth-based authentication and will be removed. auth: - # Service accounts (e.g. default service account, account used by Cloud + # Service accounts (e.g., default service account, account used by Cloud # Scheduler) allowed to send authenticated requests. allowedServiceAccountEmails: - default-service-account-email@email.com - cloud-scheduler-email@email.com # OAuth 2.0 client ID that will be used as the audience in OIDC ID tokens sent - # from clients (e.g. proxy, nomulus tool, cloud tasks) for authentication. The + # from clients (e.g., proxy, nomulus tool, cloud tasks) for authentication. The # same ID is the only one accepted by the regular OIDC or IAP authentication - # mechanisms. In most cases we should use the client ID created for IAP here, + # mechanisms. In most cases, we should use the client ID created for IAP here, # as it allows requests bearing a token with this audience to be accepted by # both IAP or regular OIDC. The clientId value in proxy config file should be # the same as this one. oauthClientId: iap-oauth-clientid - # Same as above, but serve as a fallback, so we can switch the client ID of - # the proxy without downtime. - fallbackOauthClientId: fallback-oauth-clientid - credentialOAuth: # OAuth scopes required for accessing Google APIs using the default # credential. diff --git a/core/src/main/java/google/registry/dns/RefreshDnsAction.java b/core/src/main/java/google/registry/dns/RefreshDnsAction.java index ac09fd764..3f55ba0f1 100644 --- a/core/src/main/java/google/registry/dns/RefreshDnsAction.java +++ b/core/src/main/java/google/registry/dns/RefreshDnsAction.java @@ -36,7 +36,7 @@ import javax.inject.Inject; /** Action that manually triggers refresh of DNS information. */ @Action( service = Action.Service.BACKEND, - path = "/_dr/dnsRefresh", + path = "/_dr/task/dnsRefresh", automaticallyPrintOk = true, auth = Auth.AUTH_ADMIN) public final class RefreshDnsAction implements Runnable { diff --git a/core/src/main/java/google/registry/env/common/backend/WEB-INF/web.xml b/core/src/main/java/google/registry/env/common/backend/WEB-INF/web.xml index 9ef086254..34a3e65ee 100644 --- a/core/src/main/java/google/registry/env/common/backend/WEB-INF/web.xml +++ b/core/src/main/java/google/registry/env/common/backend/WEB-INF/web.xml @@ -165,7 +165,7 @@ backend-servlet - /_dr/dnsRefresh + /_dr/task/dnsRefresh diff --git a/core/src/main/java/google/registry/module/RegistryComponent.java b/core/src/main/java/google/registry/module/RegistryComponent.java index f131ba878..ff515b89f 100644 --- a/core/src/main/java/google/registry/module/RegistryComponent.java +++ b/core/src/main/java/google/registry/module/RegistryComponent.java @@ -102,9 +102,11 @@ interface RegistryComponent { class RegistryModule { @Provides static RequestHandler provideRequestHandler( + @Config("baseDomain") String baseDomain, Provider componentProvider, RequestAuthenticator requestAuthenticator) { - return RequestHandler.create(RequestComponent.class, componentProvider, requestAuthenticator); + return RequestHandler.create( + RequestComponent.class, baseDomain, componentProvider, requestAuthenticator); } } } diff --git a/core/src/main/java/google/registry/module/RequestComponent.java b/core/src/main/java/google/registry/module/RequestComponent.java index 0f4f1ff72..dc1e0bf2b 100644 --- a/core/src/main/java/google/registry/module/RequestComponent.java +++ b/core/src/main/java/google/registry/module/RequestComponent.java @@ -113,6 +113,7 @@ import google.registry.ui.server.console.ConsoleDomainGetAction; import google.registry.ui.server.console.ConsoleDomainListAction; import google.registry.ui.server.console.ConsoleDumDownloadAction; import google.registry.ui.server.console.ConsoleEppPasswordAction; +import google.registry.ui.server.console.ConsoleModule; import google.registry.ui.server.console.ConsoleRegistryLockAction; import google.registry.ui.server.console.ConsoleRegistryLockVerifyAction; import google.registry.ui.server.console.ConsoleUpdateRegistrarAction; @@ -121,15 +122,6 @@ import google.registry.ui.server.console.RegistrarsAction; import google.registry.ui.server.console.settings.ContactAction; import google.registry.ui.server.console.settings.SecurityAction; import google.registry.ui.server.console.settings.WhoisRegistrarFieldsAction; -import google.registry.ui.server.registrar.ConsoleOteSetupAction; -import google.registry.ui.server.registrar.ConsoleRegistrarCreatorAction; -import google.registry.ui.server.registrar.ConsoleUiAction; -import google.registry.ui.server.registrar.OteStatusAction; -import google.registry.ui.server.registrar.RegistrarConsoleModule; -import google.registry.ui.server.registrar.RegistrarSettingsAction; -import google.registry.ui.server.registrar.RegistryLockGetAction; -import google.registry.ui.server.registrar.RegistryLockPostAction; -import google.registry.ui.server.registrar.RegistryLockVerifyAction; import google.registry.whois.WhoisAction; import google.registry.whois.WhoisHttpAction; import google.registry.whois.WhoisModule; @@ -142,6 +134,7 @@ import google.registry.whois.WhoisModule; BillingModule.class, CheckApiModule.class, CloudDnsWriterModule.class, + ConsoleModule.class, CronModule.class, CustomLogicModule.class, DnsCountQueryCoordinatorModule.class, @@ -154,7 +147,6 @@ import google.registry.whois.WhoisModule; LoadTestModule.class, RdapModule.class, RdeModule.class, - RegistrarConsoleModule.class, ReportingModule.class, RequestModule.class, SheetModule.class, @@ -186,16 +178,10 @@ interface RequestComponent { ConsoleEppPasswordAction consoleEppPasswordAction(); - ConsoleOteSetupAction consoleOteSetupAction(); - - ConsoleRegistrarCreatorAction consoleRegistrarCreatorAction(); - ConsoleRegistryLockAction consoleRegistryLockAction(); ConsoleRegistryLockVerifyAction consoleRegistryLockVerifyAction(); - ConsoleUiAction consoleUiAction(); - ConsoleUpdateRegistrarAction consoleUpdateRegistrarAction(); ConsoleUserDataAction consoleUserDataAction(); @@ -254,8 +240,6 @@ interface RequestComponent { NordnVerifyAction nordnVerifyAction(); - OteStatusAction oteStatusAction(); - PublishDnsUpdatesAction publishDnsUpdatesAction(); PublishInvoicesAction uploadInvoicesAction(); @@ -296,16 +280,8 @@ interface RequestComponent { RefreshDnsOnHostRenameAction refreshDnsOnHostRenameAction(); - RegistrarSettingsAction registrarSettingsAction(); - RegistrarsAction registrarsAction(); - RegistryLockGetAction registryLockGetAction(); - - RegistryLockPostAction registryLockPostAction(); - - RegistryLockVerifyAction registryLockVerifyAction(); - RelockDomainAction relockDomainAction(); ResaveAllEppResourcesPipelineAction resaveAllEppResourcesPipelineAction(); diff --git a/core/src/main/java/google/registry/module/frontend/FrontendRequestComponent.java b/core/src/main/java/google/registry/module/frontend/FrontendRequestComponent.java index 850fddc81..50d78ce08 100644 --- a/core/src/main/java/google/registry/module/frontend/FrontendRequestComponent.java +++ b/core/src/main/java/google/registry/module/frontend/FrontendRequestComponent.java @@ -29,6 +29,7 @@ import google.registry.ui.server.console.ConsoleDomainGetAction; import google.registry.ui.server.console.ConsoleDomainListAction; import google.registry.ui.server.console.ConsoleDumDownloadAction; import google.registry.ui.server.console.ConsoleEppPasswordAction; +import google.registry.ui.server.console.ConsoleModule; import google.registry.ui.server.console.ConsoleRegistryLockAction; import google.registry.ui.server.console.ConsoleRegistryLockVerifyAction; import google.registry.ui.server.console.ConsoleUpdateRegistrarAction; @@ -41,7 +42,6 @@ import google.registry.ui.server.registrar.ConsoleOteSetupAction; import google.registry.ui.server.registrar.ConsoleRegistrarCreatorAction; import google.registry.ui.server.registrar.ConsoleUiAction; import google.registry.ui.server.registrar.OteStatusAction; -import google.registry.ui.server.registrar.RegistrarConsoleModule; import google.registry.ui.server.registrar.RegistrarSettingsAction; import google.registry.ui.server.registrar.RegistryLockGetAction; import google.registry.ui.server.registrar.RegistryLockPostAction; @@ -54,7 +54,7 @@ import google.registry.ui.server.registrar.RegistryLockVerifyAction; BatchModule.class, DnsModule.class, EppTlsModule.class, - RegistrarConsoleModule.class, + ConsoleModule.class, RequestModule.class, WhiteboxModule.class, }) diff --git a/core/src/main/java/google/registry/request/Action.java b/core/src/main/java/google/registry/request/Action.java index 6ae95bd41..b213895c9 100644 --- a/core/src/main/java/google/registry/request/Action.java +++ b/core/src/main/java/google/registry/request/Action.java @@ -14,6 +14,8 @@ package google.registry.request; +import static com.google.common.base.Preconditions.checkState; + import google.registry.request.auth.Auth; import java.lang.annotation.ElementType; import java.lang.annotation.Retention; @@ -36,7 +38,6 @@ public @interface Action { BACKEND("backend"), PUBAPI("pubapi"); - private final String serviceId; Service(String serviceId) { @@ -49,9 +50,33 @@ public @interface Action { } } + enum GkeService { + // This designation means that it defers to the GAE service, so we don't have to annotate EVERY + // action during the GKE migration. + SAME_AS_GAE("same_as_gae"), + FRONTEND("frontend"), + BACKEND("backend"), + PUBAPI("pubapi"), + CONSOLE("console"); + + private final String serviceId; + + GkeService(String serviceId) { + this.serviceId = serviceId; + } + + public String getServiceId() { + checkState(this != SAME_AS_GAE, "Cannot get service Id for SAME_AS_GAE"); + return serviceId; + } + } + /** Which App Engine service this action lives on. */ Service service(); + /** Which GKE service this action lives on. */ + GkeService gkeService() default GkeService.SAME_AS_GAE; + /** HTTP path to serve the action from. The path components must be percent-escaped. */ String path(); @@ -72,4 +97,22 @@ public @interface Action { /** Authentication settings. */ Auth auth(); + + // TODO(jianglai): Use Action.gkeService() directly once we are off GAE. + class ServiceGetter { + public static GkeService get(Action action) { + GkeService service = action.gkeService(); + if (service != GkeService.SAME_AS_GAE) { + return service; + } + Service gaeService = action.service(); + return switch (gaeService) { + case DEFAULT -> GkeService.FRONTEND; + case BACKEND -> GkeService.BACKEND; + case TOOLS -> GkeService.BACKEND; + case BSA -> GkeService.BACKEND; + case PUBAPI -> GkeService.PUBAPI; + }; + } + } } diff --git a/core/src/main/java/google/registry/request/RequestHandler.java b/core/src/main/java/google/registry/request/RequestHandler.java index f1609321c..e81efe95e 100644 --- a/core/src/main/java/google/registry/request/RequestHandler.java +++ b/core/src/main/java/google/registry/request/RequestHandler.java @@ -22,14 +22,17 @@ import static jakarta.servlet.http.HttpServletResponse.SC_METHOD_NOT_ALLOWED; import static jakarta.servlet.http.HttpServletResponse.SC_NOT_FOUND; import com.google.common.flogger.FluentLogger; +import google.registry.request.Action.GkeService; import google.registry.request.auth.AuthResult; import google.registry.request.auth.RequestAuthenticator; import google.registry.util.NonFinalForTesting; +import google.registry.util.RegistryEnvironment; import google.registry.util.SystemClock; import google.registry.util.TypeUtils.TypeInstantiator; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import java.io.IOException; +import java.util.Objects; import java.util.Optional; import javax.annotation.Nullable; import javax.inject.Provider; @@ -69,6 +72,7 @@ public class RequestHandler { private static final FluentLogger logger = FluentLogger.forEnclosingClass(); private final Router router; + @Nullable private final String baseDomain; private final Provider> requestComponentBuilderProvider; private final RequestAuthenticator requestAuthenticator; private final SystemClock clock = new SystemClock(); @@ -91,22 +95,22 @@ public class RequestHandler { protected RequestHandler( Provider> requestComponentBuilderProvider, RequestAuthenticator requestAuthenticator) { - this(null, requestComponentBuilderProvider, requestAuthenticator); + this(null, null, requestComponentBuilderProvider, requestAuthenticator); } /** Creates a new RequestHandler with an explicit component class for test purposes. */ public static RequestHandler create( Class component, + @Nullable String baseDomain, Provider> requestComponentBuilderProvider, RequestAuthenticator requestAuthenticator) { return new RequestHandler<>( - checkNotNull(component), - requestComponentBuilderProvider, - requestAuthenticator); + checkNotNull(component), baseDomain, requestComponentBuilderProvider, requestAuthenticator); } private RequestHandler( @Nullable Class component, + @Nullable String baseDomain, Provider> requestComponentBuilderProvider, RequestAuthenticator requestAuthenticator) { // If the component class isn't explicitly provided, infer it from the class's own typing. @@ -114,6 +118,7 @@ public class RequestHandler { // preserved at runtime, so only expose that option via the protected constructor. this.router = Router.create( component != null ? component : new TypeInstantiator(getClass()){}.getExactType()); + this.baseDomain = baseDomain; this.requestComponentBuilderProvider = checkNotNull(requestComponentBuilderProvider); this.requestAuthenticator = checkNotNull(requestAuthenticator); } @@ -137,6 +142,17 @@ public class RequestHandler { rsp.sendError(SC_NOT_FOUND); return; } + if (RegistryEnvironment.isOnJetty()) { + GkeService service = Action.ServiceGetter.get(route.get().action()); + String expectedDomain = String.format("%s.%s", service.getServiceId(), baseDomain); + String actualDomain = req.getServerName(); + if (!Objects.equals(actualDomain, expectedDomain)) { + logger.atWarning().log( + "Actual domain %s does not match expected domain %s", actualDomain, expectedDomain); + rsp.sendError(SC_NOT_FOUND); + return; + } + } if (!route.get().isMethodAllowed(method)) { logger.atWarning().log("Method %s not allowed for: %s", method, path); rsp.sendError(SC_METHOD_NOT_ALLOWED); diff --git a/core/src/main/java/google/registry/request/RouterDisplayHelper.java b/core/src/main/java/google/registry/request/RouterDisplayHelper.java index 53091ae42..7c8842490 100644 --- a/core/src/main/java/google/registry/request/RouterDisplayHelper.java +++ b/core/src/main/java/google/registry/request/RouterDisplayHelper.java @@ -21,6 +21,7 @@ import com.google.common.base.Joiner; import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableMap; import com.google.common.collect.Streams; +import java.util.Comparator; import java.util.Map; /** @@ -37,6 +38,7 @@ import java.util.Map; * the content to be displayed. The columns are: * *
    + *
  1. the GKE service this action lives on *
  2. the URL path which maps to this action (with a "(*)" after it if the prefix flag is set) *
  3. the simple name of the action class *
  4. the allowable HTTP methods @@ -49,12 +51,13 @@ import java.util.Map; */ public class RouterDisplayHelper { + private static final String SERVICE = "service"; private static final String PATH = "path"; private static final String CLASS = "class"; private static final String METHODS = "methods"; private static final String MINIMUM_LEVEL = "minLevel"; - private static final String FORMAT = "%%-%ds %%-%ds %%-%ds %%-2s %%-%ds %%s"; + private static final String FORMAT = "%%-%ds %%-%ds %%-%ds %%-%ds %%-2s %%-%ds %%s"; /** Returns a string representation of the routing map in the specified component. */ public static String extractHumanReadableRoutesFromComponent(Class componentClass) { @@ -76,6 +79,7 @@ public class RouterDisplayHelper { private static String getFormatString(Map columnWidths) { return String.format( FORMAT, + columnWidths.get(SERVICE), columnWidths.get(PATH), columnWidths.get(CLASS), columnWidths.get(METHODS), @@ -84,18 +88,13 @@ public class RouterDisplayHelper { private static String headerToString(String formatString) { return String.format( - formatString, - "PATH", - "CLASS", - "METHODS", - "OK", - "MIN", - "USER_POLICY"); + formatString, "SERVICE", "PATH", "CLASS", "METHODS", "OK", "MIN", "USER_POLICY"); } private static String routeToString(Route route, String formatString) { return String.format( formatString, + Action.ServiceGetter.get(route.action()).name(), route.action().isPrefix() ? (route.action().path() + "(*)") : route.action().path(), route.actionClass().getSimpleName(), Joiner.on(",").join(route.action().method()), @@ -107,12 +106,17 @@ public class RouterDisplayHelper { private static String formatRoutes(Iterable routes) { // Use the column header length as a minimum. + int serviceWidth = 7; int pathWidth = 4; int classWidth = 5; int methodsWidth = 7; int minLevelWidth = 3; for (Route route : routes) { - int len = + int len = Action.ServiceGetter.get(route.action()).name().length(); + if (len > serviceWidth) { + serviceWidth = len; + } + len = route.action().isPrefix() ? (route.action().path().length() + 3) : route.action().path().length(); @@ -135,6 +139,7 @@ public class RouterDisplayHelper { final String formatString = getFormatString( new ImmutableMap.Builder() + .put(SERVICE, serviceWidth) .put(PATH, pathWidth) .put(CLASS, classWidth) .put(METHODS, methodsWidth) @@ -143,6 +148,9 @@ public class RouterDisplayHelper { return headerToString(formatString) + String.format("%n") + Streams.stream(routes) + .sorted( + Comparator.comparing( + (Route route) -> Action.ServiceGetter.get(route.action()).ordinal())) .map(route -> routeToString(route, formatString)) .collect(joining(String.format("%n"))); } diff --git a/core/src/main/java/google/registry/request/auth/AuthModule.java b/core/src/main/java/google/registry/request/auth/AuthModule.java index 671f1cc70..247e816a8 100644 --- a/core/src/main/java/google/registry/request/auth/AuthModule.java +++ b/core/src/main/java/google/registry/request/auth/AuthModule.java @@ -16,7 +16,6 @@ package google.registry.request.auth; import static com.google.common.net.HttpHeaders.AUTHORIZATION; -import com.google.auth.oauth2.TokenVerifier; import com.google.common.collect.ImmutableList; import dagger.Module; import dagger.Provides; @@ -24,6 +23,10 @@ import google.registry.config.RegistryConfig.Config; import google.registry.request.auth.OidcTokenAuthenticationMechanism.IapOidcAuthenticationMechanism; import google.registry.request.auth.OidcTokenAuthenticationMechanism.RegularOidcAuthenticationMechanism; import google.registry.request.auth.OidcTokenAuthenticationMechanism.TokenExtractor; +import google.registry.request.auth.OidcTokenAuthenticationMechanism.TokenVerifier; +import google.registry.util.RegistryEnvironment; +import java.util.Map; +import javax.annotation.Nullable; import javax.inject.Qualifier; import javax.inject.Singleton; @@ -35,9 +38,10 @@ public class AuthModule { // See https://cloud.google.com/iap/docs/signed-headers-howto#securing_iap_headers. public static final String IAP_HEADER_NAME = "X-Goog-IAP-JWT-Assertion"; public static final String BEARER_PREFIX = "Bearer "; - // TODO: Change the IAP audience format once we are on GKE. + // TODO (jianglai): Only use GKE audience once we are fully migrated to GKE. // See: https://cloud.google.com/iap/docs/signed-headers-howto#verifying_the_jwt_payload - private static final String IAP_AUDIENCE_FORMAT = "/projects/%d/apps/%s"; + private static final String IAP_GAE_AUDIENCE_FORMAT = "/projects/%d/apps/%s"; + private static final String IAP_GKE_AUDIENCE_FORMAT = "/projects/%d/global/backendServices/%d"; private static final String IAP_ISSUER_URL = "https://cloud.google.com/iap"; private static final String REGULAR_ISSUER_URL = "https://accounts.google.com"; @@ -62,24 +66,35 @@ public class AuthModule { @IapOidc @Singleton TokenVerifier provideIapTokenVerifier( - @Config("projectId") String projectId, @Config("projectIdNumber") long projectIdNumber) { - String audience = String.format(IAP_AUDIENCE_FORMAT, projectIdNumber, projectId); - return TokenVerifier.newBuilder().setAudience(audience).setIssuer(IAP_ISSUER_URL).build(); + @Config("projectId") String projectId, + @Config("projectIdNumber") long projectIdNumber, + @Config("backendServiceIds") Map backendServiceIds) { + com.google.auth.oauth2.TokenVerifier.Builder tokenVerifierBuilder = + com.google.auth.oauth2.TokenVerifier.newBuilder().setIssuer(IAP_ISSUER_URL); + return (String service, String token) -> { + String audience; + if (RegistryEnvironment.isOnJetty()) { + long backendServiceId = backendServiceIds.get(service); + audience = String.format(IAP_GKE_AUDIENCE_FORMAT, projectIdNumber, backendServiceId); + } else { + audience = String.format(IAP_GAE_AUDIENCE_FORMAT, projectIdNumber, projectId); + } + return tokenVerifierBuilder.setAudience(audience).build().verify(token); + }; } @Provides @RegularOidc @Singleton TokenVerifier provideRegularTokenVerifier(@Config("oauthClientId") String clientId) { - return TokenVerifier.newBuilder().setAudience(clientId).setIssuer(REGULAR_ISSUER_URL).build(); - } - - @Provides - @RegularOidcFallback - @Singleton - TokenVerifier provideFallbackRegularTokenVerifier( - @Config("fallbackOauthClientId") String clientId) { - return TokenVerifier.newBuilder().setAudience(clientId).setIssuer(REGULAR_ISSUER_URL).build(); + com.google.auth.oauth2.TokenVerifier tokenVerifier = + com.google.auth.oauth2.TokenVerifier.newBuilder() + .setAudience(clientId) + .setIssuer(REGULAR_ISSUER_URL) + .build(); + return (@Nullable String service, String token) -> { + return tokenVerifier.verify(token); + }; } @Provides diff --git a/core/src/main/java/google/registry/request/auth/OidcTokenAuthenticationMechanism.java b/core/src/main/java/google/registry/request/auth/OidcTokenAuthenticationMechanism.java index 8a1df2bfa..4c7d75a9e 100644 --- a/core/src/main/java/google/registry/request/auth/OidcTokenAuthenticationMechanism.java +++ b/core/src/main/java/google/registry/request/auth/OidcTokenAuthenticationMechanism.java @@ -18,8 +18,9 @@ import static com.google.common.base.Preconditions.checkState; import static google.registry.persistence.transaction.TransactionManagerFactory.tm; import com.google.api.client.json.webtoken.JsonWebSignature; -import com.google.auth.oauth2.TokenVerifier; +import com.google.auth.oauth2.TokenVerifier.VerificationException; import com.google.common.annotations.VisibleForTesting; +import com.google.common.base.Splitter; import com.google.common.collect.ImmutableSet; import com.google.common.flogger.FluentLogger; import google.registry.config.RegistryConfig.Config; @@ -27,7 +28,6 @@ import google.registry.model.console.User; import google.registry.persistence.VKey; import google.registry.request.auth.AuthModule.IapOidc; import google.registry.request.auth.AuthModule.RegularOidc; -import google.registry.request.auth.AuthModule.RegularOidcFallback; import google.registry.request.auth.AuthSettings.AuthLevel; import google.registry.util.RegistryEnvironment; import jakarta.servlet.http.HttpServletRequest; @@ -51,27 +51,23 @@ public abstract class OidcTokenAuthenticationMechanism implements Authentication public static final FluentLogger logger = FluentLogger.forEnclosingClass(); - // A workaround that allows "use" of the OIDC authenticator when running local testing, i.e. + // A workaround that allows "use" of the OIDC authenticator when running local testing, i.e., // the RegistryTestServer private static AuthResult authResultForTesting = null; - protected final TokenVerifier tokenVerifier; - - protected final Optional fallbackTokenVerifier; - protected final TokenExtractor tokenExtractor; + protected final TokenVerifier tokenVerifier; + private final ImmutableSet serviceAccountEmails; protected OidcTokenAuthenticationMechanism( ImmutableSet serviceAccountEmails, - TokenVerifier tokenVerifier, - @Nullable TokenVerifier fallbackTokenVerifier, - TokenExtractor tokenExtractor) { + TokenExtractor tokenExtractor, + TokenVerifier tokenVerifier) { this.serviceAccountEmails = serviceAccountEmails; - this.tokenVerifier = tokenVerifier; - this.fallbackTokenVerifier = Optional.ofNullable(fallbackTokenVerifier); this.tokenExtractor = tokenExtractor; + this.tokenVerifier = tokenVerifier; } @Override @@ -87,7 +83,12 @@ public abstract class OidcTokenAuthenticationMechanism implements Authentication } JsonWebSignature token = null; try { - token = tokenVerifier.verify(rawIdToken); + String service = null; + if (RegistryEnvironment.isOnJetty()) { + String hostname = request.getServerName(); + service = Splitter.on('.').split(hostname).iterator().next(); + } + token = tokenVerifier.verify(service, rawIdToken); } catch (Exception e) { logger.atInfo().withCause(e).log( "Failed OIDC verification attempt:\n%s", @@ -97,20 +98,7 @@ public abstract class OidcTokenAuthenticationMechanism implements Authentication } if (token == null) { - if (fallbackTokenVerifier.isPresent()) { - try { - token = fallbackTokenVerifier.get().verify(rawIdToken); - } catch (Exception e) { - logger.atInfo().withCause(e).log( - "Failed OIDC fallback verification attempt:\n%s", - RegistryEnvironment.get().equals(RegistryEnvironment.PRODUCTION) - ? "Raw token redacted in prod" - : rawIdToken); - return AuthResult.NOT_AUTHENTICATED; - } - } else { - return AuthResult.NOT_AUTHENTICATED; - } + return AuthResult.NOT_AUTHENTICATED; } String email = (String) token.getPayload().get("email"); @@ -155,6 +143,12 @@ public abstract class OidcTokenAuthenticationMechanism implements Authentication String extract(HttpServletRequest request); } + @FunctionalInterface + protected interface TokenVerifier { + @Nullable + JsonWebSignature verify(@Nullable String service, String rawToken) throws VerificationException; + } + /** * A mechanism to authenticate HTTP requests that have gone through the GCP Identity-Aware Proxy. * @@ -171,9 +165,9 @@ public abstract class OidcTokenAuthenticationMechanism implements Authentication @Inject protected IapOidcAuthenticationMechanism( @Config("allowedServiceAccountEmails") ImmutableSet serviceAccountEmails, - @IapOidc TokenVerifier tokenVerifier, - @IapOidc TokenExtractor tokenExtractor) { - super(serviceAccountEmails, tokenVerifier, null, tokenExtractor); + @IapOidc TokenExtractor tokenExtractor, + @IapOidc TokenVerifier tokenVerifier) { + super(serviceAccountEmails, tokenExtractor, tokenVerifier); } } @@ -192,10 +186,9 @@ public abstract class OidcTokenAuthenticationMechanism