From 55f8e0efad639941ce309eff4991f447e2e64d0d Mon Sep 17 00:00:00 2001 From: mcilwain Date: Tue, 16 Apr 2019 08:57:07 -0700 Subject: [PATCH] Remove per-domain nameserver restrictions in reserved lists This also removes the related setting on the Registry entity. We never used either of these, and keeping them around in our codebase just adds complexity for no purpose. We already achieve the goals of this feature by restricting nameservers on entire TLDs and by registry-locking important domain names. This is also two fewer things we'll have to worry about carrying over to the new schema in Registry 3.0. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=243816241 --- docs/flows.md | 10 - .../config/files/reserved/common_example.txt | 4 +- .../flows/domain/DomainCreateFlow.java | 12 - .../flows/domain/DomainFlowUtils.java | 75 ------ .../flows/domain/DomainUpdateFlow.java | 18 -- .../registry/model/registry/Registry.java | 19 -- .../model/registry/label/ReservationType.java | 17 +- .../model/registry/label/ReservedList.java | 87 +------ .../tools/CreateOrUpdateTldCommand.java | 9 - .../flows/domain/DomainCreateFlowTest.java | 194 --------------- .../flows/domain/DomainUpdateFlowTest.java | 232 +----------------- .../registry/label/ReservedListTest.java | 103 +------- .../google/registry/model/testdata/schema.txt | 3 - .../registry/tools/CreateTldCommandTest.java | 11 - .../registry/tools/UpdateTldCommandTest.java | 24 -- 15 files changed, 24 insertions(+), 794 deletions(-) diff --git a/docs/flows.md b/docs/flows.md index ac6469389..c1323aa54 100644 --- a/docs/flows.md +++ b/docs/flows.md @@ -345,15 +345,10 @@ An EPP flow that creates a new domain resource. * Resource linked to this domain does not exist. * 2304 * The claims period for this TLD has ended. - * Requested domain does not have nameserver-restricted reservation for a - TLD that requires such a reservation to create domains. * Requested domain is reserved. * Linked resource in pending delete prohibits operation. * Requested domain requires a claims notice. - * Nameservers are not whitelisted for this domain. * Nameservers are not whitelisted for this TLD. - * Nameservers not specified for domain with nameserver-restricted - reservation. * Nameservers not specified for domain on TLD with nameserver whitelist. * The requested domain name is on the premium price list, and this registrar has blocked premium registrations. @@ -762,11 +757,6 @@ statuses are updated at once. * Linked resource in pending delete prohibits operation. * Nameservers are not whitelisted for this TLD. * Nameservers not specified for domain on TLD with nameserver whitelist. - * Nameservers are not whitelisted for this domain. - * Nameservers not specified for domain with nameserver-restricted - reservation. - * Requested domain does not have nameserver-restricted reservation for a - TLD that requires such a reservation to create domains. * Registrant is not whitelisted for this TLD. * 2306 * Cannot add and remove the same value. diff --git a/java/google/registry/config/files/reserved/common_example.txt b/java/google/registry/config/files/reserved/common_example.txt index 3fbc45a50..dafc5a175 100644 --- a/java/google/registry/config/files/reserved/common_example.txt +++ b/java/google/registry/config/files/reserved/common_example.txt @@ -1,12 +1,10 @@ # Example of a reserved list file. This is simply a CSV file with 2-3 -# columns: sub-domain name and reservation type and (in the case of the -# NAMESERVER_RESTRICTED type) a colon-separated list of nameservers. See +# columns: sub-domain name and reservation type. See # java/google/registry/model/registry/label/ReserverationType for the complete # set of reservation types. # # These are manipulated using the "nomulus" tool # {create,update,delete,list}_reserved_list commands. -nsrestric,NAMESERVER_RESTRICTED,foo.example.com:bar.example.com sunrise,ALLOWED_IN_SUNRISE specific,RESERVED_FOR_SPECIFIC_USE anchor,RESERVED_FOR_ANCHOR_TENANT diff --git a/java/google/registry/flows/domain/DomainCreateFlow.java b/java/google/registry/flows/domain/DomainCreateFlow.java index 54e1d6fb8..e3dfd7cb4 100644 --- a/java/google/registry/flows/domain/DomainCreateFlow.java +++ b/java/google/registry/flows/domain/DomainCreateFlow.java @@ -26,7 +26,6 @@ import static google.registry.flows.domain.DomainFlowUtils.isAnchorTenant; import static google.registry.flows.domain.DomainFlowUtils.isReserved; import static google.registry.flows.domain.DomainFlowUtils.isValidReservedCreate; import static google.registry.flows.domain.DomainFlowUtils.validateCreateCommandContactsAndNameservers; -import static google.registry.flows.domain.DomainFlowUtils.validateDomainAllowedOnCreateRestrictedTld; import static google.registry.flows.domain.DomainFlowUtils.validateDomainName; import static google.registry.flows.domain.DomainFlowUtils.validateDomainNameWithIdnTables; import static google.registry.flows.domain.DomainFlowUtils.validateFeeChallenge; @@ -43,8 +42,6 @@ import static google.registry.flows.domain.DomainFlowUtils.verifyRegistrarIsActi import static google.registry.flows.domain.DomainFlowUtils.verifyUnitIsYears; import static google.registry.model.EppResourceUtils.createDomainRepoId; import static google.registry.model.eppcommon.StatusValue.SERVER_HOLD; -import static google.registry.model.eppcommon.StatusValue.SERVER_TRANSFER_PROHIBITED; -import static google.registry.model.eppcommon.StatusValue.SERVER_UPDATE_PROHIBITED; import static google.registry.model.ofy.ObjectifyService.ofy; import static google.registry.model.registry.Registry.TldState.GENERAL_AVAILABILITY; import static google.registry.model.registry.Registry.TldState.START_DATE_SUNRISE; @@ -142,7 +139,6 @@ import org.joda.time.Duration; * @error {@link DomainFlowUtils.CurrencyValueScaleException} * @error {@link DomainFlowUtils.DashesInThirdAndFourthException} * @error {@link DomainFlowUtils.DomainLabelTooLongException} - * @error {@link DomainFlowUtils.DomainNotAllowedForTldWithCreateRestrictionException} * @error {@link DomainFlowUtils.DomainReservedException} * @error {@link DomainFlowUtils.DuplicateContactForRoleException} * @error {@link DomainFlowUtils.EmptyDomainNamePartException} @@ -167,9 +163,7 @@ import org.joda.time.Duration; * @error {@link DomainFlowUtils.MissingContactTypeException} * @error {@link DomainFlowUtils.MissingRegistrantException} * @error {@link DomainFlowUtils.MissingTechnicalContactException} - * @error {@link DomainFlowUtils.NameserversNotAllowedForDomainException} * @error {@link DomainFlowUtils.NameserversNotAllowedForTldException} - * @error {@link DomainFlowUtils.NameserversNotSpecifiedForNameserverRestrictedDomainException} * @error {@link DomainFlowUtils.NameserversNotSpecifiedForTldWithNameserverWhitelistException} * @error {@link DomainFlowUtils.PremiumNameBlockedException} * @error {@link DomainFlowUtils.RegistrantNotAllowedException} @@ -227,9 +221,6 @@ public class DomainCreateFlow implements TransactionalFlow { String domainLabel = domainName.parts().get(0); Registry registry = Registry.get(domainName.parent().toString()); validateCreateCommandContactsAndNameservers(command, registry, domainName); - if (registry.getDomainCreateRestricted()) { - validateDomainAllowedOnCreateRestrictedTld(domainName); - } TldState tldState = registry.getTldState(now); Optional launchCreate = eppInput.getSingleExtension(LaunchCreateExtension.class); @@ -322,9 +313,6 @@ public class DomainCreateFlow implements TransactionalFlow { } ImmutableSet.Builder statuses = new ImmutableSet.Builder<>(); - if (registry.getDomainCreateRestricted()) { - statuses.add(SERVER_UPDATE_PROHIBITED, SERVER_TRANSFER_PROHIBITED); - } if (getReservationTypes(domainName).contains(NAME_COLLISION)) { statuses.add(SERVER_HOLD); entitiesToSave.add( diff --git a/java/google/registry/flows/domain/DomainFlowUtils.java b/java/google/registry/flows/domain/DomainFlowUtils.java index ee5d58068..dadf05a23 100644 --- a/java/google/registry/flows/domain/DomainFlowUtils.java +++ b/java/google/registry/flows/domain/DomainFlowUtils.java @@ -32,10 +32,8 @@ import static google.registry.model.registry.Registry.TldState.GENERAL_AVAILABIL import static google.registry.model.registry.Registry.TldState.PREDELEGATION; import static google.registry.model.registry.Registry.TldState.START_DATE_SUNRISE; import static google.registry.model.registry.label.ReservationType.FULLY_BLOCKED; -import static google.registry.model.registry.label.ReservationType.NAMESERVER_RESTRICTED; import static google.registry.model.registry.label.ReservationType.RESERVED_FOR_ANCHOR_TENANT; import static google.registry.model.registry.label.ReservationType.RESERVED_FOR_SPECIFIC_USE; -import static google.registry.model.registry.label.ReservedList.getAllowedNameservers; import static google.registry.pricing.PricingEngineProxy.isDomainPremium; import static google.registry.util.CollectionUtils.nullToEmpty; import static google.registry.util.DateTimeUtils.END_OF_TIME; @@ -344,12 +342,6 @@ public class DomainFlowUtils { throw new NameserversNotSpecifiedForTldWithNameserverWhitelistException( domainName.toString()); } - // For domains with a nameserver restricted reservation, they must have at least 1 nameserver. - ImmutableSet domainNameserversWhitelist = getAllowedNameservers(domainName); - if (!domainNameserversWhitelist.isEmpty() && count == 0) { - throw new NameserversNotSpecifiedForNameserverRestrictedDomainException( - domainName.toString()); - } if (count > MAX_NAMESERVERS_PER_DOMAIN) { throw new TooManyNameserversException( String.format("Only %d nameservers are allowed per domain", MAX_NAMESERVERS_PER_DOMAIN)); @@ -424,34 +416,6 @@ public class DomainFlowUtils { } } - /** - * Validates if the requested nameservers can be set on the requested domain. - * - * @param domainName the domain to be created. - * @param fullyQualifiedHostNames the set of nameservers to be set on the domain. - * @throws EppException - */ - static void validateNameserversAllowedOnDomain( - InternetDomainName domainName, Set fullyQualifiedHostNames) throws EppException { - ImmutableSet reservationTypes = getReservationTypes(domainName); - if (reservationTypes.contains(NAMESERVER_RESTRICTED)) { - ImmutableSet allowedNameservers = getAllowedNameservers(domainName); - Set disallowedNameservers = difference(fullyQualifiedHostNames, allowedNameservers); - if (!disallowedNameservers.isEmpty()) { - throw new NameserversNotAllowedForDomainException(disallowedNameservers); - } - } - } - - /** Validates if the requested domain can be reated on a domain create restricted TLD. */ - static void validateDomainAllowedOnCreateRestrictedTld(InternetDomainName domainName) - throws EppException { - ImmutableSet reservationTypes = getReservationTypes(domainName); - if (!reservationTypes.contains(NAMESERVER_RESTRICTED)) { - throw new DomainNotAllowedForTldWithCreateRestrictionException(domainName.toString()); - } - } - static void verifyNotReserved(InternetDomainName domainName, boolean isSunrise) throws EppException { if (isReserved(domainName, isSunrise)) { @@ -915,7 +879,6 @@ public class DomainFlowUtils { ImmutableSet fullyQualifiedHostNames = command.getNameserverFullyQualifiedHostNames(); validateNameserversCountForTld(tld, domainName, fullyQualifiedHostNames.size()); validateNameserversAllowedOnTld(tld, fullyQualifiedHostNames); - validateNameserversAllowedOnDomain(domainName, fullyQualifiedHostNames); } /** Validate the secDNS extension, if present. */ @@ -1330,21 +1293,6 @@ public class DomainFlowUtils { } } - /** - * Requested domain does not have nameserver-restricted reservation for a TLD that requires such a - * reservation to create domains. - */ - static class DomainNotAllowedForTldWithCreateRestrictionException - extends StatusProhibitsOperationException { - public DomainNotAllowedForTldWithCreateRestrictionException(String domainName) { - super( - String.format( - "%s is not allowed without a nameserver-restricted reservation" - + " for a TLD that requires such reservation", - domainName)); - } - } - /** * The requested domain name is on the premium price list, and this registrar has blocked premium * registrations. @@ -1437,17 +1385,6 @@ public class DomainFlowUtils { } } - /** Nameservers are not whitelisted for this domain. */ - public static class NameserversNotAllowedForDomainException - extends StatusProhibitsOperationException { - public NameserversNotAllowedForDomainException(Set fullyQualifiedHostNames) { - super( - String.format( - "Nameservers '%s' are not whitelisted for this domain", - Joiner.on(',').join(fullyQualifiedHostNames))); - } - } - /** Nameservers not specified for domain on TLD with nameserver whitelist. */ public static class NameserversNotSpecifiedForTldWithNameserverWhitelistException extends StatusProhibitsOperationException { @@ -1460,18 +1397,6 @@ public class DomainFlowUtils { } } - /** Nameservers not specified for domain with nameserver-restricted reservation. */ - public static class NameserversNotSpecifiedForNameserverRestrictedDomainException - extends StatusProhibitsOperationException { - public NameserversNotSpecifiedForNameserverRestrictedDomainException(String domain) { - super( - String.format( - "At least one nameserver must be specified for domain %s" - + " on a TLD with nameserver restriction", - domain)); - } - } - /** Command is not allowed in the current registry phase. */ public static class BadCommandForRegistryPhaseException extends CommandUseErrorException { public BadCommandForRegistryPhaseException() { diff --git a/java/google/registry/flows/domain/DomainUpdateFlow.java b/java/google/registry/flows/domain/DomainUpdateFlow.java index f22d676ed..d969e11e2 100644 --- a/java/google/registry/flows/domain/DomainUpdateFlow.java +++ b/java/google/registry/flows/domain/DomainUpdateFlow.java @@ -29,10 +29,8 @@ import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToT import static google.registry.flows.domain.DomainFlowUtils.cloneAndLinkReferences; import static google.registry.flows.domain.DomainFlowUtils.updateDsData; import static google.registry.flows.domain.DomainFlowUtils.validateContactsHaveTypes; -import static google.registry.flows.domain.DomainFlowUtils.validateDomainAllowedOnCreateRestrictedTld; import static google.registry.flows.domain.DomainFlowUtils.validateDsData; import static google.registry.flows.domain.DomainFlowUtils.validateFeesAckedIfPresent; -import static google.registry.flows.domain.DomainFlowUtils.validateNameserversAllowedOnDomain; import static google.registry.flows.domain.DomainFlowUtils.validateNameserversAllowedOnTld; import static google.registry.flows.domain.DomainFlowUtils.validateNameserversCountForTld; import static google.registry.flows.domain.DomainFlowUtils.validateNoDuplicateContacts; @@ -41,7 +39,6 @@ import static google.registry.flows.domain.DomainFlowUtils.validateRequiredConta import static google.registry.flows.domain.DomainFlowUtils.verifyClientUpdateNotProhibited; import static google.registry.flows.domain.DomainFlowUtils.verifyNotInPendingDelete; import static google.registry.model.ofy.ObjectifyService.ofy; -import static google.registry.util.CollectionUtils.nullToEmpty; import com.google.common.collect.ImmutableSet; import com.google.common.net.InternetDomainName; @@ -112,9 +109,6 @@ import org.joda.time.DateTime; * @error {@link DomainFlowUtils.MissingRegistrantException} * @error {@link DomainFlowUtils.NameserversNotAllowedForTldException} * @error {@link DomainFlowUtils.NameserversNotSpecifiedForTldWithNameserverWhitelistException} - * @error {@link DomainFlowUtils.NameserversNotAllowedForDomainException} - * @error {@link DomainFlowUtils.NameserversNotSpecifiedForNameserverRestrictedDomainException} - * @error {@link DomainFlowUtils.DomainNotAllowedForTldWithCreateRestrictionException} * @error {@link DomainFlowUtils.NotAuthorizedForTldException} * @error {@link DomainFlowUtils.RegistrantNotAllowedException} * @error {@link DomainFlowUtils.SecDnsAllUsageException} @@ -216,13 +210,6 @@ public final class DomainUpdateFlow implements TransactionalFlow { validateRegistrantAllowedOnTld(tld, command.getInnerChange().getRegistrantContactId()); validateNameserversAllowedOnTld( tld, add.getNameserverFullyQualifiedHostNames()); - InternetDomainName domainName = - InternetDomainName.from(existingDomain.getFullyQualifiedDomainName()); - if (registry.getDomainCreateRestricted()) { - validateDomainAllowedOnCreateRestrictedTld(domainName); - } - validateNameserversAllowedOnDomain( - domainName, nullToEmpty(add.getNameserverFullyQualifiedHostNames())); } private HistoryEntry buildHistoryEntry(DomainBase existingDomain, DateTime now) { @@ -262,11 +249,6 @@ public final class DomainUpdateFlow implements TransactionalFlow { .removeContacts(remove.getContacts()) .setRegistrant(firstNonNull(change.getRegistrant(), domain.getRegistrant())) .setAuthInfo(firstNonNull(change.getAuthInfo(), domain.getAuthInfo())); - if (Registry.get(domain.getTld()).getDomainCreateRestricted()) { - domainBuilder - .addStatusValue(StatusValue.SERVER_TRANSFER_PROHIBITED) - .addStatusValue(StatusValue.SERVER_UPDATE_PROHIBITED); - } return domainBuilder.build(); } diff --git a/java/google/registry/model/registry/Registry.java b/java/google/registry/model/registry/Registry.java index 3cead94fd..5fb481f86 100644 --- a/java/google/registry/model/registry/Registry.java +++ b/java/google/registry/model/registry/Registry.java @@ -55,7 +55,6 @@ import google.registry.model.common.TimedTransitionProperty.TimedTransition; import google.registry.model.domain.fee.BaseFee.FeeType; import google.registry.model.domain.fee.Fee; import google.registry.model.registry.label.PremiumList; -import google.registry.model.registry.label.ReservationType; import google.registry.model.registry.label.ReservedList; import google.registry.util.Idn; import java.util.Optional; @@ -329,12 +328,6 @@ public class Registry extends ImmutableObject implements Buildable { /** Whether the pull queue that writes to authoritative DNS is paused for this TLD. */ boolean dnsPaused = DEFAULT_DNS_PAUSED; - /** - * Whether only domains with {@link ReservationType#NAMESERVER_RESTRICTED} reservation type in a - * reserved list can be registered on this TLD. - */ - boolean domainCreateRestricted; - /** * The length of the add grace period for this TLD. * @@ -454,13 +447,6 @@ public class Registry extends ImmutableObject implements Buildable { return driveFolderId; } - /** - * Returns true if only domains with nameserver restricted reservation on this TLD can be created. - */ - public boolean getDomainCreateRestricted() { - return domainCreateRestricted; - } - public Duration getAddGracePeriodLength() { return addGracePeriodLength; } @@ -646,11 +632,6 @@ public class Registry extends ImmutableObject implements Buildable { return this; } - public Builder setDomainCreateRestricted(boolean domainCreateRestricted) { - getInstance().domainCreateRestricted = domainCreateRestricted; - return this; - } - public Builder setPremiumPricingEngine(String pricingEngineClass) { getInstance().pricingEngineClassName = checkArgumentNotNull(pricingEngineClass); return this; diff --git a/java/google/registry/model/registry/label/ReservationType.java b/java/google/registry/model/registry/label/ReservationType.java index 7ed081861..9fe15d4f6 100644 --- a/java/google/registry/model/registry/label/ReservationType.java +++ b/java/google/registry/model/registry/label/ReservationType.java @@ -34,33 +34,32 @@ public enum ReservationType { // label has multiple reservation types, its message is the that of the one with the highest // severity. - /** Nameservers on the domain are restricted to a given set. */ - NAMESERVER_RESTRICTED("Nameserver restricted", 0), - /** The domain can only be registered during sunrise, and is reserved thereafter. */ - ALLOWED_IN_SUNRISE("Reserved", 1), + ALLOWED_IN_SUNRISE("Reserved", 0), /** The domain can only be registered by providing a specific token. */ - RESERVED_FOR_SPECIFIC_USE("Reserved", 2), + RESERVED_FOR_SPECIFIC_USE("Reserved", 1), /** The domain is for an anchor tenant and can only be registered using a specific token. */ - RESERVED_FOR_ANCHOR_TENANT("Reserved", 3), + RESERVED_FOR_ANCHOR_TENANT("Reserved", 2), /** * The domain can only be registered during sunrise for defensive purposes, and will never * resolve. */ - NAME_COLLISION("Cannot be delegated", 4), + NAME_COLLISION("Cannot be delegated", 3), /** The domain can never be registered. */ - FULLY_BLOCKED("Reserved", 5); + FULLY_BLOCKED("Reserved", 4); @Nullable private final String messageForCheck; ReservationType(@Nullable String messageForCheck, int severity) { this.messageForCheck = messageForCheck; - checkState(ordinal() == severity); + checkState( + ordinal() == severity, + "ReservationType enum values aren't defined in severity order"); } @Nullable diff --git a/java/google/registry/model/registry/label/ReservedList.java b/java/google/registry/model/registry/label/ReservedList.java index 6fe746023..4c2d15d8b 100644 --- a/java/google/registry/model/registry/label/ReservedList.java +++ b/java/google/registry/model/registry/label/ReservedList.java @@ -21,20 +21,16 @@ import static google.registry.config.RegistryConfig.getDomainLabelListCacheDurat import static google.registry.model.common.EntityGroupRoot.getCrossTldKey; import static google.registry.model.ofy.ObjectifyService.ofy; import static google.registry.model.registry.label.ReservationType.FULLY_BLOCKED; -import static google.registry.model.registry.label.ReservationType.NAMESERVER_RESTRICTED; import static google.registry.util.CollectionUtils.nullToEmpty; import static java.util.concurrent.TimeUnit.MILLISECONDS; import static org.joda.time.DateTimeZone.UTC; -import com.google.common.base.Joiner; import com.google.common.base.Splitter; import com.google.common.cache.CacheBuilder; import com.google.common.cache.CacheLoader; import com.google.common.cache.LoadingCache; import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; -import com.google.common.collect.Sets; -import com.google.common.net.InternetDomainName; import com.google.common.util.concurrent.UncheckedExecutionException; import com.googlecode.objectify.Key; import com.googlecode.objectify.annotation.Embed; @@ -47,7 +43,6 @@ import google.registry.model.registry.label.DomainLabelMetrics.MetricsReservedLi import java.util.List; import java.util.Map; import java.util.Optional; -import java.util.Set; import java.util.concurrent.ExecutionException; import javax.annotation.Nullable; import org.joda.time.DateTime; @@ -74,18 +69,6 @@ public final class ReservedList ReservationType reservationType; - /** - * Contains a comma-delimited list of the fully qualified hostnames of the nameservers that can - * be set on a domain with this label (only applicable to NAMESERVER_RESTRICTED). - * - *

A String field is persisted because Objectify 4 does not allow multi-dimensional - * collections in embedded entities. - * - * @see Embedding - */ - String allowedNameservers; - /** Mapper for use with @Mapify */ static class LabelMapper implements Mapper { @@ -95,41 +78,14 @@ public final class ReservedList } } - /** - * Creates a {@link ReservedListEntry} from label, reservation type, and optionally additional - * restrictions - * - *

The additional restricitno can be the authCode for anchor tenant or the allowed - * nameservers (in a colon-separated string) for nameserver-restricted domains. - */ + /** Creates a {@link ReservedListEntry} from a label, reservation type, and optional comment. */ public static ReservedListEntry create( - String label, - ReservationType reservationType, - @Nullable String allowedNameservers, - @Nullable String comment) { - ReservedListEntry.Builder entry = - new ReservedListEntry.Builder() - .setLabel(label) - .setComment(comment) - .setReservationType(reservationType); - checkArgument( - (reservationType == NAMESERVER_RESTRICTED) ^ (allowedNameservers == null), - "Allowed nameservers must be specified for NAMESERVER_RESTRICTED reservations only"); - if (allowedNameservers != null) { - entry.setAllowedNameservers( - ImmutableSet.copyOf(Splitter.on(':').trimResults().split(allowedNameservers))); - } - return entry.build(); - } - - private static void checkNameserversAreValid(Set nameservers) { - // A domain name with fewer than two parts cannot be a hostname, as a nameserver should be. - nameservers.forEach( - (ns) -> - checkArgument( - InternetDomainName.from(ns).parts().size() >= 3, - "%s is not a valid nameserver hostname", - ns)); + String label, ReservationType reservationType, @Nullable String comment) { + return new ReservedListEntry.Builder() + .setLabel(label) + .setReservationType(reservationType) + .setComment(comment) + .build(); } @Override @@ -137,10 +93,6 @@ public final class ReservedList return reservationType; } - public ImmutableSet getAllowedNameservers() { - return ImmutableSet.copyOf(Splitter.on(',').splitToList(allowedNameservers)); - } - @Override public ReservedListEntry.Builder asBuilder() { return new ReservedListEntry.Builder(clone(this)); @@ -156,12 +108,6 @@ public final class ReservedList super(instance); } - ReservedListEntry.Builder setAllowedNameservers(Set allowedNameservers) { - checkNameserversAreValid(allowedNameservers); - getInstance().allowedNameservers = Joiner.on(',').join(allowedNameservers); - return this; - } - ReservedListEntry.Builder setReservationType(ReservationType reservationType) { getInstance().reservationType = reservationType; return this; @@ -225,22 +171,6 @@ public final class ReservedList .collect(toImmutableSet()); } - /** - * Returns the set of nameservers that can be set on the given domain. - * - *

The allowed nameservers are the intersection of all allowed nameservers for the given domain - * across all reserved lists. Returns an empty set if not applicable, i. e. the label for the - * domain is not set with {@code NAMESERVER_RESTRICTED} reservation type. - */ - public static ImmutableSet getAllowedNameservers(InternetDomainName domainName) { - return getReservedListEntries(domainName.parts().get(0), domainName.parent().toString()) - .stream() - .filter((entry) -> entry.reservationType == NAMESERVER_RESTRICTED) - .map(ReservedListEntry::getAllowedNameservers) - .reduce((types1, types2) -> Sets.intersection(types1, types2).immutableCopy()) - .orElse(ImmutableSet.of()); - } - /** * Helper function to retrieve the entries associated with this label and TLD, or an empty set if * no such entry exists. @@ -327,8 +257,7 @@ public final class ReservedList "Could not parse line in reserved list: %s", originalLine); String label = parts.get(0); ReservationType reservationType = ReservationType.valueOf(parts.get(1)); - String restrictions = (parts.size() > 2) ? parts.get(2) : null; - return ReservedListEntry.create(label, reservationType, restrictions, comment); + return ReservedListEntry.create(label, reservationType, comment); } @Override diff --git a/java/google/registry/tools/CreateOrUpdateTldCommand.java b/java/google/registry/tools/CreateOrUpdateTldCommand.java index 4c4c8386c..29b4963d5 100644 --- a/java/google/registry/tools/CreateOrUpdateTldCommand.java +++ b/java/google/registry/tools/CreateOrUpdateTldCommand.java @@ -197,14 +197,6 @@ abstract class CreateOrUpdateTldCommand extends MutatingCommand { description = "Override restrictions on reserved list naming") boolean overrideReservedListRules; - @Nullable - @Parameter( - names = {"--domain_create_restricted"}, - description = "If only domains with nameserver restricted reservation can be created", - arity = 1 - ) - Boolean domainCreateRestricted; - @Nullable @Parameter( names = "--claims_period_end", @@ -331,7 +323,6 @@ abstract class CreateOrUpdateTldCommand extends MutatingCommand { Optional.ofNullable(tldType).ifPresent(builder::setTldType); Optional.ofNullable(lordnUsername).ifPresent(u -> builder.setLordnUsername(u.orElse(null))); Optional.ofNullable(claimsPeriodEnd).ifPresent(builder::setClaimsPeriodEnd); - Optional.ofNullable(domainCreateRestricted).ifPresent(builder::setDomainCreateRestricted); Optional.ofNullable(numDnsPublishShards).ifPresent(builder::setNumDnsPublishLocks); if (premiumListName != null) { diff --git a/javatests/google/registry/flows/domain/DomainCreateFlowTest.java b/javatests/google/registry/flows/domain/DomainCreateFlowTest.java index f326b3766..db61245b4 100644 --- a/javatests/google/registry/flows/domain/DomainCreateFlowTest.java +++ b/javatests/google/registry/flows/domain/DomainCreateFlowTest.java @@ -23,11 +23,8 @@ import static google.registry.model.billing.BillingEvent.Flag.SUNRISE; import static google.registry.model.domain.fee.Fee.FEE_EXTENSION_URIS; import static google.registry.model.domain.token.AllocationToken.TokenType.SINGLE_USE; import static google.registry.model.domain.token.AllocationToken.TokenType.UNLIMITED_USE; -import static google.registry.model.eppcommon.StatusValue.OK; import static google.registry.model.eppcommon.StatusValue.PENDING_DELETE; import static google.registry.model.eppcommon.StatusValue.SERVER_HOLD; -import static google.registry.model.eppcommon.StatusValue.SERVER_TRANSFER_PROHIBITED; -import static google.registry.model.eppcommon.StatusValue.SERVER_UPDATE_PROHIBITED; import static google.registry.model.ofy.ObjectifyService.ofy; import static google.registry.model.registry.Registry.TldState.GENERAL_AVAILABILITY; import static google.registry.model.registry.Registry.TldState.PREDELEGATION; @@ -92,7 +89,6 @@ import google.registry.flows.domain.DomainFlowUtils.CurrencyValueScaleException; import google.registry.flows.domain.DomainFlowUtils.DashesInThirdAndFourthException; import google.registry.flows.domain.DomainFlowUtils.DomainLabelTooLongException; import google.registry.flows.domain.DomainFlowUtils.DomainNameExistsAsTldException; -import google.registry.flows.domain.DomainFlowUtils.DomainNotAllowedForTldWithCreateRestrictionException; import google.registry.flows.domain.DomainFlowUtils.DomainReservedException; import google.registry.flows.domain.DomainFlowUtils.DuplicateContactForRoleException; import google.registry.flows.domain.DomainFlowUtils.EmptyDomainNamePartException; @@ -117,9 +113,7 @@ import google.registry.flows.domain.DomainFlowUtils.MissingClaimsNoticeException import google.registry.flows.domain.DomainFlowUtils.MissingContactTypeException; import google.registry.flows.domain.DomainFlowUtils.MissingRegistrantException; import google.registry.flows.domain.DomainFlowUtils.MissingTechnicalContactException; -import google.registry.flows.domain.DomainFlowUtils.NameserversNotAllowedForDomainException; import google.registry.flows.domain.DomainFlowUtils.NameserversNotAllowedForTldException; -import google.registry.flows.domain.DomainFlowUtils.NameserversNotSpecifiedForNameserverRestrictedDomainException; import google.registry.flows.domain.DomainFlowUtils.NameserversNotSpecifiedForTldWithNameserverWhitelistException; import google.registry.flows.domain.DomainFlowUtils.NotAuthorizedForTldException; import google.registry.flows.domain.DomainFlowUtils.PremiumNameBlockedException; @@ -1788,194 +1782,6 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase persistReservedList("tld", "lol,FULLY_BLOCKZ # yup")); } - @Test - public void testSave_additionalRestrictionWithIncompatibleReservationType() { - IllegalArgumentException thrown = - assertThrows( - IllegalArgumentException.class, - () -> - persistResource( - Registry.get("tld") - .asBuilder() - .setReservedLists( - ImmutableSet.of( - persistReservedList("reserved1", "lol,FULLY_BLOCKED,foobar1"))) - .build())); - assertThat(thrown) - .hasMessageThat() - .contains( - "Allowed nameservers must be specified for NAMESERVER_RESTRICTED reservations only"); - } - - @Test - public void testSave_badNameservers_invalidSyntax() { - IllegalArgumentException thrown = - assertThrows( - IllegalArgumentException.class, - () -> - persistReservedList( - "reserved1", - "lol,NAMESERVER_RESTRICTED,ns1.domain.tld:ns2.domain.tld", - "lol1,NAMESERVER_RESTRICTED,ns1.domain.tld:ns@.domain.tld")); - assertThat(thrown).hasMessageThat().contains("Not a valid domain name: 'ns@.domain.tld'"); - } - - @Test - public void testSave_badNameservers_tooFewPartsForHostname() { - IllegalArgumentException thrown = - assertThrows( - IllegalArgumentException.class, - () -> - persistReservedList( - "reserved1", - "lol,NAMESERVER_RESTRICTED,ns1.domain.tld:ns2.domain.tld", - "lol1,NAMESERVER_RESTRICTED,ns1.domain.tld:domain.tld")); - assertThat(thrown).hasMessageThat().contains("domain.tld is not a valid nameserver hostname"); - } - - @Test - public void testSave_noNameserversWithNameserverRestrictedReservation() { - IllegalArgumentException thrown = - assertThrows( - IllegalArgumentException.class, - () -> - persistResource( - Registry.get("tld") - .asBuilder() - .setReservedLists( - ImmutableSet.of( - persistReservedList("reserved1", "lol,NAMESERVER_RESTRICTED"))) - .build())); - assertThat(thrown) - .hasMessageThat() - .contains( - "Allowed nameservers must be specified for NAMESERVER_RESTRICTED reservations only"); - } - @Test public void testParse_cannotIncludeDuplicateLabels() { ReservedList rl = new ReservedList.Builder().setName("blah").build(); @@ -441,7 +342,7 @@ public class ReservedListTest { Exception e = assertThrows( IllegalArgumentException.class, - () -> ReservedListEntry.create("UPPER.tld", FULLY_BLOCKED, null, null)); + () -> ReservedListEntry.create("UPPER.tld", FULLY_BLOCKED, null)); assertThat(e).hasMessageThat().contains("must be in puny-coded, lower-case form"); } @@ -450,7 +351,7 @@ public class ReservedListTest { Exception e = assertThrows( IllegalArgumentException.class, - () -> ReservedListEntry.create("lower.