Upgrade to Gradle 5.6.3 (#315)

* Use base64-encoded SQL credentials

Encode Cloud SQL credential files on gcs with base64,
to be consistent with our Cloud Build practices.

Also renamed a property that specifies where to publish
the schema jar. New name is schema_publish_repo.

core/src/main/resources/google/registry/reporting/spec11/soy/Spec11Email.soy

@@ -37,17 +37,18 @@
   {/call}
 
   <p>Please work with the registrant to mitigate any security issues and have the
-    domains delisted.</p>
+    domains delisted. If you believe that any of the domains were reported in error, or are still
+    receiving reports for issues that have been remediated,
+    please <a href="https://safebrowsing.google.com/safebrowsing/report_error/?hl=en">submit a
+    request</a> to have the site reviewed.</p>
 
   {call .resourceList}
     {param resources: $resources /}
   {/call}
 
   <p>You will continue to receive a monthly summary of all domains managed by your registrar
-    that remain on our lists of potential security threats. You will additionally receive a daily
-    notice when any new domains that are added to these lists. Once the registrant has resolved
-    the security issues and followed the steps to have his or her domain reviewed and delisted
-    it will automatically be removed from our monthly reporting.</p>
+    that remain on our lists of potential security threats. You will also receive a daily
+    notice when any new domains are added to these lists.</p>
 
   <p>If you have any questions regarding this notice, please contact {$replyToEmail}.</p>
 {/template}
@@ -79,11 +80,14 @@
     {param resources: $resources /}
   {/call}
 
+   <p>If you believe that any of the domains were reported in error, or are still receiving
+   reports for issues that have been remediated,
+   please <a href="https://safebrowsing.google.com/safebrowsing/report_error/?hl=en">submit
+   a request</a> to have the site reviewed.</p>
+
   <p>You will continue to receive daily notices when new domains managed by your registrar
     are flagged for abuse, as well as a monthly summary of all of your domains under management
-    that remain flagged for abuse. Once the registrant has resolved the security issues and
-    followed the steps to have his or her domain reviewed and delisted it will automatically
-    be removed from our reporting.</p>
+    that remain flagged for abuse.</p>
 
   <p>If you would like to change the email to which these notices are sent please update your
     abuse contact using your registrar portal account.</p>

core/src/test/java/google/registry/model/transaction/JpaTransactionManagerRule.java

@@ -15,17 +15,24 @@
 package google.registry.model.transaction;
 
 import static org.joda.time.DateTimeZone.UTC;
+import static org.testcontainers.containers.PostgreSQLContainer.POSTGRESQL_PORT;
 
+import com.google.common.base.Charsets;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.Maps;
+import com.google.common.io.Resources;
 import google.registry.persistence.PersistenceModule;
 import google.registry.testing.FakeClock;
+import java.sql.Connection;
+import java.sql.Driver;
+import java.sql.SQLException;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Properties;
 import javax.persistence.EntityManagerFactory;
 import org.hibernate.cfg.Environment;
 import org.hibernate.jpa.boot.internal.ParsedPersistenceXmlDescriptor;
@@ -33,9 +40,6 @@ import org.hibernate.jpa.boot.internal.PersistenceXmlParser;
 import org.hibernate.jpa.boot.spi.Bootstrap;
 import org.joda.time.DateTime;
 import org.junit.rules.ExternalResource;
-import org.junit.rules.RuleChain;
-import org.junit.runner.Description;
-import org.junit.runners.model.Statement;
 import org.testcontainers.containers.JdbcDatabaseContainer;
 import org.testcontainers.containers.PostgreSQLContainer;
 
@@ -49,37 +53,42 @@ import org.testcontainers.containers.PostgreSQLContainer;
  */
 public class JpaTransactionManagerRule extends ExternalResource {
   private static final String SCHEMA_GOLDEN_SQL = "sql/schema/nomulus.golden.sql";
+  private static final String DB_CLEANUP_SQL =
+      "google/registry/model/transaction/cleanup_database.sql";
+  private static final String MANAGEMENT_DB_NAME = "management";
+  private static final String POSTGRES_DB_NAME = "postgres";
 
   private final DateTime now = DateTime.now(UTC);
   private final FakeClock clock = new FakeClock(now);
-  private final String initScript;
+  private final String initScriptPath;
   private final ImmutableList<Class> extraEntityClasses;
   private final ImmutableMap userProperties;
 
-  private JdbcDatabaseContainer database;
+  private static final JdbcDatabaseContainer database = create();
   private EntityManagerFactory emf;
   private JpaTransactionManager cachedTm;
 
   private JpaTransactionManagerRule(
-      String initScript,
+      String initScriptPath,
       ImmutableList<Class> extraEntityClasses,
       ImmutableMap<String, String> userProperties) {
-    this.initScript = initScript;
+    this.initScriptPath = initScriptPath;
     this.extraEntityClasses = extraEntityClasses;
     this.userProperties = userProperties;
   }
 
