Change @Auth to an AutoValue, and created a set of predefined Auths

We want to be safer and more explicit about the authentication needed by the many actions that exist.

As such, we make the 'auth' parameter required in @Action (so it's always clear who can run a specific action) and we replace the @Auth with an enum so that only pre-approved configurations that are aptly named and documented can be used.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=162210306

java/google/registry/batch/BUILD

@@ -19,6 +19,7 @@ java_library(
         "//java/google/registry/pricing",
         "//java/google/registry/request",
         "//java/google/registry/request:modules",
+        "//java/google/registry/request/auth",
         "//java/google/registry/util",
         "//third_party/java/objectify:objectify-v4_1",
         "@com_google_apis_google_api_services_bigquery",

java/google/registry/batch/DeleteContactsAndHostsAction.java

@@ -85,6 +85,7 @@ import google.registry.model.reporting.HistoryEntry;
 import google.registry.model.transfer.TransferStatus;
 import google.registry.request.Action;
 import google.registry.request.Response;
+import google.registry.request.auth.Auth;
 import google.registry.util.Clock;
 import google.registry.util.FormattingLogger;
 import google.registry.util.NonFinalForTesting;
@@ -103,7 +104,10 @@ import org.joda.time.DateTime;
  * over all domains and domain applications and checking for any references to the contacts/hosts in
  * pending deletion.
  */
-@Action(path = "/_dr/task/deleteContactsAndHosts")
+@Action(
+  path = "/_dr/task/deleteContactsAndHosts",
+  auth = Auth.AUTH_INTERNAL_ONLY
+)
 public class DeleteContactsAndHostsAction implements Runnable {
 
   static final String KIND_CONTACT = getKind(ContactResource.class);

java/google/registry/batch/DeleteProberDataAction.java

@@ -40,6 +40,7 @@ import google.registry.model.registry.Registry.TldType;
 import google.registry.request.Action;
 import google.registry.request.Parameter;
 import google.registry.request.Response;
+import google.registry.request.auth.Auth;
 import google.registry.util.FormattingLogger;
 import google.registry.util.PipelineUtils;
 import java.util.List;
@@ -51,7 +52,11 @@ import javax.inject.Inject;
  *
  * <p>See: https://www.youtube.com/watch?v=xuuv0syoHnM
  */
-@Action(path = "/_dr/task/deleteProberData", method = POST)
+@Action(
+  path = "/_dr/task/deleteProberData",
+  method = POST,
+  auth = Auth.AUTH_INTERNAL_ONLY
+)
 public class DeleteProberDataAction implements Runnable {
 
   private static final FormattingLogger logger = FormattingLogger.getLoggerForCallerClass();

java/google/registry/batch/ExpandRecurringBillingEventsAction.java

@@ -52,6 +52,7 @@ import google.registry.model.registry.Registry;
 import google.registry.request.Action;
 import google.registry.request.Parameter;
 import google.registry.request.Response;
+import google.registry.request.auth.Auth;
 import google.registry.util.Clock;
 import google.registry.util.FormattingLogger;
 import java.util.Set;
@@ -67,7 +68,10 @@ import org.joda.time.DateTime;
  * be expanded as a result of the job (the exclusive upper bound being the execution time of the
  * job).
  */
-@Action(path = "/_dr/task/expandRecurringBillingEvents")
+@Action(
+  path = "/_dr/task/expandRecurringBillingEvents",
+  auth = Auth.AUTH_INTERNAL_ONLY
+)
 public class ExpandRecurringBillingEventsAction implements Runnable {
 
   public static final String PARAM_CURSOR_TIME = "cursorTime";

java/google/registry/batch/MapreduceEntityCleanupAction.java

@@ -25,6 +25,7 @@ import google.registry.mapreduce.MapreduceRunner;
 import google.registry.request.Action;
 import google.registry.request.Parameter;
 import google.registry.request.Response;
+import google.registry.request.auth.Auth;
 import google.registry.util.Clock;
 import google.registry.util.FormattingLogger;
 import java.util.Set;
@@ -69,7 +70,10 @@ import org.joda.time.DateTime;
  * are not in FINALIZED or STOPPED state.
  */
 
-@Action(path = "/_dr/task/mapreduceEntityCleanup")
+@Action(
+  path = "/_dr/task/mapreduceEntityCleanup",
+  auth = Auth.AUTH_INTERNAL_ONLY
+)
 public class MapreduceEntityCleanupAction implements Runnable {
 
   private static final int DEFAULT_DAYS_OLD = 180;

java/google/registry/batch/RefreshDnsOnHostRenameAction.java

@@ -52,6 +52,7 @@ import google.registry.model.domain.DomainResource;
 import google.registry.model.host.HostResource;
 import google.registry.request.Action;
 import google.registry.request.Response;
+import google.registry.request.auth.Auth;
 import google.registry.util.Clock;
 import google.registry.util.FormattingLogger;
 import google.registry.util.NonFinalForTesting;
@@ -67,7 +68,10 @@ import javax.inject.Named;
 import org.joda.time.DateTime;
 
 /** Performs batched DNS refreshes for applicable domains following a host rename. */
-@Action(path = "/_dr/task/refreshDnsOnHostRename")
+@Action(
+  path = "/_dr/task/refreshDnsOnHostRename",
+  auth = Auth.AUTH_INTERNAL_ONLY
+)
 public class RefreshDnsOnHostRenameAction implements Runnable {
 
   private static final FormattingLogger logger = FormattingLogger.getLoggerForCallerClass();

java/google/registry/batch/VerifyEntityIntegrityAction.java

@@ -59,6 +59,7 @@ import google.registry.model.index.ForeignKeyIndex.ForeignKeyHostIndex;
 import google.registry.model.transfer.TransferData.TransferServerApproveEntity;
 import google.registry.request.Action;
 import google.registry.request.Response;
+import google.registry.request.auth.Auth;
 import google.registry.util.FormattingLogger;
 import google.registry.util.NonFinalForTesting;
 import java.io.Serializable;
@@ -88,7 +89,11 @@ import org.joda.time.DateTime;
  *       fullyQualifiedDomainName.
  * </ul>
  */
-@Action(path = "/_dr/task/verifyEntityIntegrity", method = POST)
+@Action(
+  path = "/_dr/task/verifyEntityIntegrity",
+  method = POST,
+  auth = Auth.AUTH_INTERNAL_ONLY
+)
 public class VerifyEntityIntegrityAction implements Runnable {
 
   private static final FormattingLogger logger = getLoggerForCallerClass();