1
0
mirror of https://github.com/google/nomulus synced 2026-06-09 16:33:02 +00:00
Commit Graph

138 Commits

Author SHA1 Message Date
gbrodman a5b280838c Remove usages of json-simple (#3060)
We should use gson wherever possible. There's no point in having
unnecessary dependencies (we'll need to keep around jackson for YAML
parsing).
2026-06-01 20:16:32 +00:00
Ben McIlwain c5abd2a7c9 Uncap most remaining dependencies (#3073)
This commit relaxes the upper bounds on several dependencies that were previously hardcapped to specific versions:
- com.google.protobuf to [3.25.5,) and [3.17.3,)
- org.apache.beam to [2.72.0,)
- io.github.ss-bhatt to [1.0.0,)
- io.protostuff to [1.8.0,)
- redis.clients:jedis to [7.4.1,)
- org.junit.jupiter and org.junit.platform to [5.6.2,) and [1.6.2,)
- org.jcommander to [2.0,)
- org.jline to [3.0,)
- jakarta.servlet to [6.0,)

Upgrading to the modern versions of jline introduced a breaking change where DefaultParser().parse(line, line.length()) strips trailing spaces when using the default ParseContext.UNSPECIFIED. This caused the autocompletion to misbehave and tests to fail. This commit fixes ShellCommandTest.java by explicitly passing ParseContext.COMPLETE when parsing test strings to perfectly mimic the real-world JLine completion context.

Additionally, SqlIntegrationTestSuite was migrated to JUnit 5's @Suite annotation, fixing a NoClassDefFoundError introduced by uncapping the JUnit Platform dependencies, and the test suite was re-integrated into the standard :build lifecycle.

The following dependencies remain explicitly capped:
1. Hibernate & Jakarta Persistence (Blocked by -Werror):
   These are held back because newer Jakarta Persistence versions deprecate executeUpdate(), setMaxResults(), and getResultStream() on Query.
   - org.hibernate.orm:hibernate-core:7.3.4.Final
   - org.hibernate.orm:hibernate-hikaricp:7.3.4.Final
   - org.hibernate.orm:hibernate-ant:7.3.4.Final
   - jakarta.persistence:jakarta.persistence-api:[3.2.0,4.0.0)

2. Netty (Blocked by abandoned v5):
   Netty 5.0.0 was an experimental release abandoned in 2015. We explicitly cap beneath 5.0.0 so Gradle doesn't resolve dead-end alphas.
   - io.netty:netty-codec-http:[4.1.59.Final, 5.0.0)!!
   - io.netty:netty-codec:[4.1.59.Final, 5.0.0)!!
   - io.netty:netty-common:[4.1.59.Final, 5.0.0)!!
   - io.netty:netty-handler:[4.1.59.Final, 5.0.0)!!
   - io.netty:netty-transport:[4.1.59.Final, 5.0.0)!!
   - io.netty:netty-buffer:[4.1.59.Final, 5.0.0)!!

3. Google API Services:
   Capped beneath their respective unstable beta/v1b4 versions:
   - com.google.apis:google-api-services-dataflow:[v1b3-rev20240430-2.0.0, v1b4)!!
   - com.google.apis:google-api-services-dns:[v1-rev20240419-2.0.0, v2beta)

The lockfiles have been fully regenerated and all test suites ran successfully against the latest available transitive versions.
2026-05-30 02:33:02 +00:00
Ben McIlwain beb7fcc16e Update dependencies and improve workflow docs (#3071)
- Relaxed Google Cloud and gRPC upper bounds to dynamic versions in dependencies.gradle.
- Relaxed JUnit testing framework bounds to < 6.0.0 and < 2.0.0.
- Aligned beam-runners-core-construction-java to 2.72.0!!
- Regenerated all gradle lockfiles across the project.
- Updated GEMINI.md and MEMORY.md with the optimized lockfile/dependency update workflow.
- Fixed presubmit errors in check_diff.py (added Apache 2.0 license header and fixed syntax).
2026-05-28 21:45:43 +00:00
Ben McIlwain 00ee62f877 Update Netty and OkHttp dependencies and resolve test failures (#3066)
This commit updates several dependencies in dependencies.gradle and resolves the resulting test failures:
- Netty: Updated strict upper bound from <4.2.0 to <5.0.0 (resolved to 4.2.14.Final).
- OkHttp: Removed strict upper bound of <5.0.0 and moved to dynamic versions section (resolved to 5.3.2).
- Cleaned up dependencies.gradle by moving strict dependencies (secretmanager, common-protos, gax) out of the dynamic versions section.
- Updated all gradle.lockfile files.

Resulting test fixes:
- Netty: Replaced NioEventLoopGroup with DefaultEventLoopGroup in NettyExtension and ProbingStepTest. In Netty 4.2+, LocalServerChannel no longer supports registration with NIO-backed event loops, throwing an IllegalArgumentException.
- OkHttp: Refactored ServiceMonitoringClient to safely handle empty responses using Optional.orElse(). In OkHttp 5.x, a 204 No Content response returns a non-null ResponseBody with an empty string, causing an assertion failure where MosApiException was incorrectly bypassed.
2026-05-28 15:39:16 +00:00
gbrodman c1ce73db49 Remove old unused GWT dependency (#3056) 2026-05-27 16:24:16 +00:00
gbrodman c731b18304 Replace unmaintained jsch dependency (#3061)
The old version https://mvnrepository.com/artifact/com.jcraft/jsch
hasn't been updated for like 8 years. This replaces it with the
community fork, https://github.com/mwiede/jsch.

It's theoretically possible to replace this with
https://github.com/apache/mina-sshd but it would require a lot more
changes and risk for not really any benefit.
2026-05-26 15:43:59 +00:00
Ben McIlwain 53b92d602e Migrate EPP/Email from Soy to JAXB/FreeMarker (#3038)
- Replace deprecated Soy templates for EPP XML with JAXB models and a refined Fluent DSL.
- Migrate Spec11 and administrative emails to FreeMarker with HTML auto-escaping.
- Remove Soy compiler, Gradle tasks, and library dependencies.
- Address PR feedback regarding shadowing, version locking, and security warnings.
- Enhance tests with comprehensive XML equality assertions using Java 15 text blocks.
- Improve Javadocs and maintain strict temporal consistency using java.time.

FreeMarker replaces Soy for email templating, providing native HTML auto-escaping and allowing the removal of the complex 'soyToJava' compilation step from the build process. This significantly simplifies the build system and reduces maintenance overhead. For EPP XML, migrating to JAXB allows tool-generated commands to use the same model classes as the server-side EPP flows. This ensures that tool-generated XML is always schema-compliant and eliminates the risk of divergence between tool templates and actual server-side implementation. This unified approach provides compile-time type safety and improves developer ergonomics via a refined fluent DSL.

The base ImmutableObject class now provides a public clone() override that correctly resets the cached hashCode to null. This centralizes the custom cloning logic previously handled by a static helper and ensures that all subclasses—including the newly added JAXB models—satisfy CodeQL security requirements without needing redundant per-class overrides. The legacy static clone(T) helper has been updated to delegate to this instance method to maintain compatibility and architectural consistency.
2026-05-22 19:33:47 +00:00
Ben McIlwain 56fe588b56 Complete Joda-Time to java.time migration (#3039)
This completes the exhaustive refactoring of foundational temporal types from Joda-Time to the native java.time API across the entire codebase.

- Replaced org.joda.time.DateTime, Instant, LocalDate, and Duration with java.time equivalents.
- Audited and updated Clock implementations (FakeClock, SystemClock). Added nowMillis(), nowDate(), and nowDateTime() to eliminate repetitive conversions and maintain parallel naming.
- Replaced ZonedDateTime with OffsetDateTime globally per go/avoid-zdt. OffsetDateTime is a better fit as we use a hardcoded ZoneOffset.UTC throughout the system, making geographical time zone rules (like daylight saving time) irrelevant and preventing serialization ambiguities. Added a presubmit check.
- Completely removed all transitional bridge methods from DateTimeUtils and deleted obsolete converters (e.g., DateTimeConverter).
- Updated testing infrastructure, Apache Beam pipelines, custom JCommander parameters, and networking modules to solely rely on java.time primitives.
- Retained the lone necessary org.joda.time.Instant usage in SafeBrowsingTransforms required by the Apache Beam API.
- Cleared Gradle lockfiles and removed the joda-time dependency entirely from the build configuration.
2026-05-13 16:07:19 +00:00
gbrodman b8f14fef8d Update Hibernate deps to 7.3.4 (#3040)
The fix for https://hibernate.atlassian.net/browse/HHH-20276 was
included in 7.3.4 and will be included in version 8 in the future. 8.x
is still in alpha though so we don't want to use it yet.
2026-05-12 17:58:49 +00:00
gbrodman 4a412546f9 Upgrade beam deps (#3027)
https://docs.cloud.google.com/dataflow/docs/support/beam-runtime-support
looks like we need a later version for java 25
2026-04-27 19:40:10 +00:00
gbrodman 8cf222d1c9 Add Jedis (for Valkey) caches for domains and hosts (#3013)
We add optional Valkey caching of hosts and domains for future use. Eventually, this will allow us to pre-warm large amounts of data in Valkey for quick retrieval during actions like RDAP.

Note: this doesn't actually use the caches yet.

We use Jedis instead of Redisson for speed purposes
(https://www.instaclustr.com/blog/redis-java-clients-and-client-side-caching/)
which means that we have to implement our own multilayer cache but
that's not the worst thing in the world.

Tested on crash with logging and RDAP code that's not included in this
PR -- it behaves as you'd expect, where the local cache works for
immediate re-lookups and the remote cache works after a restart.
2026-04-24 19:50:01 +00:00
gbrodman 59b44b60df Update Hibernate and various other dependencies (#2986)
This ended up being wayyyy more complicated than expected due to
issues with Hibernate, various dependencies having conflicts with the
proto dependency version, and other breaking changes.

Notes:
- Hibernate 7 switches up the user type / converter system and for us,
  this means we must be / want to be more explicit with how we convert
and store things. For example, we need to add Postgres types to @Column
definitions.
- Hibernate 7.3 has an issue with generic MappedSuperclasses -- we have
  issues with BaseDomainLabelList. I'll investigate that, but for now
let's stick with 7.2.x
- H7 is more strict with annotations and prevents us from storing mapped
  superclasses embedded within other objects. This kinda makes sense but
makes the History objects a bit more difficult. We had to add "concrete"
embeddable DomainBase and HostBase objects that we can store/retrieve
from the DB.
- We convert some of the calls to "Query" to "TypedQuery" -- in
  Hibernate 8 / JPA 4.0 these will be super-deprecated and we'll need to
shift everything over, so this is necessary.
- You aren't supposed to put callback listeners on embedded entities
  (because it can be not obvious what's happening). We don't like that,
so we add our own annotations that are processed recursively for
embedded entities, so we get things like the update / create
timestamps.
- Hibernate doesn't allow for multiple converters to be auto-applied to
  the same "type" and it counts all VKey converters as one type.
Unfortunately, this means we have to explicitly mark each one.
- A bunch of other dependency changes were required to keep from having
  the proto 3/4 conflict
2026-03-25 20:10:50 +00:00
gbrodman bdaab9daa5 Tag more junit versions to <6.0 (#2809)
We're still picking up some 6.0.0-M2 jars which are causing failures at
least for me when trying to run individual tests in IDEA.
2025-08-22 02:55:59 +00:00
Weimin Yu 7c92928f2c Update gradle dependency locks (#2806)
Also emoved Junit-4.
2025-08-19 16:17:47 +00:00
Lai Jiang 2d82646421 Uncap Dagger version (#2721)
The latest version of Dagger (2.55) now supports jakarta.inject.
2025-03-17 14:51:04 +00:00
Lai Jiang 50260dca5f Upgrade to Gradle 8.13 (#2720) 2025-03-15 00:30:32 +00:00
Lai Jiang a63812160e Upgrade to Gradle 8.12.1 (#2671) 2025-02-07 15:23:02 +00:00
Lai Jiang f9d2839590 Add necessary changes to provision QA with Terraform (#2618)
Also programmatically determine backend service IDs.
2024-12-12 18:39:18 +00:00
gbrodman fce126d426 Update Flyway versions to 11.x+ (#2620)
There are some breaking method changes in the 10.x.y versions and we're encountering exceptions when trying to run the flywayMigrate task thanks to those.
2024-12-10 03:02:02 +00:00
Lai Jiang 4d96e5a6b1 Remove cap on soy (#2592)
We still need to cap the protobuf version that soy depends on, but the
rest of nomulus can use the latest version of protobuf.
2024-10-18 17:21:26 +00:00
Lai Jiang 1171c5cfcb Delete legacy console (#2579) 2024-10-17 20:48:10 +00:00
gbrodman c32fb2fc71 Add screenshot tests for the new registrar console (#2577)
This required updating to a newer version of Selenium, building the
console dist/ folder, and serving that folder.
2024-10-09 16:44:34 +00:00
Lai Jiang 5e41e84b8d Upgrade avro version (#2587)
Per b/371714822.
2024-10-07 15:43:53 +00:00
Lai Jiang 5c35811eb9 Upgrade protobuf (#2565)
Patched from https://github.com/google/nomulus/pull/2564.

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-20 17:56:53 +00:00
Lai Jiang b07769bdee Switch to new jaxb runtime (#2558) 2024-09-16 22:39:59 +00:00
Lai Jiang 352618b3b7 Use Jcommander 2.0 (#2552) 2024-09-13 16:06:50 +00:00
Lai Jiang 0389b0d2d9 Upgrade to Gradle 8.10.1 (#2533) 2024-09-11 21:36:12 +00:00
gbrodman 8906a82e3b Update dependencies esp. antlr+jcommander (#2550) 2024-09-11 15:49:54 +00:00
Weimin Yu f6e42896c3 Build uber jars as multi-release (#2549)
Several jars in our dependencies are now multi-release, including
dnsjava and snakeyaml, and a few more. Such jars include
jvm-version-specific classes that will only be loaded by the vm that can
handle them. All it takes is a new manifest attribute.

This change allows us to upgrade to dnsjava3.6+: the base (java 8) version of
this jar breaks java21. The correct manifest allows java21 to find the
classes it needs.
2024-09-10 18:12:25 +00:00
Weimin Yu d9ad39cdad Upgrade to Hibernate6 and Jaxb4 (#2526)
* Rebase

* Addressing commetns

* Addressing comments

* Auto convert Duration and Money
2024-09-03 18:02:53 +00:00
Weimin Yu d9c5d71f40 Add jackson-dataformat-yaml as direct dependency (#2493)
Required when upgrading to jackson 2.17.2.
2024-07-10 20:21:05 +00:00
Weimin Yu 19819444af Set upper bound of netty version (#2482)
A new alpha version is introduced and breaks our tests.
2024-06-17 19:43:36 +00:00
Lai Jiang 11231703d5 Upgrade to jakarta mail (#2473) 2024-06-07 15:28:36 +00:00
Lai Jiang 1a5dfb0ac2 Upgrade schemacrawler (#2471) 2024-06-06 14:51:13 +00:00
Lai Jiang 49cb1875d1 Upgrade dependencies (#2468) 2024-06-05 15:50:42 +00:00
Lai Jiang 455364ff29 Remove GAE Users service API usage (#2414)
This is the last remaining GAE API that we depend on. By removing it, we are able to remove all common GAE dependencies as well.

To merge this PR, we need to create console User objects that have the same email address as the RegistrarPoc objects' login_email_address and copy over the existing registry lock hashes and salts.

We are also able to simply the code base by removing some redundant logic like AuthMethod (API is now the only supported one) and UserAuthInfo (console user is now the only supported one)

There are several behavioral changes that are worth noting:

The XsrfTokenManager now uses the console user's email address to mint and verify the token. Previously, only email addresses returned by the GAE Users service are used, whereas a blank email address will be used if the user is logged in as a console user. I believe this was an oversight that is now corrected.
The legacy console will return 401 when no user is logged in, instead of redirecting to the Users service login flow.
The logout URL in the legacy console is changed to use the IAP logout flow. It will clear the cookie and redirect the users to IAP login page (tested on QA).
The screenshot changes are mostly due to the console users lacking a display name and therefore showing the email address instead. Some changes are due to using the console user's email address as the registry lock email address, which is being fixed in Add DB column for separate rlock email address #2413 and its follow-up RPs.
2024-05-29 12:37:44 -04:00
Lai Jiang 6ca3cc230f Make logging work correctly on Jetty (#2442) 2024-05-14 14:36:26 +00:00
Weimin Yu ca072b4861 Add log traces to Nomulus service on GKE (#2427)
* Add log traces to Nomulus service on GKE

Add request-scope log traces to Nomulus on GKE which, unlike
AppEngine and Cloud Run etc, does not generate traces for hosted
applications. This change only affects the GKE image. It does not affect
the AppEngine services.

Log traces are added to Nomulus-generated logs in request-processing
threads. Forked threads are not covered yet. The single relevant use
case (TimeLimiter) will be addressed in a followup PR.

The main change is in the logging configuration:

*  Use gcp-cloud-logging's LoggingHandler

*  Add gcp-cloud-logging's TraceLoggingEnhancer to the handler.

*  Set a thread-local trace id through the TraceLoggingEnhancer in
   ServletBase on request's entry and clear it on completion.

Also removed an unused class (`RequestLogId`).

* CR

* CR
2024-05-07 19:15:46 +00:00
Lai Jiang 6d0a746b76 Bind console users to the appropriate IAP roles upon creation (#2403)
Console users need IAP to inject the necessary OIDC tokens into their
request headers and therefore need to be bound to appropriate roles. Note
that in environments managed by latchkey, the bindings will need to be
present in latchkey config files as well, otherwise the changes made by
the nomulus tool will be reverted.

TESTED=ran the nomulus command against alpha and verified that the
bindings are created/removed upon console user creation/deletion.
2024-04-24 15:03:43 +00:00
Lai Jiang 903b7979de Upgrade to jline 3 (#2400)
jline 3 contains API breaking changes, necessitating changes in
ShellCommand.
2024-04-12 19:57:02 +00:00
Lai Jiang 496a781572 Upgrade jcommander (#2398) 2024-04-10 17:34:11 +00:00
Lai Jiang e7bf74d91d Upgrade to Jakarta EE 10 Servlet (#2362)
Upgrade to using Jakarta EE 10 from Java EE 8 by mostly following the upgrade instructions. Only the servlet package is upgrade. Other Jakarta EE components (like the persistence package that Hibernate depends on) need to be upgraded separately.

TESTED=deployed and successfully communicated with the pubapi endpoint for web WHOIS.

Note that this currently requires packaing the App Engine runtime per instructions here due to GoogleCloudPlatform/appengine-java-standard#98. This PR will only be merged until the fix is deployed to production (https://rapid.corp.google.com/#/release/serverless_runtimes_run_java/java21_20240310_21_0).
2024-03-18 18:00:55 +00:00
Lai Jiang ff211fb4f9 Remove buildSrc (#2379)
We don't use the upload results feature (kokoro picks the results
artifacts directly and uploads them).

Keeping it around is a maintenance burden.

Also fixed a deprecation warning.
2024-03-18 14:29:51 +00:00
Lai Jiang de372c4d47 Replace javax.inject with jakarta.inject (#2372)
Note that Dagger currently doesn't work with the Jakarta namespace and
we have to cap the jakarta inject package version below 2.0 so that it
sill provides classes in the old namespace.
2024-03-15 03:26:53 +00:00
Lai Jiang 6e57d93507 Upgrade a few more dependencies (#2371)
* jaxb and gmail

* admin-directory

* Upgrade a few more dependencies
2024-03-14 17:37:54 +00:00
Lai Jiang cd95be4776 Upgrade a few pinned dependencies (#2359) 2024-03-13 11:52:34 +00:00
Lai Jiang 779dc36858 Remove some dead gradle code (#2358)
runtime is not actually a predefined confiugration and it doesn't affect
the runtime classpath in anyway.

See: https://docs.gradle.org/current/userguide/java_plugin.html#tab:configurations
2024-03-08 15:12:11 +00:00
Lai Jiang c896c022a6 Remove caps/pins on some dependencies (#2348)
Also re-organized the dependencies.gradle file.

Not all caps/pins are removed at this point, but I think this is enough
change for one PR.
2024-03-05 17:00:40 +00:00
Lai Jiang 805a34be96 Fix gax and gax-grpc dependency mismatch (#2347)
Also address a deprecation warning.

TESTED=build the nomulus tool locally and it run the `list_cursors`
command correctly. It used to fail.
2024-03-04 23:39:42 +00:00
Lai Jiang dcf0412f11 Compile Nomulus with Java 21 (#2344)
Make the necessary changes for the code base to compile with JDK 21.

Other changes:

1. Upgraded testcontainer version and the SQL image version (to be the
   same as what we use in Cloud SQL). This led to some schema changes and
   also changed the order of results in some test queries (for the
   better I think, as the new order appears to be alphabetical).
2. Remove dependency on Truth8, which is deprecated.
3. Enable parallel Gradle task execution and greatly increased the
   number of parallel tests in standardTest. Removed outcastTest.
2024-03-04 19:31:08 +00:00