-  /** Wraps {@link JpaTransactionManagerRule} in a {@link PostgreSQLContainer}. */
-  @Override
-  public Statement apply(Statement base, Description description) {
-    database = new PostgreSQLContainer().withInitScript(initScript);
-    return RuleChain.outerRule(database)
-        .around(JpaTransactionManagerRule.super::apply)
-        .apply(base, description);
+  private static JdbcDatabaseContainer create() {
+    PostgreSQLContainer container = new PostgreSQLContainer().withDatabaseName(MANAGEMENT_DB_NAME);
+    container.start();
+    Runtime.getRuntime().addShutdownHook(new Thread(() -> container.close()));
+    return container;
   }
 
   @Override
-  public void before() {
+  public void before() throws Exception {
+    executeSql(MANAGEMENT_DB_NAME, DB_CLEANUP_SQL);
+    executeSql(POSTGRES_DB_NAME, initScriptPath);
+
     ImmutableMap properties = PersistenceModule.providesDefaultDatabaseConfigs();
     if (!userProperties.isEmpty()) {
       // If there are user properties, create a new properties object with these added.
@@ -90,7 +99,7 @@ public class JpaTransactionManagerRule extends ExternalResource {
 
     emf =
         createEntityManagerFactory(
-            database.getJdbcUrl(),
+            getJdbcUrlFor(POSTGRES_DB_NAME),
             database.getUsername(),
             database.getPassword(),
             properties,
@@ -109,6 +118,38 @@ public class JpaTransactionManagerRule extends ExternalResource {
     cachedTm = null;
   }
 
+  private void executeSql(String dbName, String sqlScriptPath) {
+    try (Connection conn = createConnection(dbName)) {
+      String sqlScript = Resources.toString(Resources.getResource(sqlScriptPath), Charsets.UTF_8);
+      conn.createStatement().execute(sqlScript);
+    } catch (Exception e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  private String getJdbcUrlFor(String dbName) {
+    // Disable Postgres driver use of java.util.logging to reduce noise at startup time
+    return "jdbc:postgresql://"
+        + database.getContainerIpAddress()
+        + ":"
+        + database.getMappedPort(POSTGRESQL_PORT)
+        + "/"
+        + dbName
+        + "?loggerLevel=OFF";
+  }
+
+  private Connection createConnection(String dbName) {
+    final Properties info = new Properties();
+    info.put("user", database.getUsername());
+    info.put("password", database.getPassword());
+    final Driver jdbcDriverInstance = database.getJdbcDriverInstance();
+    try {
+      return jdbcDriverInstance.connect(getJdbcUrlFor(dbName), info);
+    } catch (SQLException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
   /** Constructs the {@link EntityManagerFactory} instance. */
   private static EntityManagerFactory createEntityManagerFactory(
       String jdbcUrl,