みんな", FULLY_BLOCKED, null, null)); + () -> ReservedListEntry.create("lower.みんな", FULLY_BLOCKED, null)); assertThat(e).hasMessageThat().contains("must be in puny-coded, lower-case form"); } } diff --git a/javatests/google/registry/model/testdata/schema.txt b/javatests/google/registry/model/testdata/schema.txt index f82e000fc..58dab4b79 100644 --- a/javatests/google/registry/model/testdata/schema.txt +++ b/javatests/google/registry/model/testdata/schema.txt @@ -488,7 +488,6 @@ class google.registry.model.registry.Registry { @Id java.lang.String tldStrId; @Parent com.googlecode.objectify.Key parent; boolean dnsPaused; - boolean domainCreateRestricted; boolean escrowEnabled; com.googlecode.objectify.Key premiumList; google.registry.model.CreateAutoTimestamp creationTime; @@ -561,7 +560,6 @@ class google.registry.model.registry.label.PremiumList$PremiumListRevision { enum google.registry.model.registry.label.ReservationType { ALLOWED_IN_SUNRISE; FULLY_BLOCKED; - NAMESERVER_RESTRICTED; NAME_COLLISION; RESERVED_FOR_ANCHOR_TENANT; RESERVED_FOR_SPECIFIC_USE; @@ -577,7 +575,6 @@ class google.registry.model.registry.label.ReservedList { class google.registry.model.registry.label.ReservedList$ReservedListEntry { @Id java.lang.String label; google.registry.model.registry.label.ReservationType reservationType; - java.lang.String allowedNameservers; java.lang.String comment; } class google.registry.model.reporting.DomainTransactionRecord { diff --git a/javatests/google/registry/tools/CreateTldCommandTest.java b/javatests/google/registry/tools/CreateTldCommandTest.java index 856cdfcd4..041af920f 100644 --- a/javatests/google/registry/tools/CreateTldCommandTest.java +++ b/javatests/google/registry/tools/CreateTldCommandTest.java @@ -68,7 +68,6 @@ public class CreateTldCommandTest extends CommandTestCase { assertThat(registry).isNotNull(); assertThat(registry.getAddGracePeriodLength()).isEqualTo(Registry.DEFAULT_ADD_GRACE_PERIOD); assertThat(registry.getCreationTime()).isIn(Range.closed(before, after)); - assertThat(registry.getDomainCreateRestricted()).isFalse(); assertThat(registry.getDnsWriters()).containsExactly("FooDnsWriter"); assertThat(registry.getTldState(registry.getCreationTime())).isEqualTo(PREDELEGATION); assertThat(registry.getRedemptionGracePeriodLength()) @@ -441,16 +440,6 @@ public class CreateTldCommandTest extends CommandTestCase { .containsExactly("ns1.example.com", "ns2.example.com"); } - @Test - public void testSuccess_setDomainCreateRestricted() throws Exception { - runCommandForced( - "--domain_create_restricted=true", - "--roid_suffix=Q9JYB4C", - "--dns_writers=FooDnsWriter", - "xn--q9jyb4c"); - assertThat(Registry.get("xn--q9jyb4c").getDomainCreateRestricted()).isTrue(); - } - @Test public void testSuccess_setCommonReservedListOnTld() throws Exception { runSuccessfulReservedListsTest("common_abuse"); diff --git a/javatests/google/registry/tools/UpdateTldCommandTest.java b/javatests/google/registry/tools/UpdateTldCommandTest.java index 9bef6602b..0d89c2492 100644 --- a/javatests/google/registry/tools/UpdateTldCommandTest.java +++ b/javatests/google/registry/tools/UpdateTldCommandTest.java @@ -398,30 +398,6 @@ public class UpdateTldCommandTest extends CommandTestCase { .containsExactly("ns2.example.com"); } - @Test - public void testSuccess_setTldToDomainCreateRestricted() throws Exception { - persistResource( - Registry.get("xn--q9jyb4c").asBuilder().setDomainCreateRestricted(false).build()); - runCommandForced("--domain_create_restricted=true", "xn--q9jyb4c"); - assertThat(Registry.get("xn--q9jyb4c").getDomainCreateRestricted()).isTrue(); - } - - @Test - public void testSuccess_unsetTldToDomainCreateRestricted() throws Exception { - persistResource( - Registry.get("xn--q9jyb4c").asBuilder().setDomainCreateRestricted(true).build()); - runCommandForced("--domain_create_restricted=false", "xn--q9jyb4c"); - assertThat(Registry.get("xn--q9jyb4c").getDomainCreateRestricted()).isFalse(); - } - - @Test - public void testSuccess_leaveDomainCreateRestrictedStatusUnchanged() throws Exception { - persistResource( - Registry.get("xn--q9jyb4c").asBuilder().setDomainCreateRestricted(true).build()); - runCommandForced("xn--q9jyb4c"); - assertThat(Registry.get("xn--q9jyb4c").getDomainCreateRestricted()).isTrue(); - } - @Test public void testFailure_invalidAddGracePeriod() { IllegalArgumentException thrown =