implements Authentication @Inject protected RegularOidcAuthenticationMechanism( @Config("allowedServiceAccountEmails") ImmutableSet serviceAccountEmails, - @RegularOidc TokenVerifier tokenVerifier, - @RegularOidcFallback TokenVerifier fallbackTokenVerifier, - @RegularOidc TokenExtractor tokenExtractor) { - super(serviceAccountEmails, tokenVerifier, fallbackTokenVerifier, tokenExtractor); + @RegularOidc TokenExtractor tokenExtractor, + @RegularOidc TokenVerifier tokenVerifier) { + super(serviceAccountEmails, tokenExtractor, tokenVerifier); } } } diff --git a/core/src/main/java/google/registry/ui/server/console/ConsoleApiAction.java b/core/src/main/java/google/registry/ui/server/console/ConsoleApiAction.java index b7b43f195..7660349f8 100644 --- a/core/src/main/java/google/registry/ui/server/console/ConsoleApiAction.java +++ b/core/src/main/java/google/registry/ui/server/console/ConsoleApiAction.java @@ -44,7 +44,6 @@ import google.registry.model.registrar.RegistrarPocBase; import google.registry.request.Action.Service; import google.registry.request.HttpException; import google.registry.security.XsrfTokenManager; -import google.registry.ui.server.registrar.ConsoleApiParams; import google.registry.ui.server.registrar.ConsoleUiAction; import google.registry.util.DiffUtils; import google.registry.util.RegistryEnvironment; diff --git a/core/src/main/java/google/registry/ui/server/registrar/ConsoleApiParams.java b/core/src/main/java/google/registry/ui/server/console/ConsoleApiParams.java similarity index 96% rename from core/src/main/java/google/registry/ui/server/registrar/ConsoleApiParams.java rename to core/src/main/java/google/registry/ui/server/console/ConsoleApiParams.java index de247f1fe..7a1599eca 100644 --- a/core/src/main/java/google/registry/ui/server/registrar/ConsoleApiParams.java +++ b/core/src/main/java/google/registry/ui/server/console/ConsoleApiParams.java @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package google.registry.ui.server.registrar; +package google.registry.ui.server.console; import google.registry.request.Response; import google.registry.request.auth.AuthResult; diff --git a/core/src/main/java/google/registry/ui/server/console/ConsoleDomainGetAction.java b/core/src/main/java/google/registry/ui/server/console/ConsoleDomainGetAction.java index b84b93771..e9d2b08cb 100644 --- a/core/src/main/java/google/registry/ui/server/console/ConsoleDomainGetAction.java +++ b/core/src/main/java/google/registry/ui/server/console/ConsoleDomainGetAction.java @@ -24,15 +24,16 @@ import google.registry.model.console.ConsolePermission; import google.registry.model.console.User; import google.registry.model.domain.Domain; import google.registry.request.Action; +import google.registry.request.Action.GkeService; import google.registry.request.Parameter; import google.registry.request.auth.Auth; -import google.registry.ui.server.registrar.ConsoleApiParams; import java.util.Optional; import javax.inject.Inject; /** Returns a JSON representation of a domain to the registrar console. */ @Action( service = Action.Service.DEFAULT, + gkeService = GkeService.CONSOLE, path = ConsoleDomainGetAction.PATH, auth = Auth.AUTH_PUBLIC_LOGGED_IN) public class ConsoleDomainGetAction extends ConsoleApiAction { diff --git a/core/src/main/java/google/registry/ui/server/console/ConsoleDomainListAction.java b/core/src/main/java/google/registry/ui/server/console/ConsoleDomainListAction.java index cf6125c29..1afb2035b 100644 --- a/core/src/main/java/google/registry/ui/server/console/ConsoleDomainListAction.java +++ b/core/src/main/java/google/registry/ui/server/console/ConsoleDomainListAction.java @@ -27,9 +27,9 @@ import google.registry.model.CreateAutoTimestamp; import google.registry.model.console.User; import google.registry.model.domain.Domain; import google.registry.request.Action; +import google.registry.request.Action.GkeService; import google.registry.request.Parameter; import google.registry.request.auth.Auth; -import google.registry.ui.server.registrar.ConsoleApiParams; import java.util.List; import java.util.Optional; import javax.inject.Inject; @@ -39,6 +39,7 @@ import org.joda.time.DateTime; /** Returns a (paginated) list of domains for a particular registrar. */ @Action( service = Action.Service.DEFAULT, + gkeService = GkeService.CONSOLE, path = ConsoleDomainListAction.PATH, method = Action.Method.GET, auth = Auth.AUTH_PUBLIC_LOGGED_IN) diff --git a/core/src/main/java/google/registry/ui/server/console/ConsoleDumDownloadAction.java b/core/src/main/java/google/registry/ui/server/console/ConsoleDumDownloadAction.java index d621c197b..020d3a80e 100644 --- a/core/src/main/java/google/registry/ui/server/console/ConsoleDumDownloadAction.java +++ b/core/src/main/java/google/registry/ui/server/console/ConsoleDumDownloadAction.java @@ -26,9 +26,9 @@ import google.registry.config.RegistryConfig.Config; import google.registry.model.console.ConsolePermission; import google.registry.model.console.User; import google.registry.request.Action; +import google.registry.request.Action.GkeService; import google.registry.request.Parameter; import google.registry.request.auth.Auth; -import google.registry.ui.server.registrar.ConsoleApiParams; import google.registry.util.Clock; import jakarta.servlet.http.HttpServletResponse; import java.io.IOException; @@ -40,6 +40,7 @@ import org.joda.time.DateTime; @Action( service = Action.Service.DEFAULT, + gkeService = GkeService.CONSOLE, path = ConsoleDumDownloadAction.PATH, method = {GET}, auth = Auth.AUTH_PUBLIC_LOGGED_IN) diff --git a/core/src/main/java/google/registry/ui/server/console/ConsoleEppPasswordAction.java b/core/src/main/java/google/registry/ui/server/console/ConsoleEppPasswordAction.java index d4d69d145..577e7a4e4 100644 --- a/core/src/main/java/google/registry/ui/server/console/ConsoleEppPasswordAction.java +++ b/core/src/main/java/google/registry/ui/server/console/ConsoleEppPasswordAction.java @@ -30,17 +30,18 @@ import google.registry.flows.PasswordOnlyTransportCredentials; import google.registry.model.console.User; import google.registry.model.registrar.Registrar; import google.registry.request.Action; +import google.registry.request.Action.GkeService; import google.registry.request.Parameter; import google.registry.request.auth.Auth; import google.registry.request.auth.AuthenticatedRegistrarAccessor; import google.registry.request.auth.AuthenticatedRegistrarAccessor.RegistrarAccessDeniedException; -import google.registry.ui.server.registrar.ConsoleApiParams; import google.registry.util.DiffUtils; import java.util.Optional; import javax.inject.Inject; @Action( service = Action.Service.DEFAULT, + gkeService = GkeService.CONSOLE, path = ConsoleEppPasswordAction.PATH, method = {POST}, auth = Auth.AUTH_PUBLIC_LOGGED_IN) diff --git a/core/src/main/java/google/registry/ui/server/registrar/RegistrarConsoleModule.java b/core/src/main/java/google/registry/ui/server/console/ConsoleModule.java similarity index 98% rename from core/src/main/java/google/registry/ui/server/registrar/RegistrarConsoleModule.java rename to core/src/main/java/google/registry/ui/server/console/ConsoleModule.java index 5f0faaabe..d8fd8efe4 100644 --- a/core/src/main/java/google/registry/ui/server/registrar/RegistrarConsoleModule.java +++ b/core/src/main/java/google/registry/ui/server/console/ConsoleModule.java @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package google.registry.ui.server.registrar; +package google.registry.ui.server.console; import static google.registry.request.RequestParameters.extractBooleanParameter; import static google.registry.request.RequestParameters.extractOptionalIntParameter; @@ -41,8 +41,8 @@ import org.joda.time.DateTime; /** Dagger module for the Registrar Console parameters. */ @Module -public final class RegistrarConsoleModule { - static final String PARAM_CLIENT_ID = "clientId"; +public final class ConsoleModule { + public static final String PARAM_CLIENT_ID = "clientId"; @Provides @RequestScope diff --git a/core/src/main/java/google/registry/ui/server/console/ConsoleRegistryLockAction.java b/core/src/main/java/google/registry/ui/server/console/ConsoleRegistryLockAction.java index 0c1e7d166..d3c5d6a84 100644 --- a/core/src/main/java/google/registry/ui/server/console/ConsoleRegistryLockAction.java +++ b/core/src/main/java/google/registry/ui/server/console/ConsoleRegistryLockAction.java @@ -35,11 +35,11 @@ import google.registry.model.domain.RegistryLock; import google.registry.model.registrar.Registrar; import google.registry.model.tld.RegistryLockDao; import google.registry.request.Action; +import google.registry.request.Action.GkeService; import google.registry.request.Parameter; import google.registry.request.Response; import google.registry.request.auth.Auth; import google.registry.tools.DomainLockUtils; -import google.registry.ui.server.registrar.ConsoleApiParams; import google.registry.util.EmailMessage; import jakarta.mail.internet.AddressException; import jakarta.mail.internet.InternetAddress; @@ -56,6 +56,7 @@ import org.joda.time.Duration; */ @Action( service = Action.Service.DEFAULT, + gkeService = GkeService.CONSOLE, path = ConsoleRegistryLockAction.PATH, method = {GET, POST}, auth = Auth.AUTH_PUBLIC_LOGGED_IN) diff --git a/core/src/main/java/google/registry/ui/server/console/ConsoleRegistryLockVerifyAction.java b/core/src/main/java/google/registry/ui/server/console/ConsoleRegistryLockVerifyAction.java index 6dc301435..e062b210b 100644 --- a/core/src/main/java/google/registry/ui/server/console/ConsoleRegistryLockVerifyAction.java +++ b/core/src/main/java/google/registry/ui/server/console/ConsoleRegistryLockVerifyAction.java @@ -22,16 +22,17 @@ import com.google.gson.annotations.Expose; import google.registry.model.console.User; import google.registry.model.domain.RegistryLock; import google.registry.request.Action; +import google.registry.request.Action.GkeService; import google.registry.request.Parameter; import google.registry.request.auth.Auth; import google.registry.tools.DomainLockUtils; -import google.registry.ui.server.registrar.ConsoleApiParams; import jakarta.servlet.http.HttpServletResponse; import javax.inject.Inject; /** Handler for verifying registry lock requests, a form of 2FA. */ @Action( service = Action.Service.DEFAULT, + gkeService = GkeService.CONSOLE, path = ConsoleRegistryLockVerifyAction.PATH, method = {GET}, auth = Auth.AUTH_PUBLIC_LOGGED_IN) diff --git a/core/src/main/java/google/registry/ui/server/console/ConsoleUpdateRegistrarAction.java b/core/src/main/java/google/registry/ui/server/console/ConsoleUpdateRegistrarAction.java index 56bca601f..58ac3d588 100644 --- a/core/src/main/java/google/registry/ui/server/console/ConsoleUpdateRegistrarAction.java +++ b/core/src/main/java/google/registry/ui/server/console/ConsoleUpdateRegistrarAction.java @@ -26,10 +26,10 @@ import google.registry.model.console.ConsolePermission; import google.registry.model.console.User; import google.registry.model.registrar.Registrar; import google.registry.request.Action; +import google.registry.request.Action.GkeService; import google.registry.request.HttpException.BadRequestException; import google.registry.request.Parameter; import google.registry.request.auth.Auth; -import google.registry.ui.server.registrar.ConsoleApiParams; import google.registry.util.DomainNameUtils; import google.registry.util.RegistryEnvironment; import java.util.Optional; @@ -38,6 +38,7 @@ import javax.inject.Inject; @Action( service = Action.Service.DEFAULT, + gkeService = GkeService.CONSOLE, path = ConsoleUpdateRegistrarAction.PATH, method = {POST}, auth = Auth.AUTH_PUBLIC_LOGGED_IN) diff --git a/core/src/main/java/google/registry/ui/server/console/ConsoleUserDataAction.java b/core/src/main/java/google/registry/ui/server/console/ConsoleUserDataAction.java index f2cfe77ad..21798f0d5 100644 --- a/core/src/main/java/google/registry/ui/server/console/ConsoleUserDataAction.java +++ b/core/src/main/java/google/registry/ui/server/console/ConsoleUserDataAction.java @@ -21,15 +21,16 @@ import com.google.common.collect.ImmutableMap; import google.registry.config.RegistryConfig.Config; import google.registry.model.console.User; import google.registry.request.Action; +import google.registry.request.Action.GkeService; import google.registry.request.auth.Auth; import google.registry.security.XsrfTokenManager; -import google.registry.ui.server.registrar.ConsoleApiParams; import jakarta.servlet.http.Cookie; import javax.inject.Inject; import org.json.JSONObject; @Action( service = Action.Service.DEFAULT, + gkeService = GkeService.CONSOLE, path = ConsoleUserDataAction.PATH, method = {GET}, auth = Auth.AUTH_PUBLIC_LOGGED_IN) diff --git a/core/src/main/java/google/registry/ui/server/console/RegistrarsAction.java b/core/src/main/java/google/registry/ui/server/console/RegistrarsAction.java index 3d2bfe532..83aea6064 100644 --- a/core/src/main/java/google/registry/ui/server/console/RegistrarsAction.java +++ b/core/src/main/java/google/registry/ui/server/console/RegistrarsAction.java @@ -34,9 +34,9 @@ import google.registry.model.registrar.RegistrarBase; import google.registry.model.registrar.RegistrarBase.State; import google.registry.model.registrar.RegistrarPoc; import google.registry.request.Action; +import google.registry.request.Action.GkeService; import google.registry.request.Parameter; import google.registry.request.auth.Auth; -import google.registry.ui.server.registrar.ConsoleApiParams; import google.registry.util.StringGenerator; import java.util.List; import java.util.Map; @@ -46,6 +46,7 @@ import javax.inject.Named; @Action( service = Action.Service.DEFAULT, + gkeService = GkeService.CONSOLE, path = RegistrarsAction.PATH, method = {GET, POST}, auth = Auth.AUTH_PUBLIC_LOGGED_IN) diff --git a/core/src/main/java/google/registry/ui/server/console/settings/ContactAction.java b/core/src/main/java/google/registry/ui/server/console/settings/ContactAction.java index a8ab55517..d2603b949 100644 --- a/core/src/main/java/google/registry/ui/server/console/settings/ContactAction.java +++ b/core/src/main/java/google/registry/ui/server/console/settings/ContactAction.java @@ -31,11 +31,12 @@ import google.registry.model.registrar.Registrar; import google.registry.model.registrar.RegistrarPoc; import google.registry.persistence.transaction.QueryComposer.Comparator; import google.registry.request.Action; +import google.registry.request.Action.GkeService; import google.registry.request.Parameter; import google.registry.request.auth.Auth; import google.registry.ui.forms.FormException; import google.registry.ui.server.console.ConsoleApiAction; -import google.registry.ui.server.registrar.ConsoleApiParams; +import google.registry.ui.server.console.ConsoleApiParams; import google.registry.ui.server.registrar.RegistrarSettingsAction; import java.util.Collections; import java.util.Optional; @@ -43,6 +44,7 @@ import javax.inject.Inject; @Action( service = Action.Service.DEFAULT, + gkeService = GkeService.CONSOLE, path = ContactAction.PATH, method = {GET, POST}, auth = Auth.AUTH_PUBLIC_LOGGED_IN) diff --git a/core/src/main/java/google/registry/ui/server/console/settings/SecurityAction.java b/core/src/main/java/google/registry/ui/server/console/settings/SecurityAction.java index 0984a65c0..cb53035f9 100644 --- a/core/src/main/java/google/registry/ui/server/console/settings/SecurityAction.java +++ b/core/src/main/java/google/registry/ui/server/console/settings/SecurityAction.java @@ -28,17 +28,19 @@ import google.registry.model.console.ConsolePermission; import google.registry.model.console.User; import google.registry.model.registrar.Registrar; import google.registry.request.Action; +import google.registry.request.Action.GkeService; import google.registry.request.Parameter; import google.registry.request.auth.Auth; import google.registry.request.auth.AuthenticatedRegistrarAccessor; import google.registry.request.auth.AuthenticatedRegistrarAccessor.RegistrarAccessDeniedException; import google.registry.ui.server.console.ConsoleApiAction; -import google.registry.ui.server.registrar.ConsoleApiParams; +import google.registry.ui.server.console.ConsoleApiParams; import java.util.Optional; import javax.inject.Inject; @Action( service = Action.Service.DEFAULT, + gkeService = GkeService.CONSOLE, path = SecurityAction.PATH, method = {POST}, auth = Auth.AUTH_PUBLIC_LOGGED_IN) diff --git a/core/src/main/java/google/registry/ui/server/console/settings/WhoisRegistrarFieldsAction.java b/core/src/main/java/google/registry/ui/server/console/settings/WhoisRegistrarFieldsAction.java index 0e45c3fd9..64e774245 100644 --- a/core/src/main/java/google/registry/ui/server/console/settings/WhoisRegistrarFieldsAction.java +++ b/core/src/main/java/google/registry/ui/server/console/settings/WhoisRegistrarFieldsAction.java @@ -25,12 +25,13 @@ import google.registry.model.console.ConsolePermission; import google.registry.model.console.User; import google.registry.model.registrar.Registrar; import google.registry.request.Action; +import google.registry.request.Action.GkeService; import google.registry.request.Parameter; import google.registry.request.auth.Auth; import google.registry.request.auth.AuthenticatedRegistrarAccessor; import google.registry.request.auth.AuthenticatedRegistrarAccessor.RegistrarAccessDeniedException; import google.registry.ui.server.console.ConsoleApiAction; -import google.registry.ui.server.registrar.ConsoleApiParams; +import google.registry.ui.server.console.ConsoleApiParams; import java.util.Objects; import java.util.Optional; import javax.inject.Inject; @@ -43,6 +44,7 @@ import javax.inject.Inject; */ @Action( service = Action.Service.DEFAULT, + gkeService = GkeService.CONSOLE, path = WhoisRegistrarFieldsAction.PATH, method = {POST}, auth = Auth.AUTH_PUBLIC_LOGGED_IN) diff --git a/core/src/main/java/google/registry/ui/server/registrar/RegistryLockGetAction.java b/core/src/main/java/google/registry/ui/server/registrar/RegistryLockGetAction.java index 900802910..2c62a2d6f 100644 --- a/core/src/main/java/google/registry/ui/server/registrar/RegistryLockGetAction.java +++ b/core/src/main/java/google/registry/ui/server/registrar/RegistryLockGetAction.java @@ -18,7 +18,7 @@ import static com.google.common.base.Preconditions.checkArgument; import static com.google.common.collect.ImmutableList.toImmutableList; import static google.registry.persistence.transaction.TransactionManagerFactory.tm; import static google.registry.security.JsonResponseHelper.Status.SUCCESS; -import static google.registry.ui.server.registrar.RegistrarConsoleModule.PARAM_CLIENT_ID; +import static google.registry.ui.server.console.ConsoleModule.PARAM_CLIENT_ID; import static jakarta.servlet.http.HttpServletResponse.SC_FORBIDDEN; import static jakarta.servlet.http.HttpServletResponse.SC_INTERNAL_SERVER_ERROR; diff --git a/core/src/test/java/google/registry/module/RequestComponentTest.java b/core/src/test/java/google/registry/module/RequestComponentTest.java index f2b8b7fb3..6f2db2477 100644 --- a/core/src/test/java/google/registry/module/RequestComponentTest.java +++ b/core/src/test/java/google/registry/module/RequestComponentTest.java @@ -19,6 +19,8 @@ import static com.google.common.truth.Truth.assertThat; import com.google.common.base.Splitter; import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableMap; +import com.google.common.collect.ImmutableSet; +import com.google.common.collect.Sets; import google.registry.module.backend.BackendRequestComponent; import google.registry.module.bsa.BsaRequestComponent; import google.registry.module.frontend.FrontendRequestComponent; @@ -26,8 +28,9 @@ import google.registry.module.pubapi.PubApiRequestComponent; import google.registry.module.tools.ToolsRequestComponent; import google.registry.testing.GoldenFileTestHelper; import google.registry.testing.TestDataHelper; -import java.util.ArrayList; -import java.util.List; +import java.util.HashSet; +import java.util.Set; +import java.util.stream.Collectors; import org.junit.jupiter.api.Test; /** Unit tests for {@link RequestComponent}. */ @@ -40,6 +43,18 @@ public class RequestComponentTest { PubApiRequestComponent.class, "pubapi", BsaRequestComponent.class, "bsa"); + // Paths that do not route to Jetty (all for the legacy console). + private static final ImmutableSet ignoredPaths = + ImmutableSet.of( + "/registrar", + "/registrar-create", + "/registrar-ote-setup", + "/registrar-ote-status", + "/registrar-settings", + "/registry-lock-get", + "/registry-lock-post", + "/registry-lock-verify"); + @Test void testRoutingMap() { GoldenFileTestHelper.assertThatRoutesFromComponent(RequestComponent.class) @@ -49,32 +64,49 @@ public class RequestComponentTest { @Test void testGaeToJettyRoutingCoverage() { - List jettyRoutes = getRoutes(RequestComponent.class, "routing.txt"); - List gaeRoutes = new ArrayList<>(); + Set jettyRoutes = getRoutes(RequestComponent.class, "routing.txt"); + Set gaeRoutes = new HashSet<>(); for (var component : GaeComponents.entrySet()) { gaeRoutes.addAll(getRoutes(component.getKey(), component.getValue() + "_routing.txt")); } - assertThat(jettyRoutes).containsExactlyElementsIn(gaeRoutes); + assertThat(Sets.difference(jettyRoutes, gaeRoutes)).isEmpty(); + assertThat( + Sets.difference(gaeRoutes, jettyRoutes).stream() + .map(Route::path) + .collect(Collectors.toSet())) + .containsExactlyElementsIn(ignoredPaths); } - private List getRoutes(Class context, String filename) { + private Set getRoutes(Class context, String filename) { return TestDataHelper.loadFile(context, filename) .trim() .lines() .skip(1) // Skip the headers .map(Route::create) - .toList(); + .collect(Collectors.toSet()); } private record Route( - String path, String clazz, String methods, String ok, String min, String userPolicy) { + String service, + String path, + String clazz, + String methods, + String ok, + String min, + String userPolicy) { private static final Splitter splitter = Splitter.on(' ').omitEmptyStrings().trimResults(); static Route create(String line) { ImmutableList parts = ImmutableList.copyOf(splitter.split(line)); - assertThat(parts.size()).isEqualTo(6); + assertThat(parts.size()).isEqualTo(7); return new Route( - parts.get(0), parts.get(1), parts.get(2), parts.get(3), parts.get(4), parts.get(5)); + parts.get(0), + parts.get(1), + parts.get(2), + parts.get(3), + parts.get(4), + parts.get(5), + parts.get(6)); } } } diff --git a/core/src/test/java/google/registry/request/RequestHandlerTest.java b/core/src/test/java/google/registry/request/RequestHandlerTest.java index 188804a00..e72918097 100644 --- a/core/src/test/java/google/registry/request/RequestHandlerTest.java +++ b/core/src/test/java/google/registry/request/RequestHandlerTest.java @@ -204,6 +204,7 @@ public final class RequestHandlerTest { handler = RequestHandler.create( Component.class, + "registry.test", () -> new Builder() { @Override diff --git a/core/src/test/java/google/registry/request/auth/OidcTokenAuthenticationMechanismTest.java b/core/src/test/java/google/registry/request/auth/OidcTokenAuthenticationMechanismTest.java index 2b61c4c20..91ff365ee 100644 --- a/core/src/test/java/google/registry/request/auth/OidcTokenAuthenticationMechanismTest.java +++ b/core/src/test/java/google/registry/request/auth/OidcTokenAuthenticationMechanismTest.java @@ -26,8 +26,8 @@ import static org.mockito.Mockito.when; import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.Payload; import com.google.api.client.json.webtoken.JsonWebSignature; import com.google.api.client.json.webtoken.JsonWebSignature.Header; -import com.google.auth.oauth2.TokenVerifier; import com.google.auth.oauth2.TokenVerifier.VerificationException; +import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; import dagger.Component; import dagger.Module; @@ -41,6 +41,7 @@ import google.registry.request.auth.AuthSettings.AuthLevel; import google.registry.request.auth.OidcTokenAuthenticationMechanism.IapOidcAuthenticationMechanism; import google.registry.request.auth.OidcTokenAuthenticationMechanism.RegularOidcAuthenticationMechanism; import jakarta.servlet.http.HttpServletRequest; +import java.util.Map; import javax.inject.Singleton; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; @@ -59,13 +60,13 @@ public class OidcTokenAuthenticationMechanismTest { private final Payload payload = new Payload(); private final JsonWebSignature jwt = new JsonWebSignature(new Header(), payload, new byte[0], new byte[0]); - private final TokenVerifier tokenVerifier = mock(TokenVerifier.class); private final HttpServletRequest request = mock(HttpServletRequest.class); private User user; private AuthResult authResult; private OidcTokenAuthenticationMechanism authenticationMechanism = - new OidcTokenAuthenticationMechanism(serviceAccounts, tokenVerifier, null, e -> rawToken) {}; + new OidcTokenAuthenticationMechanism( + serviceAccounts, request -> rawToken, (service, token) -> jwt) {}; @RegisterExtension public final JpaTestExtensions.JpaUnitTestExtension jpaExtension = @@ -73,7 +74,6 @@ public class OidcTokenAuthenticationMechanismTest { @BeforeEach void beforeEach() throws Exception { - when(tokenVerifier.verify(rawToken)).thenReturn(jwt); payload.setEmail(email); payload.setSubject(gaiaId); user = createAdminUser(email); @@ -93,28 +93,23 @@ public class OidcTokenAuthenticationMechanismTest { @Test void testAuthenticate_noTokenFromRequest() { authenticationMechanism = - new OidcTokenAuthenticationMechanism(serviceAccounts, tokenVerifier, null, e -> null) {}; + new OidcTokenAuthenticationMechanism( + serviceAccounts, e -> null, (service, token) -> jwt) {}; authResult = authenticationMechanism.authenticate(request); assertThat(authResult).isEqualTo(AuthResult.NOT_AUTHENTICATED); } @Test void testAuthenticate_invalidToken() throws Exception { - when(tokenVerifier.verify(rawToken)).thenThrow(new VerificationException("Bad token")); - authResult = authenticationMechanism.authenticate(request); - assertThat(authResult).isEqualTo(AuthResult.NOT_AUTHENTICATED); - } - - @Test - void testAuthenticate_fallbackVerifier() throws Exception { - TokenVerifier fallbackVerifier = mock(TokenVerifier.class); - when(tokenVerifier.verify(rawToken)).thenThrow(new VerificationException("Bad token")); - when(fallbackVerifier.verify(rawToken)).thenReturn(jwt); authenticationMechanism = new OidcTokenAuthenticationMechanism( - serviceAccounts, tokenVerifier, fallbackVerifier, e -> rawToken) {}; + serviceAccounts, + e -> null, + (service, token) -> { + throw new VerificationException("Bad token"); + }) {}; authResult = authenticationMechanism.authenticate(request); - assertThat(authResult.isAuthenticated()).isEqualTo(true); + assertThat(authResult).isEqualTo(AuthResult.NOT_AUTHENTICATED); } @Test @@ -233,9 +228,9 @@ public class OidcTokenAuthenticationMechanismTest { @Provides @Singleton - @Config("fallbackOauthClientId") - String provideFallbackOauthClientId() { - return "fallback-client-id"; + @Config("backendServiceIds") + Map provideBackendServiceIds() { + return ImmutableMap.of(); } } } diff --git a/core/src/test/java/google/registry/testing/ConsoleApiParamsUtils.java b/core/src/test/java/google/registry/testing/ConsoleApiParamsUtils.java index 22dc78f40..0fb39fcc2 100644 --- a/core/src/test/java/google/registry/testing/ConsoleApiParamsUtils.java +++ b/core/src/test/java/google/registry/testing/ConsoleApiParamsUtils.java @@ -23,7 +23,7 @@ import google.registry.model.console.User; import google.registry.request.auth.AuthResult; import google.registry.security.XsrfTokenManager; import google.registry.ui.server.SendEmailUtils; -import google.registry.ui.server.registrar.ConsoleApiParams; +import google.registry.ui.server.console.ConsoleApiParams; import jakarta.servlet.http.Cookie; import jakarta.servlet.http.HttpServletRequest; import org.joda.time.DateTime; diff --git a/core/src/test/java/google/registry/ui/server/console/ConsoleDomainGetActionTest.java b/core/src/test/java/google/registry/ui/server/console/ConsoleDomainGetActionTest.java index 97d85c2d8..91e37a7c3 100644 --- a/core/src/test/java/google/registry/ui/server/console/ConsoleDomainGetActionTest.java +++ b/core/src/test/java/google/registry/ui/server/console/ConsoleDomainGetActionTest.java @@ -33,7 +33,6 @@ import google.registry.request.auth.AuthResult; import google.registry.testing.ConsoleApiParamsUtils; import google.registry.testing.DatabaseHelper; import google.registry.testing.FakeResponse; -import google.registry.ui.server.registrar.ConsoleApiParams; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.RegisterExtension; diff --git a/core/src/test/java/google/registry/ui/server/console/ConsoleDomainListActionTest.java b/core/src/test/java/google/registry/ui/server/console/ConsoleDomainListActionTest.java index 12013aa65..4754c4e3d 100644 --- a/core/src/test/java/google/registry/ui/server/console/ConsoleDomainListActionTest.java +++ b/core/src/test/java/google/registry/ui/server/console/ConsoleDomainListActionTest.java @@ -36,7 +36,6 @@ import google.registry.testing.FakeClock; import google.registry.testing.FakeResponse; import google.registry.tools.GsonUtils; import google.registry.ui.server.console.ConsoleDomainListAction.DomainListResult; -import google.registry.ui.server.registrar.ConsoleApiParams; import java.util.Optional; import javax.annotation.Nullable; import org.joda.time.DateTime; diff --git a/core/src/test/java/google/registry/ui/server/console/ConsoleDumDownloadActionTest.java b/core/src/test/java/google/registry/ui/server/console/ConsoleDumDownloadActionTest.java index 924b29de5..f9118becb 100644 --- a/core/src/test/java/google/registry/ui/server/console/ConsoleDumDownloadActionTest.java +++ b/core/src/test/java/google/registry/ui/server/console/ConsoleDumDownloadActionTest.java @@ -33,7 +33,6 @@ import google.registry.testing.DatabaseHelper; import google.registry.testing.FakeClock; import google.registry.testing.FakeResponse; import google.registry.tools.GsonUtils; -import google.registry.ui.server.registrar.ConsoleApiParams; import java.io.IOException; import org.joda.time.DateTime; import org.junit.jupiter.api.BeforeEach; diff --git a/core/src/test/java/google/registry/ui/server/console/ConsoleEppPasswordActionTest.java b/core/src/test/java/google/registry/ui/server/console/ConsoleEppPasswordActionTest.java index c79a941bb..e397a043b 100644 --- a/core/src/test/java/google/registry/ui/server/console/ConsoleEppPasswordActionTest.java +++ b/core/src/test/java/google/registry/ui/server/console/ConsoleEppPasswordActionTest.java @@ -44,8 +44,6 @@ import google.registry.testing.ConsoleApiParamsUtils; import google.registry.testing.FakeResponse; import google.registry.tools.GsonUtils; import google.registry.ui.server.console.ConsoleEppPasswordAction.EppPasswordData; -import google.registry.ui.server.registrar.ConsoleApiParams; -import google.registry.ui.server.registrar.RegistrarConsoleModule; import google.registry.util.EmailMessage; import jakarta.mail.internet.AddressException; import jakarta.mail.internet.InternetAddress; @@ -167,7 +165,7 @@ class ConsoleEppPasswordActionTest { .when(consoleApiParams.request()) .getReader(); Optional maybePasswordChangeRequest = - RegistrarConsoleModule.provideEppPasswordChangeRequest( + ConsoleModule.provideEppPasswordChangeRequest( GSON, RequestModule.provideJsonBody(consoleApiParams.request(), GSON)); return new ConsoleEppPasswordAction( diff --git a/core/src/test/java/google/registry/ui/server/console/ConsoleRegistryLockActionTest.java b/core/src/test/java/google/registry/ui/server/console/ConsoleRegistryLockActionTest.java index f5f2f0d76..dbb3cc7bc 100644 --- a/core/src/test/java/google/registry/ui/server/console/ConsoleRegistryLockActionTest.java +++ b/core/src/test/java/google/registry/ui/server/console/ConsoleRegistryLockActionTest.java @@ -52,7 +52,6 @@ import google.registry.testing.DeterministicStringGenerator; import google.registry.testing.FakeClock; import google.registry.testing.FakeResponse; import google.registry.tools.DomainLockUtils; -import google.registry.ui.server.registrar.ConsoleApiParams; import google.registry.util.EmailMessage; import google.registry.util.StringGenerator; import jakarta.mail.internet.InternetAddress; diff --git a/core/src/test/java/google/registry/ui/server/console/ConsoleRegistryLockVerifyActionTest.java b/core/src/test/java/google/registry/ui/server/console/ConsoleRegistryLockVerifyActionTest.java index d92427ad2..0640940bb 100644 --- a/core/src/test/java/google/registry/ui/server/console/ConsoleRegistryLockVerifyActionTest.java +++ b/core/src/test/java/google/registry/ui/server/console/ConsoleRegistryLockVerifyActionTest.java @@ -40,7 +40,6 @@ import google.registry.testing.DeterministicStringGenerator; import google.registry.testing.FakeClock; import google.registry.testing.FakeResponse; import google.registry.tools.DomainLockUtils; -import google.registry.ui.server.registrar.ConsoleApiParams; import google.registry.util.StringGenerator; import jakarta.servlet.http.HttpServletResponse; import org.joda.time.Duration; diff --git a/core/src/test/java/google/registry/ui/server/console/ConsoleUpdateRegistrarActionTest.java b/core/src/test/java/google/registry/ui/server/console/ConsoleUpdateRegistrarActionTest.java index 3c7d161fe..659db9f21 100644 --- a/core/src/test/java/google/registry/ui/server/console/ConsoleUpdateRegistrarActionTest.java +++ b/core/src/test/java/google/registry/ui/server/console/ConsoleUpdateRegistrarActionTest.java @@ -42,8 +42,6 @@ import google.registry.testing.ConsoleApiParamsUtils; import google.registry.testing.FakeResponse; import google.registry.testing.SystemPropertyExtension; import google.registry.tools.GsonUtils; -import google.registry.ui.server.registrar.ConsoleApiParams; -import google.registry.ui.server.registrar.RegistrarConsoleModule; import google.registry.util.EmailMessage; import google.registry.util.RegistryEnvironment; import jakarta.mail.internet.AddressException; @@ -172,7 +170,7 @@ class ConsoleUpdateRegistrarActionTest { .when(consoleApiParams.request()) .getReader(); Optional maybeRegistrarUpdateData = - RegistrarConsoleModule.provideRegistrar( + ConsoleModule.provideRegistrar( GSON, RequestModule.provideJsonBody(consoleApiParams.request(), GSON)); return new ConsoleUpdateRegistrarAction(consoleApiParams, maybeRegistrarUpdateData); } diff --git a/core/src/test/java/google/registry/ui/server/console/ConsoleUserDataActionTest.java b/core/src/test/java/google/registry/ui/server/console/ConsoleUserDataActionTest.java index 8ded41e8c..b1938d7a3 100644 --- a/core/src/test/java/google/registry/ui/server/console/ConsoleUserDataActionTest.java +++ b/core/src/test/java/google/registry/ui/server/console/ConsoleUserDataActionTest.java @@ -28,7 +28,6 @@ import google.registry.request.auth.AuthResult; import google.registry.testing.ConsoleApiParamsUtils; import google.registry.testing.DatabaseHelper; import google.registry.testing.FakeResponse; -import google.registry.ui.server.registrar.ConsoleApiParams; import jakarta.servlet.http.Cookie; import java.io.IOException; import java.util.List; diff --git a/core/src/test/java/google/registry/ui/server/console/RegistrarsActionTest.java b/core/src/test/java/google/registry/ui/server/console/RegistrarsActionTest.java index f0b3201c0..d29591ee0 100644 --- a/core/src/test/java/google/registry/ui/server/console/RegistrarsActionTest.java +++ b/core/src/test/java/google/registry/ui/server/console/RegistrarsActionTest.java @@ -41,8 +41,6 @@ import google.registry.request.auth.AuthResult; import google.registry.testing.ConsoleApiParamsUtils; import google.registry.testing.DeterministicStringGenerator; import google.registry.testing.FakeResponse; -import google.registry.ui.server.registrar.ConsoleApiParams; -import google.registry.ui.server.registrar.RegistrarConsoleModule; import google.registry.util.StringGenerator; import java.io.BufferedReader; import java.io.IOException; @@ -253,7 +251,7 @@ class RegistrarsActionTest { passcodeGenerator); } Optional maybeRegistrar = - RegistrarConsoleModule.provideRegistrar( + ConsoleModule.provideRegistrar( GSON, RequestModule.provideJsonBody(consoleApiParams.request(), GSON)); return new RegistrarsAction( consoleApiParams, GSON, maybeRegistrar, passwordGenerator, passcodeGenerator); diff --git a/core/src/test/java/google/registry/ui/server/console/settings/ContactActionTest.java b/core/src/test/java/google/registry/ui/server/console/settings/ContactActionTest.java index 89286e70a..040188d4a 100644 --- a/core/src/test/java/google/registry/ui/server/console/settings/ContactActionTest.java +++ b/core/src/test/java/google/registry/ui/server/console/settings/ContactActionTest.java @@ -45,8 +45,8 @@ import google.registry.request.RequestModule; import google.registry.request.auth.AuthResult; import google.registry.testing.ConsoleApiParamsUtils; import google.registry.testing.FakeResponse; -import google.registry.ui.server.registrar.ConsoleApiParams; -import google.registry.ui.server.registrar.RegistrarConsoleModule; +import google.registry.ui.server.console.ConsoleApiParams; +import google.registry.ui.server.console.ConsoleModule; import google.registry.util.EmailMessage; import jakarta.mail.internet.AddressException; import jakarta.mail.internet.InternetAddress; @@ -296,7 +296,7 @@ class ContactActionTest { .when(consoleApiParams.request()) .getReader(); Optional> maybeContacts = - RegistrarConsoleModule.provideContacts( + ConsoleModule.provideContacts( GSON, RequestModule.provideJsonBody(consoleApiParams.request(), GSON)); return new ContactAction(consoleApiParams, GSON, registrarId, maybeContacts); } diff --git a/core/src/test/java/google/registry/ui/server/console/settings/SecurityActionTest.java b/core/src/test/java/google/registry/ui/server/console/settings/SecurityActionTest.java index 99b22b886..445829021 100644 --- a/core/src/test/java/google/registry/ui/server/console/settings/SecurityActionTest.java +++ b/core/src/test/java/google/registry/ui/server/console/settings/SecurityActionTest.java @@ -38,8 +38,8 @@ import google.registry.testing.ConsoleApiParamsUtils; import google.registry.testing.DatabaseHelper; import google.registry.testing.FakeClock; import google.registry.testing.FakeResponse; -import google.registry.ui.server.registrar.ConsoleApiParams; -import google.registry.ui.server.registrar.RegistrarConsoleModule; +import google.registry.ui.server.console.ConsoleApiParams; +import google.registry.ui.server.console.ConsoleModule; import java.io.BufferedReader; import java.io.IOException; import java.io.StringReader; @@ -108,7 +108,7 @@ class SecurityActionTest { .when(consoleApiParams.request()) .getReader(); Optional maybeRegistrar = - RegistrarConsoleModule.provideRegistrar( + ConsoleModule.provideRegistrar( GSON, RequestModule.provideJsonBody(consoleApiParams.request(), GSON)); return new SecurityAction( consoleApiParams, certificateChecker, registrarAccessor, registrarId, maybeRegistrar); diff --git a/core/src/test/java/google/registry/ui/server/console/settings/WhoisRegistrarFieldsActionTest.java b/core/src/test/java/google/registry/ui/server/console/settings/WhoisRegistrarFieldsActionTest.java index d276723ca..97d7bd43a 100644 --- a/core/src/test/java/google/registry/ui/server/console/settings/WhoisRegistrarFieldsActionTest.java +++ b/core/src/test/java/google/registry/ui/server/console/settings/WhoisRegistrarFieldsActionTest.java @@ -40,8 +40,8 @@ import google.registry.testing.ConsoleApiParamsUtils; import google.registry.testing.DatabaseHelper; import google.registry.testing.FakeClock; import google.registry.testing.FakeResponse; -import google.registry.ui.server.registrar.ConsoleApiParams; -import google.registry.ui.server.registrar.RegistrarConsoleModule; +import google.registry.ui.server.console.ConsoleApiParams; +import google.registry.ui.server.console.ConsoleModule; import java.io.BufferedReader; import java.io.IOException; import java.io.StringReader; @@ -169,7 +169,7 @@ public class WhoisRegistrarFieldsActionTest { return new WhoisRegistrarFieldsAction( consoleApiParams, registrarAccessor, - RegistrarConsoleModule.provideRegistrar( + ConsoleModule.provideRegistrar( GSON, RequestModule.provideJsonBody(consoleApiParams.request(), GSON))); } } diff --git a/core/src/test/resources/google/registry/module/backend/backend_routing.txt b/core/src/test/resources/google/registry/module/backend/backend_routing.txt index a34df814d..4c7e40f36 100644 --- a/core/src/test/resources/google/registry/module/backend/backend_routing.txt +++ b/core/src/test/resources/google/registry/module/backend/backend_routing.txt @@ -1,38 +1,38 @@ -PATH CLASS METHODS OK MIN USER_POLICY -/_dr/cron/fanout TldFanoutAction GET y APP ADMIN -/_dr/dnsRefresh RefreshDnsAction GET y APP ADMIN -/_dr/task/brdaCopy BrdaCopyAction POST y APP ADMIN -/_dr/task/copyDetailReports CopyDetailReportsAction POST n APP ADMIN -/_dr/task/deleteExpiredDomains DeleteExpiredDomainsAction GET n APP ADMIN -/_dr/task/deleteLoadTestData DeleteLoadTestDataAction POST n APP ADMIN -/_dr/task/deleteProberData DeleteProberDataAction POST n APP ADMIN -/_dr/task/executeCannedScript CannedScriptExecutionAction POST,GET y APP ADMIN -/_dr/task/expandBillingRecurrences ExpandBillingRecurrencesAction GET n APP ADMIN -/_dr/task/exportDomainLists ExportDomainListsAction POST n APP ADMIN -/_dr/task/exportPremiumTerms ExportPremiumTermsAction POST n APP ADMIN -/_dr/task/exportReservedTerms ExportReservedTermsAction POST n APP ADMIN -/_dr/task/generateInvoices GenerateInvoicesAction POST n APP ADMIN -/_dr/task/generateSpec11 GenerateSpec11ReportAction POST n APP ADMIN -/_dr/task/icannReportingStaging IcannReportingStagingAction POST n APP ADMIN -/_dr/task/icannReportingUpload IcannReportingUploadAction POST n APP ADMIN -/_dr/task/nordnUpload NordnUploadAction POST y APP ADMIN -/_dr/task/nordnVerify NordnVerifyAction POST y APP ADMIN -/_dr/task/publishDnsUpdates PublishDnsUpdatesAction POST y APP ADMIN -/_dr/task/publishInvoices PublishInvoicesAction POST n APP ADMIN -/_dr/task/publishSpec11 PublishSpec11ReportAction POST n APP ADMIN -/_dr/task/rdeReport RdeReportAction POST n APP ADMIN -/_dr/task/rdeStaging RdeStagingAction GET,POST n APP ADMIN -/_dr/task/rdeUpload RdeUploadAction POST n APP ADMIN -/_dr/task/readDnsRefreshRequests ReadDnsRefreshRequestsAction POST y APP ADMIN -/_dr/task/refreshDnsOnHostRename RefreshDnsOnHostRenameAction POST n APP ADMIN -/_dr/task/relockDomain RelockDomainAction POST y APP ADMIN -/_dr/task/resaveAllEppResourcesPipeline ResaveAllEppResourcesPipelineAction GET n APP ADMIN -/_dr/task/resaveEntity ResaveEntityAction POST n APP ADMIN -/_dr/task/sendExpiringCertificateNotificationEmail SendExpiringCertificateNotificationEmailAction GET n APP ADMIN -/_dr/task/syncGroupMembers SyncGroupMembersAction POST n APP ADMIN -/_dr/task/syncRegistrarsSheet SyncRegistrarsSheetAction POST n APP ADMIN -/_dr/task/tmchCrl TmchCrlAction POST y APP ADMIN -/_dr/task/tmchDnl TmchDnlAction POST y APP ADMIN -/_dr/task/tmchSmdrl TmchSmdrlAction POST y APP ADMIN -/_dr/task/updateRegistrarRdapBaseUrls UpdateRegistrarRdapBaseUrlsAction GET y APP ADMIN -/_dr/task/wipeOutContactHistoryPii WipeOutContactHistoryPiiAction GET n APP ADMIN +SERVICE PATH CLASS METHODS OK MIN USER_POLICY +BACKEND /_dr/cron/fanout TldFanoutAction GET y APP ADMIN +BACKEND /_dr/task/brdaCopy BrdaCopyAction POST y APP ADMIN +BACKEND /_dr/task/copyDetailReports CopyDetailReportsAction POST n APP ADMIN +BACKEND /_dr/task/deleteExpiredDomains DeleteExpiredDomainsAction GET n APP ADMIN +BACKEND /_dr/task/deleteLoadTestData DeleteLoadTestDataAction POST n APP ADMIN +BACKEND /_dr/task/deleteProberData DeleteProberDataAction POST n APP ADMIN +BACKEND /_dr/task/dnsRefresh RefreshDnsAction GET y APP ADMIN +BACKEND /_dr/task/executeCannedScript CannedScriptExecutionAction POST,GET y APP ADMIN +BACKEND /_dr/task/expandBillingRecurrences ExpandBillingRecurrencesAction GET n APP ADMIN +BACKEND /_dr/task/exportDomainLists ExportDomainListsAction POST n APP ADMIN +BACKEND /_dr/task/exportPremiumTerms ExportPremiumTermsAction POST n APP ADMIN +BACKEND /_dr/task/exportReservedTerms ExportReservedTermsAction POST n APP ADMIN +BACKEND /_dr/task/generateInvoices GenerateInvoicesAction POST n APP ADMIN +BACKEND /_dr/task/generateSpec11 GenerateSpec11ReportAction POST n APP ADMIN +BACKEND /_dr/task/icannReportingStaging IcannReportingStagingAction POST n APP ADMIN +BACKEND /_dr/task/icannReportingUpload IcannReportingUploadAction POST n APP ADMIN +BACKEND /_dr/task/nordnUpload NordnUploadAction POST y APP ADMIN +BACKEND /_dr/task/nordnVerify NordnVerifyAction POST y APP ADMIN +BACKEND /_dr/task/publishDnsUpdates PublishDnsUpdatesAction POST y APP ADMIN +BACKEND /_dr/task/publishInvoices PublishInvoicesAction POST n APP ADMIN +BACKEND /_dr/task/publishSpec11 PublishSpec11ReportAction POST n APP ADMIN +BACKEND /_dr/task/rdeReport RdeReportAction POST n APP ADMIN +BACKEND /_dr/task/rdeStaging RdeStagingAction GET,POST n APP ADMIN +BACKEND /_dr/task/rdeUpload RdeUploadAction POST n APP ADMIN +BACKEND /_dr/task/readDnsRefreshRequests ReadDnsRefreshRequestsAction POST y APP ADMIN +BACKEND /_dr/task/refreshDnsOnHostRename RefreshDnsOnHostRenameAction POST n APP ADMIN +BACKEND /_dr/task/relockDomain RelockDomainAction POST y APP ADMIN +BACKEND /_dr/task/resaveAllEppResourcesPipeline ResaveAllEppResourcesPipelineAction GET n APP ADMIN +BACKEND /_dr/task/resaveEntity ResaveEntityAction POST n APP ADMIN +BACKEND /_dr/task/sendExpiringCertificateNotificationEmail SendExpiringCertificateNotificationEmailAction GET n APP ADMIN +BACKEND /_dr/task/syncGroupMembers SyncGroupMembersAction POST n APP ADMIN +BACKEND /_dr/task/syncRegistrarsSheet SyncRegistrarsSheetAction POST n APP ADMIN +BACKEND /_dr/task/tmchCrl TmchCrlAction POST y APP ADMIN +BACKEND /_dr/task/tmchDnl TmchDnlAction POST y APP ADMIN +BACKEND /_dr/task/tmchSmdrl TmchSmdrlAction POST y APP ADMIN +BACKEND /_dr/task/updateRegistrarRdapBaseUrls UpdateRegistrarRdapBaseUrlsAction GET y APP ADMIN +BACKEND /_dr/task/wipeOutContactHistoryPii WipeOutContactHistoryPiiAction GET n APP ADMIN diff --git a/core/src/test/resources/google/registry/module/bsa/bsa_routing.txt b/core/src/test/resources/google/registry/module/bsa/bsa_routing.txt index e0242e4be..c270b3137 100644 --- a/core/src/test/resources/google/registry/module/bsa/bsa_routing.txt +++ b/core/src/test/resources/google/registry/module/bsa/bsa_routing.txt @@ -1,5 +1,5 @@ -PATH CLASS METHODS OK MIN USER_POLICY -/_dr/task/bsaDownload BsaDownloadAction GET,POST n APP ADMIN -/_dr/task/bsaRefresh BsaRefreshAction GET,POST n APP ADMIN -/_dr/task/bsaValidate BsaValidateAction GET,POST n APP ADMIN -/_dr/task/uploadBsaUnavailableNames UploadBsaUnavailableDomainsAction GET,POST n APP ADMIN +SERVICE PATH CLASS METHODS OK MIN USER_POLICY +BACKEND /_dr/task/bsaDownload BsaDownloadAction GET,POST n APP ADMIN +BACKEND /_dr/task/bsaRefresh BsaRefreshAction GET,POST n APP ADMIN +BACKEND /_dr/task/bsaValidate BsaValidateAction GET,POST n APP ADMIN +BACKEND /_dr/task/uploadBsaUnavailableNames UploadBsaUnavailableDomainsAction GET,POST n APP ADMIN diff --git a/core/src/test/resources/google/registry/module/frontend/frontend_routing.txt b/core/src/test/resources/google/registry/module/frontend/frontend_routing.txt index 687dffec6..6e32e058c 100644 --- a/core/src/test/resources/google/registry/module/frontend/frontend_routing.txt +++ b/core/src/test/resources/google/registry/module/frontend/frontend_routing.txt @@ -1,22 +1,22 @@ -PATH CLASS METHODS OK MIN USER_POLICY -/_dr/epp EppTlsAction POST n APP ADMIN -/console-api/domain ConsoleDomainGetAction GET n USER PUBLIC -/console-api/domain-list ConsoleDomainListAction GET n USER PUBLIC -/console-api/dum-download ConsoleDumDownloadAction GET n USER PUBLIC -/console-api/eppPassword ConsoleEppPasswordAction POST n USER PUBLIC -/console-api/registrar ConsoleUpdateRegistrarAction POST n USER PUBLIC -/console-api/registrars RegistrarsAction GET,POST n USER PUBLIC -/console-api/registry-lock ConsoleRegistryLockAction GET,POST n USER PUBLIC -/console-api/registry-lock-verify ConsoleRegistryLockVerifyAction GET n USER PUBLIC -/console-api/settings/contacts ContactAction GET,POST n USER PUBLIC -/console-api/settings/security SecurityAction POST n USER PUBLIC -/console-api/settings/whois-fields WhoisRegistrarFieldsAction POST n USER PUBLIC -/console-api/userdata ConsoleUserDataAction GET n USER PUBLIC -/registrar ConsoleUiAction GET n USER PUBLIC -/registrar-create ConsoleRegistrarCreatorAction POST,GET n USER PUBLIC -/registrar-ote-setup ConsoleOteSetupAction POST,GET n USER PUBLIC -/registrar-ote-status OteStatusAction POST n USER PUBLIC -/registrar-settings RegistrarSettingsAction POST n USER PUBLIC -/registry-lock-get RegistryLockGetAction GET n USER PUBLIC -/registry-lock-post RegistryLockPostAction POST n USER PUBLIC -/registry-lock-verify RegistryLockVerifyAction GET n USER PUBLIC +SERVICE PATH CLASS METHODS OK MIN USER_POLICY +FRONTEND /_dr/epp EppTlsAction POST n APP ADMIN +FRONTEND /registrar ConsoleUiAction GET n USER PUBLIC +FRONTEND /registrar-create ConsoleRegistrarCreatorAction POST,GET n USER PUBLIC +FRONTEND /registrar-ote-setup ConsoleOteSetupAction POST,GET n USER PUBLIC +FRONTEND /registrar-ote-status OteStatusAction POST n USER PUBLIC +FRONTEND /registrar-settings RegistrarSettingsAction POST n USER PUBLIC +FRONTEND /registry-lock-get RegistryLockGetAction GET n USER PUBLIC +FRONTEND /registry-lock-post RegistryLockPostAction POST n USER PUBLIC +FRONTEND /registry-lock-verify RegistryLockVerifyAction GET n USER PUBLIC +CONSOLE /console-api/domain ConsoleDomainGetAction GET n USER PUBLIC +CONSOLE /console-api/domain-list ConsoleDomainListAction GET n USER PUBLIC +CONSOLE /console-api/dum-download ConsoleDumDownloadAction GET n USER PUBLIC +CONSOLE /console-api/eppPassword ConsoleEppPasswordAction POST n USER PUBLIC +CONSOLE /console-api/registrar ConsoleUpdateRegistrarAction POST n USER PUBLIC +CONSOLE /console-api/registrars RegistrarsAction GET,POST n USER PUBLIC +CONSOLE /console-api/registry-lock ConsoleRegistryLockAction GET,POST n USER PUBLIC +CONSOLE /console-api/registry-lock-verify ConsoleRegistryLockVerifyAction GET n USER PUBLIC +CONSOLE /console-api/settings/contacts ContactAction GET,POST n USER PUBLIC +CONSOLE /console-api/settings/security SecurityAction POST n USER PUBLIC +CONSOLE /console-api/settings/whois-fields WhoisRegistrarFieldsAction POST n USER PUBLIC +CONSOLE /console-api/userdata ConsoleUserDataAction GET n USER PUBLIC diff --git a/core/src/test/resources/google/registry/module/pubapi/pubapi_routing.txt b/core/src/test/resources/google/registry/module/pubapi/pubapi_routing.txt index 27ed23c5e..3a9ac8d1c 100644 --- a/core/src/test/resources/google/registry/module/pubapi/pubapi_routing.txt +++ b/core/src/test/resources/google/registry/module/pubapi/pubapi_routing.txt @@ -1,13 +1,13 @@ -PATH CLASS METHODS OK MIN USER_POLICY -/_dr/whois WhoisAction POST n APP ADMIN -/check CheckApiAction GET n NONE PUBLIC -/rdap/autnum/(*) RdapAutnumAction GET,HEAD n NONE PUBLIC -/rdap/domain/(*) RdapDomainAction GET,HEAD n NONE PUBLIC -/rdap/domains RdapDomainSearchAction GET,HEAD n NONE PUBLIC -/rdap/entities RdapEntitySearchAction GET,HEAD n NONE PUBLIC -/rdap/entity/(*) RdapEntityAction GET,HEAD n NONE PUBLIC -/rdap/help(*) RdapHelpAction GET,HEAD n NONE PUBLIC -/rdap/ip/(*) RdapIpAction GET,HEAD n NONE PUBLIC -/rdap/nameserver/(*) RdapNameserverAction GET,HEAD n NONE PUBLIC -/rdap/nameservers RdapNameserverSearchAction GET,HEAD n NONE PUBLIC -/whois/(*) WhoisHttpAction GET n NONE PUBLIC +SERVICE PATH CLASS METHODS OK MIN USER_POLICY +PUBAPI /_dr/whois WhoisAction POST n APP ADMIN +PUBAPI /check CheckApiAction GET n NONE PUBLIC +PUBAPI /rdap/autnum/(*) RdapAutnumAction GET,HEAD n NONE PUBLIC +PUBAPI /rdap/domain/(*) RdapDomainAction GET,HEAD n NONE PUBLIC +PUBAPI /rdap/domains RdapDomainSearchAction GET,HEAD n NONE PUBLIC +PUBAPI /rdap/entities RdapEntitySearchAction GET,HEAD n NONE PUBLIC +PUBAPI /rdap/entity/(*) RdapEntityAction GET,HEAD n NONE PUBLIC +PUBAPI /rdap/help(*) RdapHelpAction GET,HEAD n NONE PUBLIC +PUBAPI /rdap/ip/(*) RdapIpAction GET,HEAD n NONE PUBLIC +PUBAPI /rdap/nameserver/(*) RdapNameserverAction GET,HEAD n NONE PUBLIC +PUBAPI /rdap/nameservers RdapNameserverSearchAction GET,HEAD n NONE PUBLIC +PUBAPI /whois/(*) WhoisHttpAction GET n NONE PUBLIC diff --git a/core/src/test/resources/google/registry/module/routing.txt b/core/src/test/resources/google/registry/module/routing.txt index fe99b44b3..1bb3633a0 100644 --- a/core/src/test/resources/google/registry/module/routing.txt +++ b/core/src/test/resources/google/registry/module/routing.txt @@ -1,88 +1,80 @@ -PATH CLASS METHODS OK MIN USER_POLICY -/_dr/admin/createGroups CreateGroupsAction POST n APP ADMIN -/_dr/admin/list/domains ListDomainsAction GET,POST n APP ADMIN -/_dr/admin/list/hosts ListHostsAction GET,POST n APP ADMIN -/_dr/admin/list/premiumLists ListPremiumListsAction GET,POST n APP ADMIN -/_dr/admin/list/registrars ListRegistrarsAction GET,POST n APP ADMIN -/_dr/admin/list/reservedLists ListReservedListsAction GET,POST n APP ADMIN -/_dr/admin/list/tlds ListTldsAction GET,POST n APP ADMIN -/_dr/admin/updateUserGroup UpdateUserGroupAction POST n APP ADMIN -/_dr/admin/verifyOte VerifyOteAction POST n APP ADMIN -/_dr/cron/fanout TldFanoutAction GET y APP ADMIN -/_dr/dnsRefresh RefreshDnsAction GET y APP ADMIN -/_dr/epp EppTlsAction POST n APP ADMIN -/_dr/epptool EppToolAction POST n APP ADMIN -/_dr/loadtest LoadTestAction POST y APP ADMIN -/_dr/task/brdaCopy BrdaCopyAction POST y APP ADMIN -/_dr/task/bsaDownload BsaDownloadAction GET,POST n APP ADMIN -/_dr/task/bsaRefresh BsaRefreshAction GET,POST n APP ADMIN -/_dr/task/bsaValidate BsaValidateAction GET,POST n APP ADMIN -/_dr/task/copyDetailReports CopyDetailReportsAction POST n APP ADMIN -/_dr/task/deleteExpiredDomains DeleteExpiredDomainsAction GET n APP ADMIN -/_dr/task/deleteLoadTestData DeleteLoadTestDataAction POST n APP ADMIN -/_dr/task/deleteProberData DeleteProberDataAction POST n APP ADMIN -/_dr/task/executeCannedScript CannedScriptExecutionAction POST,GET y APP ADMIN -/_dr/task/expandBillingRecurrences ExpandBillingRecurrencesAction GET n APP ADMIN -/_dr/task/exportDomainLists ExportDomainListsAction POST n APP ADMIN -/_dr/task/exportPremiumTerms ExportPremiumTermsAction POST n APP ADMIN -/_dr/task/exportReservedTerms ExportReservedTermsAction POST n APP ADMIN -/_dr/task/generateInvoices GenerateInvoicesAction POST n APP ADMIN -/_dr/task/generateSpec11 GenerateSpec11ReportAction POST n APP ADMIN -/_dr/task/generateZoneFiles GenerateZoneFilesAction POST n APP ADMIN -/_dr/task/icannReportingStaging IcannReportingStagingAction POST n APP ADMIN -/_dr/task/icannReportingUpload IcannReportingUploadAction POST n APP ADMIN -/_dr/task/nordnUpload NordnUploadAction POST y APP ADMIN -/_dr/task/nordnVerify NordnVerifyAction POST y APP ADMIN -/_dr/task/publishDnsUpdates PublishDnsUpdatesAction POST y APP ADMIN -/_dr/task/publishInvoices PublishInvoicesAction POST n APP ADMIN -/_dr/task/publishSpec11 PublishSpec11ReportAction POST n APP ADMIN -/_dr/task/rdeReport RdeReportAction POST n APP ADMIN -/_dr/task/rdeStaging RdeStagingAction GET,POST n APP ADMIN -/_dr/task/rdeUpload RdeUploadAction POST n APP ADMIN -/_dr/task/readDnsRefreshRequests ReadDnsRefreshRequestsAction POST y APP ADMIN -/_dr/task/refreshDnsForAllDomains RefreshDnsForAllDomainsAction GET n APP ADMIN -/_dr/task/refreshDnsOnHostRename RefreshDnsOnHostRenameAction POST n APP ADMIN -/_dr/task/relockDomain RelockDomainAction POST y APP ADMIN -/_dr/task/resaveAllEppResourcesPipeline ResaveAllEppResourcesPipelineAction GET n APP ADMIN -/_dr/task/resaveEntity ResaveEntityAction POST n APP ADMIN -/_dr/task/sendExpiringCertificateNotificationEmail SendExpiringCertificateNotificationEmailAction GET n APP ADMIN -/_dr/task/syncGroupMembers SyncGroupMembersAction POST n APP ADMIN -/_dr/task/syncRegistrarsSheet SyncRegistrarsSheetAction POST n APP ADMIN -/_dr/task/tmchCrl TmchCrlAction POST y APP ADMIN -/_dr/task/tmchDnl TmchDnlAction POST y APP ADMIN -/_dr/task/tmchSmdrl TmchSmdrlAction POST y APP ADMIN -/_dr/task/updateRegistrarRdapBaseUrls UpdateRegistrarRdapBaseUrlsAction GET y APP ADMIN -/_dr/task/uploadBsaUnavailableNames UploadBsaUnavailableDomainsAction GET,POST n APP ADMIN -/_dr/task/wipeOutContactHistoryPii WipeOutContactHistoryPiiAction GET n APP ADMIN -/_dr/whois WhoisAction POST n APP ADMIN -/check CheckApiAction GET n NONE PUBLIC -/console-api/domain ConsoleDomainGetAction GET n USER PUBLIC -/console-api/domain-list ConsoleDomainListAction GET n USER PUBLIC -/console-api/dum-download ConsoleDumDownloadAction GET n USER PUBLIC -/console-api/eppPassword ConsoleEppPasswordAction POST n USER PUBLIC -/console-api/registrar ConsoleUpdateRegistrarAction POST n USER PUBLIC -/console-api/registrars RegistrarsAction GET,POST n USER PUBLIC -/console-api/registry-lock ConsoleRegistryLockAction GET,POST n USER PUBLIC -/console-api/registry-lock-verify ConsoleRegistryLockVerifyAction GET n USER PUBLIC -/console-api/settings/contacts ContactAction GET,POST n USER PUBLIC -/console-api/settings/security SecurityAction POST n USER PUBLIC -/console-api/settings/whois-fields WhoisRegistrarFieldsAction POST n USER PUBLIC -/console-api/userdata ConsoleUserDataAction GET n USER PUBLIC -/rdap/autnum/(*) RdapAutnumAction GET,HEAD n NONE PUBLIC -/rdap/domain/(*) RdapDomainAction GET,HEAD n NONE PUBLIC -/rdap/domains RdapDomainSearchAction GET,HEAD n NONE PUBLIC -/rdap/entities RdapEntitySearchAction GET,HEAD n NONE PUBLIC -/rdap/entity/(*) RdapEntityAction GET,HEAD n NONE PUBLIC -/rdap/help(*) RdapHelpAction GET,HEAD n NONE PUBLIC -/rdap/ip/(*) RdapIpAction GET,HEAD n NONE PUBLIC -/rdap/nameserver/(*) RdapNameserverAction GET,HEAD n NONE PUBLIC -/rdap/nameservers RdapNameserverSearchAction GET,HEAD n NONE PUBLIC -/registrar ConsoleUiAction GET n USER PUBLIC -/registrar-create ConsoleRegistrarCreatorAction POST,GET n USER PUBLIC -/registrar-ote-setup ConsoleOteSetupAction POST,GET n USER PUBLIC -/registrar-ote-status OteStatusAction POST n USER PUBLIC -/registrar-settings RegistrarSettingsAction POST n USER PUBLIC -/registry-lock-get RegistryLockGetAction GET n USER PUBLIC -/registry-lock-post RegistryLockPostAction POST n USER PUBLIC -/registry-lock-verify RegistryLockVerifyAction GET n USER PUBLIC -/whois/(*) WhoisHttpAction GET n NONE PUBLIC +SERVICE PATH CLASS METHODS OK MIN USER_POLICY +FRONTEND /_dr/epp EppTlsAction POST n APP ADMIN +BACKEND /_dr/admin/createGroups CreateGroupsAction POST n APP ADMIN +BACKEND /_dr/admin/list/domains ListDomainsAction GET,POST n APP ADMIN +BACKEND /_dr/admin/list/hosts ListHostsAction GET,POST n APP ADMIN +BACKEND /_dr/admin/list/premiumLists ListPremiumListsAction GET,POST n APP ADMIN +BACKEND /_dr/admin/list/registrars ListRegistrarsAction GET,POST n APP ADMIN +BACKEND /_dr/admin/list/reservedLists ListReservedListsAction GET,POST n APP ADMIN +BACKEND /_dr/admin/list/tlds ListTldsAction GET,POST n APP ADMIN +BACKEND /_dr/admin/updateUserGroup UpdateUserGroupAction POST n APP ADMIN +BACKEND /_dr/admin/verifyOte VerifyOteAction POST n APP ADMIN +BACKEND /_dr/cron/fanout TldFanoutAction GET y APP ADMIN +BACKEND /_dr/epptool EppToolAction POST n APP ADMIN +BACKEND /_dr/loadtest LoadTestAction POST y APP ADMIN +BACKEND /_dr/task/brdaCopy BrdaCopyAction POST y APP ADMIN +BACKEND /_dr/task/bsaDownload BsaDownloadAction GET,POST n APP ADMIN +BACKEND /_dr/task/bsaRefresh BsaRefreshAction GET,POST n APP ADMIN +BACKEND /_dr/task/bsaValidate BsaValidateAction GET,POST n APP ADMIN +BACKEND /_dr/task/copyDetailReports CopyDetailReportsAction POST n APP ADMIN +BACKEND /_dr/task/deleteExpiredDomains DeleteExpiredDomainsAction GET n APP ADMIN +BACKEND /_dr/task/deleteLoadTestData DeleteLoadTestDataAction POST n APP ADMIN +BACKEND /_dr/task/deleteProberData DeleteProberDataAction POST n APP ADMIN +BACKEND /_dr/task/dnsRefresh RefreshDnsAction GET y APP ADMIN +BACKEND /_dr/task/executeCannedScript CannedScriptExecutionAction POST,GET y APP ADMIN +BACKEND /_dr/task/expandBillingRecurrences ExpandBillingRecurrencesAction GET n APP ADMIN +BACKEND /_dr/task/exportDomainLists ExportDomainListsAction POST n APP ADMIN +BACKEND /_dr/task/exportPremiumTerms ExportPremiumTermsAction POST n APP ADMIN +BACKEND /_dr/task/exportReservedTerms ExportReservedTermsAction POST n APP ADMIN +BACKEND /_dr/task/generateInvoices GenerateInvoicesAction POST n APP ADMIN +BACKEND /_dr/task/generateSpec11 GenerateSpec11ReportAction POST n APP ADMIN +BACKEND /_dr/task/generateZoneFiles GenerateZoneFilesAction POST n APP ADMIN +BACKEND /_dr/task/icannReportingStaging IcannReportingStagingAction POST n APP ADMIN +BACKEND /_dr/task/icannReportingUpload IcannReportingUploadAction POST n APP ADMIN +BACKEND /_dr/task/nordnUpload NordnUploadAction POST y APP ADMIN +BACKEND /_dr/task/nordnVerify NordnVerifyAction POST y APP ADMIN +BACKEND /_dr/task/publishDnsUpdates PublishDnsUpdatesAction POST y APP ADMIN +BACKEND /_dr/task/publishInvoices PublishInvoicesAction POST n APP ADMIN +BACKEND /_dr/task/publishSpec11 PublishSpec11ReportAction POST n APP ADMIN +BACKEND /_dr/task/rdeReport RdeReportAction POST n APP ADMIN +BACKEND /_dr/task/rdeStaging RdeStagingAction GET,POST n APP ADMIN +BACKEND /_dr/task/rdeUpload RdeUploadAction POST n APP ADMIN +BACKEND /_dr/task/readDnsRefreshRequests ReadDnsRefreshRequestsAction POST y APP ADMIN +BACKEND /_dr/task/refreshDnsForAllDomains RefreshDnsForAllDomainsAction GET n APP ADMIN +BACKEND /_dr/task/refreshDnsOnHostRename RefreshDnsOnHostRenameAction POST n APP ADMIN +BACKEND /_dr/task/relockDomain RelockDomainAction POST y APP ADMIN +BACKEND /_dr/task/resaveAllEppResourcesPipeline ResaveAllEppResourcesPipelineAction GET n APP ADMIN +BACKEND /_dr/task/resaveEntity ResaveEntityAction POST n APP ADMIN +BACKEND /_dr/task/sendExpiringCertificateNotificationEmail SendExpiringCertificateNotificationEmailAction GET n APP ADMIN +BACKEND /_dr/task/syncGroupMembers SyncGroupMembersAction POST n APP ADMIN +BACKEND /_dr/task/syncRegistrarsSheet SyncRegistrarsSheetAction POST n APP ADMIN +BACKEND /_dr/task/tmchCrl TmchCrlAction POST y APP ADMIN +BACKEND /_dr/task/tmchDnl TmchDnlAction POST y APP ADMIN +BACKEND /_dr/task/tmchSmdrl TmchSmdrlAction POST y APP ADMIN +BACKEND /_dr/task/updateRegistrarRdapBaseUrls UpdateRegistrarRdapBaseUrlsAction GET y APP ADMIN +BACKEND /_dr/task/uploadBsaUnavailableNames UploadBsaUnavailableDomainsAction GET,POST n APP ADMIN +BACKEND /_dr/task/wipeOutContactHistoryPii WipeOutContactHistoryPiiAction GET n APP ADMIN +PUBAPI /_dr/whois WhoisAction POST n APP ADMIN +PUBAPI /check CheckApiAction GET n NONE PUBLIC +PUBAPI /rdap/autnum/(*) RdapAutnumAction GET,HEAD n NONE PUBLIC +PUBAPI /rdap/domain/(*) RdapDomainAction GET,HEAD n NONE PUBLIC +PUBAPI /rdap/domains RdapDomainSearchAction GET,HEAD n NONE PUBLIC +PUBAPI /rdap/entities RdapEntitySearchAction GET,HEAD n NONE PUBLIC +PUBAPI /rdap/entity/(*) RdapEntityAction GET,HEAD n NONE PUBLIC +PUBAPI /rdap/help(*) RdapHelpAction GET,HEAD n NONE PUBLIC +PUBAPI /rdap/ip/(*) RdapIpAction GET,HEAD n NONE PUBLIC +PUBAPI /rdap/nameserver/(*) RdapNameserverAction GET,HEAD n NONE PUBLIC +PUBAPI /rdap/nameservers RdapNameserverSearchAction GET,HEAD n NONE PUBLIC +PUBAPI /whois/(*) WhoisHttpAction GET n NONE PUBLIC +CONSOLE /console-api/domain ConsoleDomainGetAction GET n USER PUBLIC +CONSOLE /console-api/domain-list ConsoleDomainListAction GET n USER PUBLIC +CONSOLE /console-api/dum-download ConsoleDumDownloadAction GET n USER PUBLIC +CONSOLE /console-api/eppPassword ConsoleEppPasswordAction POST n USER PUBLIC +CONSOLE /console-api/registrar ConsoleUpdateRegistrarAction POST n USER PUBLIC +CONSOLE /console-api/registrars RegistrarsAction GET,POST n USER PUBLIC +CONSOLE /console-api/registry-lock ConsoleRegistryLockAction GET,POST n USER PUBLIC +CONSOLE /console-api/registry-lock-verify ConsoleRegistryLockVerifyAction GET n USER PUBLIC +CONSOLE /console-api/settings/contacts ContactAction GET,POST n USER PUBLIC +CONSOLE /console-api/settings/security SecurityAction POST n USER PUBLIC +CONSOLE /console-api/settings/whois-fields WhoisRegistrarFieldsAction POST n USER PUBLIC +CONSOLE /console-api/userdata ConsoleUserDataAction GET n USER PUBLIC diff --git a/core/src/test/resources/google/registry/module/tools/tools_routing.txt b/core/src/test/resources/google/registry/module/tools/tools_routing.txt index 43dde5fab..9e95e8aa9 100644 --- a/core/src/test/resources/google/registry/module/tools/tools_routing.txt +++ b/core/src/test/resources/google/registry/module/tools/tools_routing.txt @@ -1,14 +1,14 @@ -PATH CLASS METHODS OK MIN USER_POLICY -/_dr/admin/createGroups CreateGroupsAction POST n APP ADMIN -/_dr/admin/list/domains ListDomainsAction GET,POST n APP ADMIN -/_dr/admin/list/hosts ListHostsAction GET,POST n APP ADMIN -/_dr/admin/list/premiumLists ListPremiumListsAction GET,POST n APP ADMIN -/_dr/admin/list/registrars ListRegistrarsAction GET,POST n APP ADMIN -/_dr/admin/list/reservedLists ListReservedListsAction GET,POST n APP ADMIN -/_dr/admin/list/tlds ListTldsAction GET,POST n APP ADMIN -/_dr/admin/updateUserGroup UpdateUserGroupAction POST n APP ADMIN -/_dr/admin/verifyOte VerifyOteAction POST n APP ADMIN -/_dr/epptool EppToolAction POST n APP ADMIN -/_dr/loadtest LoadTestAction POST y APP ADMIN -/_dr/task/generateZoneFiles GenerateZoneFilesAction POST n APP ADMIN -/_dr/task/refreshDnsForAllDomains RefreshDnsForAllDomainsAction GET n APP ADMIN +SERVICE PATH CLASS METHODS OK MIN USER_POLICY +BACKEND /_dr/admin/createGroups CreateGroupsAction POST n APP ADMIN +BACKEND /_dr/admin/list/domains ListDomainsAction GET,POST n APP ADMIN +BACKEND /_dr/admin/list/hosts ListHostsAction GET,POST n APP ADMIN +BACKEND /_dr/admin/list/premiumLists ListPremiumListsAction GET,POST n APP ADMIN +BACKEND /_dr/admin/list/registrars ListRegistrarsAction GET,POST n APP ADMIN +BACKEND /_dr/admin/list/reservedLists ListReservedListsAction GET,POST n APP ADMIN +BACKEND /_dr/admin/list/tlds ListTldsAction GET,POST n APP ADMIN +BACKEND /_dr/admin/updateUserGroup UpdateUserGroupAction POST n APP ADMIN +BACKEND /_dr/admin/verifyOte VerifyOteAction POST n APP ADMIN +BACKEND /_dr/epptool EppToolAction POST n APP ADMIN +BACKEND /_dr/loadtest LoadTestAction POST y APP ADMIN +BACKEND /_dr/task/generateZoneFiles GenerateZoneFilesAction POST n APP ADMIN +BACKEND /_dr/task/refreshDnsForAllDomains RefreshDnsForAllDomainsAction GET n APP ADMIN diff --git a/jetty/build.gradle b/jetty/build.gradle index 9cea3738b..e3d668a91 100644 --- a/jetty/build.gradle +++ b/jetty/build.gradle @@ -85,7 +85,7 @@ tasks.register('run', JavaExec) { tasks.register('deployNomulus', Exec) { dependsOn('pushNomulusImage', ':proxy:pushProxyImage') configure verifyDeploymentConfig - commandLine './deploy-nomulus-for-env.sh', "${rootProject.environment}" + commandLine './deploy-nomulus-for-env.sh', "${rootProject.environment}", "${rootProject.baseDomain}" } project.build.dependsOn(tasks.named('buildNomulusImage')) diff --git a/jetty/deploy-nomulus-for-env.sh b/jetty/deploy-nomulus-for-env.sh index ad3b3a48b..aa832983c 100755 --- a/jetty/deploy-nomulus-for-env.sh +++ b/jetty/deploy-nomulus-for-env.sh @@ -17,12 +17,13 @@ # kills all running pods to force k8s to create new pods using the just-pushed # manifest. -if [[ $# -ne 1 ]]; then - echo "Usage: $0 alpha|crash|qa" +if [[ $# -ne 2 ]]; then + echo "Usage: $0 alpha|crash|qa [base_domain]}" exit 1 fi environment=${1} +base_domain=${2} project="domain-registry-"${environment} current_context=$(kubectl config current-context) while read line @@ -31,16 +32,25 @@ do echo "Updating cluster ${parts[0]} in location ${parts[1]}..." gcloud container clusters get-credentials "${parts[0]}" \ --project "${project}" --location "${parts[1]}" - sed s/GCP_PROJECT/"${project}"/g "./kubernetes/nomulus-deployment.yaml" | \ - sed s/ENVIRONMENT/"${environment}"/g | \ - kubectl apply -f - - kubectl apply -f "./kubernetes/nomulus-service.yaml" + for service in frontend backend pubapi console + do + sed s/GCP_PROJECT/"${project}"/g "./kubernetes/nomulus-${service}.yaml" | \ + sed s/ENVIRONMENT/"${environment}"/g | \ + kubectl apply -f - + done # Kills all running pods, new pods created will be pulling the new image. kubectl delete pods --all # The multi-cluster gateway is only deployed to one cluster (the one in the US). if [[ "${parts[1]}" == us-* ]] then - kubectl apply -f "./kubernetes/nomulus-gateway.yaml" + kubectl apply -f "./kubernetes/gateway/nomulus-gateway.yaml" + for service in frontend backend pubapi console + do + sed s/BASE_DOMAIN/"${base_domain}"/g "./kubernetes/gateway/nomulus-route-${service}.yaml" | \ + kubectl apply -f - + sed s/SERVICE/"${service}"/g "./kubernetes/gateway/nomulus-iap-${environment}.yaml" | \ + kubectl apply -f - + done fi done < <(gcloud container clusters list --project "${project}" | grep nomulus) kubectl config use-context "$current_context" diff --git a/jetty/kubernetes/gateway/nomulus-gateway.yaml b/jetty/kubernetes/gateway/nomulus-gateway.yaml new file mode 100644 index 000000000..dee85c876 --- /dev/null +++ b/jetty/kubernetes/gateway/nomulus-gateway.yaml @@ -0,0 +1,17 @@ +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: Gateway +metadata: + name: nomulus +spec: + gatewayClassName: gke-l7-global-external-managed-mc + listeners: + - name: https + protocol: HTTPS + port: 443 + tls: + mode: Terminate + options: + networking.gke.io/pre-shared-certs: nomulus + allowedRoutes: + kinds: + - kind: HTTPRoute diff --git a/jetty/kubernetes/gateway/nomulus-route-backend.yaml b/jetty/kubernetes/gateway/nomulus-route-backend.yaml new file mode 100644 index 000000000..e77a041ed --- /dev/null +++ b/jetty/kubernetes/gateway/nomulus-route-backend.yaml @@ -0,0 +1,47 @@ +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: HTTPRoute +metadata: + name: backend +spec: + parentRefs: + - kind: Gateway + name: nomulus + hostnames: + - "backend.BASE_DOMAIN" + rules: + - matches: + - path: + type: PathPrefix + value: /_dr/task + - path: + type: PathPrefix + value: /_dr/cron + - path: + type: PathPrefix + value: /_dr/admin + - path: + type: PathPrefix + value: /_dr/epptool + - path: + type: PathPrefix + value: /loadtest + backendRefs: + - group: net.gke.io + kind: ServiceImport + name: backend + port: 80 +--- +apiVersion: networking.gke.io/v1 +kind: HealthCheckPolicy +metadata: + name: backend +spec: + default: + config: + type: HTTP + httpHealthCheck: + requestPath: /healthz/ + targetRef: + group: net.gke.io + kind: ServiceImport + name: backend diff --git a/jetty/kubernetes/nomulus-gateway.yaml b/jetty/kubernetes/gateway/nomulus-route-console.yaml similarity index 53% rename from jetty/kubernetes/nomulus-gateway.yaml rename to jetty/kubernetes/gateway/nomulus-route-console.yaml index d593cbb0a..87a2722d9 100644 --- a/jetty/kubernetes/nomulus-gateway.yaml +++ b/jetty/kubernetes/gateway/nomulus-route-console.yaml @@ -1,38 +1,31 @@ -kind: Gateway apiVersion: gateway.networking.k8s.io/v1beta1 -metadata: - name: nomulus -spec: - gatewayClassName: gke-l7-global-external-managed-mc - listeners: - - name: http - protocol: HTTP - port: 80 - allowedRoutes: - kinds: - - kind: HTTPRoute ---- kind: HTTPRoute -apiVersion: gateway.networking.k8s.io/v1beta1 metadata: - name: nomulus - labels: - app: nomulus + name: console spec: parentRefs: - kind: Gateway name: nomulus + hostnames: + - "console.BASE_DOMAIN" rules: - - backendRefs: + - matches: + - path: + type: PathPrefix + value: /console-api + - path: + type: PathPrefix + value: /console + backendRefs: - group: net.gke.io kind: ServiceImport - name: nomulus + name: console port: 80 --- apiVersion: networking.gke.io/v1 kind: HealthCheckPolicy metadata: - name: nomulus + name: console spec: default: config: @@ -42,5 +35,4 @@ spec: targetRef: group: net.gke.io kind: ServiceImport - name: nomulus - + name: console diff --git a/jetty/kubernetes/gateway/nomulus-route-frontend.yaml b/jetty/kubernetes/gateway/nomulus-route-frontend.yaml new file mode 100644 index 000000000..e5edd08f8 --- /dev/null +++ b/jetty/kubernetes/gateway/nomulus-route-frontend.yaml @@ -0,0 +1,35 @@ +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: HTTPRoute +metadata: + name: frontend +spec: + parentRefs: + - kind: Gateway + name: nomulus + hostnames: + - "frontend.BASE_DOMAIN" + rules: + - matches: + - path: + type: PathPrefix + value: /_dr/epp + backendRefs: + - group: net.gke.io + kind: ServiceImport + name: frontend + port: 80 +--- +apiVersion: networking.gke.io/v1 +kind: HealthCheckPolicy +metadata: + name: frontend +spec: + default: + config: + type: HTTP + httpHealthCheck: + requestPath: /healthz/ + targetRef: + group: net.gke.io + kind: ServiceImport + name: frontend diff --git a/jetty/kubernetes/gateway/nomulus-route-pubapi.yaml b/jetty/kubernetes/gateway/nomulus-route-pubapi.yaml new file mode 100644 index 000000000..c38e62f31 --- /dev/null +++ b/jetty/kubernetes/gateway/nomulus-route-pubapi.yaml @@ -0,0 +1,44 @@ +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: HTTPRoute +metadata: + name: pubapi +spec: + parentRefs: + - kind: Gateway + name: nomulus + hostnames: + - "pubapi.BASE_DOMAIN" + rules: + - matches: + - path: + type: PathPrefix + value: /_dr/whois + - path: + type: PathPrefix + value: /check + - path: + type: PathPrefix + value: /whois + - path: + type: PathPrefix + value: /rdap + backendRefs: + - group: net.gke.io + kind: ServiceImport + name: pubapi + port: 80 +--- +apiVersion: networking.gke.io/v1 +kind: HealthCheckPolicy +metadata: + name: pubapi +spec: + default: + config: + type: HTTP + httpHealthCheck: + requestPath: /healthz/ + targetRef: + group: net.gke.io + kind: ServiceImport + name: pubapi diff --git a/jetty/kubernetes/nomulus-backend.yaml b/jetty/kubernetes/nomulus-backend.yaml new file mode 100644 index 000000000..e9613c1b6 --- /dev/null +++ b/jetty/kubernetes/nomulus-backend.yaml @@ -0,0 +1,60 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: backend +spec: + selector: + matchLabels: + service: backend + template: + metadata: + labels: + service: backend + spec: + serviceAccountName: nomulus + containers: + - name: backend + image: gcr.io/GCP_PROJECT/nomulus + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: "500m" + args: [ENVIRONMENT] +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: backend +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: backend + minReplicas: 1 + maxReplicas: 20 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 100 +--- +apiVersion: v1 +kind: Service +metadata: + name: backend +spec: + selector: + service: backend + ports: + - port: 80 + targetPort: http + name: http +--- +apiVersion: net.gke.io/v1 +kind: ServiceExport +metadata: + name: backend diff --git a/jetty/kubernetes/nomulus-console.yaml b/jetty/kubernetes/nomulus-console.yaml new file mode 100644 index 000000000..1ab59ced0 --- /dev/null +++ b/jetty/kubernetes/nomulus-console.yaml @@ -0,0 +1,60 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: console +spec: + selector: + matchLabels: + service: console + template: + metadata: + labels: + service: console + spec: + serviceAccountName: nomulus + containers: + - name: console + image: gcr.io/GCP_PROJECT/nomulus + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: "500m" + args: [ENVIRONMENT] +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: console +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: console + minReplicas: 1 + maxReplicas: 20 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 100 +--- +apiVersion: v1 +kind: Service +metadata: + name: console +spec: + selector: + service: console + ports: + - port: 80 + targetPort: http + name: http +--- +apiVersion: net.gke.io/v1 +kind: ServiceExport +metadata: + name: console diff --git a/jetty/kubernetes/nomulus-deployment.yaml b/jetty/kubernetes/nomulus-frontend.yaml similarity index 72% rename from jetty/kubernetes/nomulus-deployment.yaml rename to jetty/kubernetes/nomulus-frontend.yaml index e64c869d4..995e2bdcc 100644 --- a/jetty/kubernetes/nomulus-deployment.yaml +++ b/jetty/kubernetes/nomulus-frontend.yaml @@ -1,21 +1,19 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: nomulus - labels: - app: nomulus + name: frontend spec: selector: matchLabels: - app: nomulus + service: frontend template: metadata: labels: - app: nomulus + service: frontend spec: serviceAccountName: nomulus containers: - - name: nomulus + - name: frontend image: gcr.io/GCP_PROJECT/nomulus ports: - containerPort: 8080 @@ -50,14 +48,12 @@ spec: apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: - name: nomulus - labels: - app: nomulus + name: frontend spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment - name: nomulus + name: frontend minReplicas: 1 maxReplicas: 20 metrics: @@ -67,4 +63,26 @@ spec: target: type: Utilization averageUtilization: 100 - +--- +apiVersion: v1 +kind: Service +metadata: + name: frontend +spec: + selector: + service: frontend + ports: + - port: 80 + targetPort: http + name: http + - port: 43 + targetPort: whois + name: whois + - port: 700 + targetPort: epp + name: epp +--- +apiVersion: net.gke.io/v1 +kind: ServiceExport +metadata: + name: frontend diff --git a/jetty/kubernetes/nomulus-pubapi.yaml b/jetty/kubernetes/nomulus-pubapi.yaml new file mode 100644 index 000000000..b838eab7e --- /dev/null +++ b/jetty/kubernetes/nomulus-pubapi.yaml @@ -0,0 +1,60 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: pubapi +spec: + selector: + matchLabels: + service: pubapi + template: + metadata: + labels: + service: pubapi + spec: + serviceAccountName: nomulus + containers: + - name: pubapi + image: gcr.io/GCP_PROJECT/nomulus + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: "500m" + args: [ENVIRONMENT] +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: pubapi +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: pubapi + minReplicas: 1 + maxReplicas: 20 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 100 +--- +apiVersion: v1 +kind: Service +metadata: + name: pubapi +spec: + selector: + service: pubapi + ports: + - port: 80 + targetPort: http + name: http +--- +apiVersion: net.gke.io/v1 +kind: ServiceExport +metadata: + name: pubapi diff --git a/jetty/kubernetes/nomulus-service.yaml b/jetty/kubernetes/nomulus-service.yaml deleted file mode 100644 index d9860b66f..000000000 --- a/jetty/kubernetes/nomulus-service.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: nomulus -spec: - selector: - app: nomulus - ports: - - port: 80 - targetPort: http - name: http - - port: 43 - targetPort: whois - name: whois - - port: 700 - targetPort: epp - name: epp ---- -kind: ServiceExport -apiVersion: net.gke.io/v1 -metadata: - name: nomulus diff --git a/projects.gradle b/projects.gradle index 8d1624c05..2cfa698a5 100644 --- a/projects.gradle +++ b/projects.gradle @@ -25,3 +25,9 @@ rootProject.ext.projects = ['production': 'your-production-project', // The project to host your development/deployment infrastructure. It hosts // things like release artifacts, CI/CD system, etc. rootProject.ext.devProject = 'your-dev-project' + +rootProject.ext.baseDomains = ['production' : 'registry-production.test', + 'sandbox' : 'registry-sandbox.test', + 'alpha' : 'registry-alpha.test', + 'crash' : 'registry-crash.test', + 'qa' : 'registry-qa.test']