core/src/test/java/google/registry/reporting/spec11/Spec11EmailUtilsTest.java

@@ -61,63 +61,40 @@ public class Spec11EmailUtilsTest {
 
   private static final ImmutableList<String> FAKE_RESOURCES = ImmutableList.of("foo");
   private static final String DAILY_EMAIL_FORMAT =
-      "Dear registrar partner,"
-          + ""
-          + "<p>Super Cool Registry conducts a daily analysis of all domains registered in its "
-          + "TLDs to identify potential security concerns. On 2018-07-15, the following domains "
-          + "that your registrar manages were flagged for potential security concerns:</p>"
-          + ""
-          + "<table>"
-          + "<tr><th>Domain Name</th><th>Threat Type</th></tr>"
-          + "%s"
-          + "</table>"
-          + "<p><b>Please communicate these findings to the registrant and work with the "
-          + "registrant to mitigate any security issues and have the domains delisted.</b></p>"
-          + ""
+      "Dear registrar partner,<p>Super Cool Registry conducts a daily analysis of all domains"
+          + " registered in its TLDs to identify potential security concerns. On 2018-07-15, the"
+          + " following domains that your registrar manages were flagged for potential security"
+          + " concerns:</p><table><tr><th>Domain Name</th><th>Threat Type</th></tr>%s"
+          + "</table><p><b>Please communicate these findings to the registrant and work with the"
+          + " registrant to mitigate any security issues and have the domains delisted.</b></p>"
           + "Some helpful resources for getting off a blocked list include:"
-          + "<ul><li>foo</li></ul><p>"
-          + ""
-          + "You will continue to receive daily notices when new domains managed by your registrar "
-          + "are flagged for abuse, as well as a monthly summary of all of your domains under "
-          + "management that remain flagged for abuse. Once the registrant has resolved the "
-          + "security issues and followed the steps to have his or her domain reviewed and "
-          + "delisted it will automatically be removed from our reporting.</p>"
-          + ""
-          + "<p>If you would like to change the email to which these notices are sent please "
-          + "update your abuse contact using your registrar portal account.</p>"
-          + ""
-          + "<p>If you have any questions regarding this notice, please contact "
-          + "abuse@test.com.</p>";
+          + "<ul><li>foo</li></ul><p>If you believe that any of the domains were reported in"
+          + " error, or are still receiving reports for issues that have been remediated, please"
+          + " <a href=\"https://safebrowsing.google.com/safebrowsing/report_error/?hl=en\">submit"
+          + " a request</a> to have the site reviewed.</p><p>You will continue to receive daily"
+          + " notices when new domains managed by your registrar are flagged for abuse, as well as"
+          + " a monthly summary of all of your domains under management that remain flagged for"
+          + " abuse.</p><p>If you would like to change the email to which these notices are sent"
+          + " please update your abuse contact using your registrar portal account.</p><p>If you"
+          + " have any questions regarding this notice, please contact abuse@test.com.</p>";
   private static final String MONTHLY_EMAIL_FORMAT =
-      "Dear registrar partner,"
-          + ""
-          + "<p>Super Cool Registry previously notified you when the following "
-          + "domains managed by your registrar were flagged for potential security concerns.</p>"
-          + "<p>The following domains that you manage continue to be flagged by our analysis "
-          + "for potential security concerns. This may be because the registrants have not "
-          + "completed the requisite steps to mitigate the potential security abuse and/or have "
-          + "it reviewed and delisted.</p>"
-          + ""
-          + "<table>"
-          + "<tr><th>Domain Name</th><th>Threat Type</th></tr>"
-          + "%s"
-          + "</table>"
-          + ""
-          + "<p>Please work with the registrant to mitigate any security issues "
-          + "and have the domains delisted.</p>"
-          + ""
-          + "Some helpful resources for getting off a blocked list include:"
-          + "<ul><li>foo</li></ul><p>"
-          + ""
-          + "You will continue to receive a monthly summary of all domains managed by your "
-          + "registrar that remain on our lists of potential security threats. You will "
-          + "additionally receive a daily notice when any new domains that are added to these "
-          + "lists. Once the registrant has resolved the security issues and followed the steps to "
-          + "have his or her domain reviewed and delisted it will automatically be removed from "
-          + "our monthly reporting.</p>"
-          + ""
-          + "<p>If you have any questions regarding this notice, please contact "
-          + "abuse@test.com.</p>";
+      "Dear registrar partner,<p>Super Cool Registry previously notified you when the following"
+          + " domains managed by your registrar were flagged for potential security"
+          + " concerns.</p><p>The following domains that you manage continue to be flagged by our"
+          + " analysis for potential security concerns. This may be because the registrants have"
+          + " not completed the requisite steps to mitigate the potential security abuse and/or"
+          + " have it reviewed and delisted.</p><table><tr><th>Domain Name</th><th>Threat"
+          + " Type</th></tr>%s</table><p>Please work with the registrant to mitigate any security"
+          + " issues and have the domains delisted. If you believe that any of the domains were"
+          + " reported in error, or are still receiving reports for issues that have been"
+          + " remediated, please <a"
+          + " href=\"https://safebrowsing.google.com/safebrowsing/report_error/?hl=en\">submit a"
+          + " request</a> to have the site reviewed.</p>Some helpful resources for getting off a"
+          + " blocked list include:<ul><li>foo</li></ul><p>You will continue to receive a monthly"
+          + " summary of all domains managed by your registrar that remain on our lists of"
+          + " potential security threats. You will also receive a daily notice when any new"
+          + " domains are added to these lists.</p><p>If you have any questions regarding this"
+          + " notice, please contact abuse@test.com.</p>";
 
   @Rule public final AppEngineRule appEngine = AppEngineRule.builder().withDatastore().build();
 

core/src/test/resources/google/registry/model/transaction/cleanup_database.sql

@@ -0,0 +1,16 @@
+-- Copyright 2019 The Nomulus Authors. All Rights Reserved.
+--
+-- Licensed under the Apache License, Version 2.0 (the "License");
+-- you may not use this file except in compliance with the License.
+-- You may obtain a copy of the License at
+--
+--     http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+
+DROP DATABASE IF EXISTS postgres;
+CREATE DATABASE postgres;

db/build.gradle

@@ -94,6 +94,7 @@ ext {
     def command =
         """gsutil cp \
            gs://domain-registry${env}-cloudsql-credentials/${role}_credential.enc - | \
+           base64 -d | \
            gcloud kms decrypt --location global --keyring nomulus \
            --key sql-credentials-on-gcs-key --plaintext-file=- \
            --ciphertext-file=- \
@@ -118,11 +119,11 @@ artifacts {
 publishing {
   repositories {
     maven {
-      url project.schema_jar_repo
+      url project.schema_publish_repo
     }
   }
   publications {
-    schemaOrmPublication(MavenPublication) {
+    sqlSchemaPublication(MavenPublication) {
       groupId 'google.registry'
       artifactId 'schema'
       version project.schema_version

gradle.properties

@@ -24,5 +24,5 @@ dbPassword=
 
 # Maven repository of the Cloud SQL schema jar, which contains the
 # SQL DDL scripts.
-schema_jar_repo=
+schema_publish_repo=
 schema_version=

gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-5.6.2-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-5.6.3-all.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists