From ee3866ec4af0fd1674d0623e987a33b47092b7f7 Mon Sep 17 00:00:00 2001 From: Weimin Yu Date: Wed, 1 Oct 2025 10:20:33 -0400 Subject: [PATCH] Allow top level tld creation in Sandbox (#2835) Add a flag to the CreateCdnsTld command to bypass the dns name format check in Sandbox (limiting names to `*.test.`). With this flag, we can create TLDs for RST testing in Sandbox. Note that if the new flag is wrongly set for a disallowed name, the request to the Cloud DNS API will fail. The format check in the command just provides a user-friendly error message. --- .../google/registry/tools/CreateCdnsTld.java | 18 ++++++++--- .../registry/tools/CreateCdnsTldTest.java | 32 +++++++++++++++++-- 2 files changed, 43 insertions(+), 7 deletions(-) diff --git a/core/src/main/java/google/registry/tools/CreateCdnsTld.java b/core/src/main/java/google/registry/tools/CreateCdnsTld.java index cfa8203ff..0c8b66afd 100644 --- a/core/src/main/java/google/registry/tools/CreateCdnsTld.java +++ b/core/src/main/java/google/registry/tools/CreateCdnsTld.java @@ -47,6 +47,11 @@ final class CreateCdnsTld extends ConfirmingCommand { ) String name; + @Parameter( + names = "--skip_sandbox_tld_check", + description = "In Sandbox, skip the dns_name format check.") + boolean skipSandboxTldCheck; + @Inject @Config("projectId") String projectId; @@ -61,10 +66,15 @@ final class CreateCdnsTld extends ConfirmingCommand { protected void init() { // Sandbox talks to production Cloud DNS. As a result, we can't configure any domains with a // suffix that might be used by customers on the same nameserver set. Limit the user to setting - // up *.test TLDs. - if (RegistryToolEnvironment.get() == RegistryToolEnvironment.SANDBOX - && !dnsName.endsWith(".test.")) { - throw new IllegalArgumentException("Sandbox TLDs must be of the form \"*.test.\""); + // up *.test TLDs unless the user declares that the name is approved. + // + // The name format check simply provides a user-friendly error message. If the user wrongly + // declares name approval, the request to the Cloud DNS API will still fail. + if (RegistryToolEnvironment.get() == RegistryToolEnvironment.SANDBOX) { + if (!skipSandboxTldCheck && !dnsName.endsWith(".test.")) { + throw new IllegalArgumentException( + "Sandbox TLDs must be approved or in the form \"*.test.\""); + } } managedZone = diff --git a/core/src/test/java/google/registry/tools/CreateCdnsTldTest.java b/core/src/test/java/google/registry/tools/CreateCdnsTldTest.java index c4e797dbb..4a36ff986 100644 --- a/core/src/test/java/google/registry/tools/CreateCdnsTldTest.java +++ b/core/src/test/java/google/registry/tools/CreateCdnsTldTest.java @@ -76,11 +76,37 @@ class CreateCdnsTldTest extends CommandTestCase { @Test @MockitoSettings(strictness = Strictness.LENIENT) - void testSandboxTldRestrictions() { + void testSandboxTldRestrictions_Disallowed() { IllegalArgumentException thrown = assertThrows( IllegalArgumentException.class, - () -> runCommandInEnvironment(RegistryToolEnvironment.SANDBOX, "--dns_name=foobar.")); - assertThat(thrown).hasMessageThat().contains("Sandbox TLDs must be of the form \"*.test.\""); + () -> + runCommandInEnvironment( + RegistryToolEnvironment.SANDBOX, + "--dns_name=foobar.", + "--description=test run", + "--force")); + assertThat(thrown) + .hasMessageThat() + .contains("Sandbox TLDs must be approved or in the form \"*.test.\""); + } + + @Test + void testSandboxTldRestrictions_tldCheckSkipped() throws Exception { + runCommandInEnvironment( + RegistryToolEnvironment.SANDBOX, + "--dns_name=foobar.", + "--description=test run", + "--force", + "--skip_sandbox_tld_check"); + } + + @Test + void testSandboxTldRestrictions_testTld() throws Exception { + runCommandInEnvironment( + RegistryToolEnvironment.SANDBOX, + "--dns_name=abc.test.", + "--description=test run", + "--force"); } }