Mitigate Cloud task retry problem (#2116)

* Mitigate Cloud task retry problem

Increase PublishSpec11Action start delay to avoid the need to retry.

The only other use case is invoice, which typically does not retry:
delay is 10 minutes, pipeline finishes within 7 minutes.

config/presubmits.py

@@ -109,13 +109,6 @@ PRESUBMITS = {
         "System.(out|err).println is only allowed in tools/ packages. Please "
         "use a logger instead.",
 
-    # PostgreSQLContainer instantiation must specify docker tag
-    # TODO(b/204572437): Fix the pattern to pass DatabaseSnapshotTest.java
-    PresubmitCheck(
-        r"[\s\S]*new\s+PostgreSQLContainer(<[\s\S]*>)?\(\s*\)[\s\S]*",
-        "java", {"DatabaseSnapshotTest.java"}):
-      "PostgreSQLContainer instantiation must specify docker tag.",
-
     # Various Soy linting checks
     PresubmitCheck(
         r".* (/\*)?\* {?@param ",

console-webapp/src/app/shared/services/backend.service.ts

@@ -12,12 +12,13 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-import { Injectable } from '@angular/core';
 import { HttpClient, HttpErrorResponse } from '@angular/common/http';
-import { Observable, catchError, of } from 'rxjs';
-import { Contact } from '../../settings/contact/contact.service';
+import { Injectable } from '@angular/core';
+import { catchError, Observable, of } from 'rxjs';
 import { SecuritySettingsBackendModel } from 'src/app/settings/security/security.service';
 
+import { Contact } from '../../settings/contact/contact.service';
+
 @Injectable()
 export class BackendService {
   constructor(private http: HttpClient) {}
@@ -55,7 +56,7 @@ export class BackendService {
   ): Observable<Contact[]> {
     return this.http.post<Contact[]>(
       `/console-api/settings/contacts?registrarId=${registrarId}`,
-      { contacts }
+      contacts
     );
   }
 
@@ -85,7 +86,7 @@ export class BackendService {
   ): Observable<SecuritySettingsBackendModel> {
     return this.http.post<SecuritySettingsBackendModel>(
       `/console-api/settings/security?registrarId=${registrarId}`,
-      { registrar: securitySettings }
+      securitySettings
     );
   }
 }

core/src/main/java/google/registry/beam/common/DatabaseSnapshot.java

@@ -1,88 +0,0 @@
-// Copyright 2021 The Nomulus Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package google.registry.beam.common;
-
-import static com.google.common.base.Preconditions.checkState;
-import static google.registry.persistence.transaction.TransactionManagerFactory.tm;
-
-import com.google.common.flogger.FluentLogger;
-import java.util.List;
-import javax.persistence.EntityManager;
-import javax.persistence.EntityTransaction;
-
-/**
- * A database snapshot shareable by concurrent queries from multiple database clients. A snapshot is
- * uniquely identified by its {@link #getSnapshotId snapshotId}, and must stay open until all
- * concurrent queries to this snapshot have attached to it by calling {@link
- * google.registry.persistence.transaction.JpaTransactionManager#setDatabaseSnapshot}. However, it
- * can be closed before those queries complete.
- *
- * <p>This feature is <em>Postgresql-only</em>.
- *
- * <p>To support large queries, transaction isolation level is fixed at the REPEATABLE_READ to avoid
- * exhausting predicate locks at the SERIALIZABLE level.
- */
-// TODO(b/193662898): vendor-independent support for richer transaction semantics.
-public class DatabaseSnapshot implements AutoCloseable {
-
-  private static final FluentLogger logger = FluentLogger.forEnclosingClass();
-
-  private String snapshotId;
-  private EntityManager entityManager;
-  private EntityTransaction transaction;
-
-  private DatabaseSnapshot() {}
-
-  public String getSnapshotId() {
-    checkState(entityManager != null, "Snapshot not opened yet.");
-    checkState(entityManager.isOpen(), "Snapshot already closed.");
-    return snapshotId;
-  }
-
-  private DatabaseSnapshot open() {
-    entityManager = tm().getStandaloneEntityManager();
-    transaction = entityManager.getTransaction();
-    transaction.setRollbackOnly();
-    transaction.begin();
-
-    entityManager
-        .createNativeQuery("SET TRANSACTION ISOLATION LEVEL REPEATABLE READ")
-        .executeUpdate();
-
-    List<?> snapshotIds =
-        entityManager.createNativeQuery("SELECT pg_export_snapshot();").getResultList();
-    checkState(snapshotIds.size() == 1, "Unexpected number of snapshots: %s", snapshotIds.size());
-    snapshotId = (String) snapshotIds.get(0);
-    return this;
-  }
-
-  @Override
-  public void close() {
-    if (transaction != null && transaction.isActive()) {
-      try {
-        transaction.rollback();
-      } catch (Exception e) {
-        logger.atWarning().withCause(e).log("Failed to close a Database Snapshot");
-      }
-    }
-    if (entityManager != null && entityManager.isOpen()) {
-      entityManager.close();
-    }
-  }
-
-  public static DatabaseSnapshot createSnapshot() {
-    return new DatabaseSnapshot().open();
-  }
-}

core/src/main/java/google/registry/beam/common/RegistryJpaIO.java

@@ -122,6 +122,7 @@ public final class RegistryJpaIO {
   @AutoValue
   public abstract static class Read<R, T> extends PTransform<PBegin, PCollection<T>> {
 
+    private static final long serialVersionUID = 6906842877429561700L;
     public static final String DEFAULT_NAME = "RegistryJpaIO.Read";
 
     abstract String name();
@@ -133,9 +134,6 @@ public final class RegistryJpaIO {
     @Nullable
     abstract Coder<T> coder();
 
-    @Nullable
-    abstract String snapshotId();
-
     abstract Builder<R, T> toBuilder();
 
     @Override
@@ -145,8 +143,7 @@ public final class RegistryJpaIO {
           input
               .apply("Starting " + name(), Create.of((Void) null))
               .apply(
-                  "Run query for " + name(),
-                  ParDo.of(new QueryRunner<>(query(), resultMapper(), snapshotId())));
+                  "Run query for " + name(), ParDo.of(new QueryRunner<>(query(), resultMapper())));
       if (coder() != null) {
         output = output.setCoder(coder());
       }
@@ -165,18 +162,6 @@ public final class RegistryJpaIO {
       return toBuilder().coder(coder).build();
     }
 
-    /**
-     * Specifies the database snapshot to use for this query.
-     *
-     * <p>This feature is <em>Postgresql-only</em>. User is responsible for keeping the snapshot
-     * available until all JVM workers have started using it by calling {@link
-     * JpaTransactionManager#setDatabaseSnapshot}.
-     */
-    // TODO(b/193662898): vendor-independent support for richer transaction semantics.
-    public Read<R, T> withSnapshot(@Nullable String snapshotId) {
-      return toBuilder().snapshotId(snapshotId).build();
-    }
-
     static <R, T> Builder<R, T> builder() {
       return new AutoValue_RegistryJpaIO_Read.Builder<R, T>().name(DEFAULT_NAME);
     }
@@ -192,8 +177,6 @@ public final class RegistryJpaIO {
 
       abstract Builder<R, T> coder(Coder<T> coder);
 
-      abstract Builder<R, T> snapshotId(@Nullable String sharedSnapshotId);
-
       abstract Read<R, T> build();
 
       Builder<R, T> criteriaQuery(CriteriaQuerySupplier<R> criteriaQuery) {
@@ -214,27 +197,20 @@ public final class RegistryJpaIO {
     }
 
     static class QueryRunner<R, T> extends DoFn<Void, T> {
+
+      private static final long serialVersionUID = 7293891513058653334L;
       private final RegistryQuery<R> query;
       private final SerializableFunction<R, T> resultMapper;
-      // java.util.Optional is not serializable. Use of Guava Optional is discouraged.
-      @Nullable private final String snapshotId;
 
-      QueryRunner(
-          RegistryQuery<R> query,
-          SerializableFunction<R, T> resultMapper,
-          @Nullable String snapshotId) {
+      QueryRunner(RegistryQuery<R> query, SerializableFunction<R, T> resultMapper) {
         this.query = query;
         this.resultMapper = resultMapper;
-        this.snapshotId = snapshotId;
       }
 
       @ProcessElement
       public void processElement(OutputReceiver<T> outputReceiver) {
         tm().transactNoRetry(
                 () -> {
-                  if (snapshotId != null) {
-                    tm().setDatabaseSnapshot(snapshotId);
-                  }
                   query.stream().map(resultMapper::apply).forEach(outputReceiver::output);
                 });
       }
@@ -256,8 +232,8 @@ public final class RegistryJpaIO {
   @AutoValue
   public abstract static class Write<T> extends PTransform<PCollection<T>, PCollection<Void>> {
 
+    private static final long serialVersionUID = -4023583243078410323L;
     public static final String DEFAULT_NAME = "RegistryJpaIO.Write";
-
     public static final int DEFAULT_BATCH_SIZE = 1;
 
     public abstract String name();
@@ -321,6 +297,8 @@ public final class RegistryJpaIO {
 
   /** Writes a batch of entities to a SQL database through a {@link JpaTransactionManager}. */
   private static class SqlBatchWriter<T> extends DoFn<KV<ShardedKey<Integer>, Iterable<T>>, Void> {
+
+    private static final long serialVersionUID = -7519944406319472690L;
     private final Counter counter;
     private final SerializableFunction<T, Object> jpaConverter;
 
@@ -337,7 +315,7 @@ public final class RegistryJpaIO {
     private void actuallyProcessElement(@Element KV<ShardedKey<Integer>, Iterable<T>> kv) {
       ImmutableList<Object> entities =
           Streams.stream(kv.getValue())
-              .map(this.jpaConverter::apply)
+              .map(jpaConverter::apply)
               // TODO(b/177340730): post migration delete the line below.
               .filter(Objects::nonNull)
               .collect(ImmutableList.toImmutableList());
@@ -373,7 +351,7 @@ public final class RegistryJpaIO {
     }
 
     /** Returns this entity's primary key field(s) in a string. */
-    private String toEntityKeyString(Object entity) {
+    private static String toEntityKeyString(Object entity) {
       try {
         return tm().transact(
                 () ->

core/src/main/java/google/registry/config/RegistryConfig.java

@@ -158,6 +158,12 @@ public final class RegistryConfig {
       return config.registryPolicy.contactAndHostRoidSuffix;
     }
 
+    @Provides
+    @Config("isEmailSendingEnabled")
+    public static boolean provideIsEmailSendingEnabled(RegistryConfigSettings config) {
+      return config.misc.isEmailSendingEnabled;
+    }
+
     /**
      * The e-mail address for questions about integrating with the registry. Used in the
      * "contact-us" section of the registrar console.

core/src/main/java/google/registry/config/RegistryConfigSettings.java

@@ -205,6 +205,7 @@ public class RegistryConfigSettings {
   /** Miscellaneous configuration that doesn't quite fit in anywhere else. */
   public static class Misc {
     public String sheetExportId;
+    public boolean isEmailSendingEnabled;
     public String alertRecipientEmailAddress;
     // TODO(b/279671974): remove below field after migration
     public String newAlertRecipientEmailAddress;

core/src/main/java/google/registry/config/files/default-config.yaml

@@ -432,6 +432,9 @@ misc:
   # to. Leave this null to disable syncing.
   sheetExportId: null
 
+  # Whether emails may be sent. For Prod and Sandbox this should be true.
+  isEmailSendingEnabled: false
+
   # Address we send alert summary emails to.
   alertRecipientEmailAddress: email@example.com
 

core/src/main/java/google/registry/groups/GmailClient.java

@@ -14,14 +14,15 @@
 
 package google.registry.groups;
 
+import static com.google.common.collect.ImmutableSet.toImmutableSet;
 import static com.google.common.collect.Iterables.toArray;
 
 import com.google.api.client.http.HttpResponseException;
 import com.google.api.services.gmail.Gmail;
 import com.google.api.services.gmail.model.Message;
 import com.google.common.collect.ImmutableSet;
+import com.google.common.flogger.FluentLogger;
 import com.google.common.net.MediaType;
-import com.google.errorprone.annotations.CanIgnoreReturnValue;
 import google.registry.config.RegistryConfig.Config;
 import google.registry.util.EmailMessage;
 import google.registry.util.EmailMessage.Attachment;
@@ -46,8 +47,11 @@ import javax.mail.internet.MimeMultipart;
 /** Sends {@link EmailMessage EmailMessages} through Google Workspace using {@link Gmail}. */
 public final class GmailClient {
 
+  private static final FluentLogger logger = FluentLogger.forEnclosingClass();
+
   private final Gmail gmail;
   private final Retrier retrier;
+  private final boolean isEmailSendingEnabled;
   private final InternetAddress outgoingEmailAddressWithUsername;
   private final InternetAddress replyToEmailAddress;
 
@@ -55,12 +59,14 @@ public final class GmailClient {
   GmailClient(
       Gmail gmail,
       Retrier retrier,
+      @Config("isEmailSendingEnabled") boolean isEmailSendingEnabled,
       @Config("gSuiteNewOutgoingEmailAddress") String gSuiteOutgoingEmailAddress,
       @Config("gSuiteOutgoingEmailDisplayName") String gSuiteOutgoingEmailDisplayName,
       @Config("replyToEmailAddress") InternetAddress replyToEmailAddress) {
 
     this.gmail = gmail;
     this.retrier = retrier;
+    this.isEmailSendingEnabled = isEmailSendingEnabled;
     this.replyToEmailAddress = replyToEmailAddress;
     try {
       this.outgoingEmailAddressWithUsername =
@@ -76,11 +82,22 @@ public final class GmailClient {
    * <p>If the sender as specified by {@link EmailMessage#from} differs from the caller's identity,
    * the caller must have delegated `send` authority to the sender.
    */
-  @CanIgnoreReturnValue
-  public Message sendEmail(EmailMessage emailMessage) {
+  public void sendEmail(EmailMessage emailMessage) {
+    if (!isEmailSendingEnabled) {
+      logger.atInfo().log(
+          String.format(
+              "Email with subject %s would have been sent to recipients %s",
+              emailMessage.subject().substring(0, Math.min(emailMessage.subject().length(), 15)),
+              String.join(
+                  " , ",
+                  emailMessage.recipients().stream()
+                      .map(ia -> ia.toString())
+                      .collect(toImmutableSet()))));
+      return;
+    }
     Message message = toGmailMessage(toMimeMessage(emailMessage));
     // Unlike other Cloud APIs such as GCS and SecretManager, Gmail does not retry on errors.
-    return retrier.callWithRetry(
+    retrier.callWithRetry(
         // "me" is reserved word for the authorized user of the Gmail API.
         () -> this.gmail.users().messages().send("me", message).execute(),
         RetriableGmailExceptionPredicate.INSTANCE);

core/src/main/java/google/registry/model/EntityYamlUtils.java

@@ -11,7 +11,7 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
-package google.registry.model.tld;
+package google.registry.model;
 
 import static com.google.common.collect.ImmutableSortedMap.toImmutableSortedMap;
 import static com.google.common.collect.Ordering.natural;
@@ -27,7 +27,6 @@ import com.fasterxml.jackson.databind.module.SimpleModule;
 import com.fasterxml.jackson.databind.ser.std.StdSerializer;
 import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
 import com.fasterxml.jackson.dataformat.yaml.YAMLGenerator.Feature;
-import google.registry.model.CreateAutoTimestamp;
 import google.registry.model.common.TimedTransitionProperty;
 import google.registry.model.domain.token.AllocationToken;
 import google.registry.model.tld.Tld.TldState;
@@ -44,14 +43,13 @@ import org.joda.money.Money;
 import org.joda.time.DateTime;
 import org.joda.time.Duration;
 
-/** A collection of static utility classes and functions for TLD YAML conversions. */
-public class TldYamlUtils {
+/** A collection of static utility classes/functions to convert entities to/from YAML files. */
+public class EntityYamlUtils {
 
   /**
-   * Returns an {@link ObjectMapper} object that can be used to convert a {@link Tld} object to and
-   * from YAML.
+   * Returns a new {@link ObjectMapper} object that can be used to convert an entity to/from YAML.
    */
-  public static ObjectMapper getObjectMapper() {
+  public static ObjectMapper createObjectMapper() {
     SimpleModule module = new SimpleModule();
     module.addSerializer(Money.class, new MoneySerializer());
     module.addDeserializer(Money.class, new MoneyDeserializer());
@@ -86,6 +84,7 @@ public class TldYamlUtils {
 
   /** A custom JSON deserializer for {@link Money}. */
   public static class MoneyDeserializer extends StdDeserializer<Money> {
+
     public MoneyDeserializer() {
       this(null);
     }
@@ -127,6 +126,7 @@ public class TldYamlUtils {
 
   /** A custom JSON deserializer for {@link CurrencyUnit}. */
   public static class CurrencyDeserializer extends StdDeserializer<CurrencyUnit> {
+
     public CurrencyDeserializer() {
       this(null);
     }

core/src/main/java/google/registry/model/ModelModule.java

@@ -0,0 +1,30 @@
+// Copyright 2023 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package google.registry.model;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import dagger.Module;
+import dagger.Provides;
+
+/** Dagger module for the entity (model) classes. */
+@Module
+public final class ModelModule {
+
+  /** Returns an {@link ObjectMapper} object that can be used to convert an entity to/from YAML. */
+  @Provides
+  public static ObjectMapper provideObjectMapper() {
+    return EntityYamlUtils.createObjectMapper();
+  }
+}

core/src/main/java/google/registry/model/adapters/CurrencyJsonAdapter.java

@@ -0,0 +1,32 @@
+// Copyright 2023 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package google.registry.model.adapters;
+
+import google.registry.model.adapters.CurrencyUnitAdapter.UnknownCurrencyException;
+import google.registry.util.StringBaseTypeAdapter;
+import java.io.IOException;
+import org.joda.money.CurrencyUnit;
+
+public class CurrencyJsonAdapter extends StringBaseTypeAdapter<CurrencyUnit> {
+
+  @Override
+  protected CurrencyUnit fromString(String stringValue) throws IOException {
+    try {
+      return CurrencyUnitAdapter.convertFromString(stringValue);
+    } catch (UnknownCurrencyException e) {
+      throw new IOException("Unknown currency");
+    }
+  }
+}

core/src/main/java/google/registry/model/adapters/CurrencyUnitAdapter.java

@@ -1,4 +1,4 @@
-// Copyright 2017 The Nomulus Authors. All Rights Reserved.
+// Copyright 2023 The Nomulus Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -22,9 +22,7 @@ import org.joda.money.CurrencyUnit;
 /** Adapter to use Joda {@link CurrencyUnit} when marshalling strings. */
 public class CurrencyUnitAdapter extends XmlAdapter<String, CurrencyUnit> {
 
-  /** Parses a string into a {@link CurrencyUnit} object. */
-  @Override
-  public CurrencyUnit unmarshal(String currency) throws UnknownCurrencyException {
+  public static CurrencyUnit convertFromString(String currency) throws UnknownCurrencyException {
     try {
       return CurrencyUnit.of(nullToEmpty(currency).trim());
     } catch (IllegalArgumentException e) {
@@ -32,10 +30,20 @@ public class CurrencyUnitAdapter extends XmlAdapter<String, CurrencyUnit> {
     }
   }
 
+  public static String convertFromCurrency(CurrencyUnit currency) {
+    return currency == null ? null : currency.toString();
+  }
+
+  /** Parses a string into a {@link CurrencyUnit} object. */
+  @Override
+  public CurrencyUnit unmarshal(String currency) throws UnknownCurrencyException {
+    return convertFromString(currency);
+  }
+
   /** Converts {@link CurrencyUnit} to a string. */
   @Override
   public String marshal(CurrencyUnit currency) {
-    return currency == null ? null : currency.toString();
+    return convertFromCurrency(currency);
   }
 
   /** Exception to throw when failing to parse a currency. */

core/src/main/java/google/registry/model/eppcommon/Address.java

@@ -20,6 +20,7 @@ import static google.registry.util.CollectionUtils.nullToEmptyImmutableCopy;
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableList;
+import com.google.gson.annotations.Expose;
 import google.registry.model.Buildable;
 import google.registry.model.ImmutableObject;
 import google.registry.model.JsonMapBuilder;
@@ -87,6 +88,7 @@ public class Address extends ImmutableObject implements Jsonifiable, UnsafeSeria
    */
   @XmlJavaTypeAdapter(NormalizedStringAdapter.class)
   @Transient
+  @Expose
   protected List<String> street;
 
   @XmlTransient @IgnoredInDiffableMap protected String streetLine1;
@@ -96,18 +98,22 @@ public class Address extends ImmutableObject implements Jsonifiable, UnsafeSeria
   @XmlTransient @IgnoredInDiffableMap protected String streetLine3;
 
   @XmlJavaTypeAdapter(NormalizedStringAdapter.class)
+  @Expose
   protected String city;
 
   @XmlElement(name = "sp")
   @XmlJavaTypeAdapter(NormalizedStringAdapter.class)
+  @Expose
   protected String state;
 
   @XmlElement(name = "pc")
   @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+  @Expose
   protected String zip;
 
   @XmlElement(name = "cc")
   @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
+  @Expose
   protected String countryCode;
 
   public ImmutableList<String> getStreet() {

core/src/main/java/google/registry/model/registrar/Registrar.java

@@ -211,6 +211,7 @@ public class Registrar extends UpdateAutoTimestampEntity implements Buildable, J
    */
   @Id
   @Column(nullable = false)
+  @Expose
   String registrarId;
 
   /**
@@ -224,6 +225,7 @@ public class Registrar extends UpdateAutoTimestampEntity implements Buildable, J
    * @see <a href="http://www.icann.org/registrar-reports/accredited-list.html">ICANN-Accredited
    *     Registrars</a>
    */
+  @Expose
   @Column(nullable = false)
   String registrarName;
 
@@ -237,7 +239,7 @@ public class Registrar extends UpdateAutoTimestampEntity implements Buildable, J
   State state;
 
   /** The set of TLDs which this registrar is allowed to access. */
-  Set<String> allowedTlds;
+  @Expose Set<String> allowedTlds;
 
   /** Host name of WHOIS server. */
   String whoisServer;
@@ -287,6 +289,7 @@ public class Registrar extends UpdateAutoTimestampEntity implements Buildable, J
    * unrestricted UTF-8.
    */
   @Embedded
+  @Expose
   @AttributeOverrides({
     @AttributeOverride(
         name = "streetLine1",
@@ -329,7 +332,7 @@ public class Registrar extends UpdateAutoTimestampEntity implements Buildable, J
   String faxNumber;
 
   /** Email address. */
-  String emailAddress;
+  @Expose String emailAddress;
 
   // External IDs.
 
@@ -345,7 +348,7 @@ public class Registrar extends UpdateAutoTimestampEntity implements Buildable, J
    * @see <a href="http://www.iana.org/assignments/registrar-ids/registrar-ids.txt">Registrar
    *     IDs</a>
    */
-  @Nullable Long ianaIdentifier;
+  @Expose @Nullable Long ianaIdentifier;
 
   /** Purchase Order number used for invoices in external billing system, if applicable. */
   @Nullable String poNumber;
@@ -358,7 +361,7 @@ public class Registrar extends UpdateAutoTimestampEntity implements Buildable, J
    * accessed by {@link #getBillingAccountMap}, a sorted map is returned to guarantee deterministic
    * behavior when serializing the map, for display purpose for instance.
    */
-  @Nullable Map<CurrencyUnit, String> billingAccountMap;
+  @Expose @Nullable Map<CurrencyUnit, String> billingAccountMap;
 
   /** URL of registrar's website. */
   String url;
@@ -369,10 +372,10 @@ public class Registrar extends UpdateAutoTimestampEntity implements Buildable, J
    * <p>This value is specified in the initial registrar contact. It can't be edited in the web GUI,
    * and it must be specified when the registrar account is created.
    */
-  String icannReferralEmail;
+  @Expose String icannReferralEmail;
 
   /** Id of the folder in drive used to publish information for this registrar. */
-  String driveFolderId;
+  @Expose String driveFolderId;
 
   // Metadata.
 
@@ -400,7 +403,7 @@ public class Registrar extends UpdateAutoTimestampEntity implements Buildable, J
   boolean contactsRequireSyncing = true;
 
   /** Whether or not registry lock is allowed for this registrar. */
-  boolean registryLockAllowed = false;
+  @Expose boolean registryLockAllowed = false;
 
   public String getRegistrarId() {
     return registrarId;

core/src/main/java/google/registry/model/tld/Tld.java

@@ -45,6 +45,15 @@ import com.google.common.net.InternetDomainName;
 import google.registry.model.Buildable;
 import google.registry.model.CacheUtils;
 import google.registry.model.CreateAutoTimestamp;
+import google.registry.model.EntityYamlUtils.CreateAutoTimestampDeserializer;
+import google.registry.model.EntityYamlUtils.CurrencyDeserializer;
+import google.registry.model.EntityYamlUtils.CurrencySerializer;
+import google.registry.model.EntityYamlUtils.OptionalDurationSerializer;
+import google.registry.model.EntityYamlUtils.OptionalStringSerializer;
+import google.registry.model.EntityYamlUtils.TimedTransitionPropertyMoneyDeserializer;
+import google.registry.model.EntityYamlUtils.TimedTransitionPropertyTldStateDeserializer;
+import google.registry.model.EntityYamlUtils.TokenVKeyListDeserializer;
+import google.registry.model.EntityYamlUtils.TokenVKeyListSerializer;
 import google.registry.model.ImmutableObject;
 import google.registry.model.UnsafeSerializable;
 import google.registry.model.common.TimedTransitionProperty;
@@ -52,15 +61,6 @@ import google.registry.model.domain.fee.BaseFee.FeeType;
 import google.registry.model.domain.fee.Fee;
 import google.registry.model.domain.token.AllocationToken;
 import google.registry.model.domain.token.AllocationToken.TokenType;
-import google.registry.model.tld.TldYamlUtils.CreateAutoTimestampDeserializer;
-import google.registry.model.tld.TldYamlUtils.CurrencyDeserializer;
-import google.registry.model.tld.TldYamlUtils.CurrencySerializer;
-import google.registry.model.tld.TldYamlUtils.OptionalDurationSerializer;
-import google.registry.model.tld.TldYamlUtils.OptionalStringSerializer;
-import google.registry.model.tld.TldYamlUtils.TimedTransitionPropertyMoneyDeserializer;
-import google.registry.model.tld.TldYamlUtils.TimedTransitionPropertyTldStateDeserializer;
-import google.registry.model.tld.TldYamlUtils.TokenVKeyListDeserializer;
-import google.registry.model.tld.TldYamlUtils.TokenVKeyListSerializer;
 import google.registry.model.tld.label.PremiumList;
 import google.registry.model.tld.label.ReservedList;
 import google.registry.persistence.VKey;

core/src/main/java/google/registry/persistence/transaction/JpaTransactionManager.java

@@ -31,21 +31,6 @@ public interface JpaTransactionManager extends TransactionManager {
    */
   EntityManager getStandaloneEntityManager();
 
-  /**
-   * Specifies a database snapshot exported by another transaction to use in the current
-   * transaction.
-   *
-   * <p>This is a Postgresql-specific feature. This method must be called before any other SQL
-   * commands in a transaction.
-   *
-   * <p>To support large queries, transaction isolation level is fixed at the REPEATABLE_READ to
-   * avoid exhausting predicate locks at the SERIALIZABLE level.
-   *
-   * @see google.registry.beam.common.DatabaseSnapshot
-   */
-  // TODO(b/193662898): vendor-independent support for richer transaction semantics.
-  JpaTransactionManager setDatabaseSnapshot(String snapshotId);
-
   /**
    * Returns the {@link EntityManager} for the current request.
    *
@@ -56,8 +41,8 @@ public interface JpaTransactionManager extends TransactionManager {
   /**
    * Creates a JPA SQL query for the given query string and result class.
    *
-   * <p>This is a convenience method for the longer <code>
-   * jpaTm().getEntityManager().createQuery(...)</code>.
+   * <p>This is a convenience method for the longer {@code
+   * jpaTm().getEntityManager().createQuery(...)}.
    */
   <T> TypedQuery<T> query(String sqlString, Class<T> resultClass);
 
@@ -67,8 +52,8 @@ public interface JpaTransactionManager extends TransactionManager {
   /**
    * Creates a JPA SQL query for the given query string.
    *
-   * <p>This is a convenience method for the longer <code>
-   * jpaTm().getEntityManager().createQuery(...)</code>.
+   * <p>This is a convenience method for the longer {@code
+   * jpaTm().getEntityManager().createQuery(...)}.
    *
    * <p>Note that while this method can legally be used for queries that return results, <u>it
    * should not be</u>, as it does not correctly detach entities as must be done for nomulus model

core/src/main/java/google/registry/persistence/transaction/JpaTransactionManagerImpl.java

@@ -109,22 +109,6 @@ public class JpaTransactionManagerImpl implements JpaTransactionManager {
     return entityManager;
   }
 
-  @Override
-  public JpaTransactionManager setDatabaseSnapshot(String snapshotId) {
-    // Postgresql-specific: 'set transaction' command must be called inside a transaction
-    assertInTransaction();
-
-    EntityManager entityManager = getEntityManager();
-    // Isolation is hardcoded to REPEATABLE READ, as specified by parent's Javadoc.
-    entityManager
-        .createNativeQuery("SET TRANSACTION ISOLATION LEVEL REPEATABLE READ")
-        .executeUpdate();
-    entityManager
-        .createNativeQuery(String.format("SET TRANSACTION SNAPSHOT '%s'", snapshotId))
-        .executeUpdate();
-    return this;
-  }
-
   @Override
   public <T> TypedQuery<T> query(String sqlString, Class<T> resultClass) {
     return new DetachingTypedQuery<>(getEntityManager().createQuery(sqlString, resultClass));

core/src/main/java/google/registry/reporting/spec11/GenerateSpec11ReportAction.java

@@ -141,7 +141,8 @@ public class GenerateSpec11ReportAction implements Runnable {
                     jobId,
                     ReportingModule.PARAM_DATE,
                     date.toString()),
-                Duration.standardMinutes(ReportingModule.ENQUEUE_DELAY_MINUTES)));
+                // TODO(b/296582836): mitigating retry problem. Remove `+10` when bug is fixed.
+                Duration.standardMinutes(ReportingModule.ENQUEUE_DELAY_MINUTES + 10)));
       }
       response.setStatus(SC_OK);
       response.setPayload(String.format("Launched Spec11 pipeline: %s", jobId));

core/src/main/java/google/registry/reporting/spec11/Spec11EmailUtils.java

@@ -31,12 +31,12 @@ import com.google.template.soy.tofu.SoyTofu;
 import com.google.template.soy.tofu.SoyTofu.Renderer;
 import google.registry.beam.spec11.ThreatMatch;
 import google.registry.config.RegistryConfig.Config;
+import google.registry.groups.GmailClient;
 import google.registry.model.domain.Domain;
 import google.registry.model.registrar.Registrar;
 import google.registry.model.registrar.RegistrarPoc;
 import google.registry.reporting.spec11.soy.Spec11EmailSoyInfo;
 import google.registry.util.EmailMessage;
-import google.registry.util.SendEmailService;
 import java.util.List;
 import java.util.Map;
 import javax.inject.Inject;
@@ -56,8 +56,7 @@ public class Spec11EmailUtils {
                   Spec11EmailSoyInfo.getInstance().getFileName()))
           .build()
           .compileToTofu();
-
-  private final SendEmailService emailService;
+  private final GmailClient gmailClient;
   private final InternetAddress outgoingEmailAddress;
   private final ImmutableList<InternetAddress> spec11BccEmailAddresses;
   private final InternetAddress alertRecipientAddress;
@@ -66,13 +65,13 @@ public class Spec11EmailUtils {
 
   @Inject
   Spec11EmailUtils(
-      SendEmailService emailService,
-      @Config("alertRecipientEmailAddress") InternetAddress alertRecipientAddress,
+      GmailClient gmailClient,
+      @Config("newAlertRecipientEmailAddress") InternetAddress alertRecipientAddress,
       @Config("spec11OutgoingEmailAddress") InternetAddress spec11OutgoingEmailAddress,
       @Config("spec11BccEmailAddresses") ImmutableList<InternetAddress> spec11BccEmailAddresses,
       @Config("spec11WebResources") ImmutableList<String> spec11WebResources,
       @Config("registryName") String registryName) {
-    this.emailService = emailService;
+    this.gmailClient = gmailClient;
     this.outgoingEmailAddress = spec11OutgoingEmailAddress;
     this.spec11BccEmailAddresses = spec11BccEmailAddresses;
     this.alertRecipientAddress = alertRecipientAddress;
@@ -91,6 +90,7 @@ public class Spec11EmailUtils {
       ImmutableSet<RegistrarThreatMatches> registrarThreatMatchesSet) {
     ImmutableMap.Builder<RegistrarThreatMatches, Throwable> failedMatchesBuilder =
         ImmutableMap.builder();
+    int numRegistrarsEmailed = 0;
     for (RegistrarThreatMatches registrarThreatMatches : registrarThreatMatchesSet) {
       RegistrarThreatMatches filteredMatches = filterOutNonPublishedMatches(registrarThreatMatches);
       if (!filteredMatches.threatMatches().isEmpty()) {
@@ -98,11 +98,13 @@ public class Spec11EmailUtils {
           // Handle exceptions individually per registrar so that one failed email doesn't prevent
           // the rest from being sent.
           emailRegistrar(date, soyTemplateInfo, subject, filteredMatches);
+          numRegistrarsEmailed++;
         } catch (Throwable e) {
           failedMatchesBuilder.put(registrarThreatMatches, getRootCause(e));
         }
       }
     }
+    logger.atInfo().log("Emailed daily diffs to %s registrars.", numRegistrarsEmailed);
     ImmutableMap<RegistrarThreatMatches, Throwable> failedMatches = failedMatchesBuilder.build();
     if (!failedMatches.isEmpty()) {
       ImmutableList<Map.Entry<RegistrarThreatMatches, Throwable>> failedMatchesList =
@@ -151,7 +153,7 @@ public class Spec11EmailUtils {
       String subject,
       RegistrarThreatMatches registrarThreatMatches)
       throws MessagingException {
-    emailService.sendEmail(
+    gmailClient.sendEmail(
         EmailMessage.newBuilder()
             .setSubject(subject)
             .setBody(getContent(date, soyTemplateInfo, registrarThreatMatches))
@@ -191,7 +193,7 @@ public class Spec11EmailUtils {
   /** Sends an e-mail indicating the state of the spec11 pipeline, with a given subject and body. */
   void sendAlertEmail(String subject, String body) {
     try {
-      emailService.sendEmail(
+      gmailClient.sendEmail(
           EmailMessage.newBuilder()
               .setFrom(outgoingEmailAddress)
               .addRecipient(alertRecipientAddress)

core/src/main/java/google/registry/request/RequestModule.java

@@ -31,21 +31,28 @@ import com.google.common.io.ByteStreams;
 import com.google.common.io.CharStreams;
 import com.google.common.net.MediaType;
 import com.google.gson.Gson;
-import com.google.gson.JsonObject;
+import com.google.gson.GsonBuilder;
+import com.google.gson.JsonElement;
 import com.google.protobuf.ByteString;
 import dagger.Module;
 import dagger.Provides;
+import google.registry.model.adapters.CurrencyJsonAdapter;
 import google.registry.request.HttpException.BadRequestException;
 import google.registry.request.HttpException.UnsupportedMediaTypeException;
 import google.registry.request.auth.AuthResult;
 import google.registry.request.lock.LockHandler;
 import google.registry.request.lock.LockHandlerImpl;
+import google.registry.util.CidrAddressBlock;
+import google.registry.util.CidrAddressBlock.CidrAddressBlockAdapter;
+import google.registry.util.DateTimeTypeAdapter;
 import java.io.IOException;
 import java.util.Map;
 import java.util.Optional;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
+import org.joda.money.CurrencyUnit;
+import org.joda.time.DateTime;
 import org.json.simple.JSONValue;
 import org.json.simple.parser.ParseException;
 
@@ -69,6 +76,18 @@ public final class RequestModule {
     this.authResult = authResult;
   }
 
+  @RequestScope
+  @VisibleForTesting
+  @Provides
+  public static Gson provideGson() {
+    return new GsonBuilder()
+        .registerTypeAdapter(DateTime.class, new DateTimeTypeAdapter())
+        .registerTypeAdapter(CidrAddressBlock.class, new CidrAddressBlockAdapter())
+        .registerTypeAdapter(CurrencyUnit.class, new CurrencyJsonAdapter())
+        .excludeFieldsWithoutExposeAnnotation()
+        .create();
+  }
+
   @Provides
   @Parameter(RequestParameters.PARAM_TLD)
   static String provideTld(HttpServletRequest req) {
@@ -244,11 +263,10 @@ public final class RequestModule {
 
   @Provides
   @OptionalJsonPayload
-  public static Optional<JsonObject> provideJsonBody(HttpServletRequest req, Gson gson) {
+  public static Optional<JsonElement> provideJsonBody(HttpServletRequest req, Gson gson) {
     try {
-      JsonObject body = gson.fromJson(req.getReader(), JsonObject.class);
-      return Optional.of(body);
-    } catch (Exception e) {
+      return Optional.of(gson.fromJson(req.getReader(), JsonElement.class));
+    } catch (IOException e) {
       return Optional.empty();
     }
   }

core/src/main/java/google/registry/tools/GetTldCommand.java

@@ -15,11 +15,17 @@
 package google.registry.tools;
 
 import static google.registry.model.tld.Tlds.assertTldsExist;
+import static java.nio.charset.StandardCharsets.UTF_8;
 
 import com.beust.jcommander.Parameter;
 import com.beust.jcommander.Parameters;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
 import google.registry.model.tld.Tld;
+import java.io.PrintStream;
+import java.io.UnsupportedEncodingException;
 import java.util.List;
+import javax.inject.Inject;
 
 /** Command to show a TLD record. */
 @Parameters(separators = " =", commandDescription = "Show TLD record(s)")
@@ -30,10 +36,14 @@ final class GetTldCommand implements Command {
       required = true)
   private List<String> mainParameters;
 
+  @Inject ObjectMapper objectMapper;
+
   @Override
-  public void run() {
-    for (String tld : assertTldsExist(mainParameters)) {
-      System.out.println(Tld.get(tld));
+  public void run() throws JsonProcessingException, UnsupportedEncodingException {
+    try (PrintStream printStream = new PrintStream(System.out, false, UTF_8.name())) {
+      for (String tld : assertTldsExist(mainParameters)) {
+        printStream.println(objectMapper.writeValueAsString(Tld.get(tld)));
+      }
     }
   }
 }

core/src/main/java/google/registry/tools/RegistryToolComponent.java

@@ -30,10 +30,12 @@ import google.registry.keyring.KeyringModule;
 import google.registry.keyring.api.DummyKeyringModule;
 import google.registry.keyring.api.KeyModule;
 import google.registry.keyring.secretmanager.SecretManagerKeyringModule;
+import google.registry.model.ModelModule;
 import google.registry.persistence.PersistenceModule;
 import google.registry.persistence.PersistenceModule.NomulusToolJpaTm;
 import google.registry.persistence.PersistenceModule.ReadOnlyReplicaJpaTm;
 import google.registry.persistence.transaction.JpaTransactionManager;
+import google.registry.privileges.secretmanager.SecretManagerModule;
 import google.registry.rde.RdeModule;
 import google.registry.request.Modules.GsonModule;
 import google.registry.request.Modules.UrlConnectionServiceModule;
@@ -66,13 +68,14 @@ import javax.inject.Singleton;
       GsonModule.class,
       KeyModule.class,
       KeyringModule.class,
-      SecretManagerKeyringModule.class,
       LocalCredentialModule.class,
+      ModelModule.class,
       PersistenceModule.class,
       RdeModule.class,
       RegistryToolDataflowModule.class,
       RequestFactoryModule.class,
-      google.registry.privileges.secretmanager.SecretManagerModule.class,
+      SecretManagerKeyringModule.class,
+      SecretManagerModule.class,
       UrlConnectionServiceModule.class,
       UrlFetchServiceModule.class,
       UserServiceModule.class,

core/src/main/java/google/registry/ui/server/console/RegistrarsAction.java

@@ -14,7 +14,11 @@
 
 package google.registry.ui.server.console;
 
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Strings.isNullOrEmpty;
+import static google.registry.persistence.transaction.TransactionManagerFactory.tm;
 import static google.registry.request.Action.Method.GET;
+import static google.registry.request.Action.Method.POST;
 
 import com.google.api.client.http.HttpStatusCodes;
 import com.google.common.collect.ImmutableList;
@@ -23,46 +27,155 @@ import com.google.gson.Gson;
 import google.registry.model.console.ConsolePermission;
 import google.registry.model.console.User;
 import google.registry.model.registrar.Registrar;
+import google.registry.model.registrar.Registrar.State;
+import google.registry.model.registrar.RegistrarPoc;
 import google.registry.request.Action;
+import google.registry.request.Parameter;
 import google.registry.request.Response;
 import google.registry.request.auth.Auth;
 import google.registry.request.auth.AuthResult;
 import google.registry.ui.server.registrar.JsonGetAction;
+import google.registry.util.StringGenerator;
+import java.util.Optional;
 import javax.inject.Inject;
+import javax.inject.Named;
+import javax.servlet.http.HttpServletRequest;
 
 @Action(
     service = Action.Service.DEFAULT,
     path = RegistrarsAction.PATH,
-    method = {GET},
+    method = {GET, POST},
     auth = Auth.AUTH_PUBLIC_LOGGED_IN)
 public class RegistrarsAction implements JsonGetAction {
+  private static final int PASSWORD_LENGTH = 16;
+  private static final int PASSCODE_LENGTH = 5;
   static final String PATH = "/console-api/registrars";
-
   private final AuthResult authResult;
   private final Response response;
   private final Gson gson;
+  private final HttpServletRequest req;
+  private Optional<Registrar> registrar;
+  private StringGenerator passwordGenerator;
+  private StringGenerator passcodeGenerator;
 
   @Inject
-  public RegistrarsAction(AuthResult authResult, Response response, Gson gson) {
+  public RegistrarsAction(
+      HttpServletRequest req,
+      AuthResult authResult,
+      Response response,
+      Gson gson,
+      @Parameter("registrar") Optional<Registrar> registrar,
+      @Named("base58StringGenerator") StringGenerator passwordGenerator,
+      @Named("digitOnlyStringGenerator") StringGenerator passcodeGenerator) {
     this.authResult = authResult;
     this.response = response;
     this.gson = gson;
+    this.registrar = registrar;
+    this.req = req;
+    this.passcodeGenerator = passcodeGenerator;
+    this.passwordGenerator = passwordGenerator;
   }
 
+
   @Override
   public void run() {
     User user = authResult.userAuthInfo().get().consoleUser().get();
+    if (req.getMethod().equals(GET.toString())) {
+      getHandler(user);
+    } else {
+      postHandler(user);
+    }
+  }
+
+  private void getHandler(User user) {
     if (!user.getUserRoles().hasGlobalPermission(ConsolePermission.VIEW_REGISTRARS)) {
       response.setStatus(HttpStatusCodes.STATUS_CODE_FORBIDDEN);
       return;
     }
-    ImmutableList<String> registrarIds =
+    ImmutableList<Registrar> registrars =
         Streams.stream(Registrar.loadAllCached())
             .filter(r -> r.getType() == Registrar.Type.REAL)
-            .map(Registrar::getRegistrarId)
             .collect(ImmutableList.toImmutableList());
 
-    response.setPayload(gson.toJson(registrarIds));
+    response.setPayload(gson.toJson(registrars));
     response.setStatus(HttpStatusCodes.STATUS_CODE_OK);
   }
+
+  private void postHandler(User user) {
+    if (!user.getUserRoles().isAdmin()) {
+      response.setStatus(HttpStatusCodes.STATUS_CODE_FORBIDDEN);
+      return;
+    }
+
+    if (!registrar.isPresent()) {
+      response.setStatus(HttpStatusCodes.STATUS_CODE_BAD_REQUEST);
+      response.setPayload(gson.toJson("'registrar' parameter is not present"));
+      return;
+    }
+
+    Registrar registrarParam = registrar.get();
+    String errorMsg = "Missing value for %s";
+    try {
+      checkArgument(!isNullOrEmpty(registrarParam.getRegistrarId()), errorMsg, "registrarId");
+      checkArgument(!isNullOrEmpty(registrarParam.getRegistrarName()), errorMsg, "name");
+      checkArgument(!registrarParam.getBillingAccountMap().isEmpty(), errorMsg, "billingAccount");
+      checkArgument(registrarParam.getIanaIdentifier() != null, String.format(errorMsg, "ianaId"));
+      checkArgument(
+          !isNullOrEmpty(registrarParam.getIcannReferralEmail()), errorMsg, "referralEmail");
+      checkArgument(!isNullOrEmpty(registrarParam.getDriveFolderId()), errorMsg, "driveId");
+      checkArgument(!isNullOrEmpty(registrarParam.getEmailAddress()), errorMsg, "consoleUserEmail");
+      checkArgument(
+          registrarParam.getLocalizedAddress() != null
+              && !isNullOrEmpty(registrarParam.getLocalizedAddress().getState())
+              && !isNullOrEmpty(registrarParam.getLocalizedAddress().getCity())
+              && !isNullOrEmpty(registrarParam.getLocalizedAddress().getZip())
+              && !isNullOrEmpty(registrarParam.getLocalizedAddress().getCountryCode())
+              && !registrarParam.getLocalizedAddress().getStreet().isEmpty(),
+          errorMsg,
+          "address");
+
+      String password = passwordGenerator.createString(PASSWORD_LENGTH);
+      String phonePasscode = passcodeGenerator.createString(PASSCODE_LENGTH);
+
+      Registrar registrar =
+          new Registrar.Builder()
+              .setRegistrarId(registrarParam.getRegistrarId())
+              .setRegistrarName(registrarParam.getRegistrarName())
+              .setBillingAccountMap(registrarParam.getBillingAccountMap())
+              .setIanaIdentifier(Long.valueOf(registrarParam.getIanaIdentifier()))
+              .setIcannReferralEmail(registrarParam.getIcannReferralEmail())
+              .setEmailAddress(registrarParam.getIcannReferralEmail())
+              .setDriveFolderId(registrarParam.getDriveFolderId())
+              .setType(Registrar.Type.REAL)
+              .setPassword(password)
+              .setPhonePasscode(phonePasscode)
+              .setState(State.PENDING)
+              .setLocalizedAddress(registrarParam.getLocalizedAddress())
+              .build();
+
+      RegistrarPoc contact =
+          new RegistrarPoc.Builder()
+              .setRegistrar(registrar)
+              .setName(registrarParam.getEmailAddress())
+              .setEmailAddress(registrarParam.getEmailAddress())
+              .setLoginEmailAddress(registrarParam.getEmailAddress())
+              .build();
+
+      tm().transact(
+              () -> {
+                checkArgument(
+                    !Registrar.loadByRegistrarId(registrar.getRegistrarId()).isPresent(),
+                    "Registrar with registrarId %s already exists",
+                    registrar.getRegistrarId());
+                tm().putAll(registrar, contact);
+              });
+
+    } catch (IllegalArgumentException e) {
+      response.setStatus(HttpStatusCodes.STATUS_CODE_BAD_REQUEST);
+      response.setPayload(gson.toJson(e.getMessage()));
+    } catch (Throwable e) {
+      response.setStatus(HttpStatusCodes.STATUS_CODE_SERVER_ERROR);
+      response.setPayload(gson.toJson(e.getMessage()));
+    }
+  }
 }

core/src/main/java/google/registry/ui/server/console/settings/SecurityAction.java

@@ -15,7 +15,6 @@
 package google.registry.ui.server.console.settings;
 
 import static google.registry.persistence.transaction.TransactionManagerFactory.tm;
-import static google.registry.request.Action.Method.GET;
 import static google.registry.request.Action.Method.POST;
 
 import avro.shaded.com.google.common.collect.ImmutableList;
@@ -36,28 +35,25 @@ import google.registry.request.auth.AuthenticatedRegistrarAccessor.RegistrarAcce
 import google.registry.ui.server.registrar.JsonGetAction;
 import java.util.Optional;
 import javax.inject.Inject;
-import javax.servlet.http.HttpServletRequest;
 
 @Action(
     service = Action.Service.DEFAULT,
     path = SecurityAction.PATH,
-    method = {GET, POST},
+    method = {POST},
     auth = Auth.AUTH_PUBLIC_LOGGED_IN)
 public class SecurityAction implements JsonGetAction {
 
   static final String PATH = "/console-api/settings/security";
-  private final HttpServletRequest req;
   private final AuthResult authResult;
   private final Response response;
   private final Gson gson;
   private final String registrarId;
-  private AuthenticatedRegistrarAccessor registrarAccessor;
-  private Optional<Registrar> registrar;
-  private CertificateChecker certificateChecker;
+  private final AuthenticatedRegistrarAccessor registrarAccessor;
+  private final Optional<Registrar> registrar;
+  private final CertificateChecker certificateChecker;
 
   @Inject
   public SecurityAction(
-      HttpServletRequest req,
       AuthResult authResult,
       Response response,
       Gson gson,
@@ -65,7 +61,6 @@ public class SecurityAction implements JsonGetAction {
       AuthenticatedRegistrarAccessor registrarAccessor,
       @Parameter("registrarId") String registrarId,
       @Parameter("registrar") Optional<Registrar> registrar) {
-    this.req = req;
     this.authResult = authResult;
     this.response = response;
     this.gson = gson;
@@ -77,25 +72,6 @@ public class SecurityAction implements JsonGetAction {
 
   @Override
   public void run() {
-    if (req.getMethod().equals(GET.toString())) {
-      getHandler();
-    } else {
-      postHandler();
-    }
-  }
-
-  private void getHandler() {
-    try {
-      Registrar registrar = registrarAccessor.getRegistrar(registrarId);
-      response.setStatus(HttpStatusCodes.STATUS_CODE_OK);
-      response.setPayload(gson.toJson(registrar));
-    } catch (RegistrarAccessDeniedException e) {
-      response.setStatus(HttpStatusCodes.STATUS_CODE_FORBIDDEN);
-      response.setPayload(e.getMessage());
-    }
-  }
-
-  private void postHandler() {
     User user = authResult.userAuthInfo().get().consoleUser().get();
     if (!user.getUserRoles().hasPermission(registrarId, ConsolePermission.EDIT_REGISTRAR_DETAILS)) {
       response.setStatus(HttpStatusCodes.STATUS_CODE_FORBIDDEN);
@@ -153,17 +129,15 @@ public class SecurityAction implements JsonGetAction {
     registrarParameter
         .getClientCertificate()
         .ifPresent(
-            newClientCert -> {
-              updatedRegistrar.setClientCertificate(newClientCert, tm().getTransactionTime());
-            });
+            newClientCert ->
+                updatedRegistrar.setClientCertificate(newClientCert, tm().getTransactionTime()));
 
     registrarParameter
         .getFailoverClientCertificate()
         .ifPresent(
-            failoverCert -> {
-              updatedRegistrar.setFailoverClientCertificate(
-                  failoverCert, tm().getTransactionTime());
-            });
+            failoverCert ->
+                updatedRegistrar.setFailoverClientCertificate(
+                    failoverCert, tm().getTransactionTime()));
 
     tm().put(updatedRegistrar.build());
     response.setStatus(HttpStatusCodes.STATUS_CODE_OK);

core/src/main/java/google/registry/ui/server/registrar/RegistrarConsoleModule.java

@@ -21,7 +21,7 @@ import static google.registry.request.RequestParameters.extractRequiredParameter
 
 import com.google.common.collect.ImmutableSet;
 import com.google.gson.Gson;
-import com.google.gson.JsonObject;
+import com.google.gson.JsonElement;
 import dagger.Module;
 import dagger.Provides;
 import google.registry.model.registrar.Registrar;
@@ -172,15 +172,8 @@ public final class RegistrarConsoleModule {
   @Provides
   @Parameter("contacts")
   public static Optional<ImmutableSet<RegistrarPoc>> provideContacts(
-      Gson gson, @OptionalJsonPayload Optional<JsonObject> payload) {
-
-    if (payload.isPresent() && payload.get().has("contacts")) {
-      return Optional.of(
-          ImmutableSet.copyOf(
-              gson.fromJson(payload.get().get("contacts").getAsJsonArray(), RegistrarPoc[].class)));
-    }
-
-    return Optional.empty();
+      Gson gson, @OptionalJsonPayload Optional<JsonElement> payload) {
+    return payload.map(s -> ImmutableSet.copyOf(gson.fromJson(s, RegistrarPoc[].class)));
   }
 
   @Provides
@@ -192,11 +185,7 @@ public final class RegistrarConsoleModule {
   @Provides
   @Parameter("registrar")
   public static Optional<Registrar> provideRegistrar(
-      Gson gson, @OptionalJsonPayload Optional<JsonObject> payload) {
-    if (payload.isPresent() && payload.get().has("registrar")) {
-      return Optional.of(gson.fromJson(payload.get().get("registrar"), Registrar.class));
-    }
-
-    return Optional.empty();
+      Gson gson, @OptionalJsonPayload Optional<JsonElement> payload) {
+    return payload.map(s -> gson.fromJson(s, Registrar.class));
   }
 }

core/src/test/java/google/registry/beam/common/DatabaseSnapshotTest.java

@@ -1,174 +0,0 @@
-// Copyright 2021 The Nomulus Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package google.registry.beam.common;
-
-import static google.registry.persistence.transaction.TransactionManagerFactory.tm;
-
-import com.google.common.collect.ImmutableMap;
-import com.google.common.truth.Truth;
-import google.registry.beam.TestPipelineExtension;
-import google.registry.beam.common.RegistryJpaIO.Read;
-import google.registry.model.tld.Tld;
-import google.registry.persistence.NomulusPostgreSql;
-import google.registry.persistence.PersistenceModule;
-import google.registry.persistence.transaction.CriteriaQueryBuilder;
-import google.registry.persistence.transaction.JpaTransactionManager;
-import google.registry.persistence.transaction.JpaTransactionManagerImpl;
-import google.registry.persistence.transaction.TransactionManagerFactory;
-import google.registry.testing.DatabaseHelper;
-import google.registry.testing.FakeClock;
-import javax.persistence.Persistence;
-import org.apache.beam.sdk.coders.SerializableCoder;
-import org.apache.beam.sdk.testing.PAssert;
-import org.apache.beam.sdk.values.PCollection;
-import org.hibernate.cfg.Environment;
-import org.junit.jupiter.api.AfterAll;
-import org.junit.jupiter.api.BeforeAll;
-import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.RegisterExtension;
-import org.testcontainers.containers.PostgreSQLContainer;
-import org.testcontainers.junit.jupiter.Container;
-import org.testcontainers.junit.jupiter.Testcontainers;
-
-/** Unit tests for {@link DatabaseSnapshot}. */
-@Testcontainers
-public class DatabaseSnapshotTest {
-
-  /**
-   * Directly start a PSQL database instead of going through the test extensions.
-   *
-   * <p>For reasons unknown, an EntityManagerFactory created by {@code JpaIntegrationTestExtension}
-   * or {@code JpaUnitTestExtension} enters a bad state after exporting the first snapshot. Starting
-   * with the second attempt, exports alternate between error ("cannot export a snapshot from a
-   * subtransaction") and success. The {@link #createSnapshot_twiceNoRead} test below fails with
-   * either extension. EntityManagerFactory created for production does not have this problem.
-   */
-  @Container
-  private static PostgreSQLContainer sqlContainer =
-      new PostgreSQLContainer<>(NomulusPostgreSql.getDockerTag())
-          .withInitScript("sql/schema/nomulus.golden.sql");
-
-  @RegisterExtension
-  final transient TestPipelineExtension testPipeline =
-      TestPipelineExtension.create().enableAbandonedNodeEnforcement(true);
-
-  static JpaTransactionManager origJpa;
-  static JpaTransactionManager jpa;
-
-  static Tld registry;
-
-  @BeforeAll
-  static void setup() {
-    ImmutableMap<String, String> jpaProperties =
-        new ImmutableMap.Builder<String, String>()
-            .put(Environment.URL, sqlContainer.getJdbcUrl())
-            .put(Environment.USER, sqlContainer.getUsername())
-            .put(Environment.PASS, sqlContainer.getPassword())
-            .putAll(PersistenceModule.provideDefaultDatabaseConfigs())
-            .build();
-    jpa =
-        new JpaTransactionManagerImpl(
-            Persistence.createEntityManagerFactory("nomulus", jpaProperties), new FakeClock());
-    origJpa = tm();
-    TransactionManagerFactory.setJpaTm(() -> jpa);
-
-    Tld tld = DatabaseHelper.newTld("tld", "TLD");
-    tm().transact(() -> tm().put(tld));
-    registry = tm().transact(() -> tm().loadByEntity(tld));
-  }
-
-  @AfterAll
-  static void tearDown() {
-    TransactionManagerFactory.setJpaTm(() -> origJpa);
-
-    if (jpa != null) {
-      jpa.teardown();
-    }
-  }
-
-  @Test
-  void createSnapshot_onceNoRead() {
-    try (DatabaseSnapshot databaseSnapshot = DatabaseSnapshot.createSnapshot()) {}
-  }
-
-  @Test
-  void createSnapshot_twiceNoRead() {
-    try (DatabaseSnapshot databaseSnapshot = DatabaseSnapshot.createSnapshot()) {}
-    try (DatabaseSnapshot databaseSnapshot = DatabaseSnapshot.createSnapshot()) {}
-  }
-
-  @Test
-  void readSnapshot() {
-    try (DatabaseSnapshot databaseSnapshot = DatabaseSnapshot.createSnapshot()) {
-      Tld snapshotRegistry =
-          tm().transact(
-                  () ->
-                      tm().setDatabaseSnapshot(databaseSnapshot.getSnapshotId())
-                          .loadByEntity(registry));
-      Truth.assertThat(snapshotRegistry).isEqualTo(registry);
-    }
-  }
-
-  @Test
-  void readSnapshot_withSubsequentChange() {
-    try (DatabaseSnapshot databaseSnapshot = DatabaseSnapshot.createSnapshot()) {
-      Tld updated =
-          registry
-              .asBuilder()
-              .setCreateBillingCost(registry.getCreateBillingCost().plus(1))
-              .build();
-      tm().transact(() -> tm().put(updated));
-
-      Tld persistedUpdate = tm().transact(() -> tm().loadByEntity(registry));
-      Truth.assertThat(persistedUpdate).isNotEqualTo(registry);
-
-      Tld snapshotRegistry =
-          tm().transact(
-                  () ->
-                      tm().setDatabaseSnapshot(databaseSnapshot.getSnapshotId())
-                          .loadByEntity(registry));
-      Truth.assertThat(snapshotRegistry).isEqualTo(registry);
-    } finally {
-      // Revert change to registry in DB, which is shared by all test methods.
-      tm().transact(() -> tm().put(registry));
-    }
-  }
-
-  @Test
-  void readWithRegistryJpaIO() {
-    try (DatabaseSnapshot databaseSnapshot = DatabaseSnapshot.createSnapshot()) {
-      Tld updated =
-          registry
-              .asBuilder()
-              .setCreateBillingCost(registry.getCreateBillingCost().plus(1))
-              .build();
-      tm().transact(() -> tm().put(updated));
-
-      Read<Tld, Tld> read =
-          RegistryJpaIO.read(() -> CriteriaQueryBuilder.create(Tld.class).build(), x -> x)
-              .withCoder(SerializableCoder.of(Tld.class))
-              .withSnapshot(databaseSnapshot.getSnapshotId());
-      PCollection<Tld> registries = testPipeline.apply(read);
-
-      // This assertion depends on Registry being Serializable, which may change if the
-      // UnsafeSerializable interface is removed after migration.
-      PAssert.that(registries).containsInAnyOrder(registry);
-      testPipeline.run();
-    } finally {
-      // Revert change to registry in DB, which is shared by all test methods.
-      tm().transact(() -> tm().put(registry));
-    }
-  }
-}

core/src/test/java/google/registry/groups/GmailClientTest.java

@@ -19,12 +19,19 @@ import static com.google.common.net.MediaType.PLAIN_TEXT_UTF_8;
 import static com.google.common.truth.Truth.assertThat;
 import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.Mockito.doAnswer;
 import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoInteractions;
 import static org.mockito.Mockito.when;
 
 import com.google.api.client.http.HttpResponseException;
 import com.google.api.services.gmail.Gmail;
+import com.google.api.services.gmail.Gmail.Users;
+import com.google.api.services.gmail.Gmail.Users.Messages;
+import com.google.api.services.gmail.Gmail.Users.Messages.Send;
 import com.google.api.services.gmail.model.Message;
 import google.registry.groups.GmailClient.RetriableGmailExceptionPredicate;
 import google.registry.util.EmailMessage;
@@ -37,7 +44,6 @@ import javax.mail.Part;
 import javax.mail.internet.InternetAddress;
 import javax.mail.internet.MimeMessage;
 import javax.mail.internet.MimeMultipart;
-import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.Mock;
@@ -52,17 +58,45 @@ public class GmailClientTest {
 
   @Mock private Gmail gmail;
   @Mock private HttpResponseException httpResponseException;
-  private GmailClient gmailClient;
 
-  @BeforeEach
-  public void setup() throws Exception {
-    gmailClient =
-        new GmailClient(
-            gmail,
-            new Retrier(new SystemSleeper(), 3),
-            "from@example.com",
-            "My sender",
-            new InternetAddress("replyTo@example.com"));
+  private GmailClient getGmailClient(boolean isExternalEmailAllowed) throws Exception {
+    return new GmailClient(
+        gmail,
+        new Retrier(new SystemSleeper(), 3),
+        isExternalEmailAllowed,
+        "from@example.com",
+        "My sender",
+        new InternetAddress("replyTo@example.com"));
+  }
+
+  @Test
+  public void sendEmail_sentWhenAllowed() throws Exception {
+    EmailMessage message =
+        EmailMessage.create(
+            "subject",
+            "body",
+            new InternetAddress("from@example.com"),
+            new InternetAddress("to@example.com"));
+    Send gSend = mock(Send.class);
+    Messages gMessages = mock(Messages.class);
+    Users gUsers = mock(Users.class);
+    when(gmail.users()).thenReturn(gUsers);
+    when(gUsers.messages()).thenReturn(gMessages);
+    when(gMessages.send(anyString(), any())).thenReturn(gSend);
+    getGmailClient(true).sendEmail(message);
+    verify(gmail, times(1)).users();
+  }
+
+  @Test
+  public void sendEmail_notSentWhenNotAllowed() throws Exception {
+    EmailMessage message =
+        EmailMessage.create(
+            "subject",
+            "body",
+            new InternetAddress("from@example.com"),
+            new InternetAddress("to@example.com"));
+    getGmailClient(false).sendEmail(message);
+    verifyNoInteractions(gmail);
   }
 
   @Test
@@ -86,7 +120,7 @@ public class GmailClientTest {
                     .setContentType(CSV_UTF_8)
                     .build())
             .build();
-    MimeMessage mimeMessage = gmailClient.toMimeMessage(emailMessage);
+    MimeMessage mimeMessage = getGmailClient(true).toMimeMessage(emailMessage);
     assertThat(mimeMessage.getFrom()).asList().containsExactly(fromAddr);
     assertThat(mimeMessage.getRecipients(RecipientType.TO)).asList().containsExactly(toAddr);
     assertThat(mimeMessage.getRecipients(RecipientType.CC)).asList().containsExactly(ccAddr);

core/src/test/java/google/registry/model/tld/TldTest.java

@@ -17,6 +17,7 @@ package google.registry.model.tld;
 import static com.google.common.truth.Truth.assertThat;
 import static com.google.common.truth.Truth.assertWithMessage;
 import static com.google.common.truth.Truth8.assertThat;
+import static google.registry.model.EntityYamlUtils.createObjectMapper;
 import static google.registry.model.ImmutableObjectSubject.assertAboutImmutableObjects;
 import static google.registry.model.domain.token.AllocationToken.TokenType.DEFAULT_PROMO;
 import static google.registry.model.domain.token.AllocationToken.TokenType.SINGLE_USE;
@@ -24,17 +25,16 @@ import static google.registry.model.tld.Tld.TldState.GENERAL_AVAILABILITY;
 import static google.registry.model.tld.Tld.TldState.PREDELEGATION;
 import static google.registry.model.tld.Tld.TldState.QUIET_PERIOD;
 import static google.registry.model.tld.Tld.TldState.START_DATE_SUNRISE;
-import static google.registry.model.tld.TldYamlUtils.getObjectMapper;
 import static google.registry.persistence.transaction.TransactionManagerFactory.tm;
 import static google.registry.testing.DatabaseHelper.createTld;
 import static google.registry.testing.DatabaseHelper.newTld;
 import static google.registry.testing.DatabaseHelper.persistPremiumList;
 import static google.registry.testing.DatabaseHelper.persistReservedList;
 import static google.registry.testing.DatabaseHelper.persistResource;
-import static google.registry.testing.TestDataHelper.filePath;
 import static google.registry.testing.TestDataHelper.loadFile;
 import static google.registry.util.DateTimeUtils.END_OF_TIME;
 import static google.registry.util.DateTimeUtils.START_OF_TIME;
+import static google.registry.util.ResourceUtils.readResourceBytes;
 import static java.math.RoundingMode.UNNECESSARY;
 import static org.joda.money.CurrencyUnit.EUR;
 import static org.joda.money.CurrencyUnit.USD;
@@ -55,7 +55,6 @@ import google.registry.model.tld.label.ReservedList;
 import google.registry.persistence.VKey;
 import google.registry.tldconfig.idn.IdnTableEnum;
 import google.registry.util.SerializeUtils;
-import java.io.File;
 import java.math.BigDecimal;
 import java.util.Optional;
 import org.joda.money.Money;
@@ -130,7 +129,7 @@ public final class TldTest extends EntityTestCase {
             .setIdnTables(ImmutableSet.of(IdnTableEnum.JA, IdnTableEnum.EXTENDED_LATIN))
             .build();
 
-    ObjectMapper mapper = getObjectMapper();
+    ObjectMapper mapper = createObjectMapper();
     String yaml = mapper.writeValueAsString(existingTld);
     assertThat(yaml).isEqualTo(loadFile(getClass(), "tld.yaml"));
   }
@@ -163,15 +162,16 @@ public final class TldTest extends EntityTestCase {
             .setIdnTables(ImmutableSet.of(IdnTableEnum.JA, IdnTableEnum.EXTENDED_LATIN))
             .build();
 
-    ObjectMapper mapper = getObjectMapper();
-    Tld constructedTld = mapper.readValue(new File(filePath(getClass(), "tld.yaml")), Tld.class);
+    ObjectMapper mapper = createObjectMapper();
+    Tld constructedTld =
+        mapper.readValue(readResourceBytes(getClass(), "tld.yaml").openBufferedStream(), Tld.class);
     compareTlds(existingTld, constructedTld);
   }
 
   @Test
   void testSuccess_tldYamlRoundtrip() throws Exception {
     Tld testTld = createTld("test");
-    ObjectMapper mapper = getObjectMapper();
+    ObjectMapper mapper = createObjectMapper();
     String yaml = mapper.writeValueAsString(testTld);
     Tld constructedTld = mapper.readValue(yaml, Tld.class);
     compareTlds(testTld, constructedTld);

core/src/test/java/google/registry/persistence/transaction/ReplicaSimulatingJpaTransactionManager.java

@@ -59,11 +59,6 @@ public class ReplicaSimulatingJpaTransactionManager implements JpaTransactionMan
     return delegate.getEntityManager();
   }
 
-  @Override
-  public JpaTransactionManager setDatabaseSnapshot(String snapshotId) {
-    return delegate.setDatabaseSnapshot(snapshotId);
-  }
-
   @Override
   public <T> TypedQuery<T> query(String sqlString, Class<T> resultClass) {
     return delegate.query(sqlString, resultClass);

core/src/test/java/google/registry/reporting/spec11/GenerateSpec11ReportActionTest.java

@@ -93,7 +93,8 @@ class GenerateSpec11ReportActionTest extends BeamActionTestBase {
             .scheduleTime(
                 clock
                     .nowUtc()
-                    .plus(Duration.standardMinutes(ReportingModule.ENQUEUE_DELAY_MINUTES))));
+                    // TODO(b/296582836): mitigating retry problem. Remove `+10` when bug is fixed.
+                    .plus(Duration.standardMinutes(ReportingModule.ENQUEUE_DELAY_MINUTES + 10))));
   }
 
   @Test

core/src/test/java/google/registry/reporting/spec11/Spec11EmailUtilsTest.java

@@ -27,14 +27,13 @@ import static google.registry.testing.DatabaseHelper.persistActiveHost;
 import static google.registry.testing.DatabaseHelper.persistResource;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.mockito.Mockito.doThrow;
-import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableSet;
 import com.google.common.net.MediaType;
+import google.registry.groups.GmailClient;
 import google.registry.model.domain.Domain;
 import google.registry.model.host.Host;
 import google.registry.persistence.transaction.JpaTestExtensions;
@@ -42,7 +41,6 @@ import google.registry.persistence.transaction.JpaTestExtensions.JpaIntegrationT
 import google.registry.reporting.spec11.soy.Spec11EmailSoyInfo;
 import google.registry.testing.DatabaseHelper;
 import google.registry.util.EmailMessage;
-import google.registry.util.SendEmailService;
 import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Optional;
@@ -51,10 +49,14 @@ import javax.mail.internet.InternetAddress;
 import org.joda.time.LocalDate;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.api.extension.RegisterExtension;
 import org.mockito.ArgumentCaptor;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
 
 /** Unit tests for {@link Spec11EmailUtils}. */
+@ExtendWith(MockitoExtension.class)
 class Spec11EmailUtilsTest {
 
   private static final ImmutableList<String> FAKE_RESOURCES = ImmutableList.of("foo");
@@ -98,9 +100,8 @@ class Spec11EmailUtilsTest {
   final JpaIntegrationTestExtension jpa =
       new JpaTestExtensions.Builder().buildIntegrationTestExtension();
 
-  private SendEmailService emailService;
+  @Mock private GmailClient gmailClient;
   private Spec11EmailUtils emailUtils;
-  private Spec11RegistrarThreatMatchesParser parser;
   private ArgumentCaptor<EmailMessage> contentCaptor;
   private final LocalDate date = new LocalDate(2018, 7, 15);
 
@@ -109,13 +110,10 @@ class Spec11EmailUtilsTest {
 
   @BeforeEach
   void beforeEach() throws Exception {
-    emailService = mock(SendEmailService.class);
-    parser = mock(Spec11RegistrarThreatMatchesParser.class);
-    when(parser.getRegistrarThreatMatches(date)).thenReturn(sampleThreatMatches());
     contentCaptor = ArgumentCaptor.forClass(EmailMessage.class);
     emailUtils =
         new Spec11EmailUtils(
-            emailService,
+            gmailClient,
             new InternetAddress("my-receiver@test.com"),
             new InternetAddress("abuse@test.com"),
             ImmutableList.of(
@@ -138,7 +136,7 @@ class Spec11EmailUtilsTest {
         "Super Cool Registry Monthly Threat Detector [2018-07-15]",
         sampleThreatMatches());
     // We inspect individual parameters because Message doesn't implement equals().
-    verify(emailService, times(3)).sendEmail(contentCaptor.capture());
+    verify(gmailClient, times(3)).sendEmail(contentCaptor.capture());
     List<EmailMessage> capturedContents = contentCaptor.getAllValues();
     validateMessage(
         capturedContents.get(0),
@@ -176,7 +174,7 @@ class Spec11EmailUtilsTest {
         "Super Cool Registry Daily Threat Detector [2018-07-15]",
         sampleThreatMatches());
     // We inspect individual parameters because Message doesn't implement equals().
-    verify(emailService, times(3)).sendEmail(contentCaptor.capture());
+    verify(gmailClient, times(3)).sendEmail(contentCaptor.capture());
     List<EmailMessage> capturedMessages = contentCaptor.getAllValues();
     validateMessage(
         capturedMessages.get(0),
@@ -217,7 +215,7 @@ class Spec11EmailUtilsTest {
         "Super Cool Registry Monthly Threat Detector [2018-07-15]",
         sampleThreatMatches());
     // We inspect individual parameters because Message doesn't implement equals().
-    verify(emailService, times(2)).sendEmail(contentCaptor.capture());
+    verify(gmailClient, times(2)).sendEmail(contentCaptor.capture());
     List<EmailMessage> capturedContents = contentCaptor.getAllValues();
     validateMessage(
         capturedContents.get(0),
@@ -250,7 +248,7 @@ class Spec11EmailUtilsTest {
         "Super Cool Registry Monthly Threat Detector [2018-07-15]",
         sampleThreatMatches());
     // We inspect individual parameters because Message doesn't implement equals().
-    verify(emailService, times(3)).sendEmail(contentCaptor.capture());
+    verify(gmailClient, times(3)).sendEmail(contentCaptor.capture());
     List<EmailMessage> capturedContents = contentCaptor.getAllValues();
     validateMessage(
         capturedContents.get(0),
@@ -289,7 +287,7 @@ class Spec11EmailUtilsTest {
     doThrow(new RuntimeException(new MessagingException("expected")))
         .doNothing()
         .doNothing()
-        .when(emailService)
+        .when(gmailClient)
         .sendEmail(contentCaptor.capture());
     RuntimeException thrown =
         assertThrows(
@@ -305,7 +303,7 @@ class Spec11EmailUtilsTest {
         .isEqualTo("Emailing Spec11 reports failed, first exception:");
     assertThat(thrown).hasCauseThat().hasMessageThat().isEqualTo("expected");
     // Verify we sent an e-mail alert
-    verify(emailService, times(3)).sendEmail(contentCaptor.capture());
+    verify(gmailClient, times(3)).sendEmail(contentCaptor.capture());
     List<EmailMessage> capturedMessages = contentCaptor.getAllValues();
     validateMessage(
         capturedMessages.get(0),
@@ -338,7 +336,7 @@ class Spec11EmailUtilsTest {
   @Test
   void testSuccess_sendAlertEmail() throws Exception {
     emailUtils.sendAlertEmail("Spec11 Pipeline Alert: 2018-07", "Alert!");
-    verify(emailService).sendEmail(contentCaptor.capture());
+    verify(gmailClient).sendEmail(contentCaptor.capture());
     validateMessage(
         contentCaptor.getValue(),
         "abuse@test.com",
@@ -363,7 +361,7 @@ class Spec11EmailUtilsTest {
         Spec11EmailSoyInfo.MONTHLY_SPEC_11_EMAIL,
         "Super Cool Registry Monthly Threat Detector [2018-07-15]",
         sampleThreatMatches());
-    verify(emailService, times(3)).sendEmail(contentCaptor.capture());
+    verify(gmailClient, times(3)).sendEmail(contentCaptor.capture());
     assertThat(contentCaptor.getAllValues().get(0).recipients())
         .containsExactly(new InternetAddress("johndoe@theregistrar.com"));
   }

core/src/test/java/google/registry/tools/CommandTestCase.java

@@ -80,11 +80,12 @@ public abstract class CommandTestCase<C extends Command> {
     RegistryToolEnvironment.UNITTEST.setup(systemPropertyExtension);
     command = newCommandInstance();
 
-    // Capture standard output/error.
+    // Capture standard output/error. Use a single-byte encoding to emulate platforms where default
+    // charset is not UTF_8.
     oldStdout = System.out;
-    System.setOut(new PrintStream(new OutputSplitter(System.out, stdout)));
+    System.setOut(new PrintStream(new OutputSplitter(System.out, stdout), false, "US-ASCII"));
     oldStderr = System.err;
-    System.setErr(new PrintStream(new OutputSplitter(System.err, stderr)));
+    System.setErr(new PrintStream(new OutputSplitter(System.err, stderr), false, "US-ASCII"));
   }
 
   @AfterEach

core/src/test/java/google/registry/tools/GetTldCommandTest.java

@@ -16,18 +16,27 @@ package google.registry.tools;
 
 import static google.registry.testing.DatabaseHelper.createTld;
 import static google.registry.testing.DatabaseHelper.createTlds;
+import static google.registry.testing.TestDataHelper.loadFile;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 
 import com.beust.jcommander.ParameterException;
+import google.registry.model.EntityYamlUtils;
+import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 
 /** Unit tests for {@link GetTldCommand}. */
 class GetTldCommandTest extends CommandTestCase<GetTldCommand> {
 
+  @BeforeEach
+  void beforeEach() {
+    command.objectMapper = EntityYamlUtils.createObjectMapper();
+  }
+
   @Test
   void testSuccess() throws Exception {
     createTld("xn--q9jyb4c");
     runCommand("xn--q9jyb4c");
+    assertInStdout(loadFile(getClass(), "tld.yaml"));
   }
 
   @Test

core/src/test/java/google/registry/ui/server/console/ConsoleDomainGetActionTest.java

@@ -25,12 +25,12 @@ import google.registry.model.console.RegistrarRole;
 import google.registry.model.console.User;
 import google.registry.model.console.UserRoles;
 import google.registry.persistence.transaction.JpaTestExtensions;
+import google.registry.request.RequestModule;
 import google.registry.request.auth.AuthResult;
 import google.registry.request.auth.AuthSettings.AuthLevel;
 import google.registry.request.auth.UserAuthInfo;
 import google.registry.testing.DatabaseHelper;
 import google.registry.testing.FakeResponse;
-import google.registry.util.UtilsModule;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.RegisterExtension;
@@ -38,7 +38,7 @@ import org.junit.jupiter.api.extension.RegisterExtension;
 /** Tests for {@link google.registry.ui.server.console.ConsoleDomainGetAction}. */
 public class ConsoleDomainGetActionTest {
 
-  private static final Gson GSON = UtilsModule.provideGson();
+  private static final Gson GSON = RequestModule.provideGson();
   private static final FakeResponse RESPONSE = new FakeResponse();
 
   @RegisterExtension

core/src/test/java/google/registry/ui/server/console/RegistrarsActionTest.java

@@ -15,11 +15,17 @@
 package google.registry.ui.server.console;
 
 import static com.google.common.truth.Truth.assertThat;
+import static google.registry.testing.DatabaseHelper.loadAllOf;
+import static google.registry.testing.DatabaseHelper.loadRegistrar;
 import static google.registry.testing.DatabaseHelper.persistNewRegistrar;
 import static google.registry.testing.DatabaseHelper.persistResource;
 import static google.registry.testing.SqlHelper.saveRegistrar;
+import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
 
 import com.google.api.client.http.HttpStatusCodes;
+import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import com.google.gson.Gson;
 import google.registry.model.console.GlobalRole;
@@ -27,21 +33,69 @@ import google.registry.model.console.RegistrarRole;
 import google.registry.model.console.User;
 import google.registry.model.console.UserRoles;
 import google.registry.model.registrar.Registrar;
+import google.registry.model.registrar.RegistrarPoc;
 import google.registry.persistence.transaction.JpaTestExtensions;
+import google.registry.request.Action;
+import google.registry.request.RequestModule;
 import google.registry.request.auth.AuthResult;
 import google.registry.request.auth.AuthSettings.AuthLevel;
 import google.registry.request.auth.UserAuthInfo;
+import google.registry.testing.DeterministicStringGenerator;
 import google.registry.testing.FakeResponse;
-import google.registry.util.UtilsModule;
+import google.registry.ui.server.registrar.RegistrarConsoleModule;
+import google.registry.util.StringGenerator;
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.StringReader;
+import java.util.Map;
+import java.util.Optional;
+import java.util.stream.Collectors;
+import javax.servlet.http.HttpServletRequest;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.RegisterExtension;
 
 /** Tests for {@link google.registry.ui.server.console.RegistrarsAction}. */
 class RegistrarsActionTest {
 
-  private static final Gson GSON = UtilsModule.provideGson();
+  private final HttpServletRequest request = mock(HttpServletRequest.class);
+  private static final Gson GSON = RequestModule.provideGson();
   private FakeResponse response;
 
+  private StringGenerator passwordGenerator =
+      new DeterministicStringGenerator("abcdefghijklmnopqrstuvwxyz");
+  private StringGenerator passcodeGenerator = new DeterministicStringGenerator("314159265");
+
+  private ImmutableMap<String, String> userFriendlyKeysToRegistrarKeys =
+      ImmutableMap.of(
+          "registrarId", "registrarId",
+          "registrarName", "name",
+          "billingAccountMap", "billingAccount",
+          "ianaIdentifier", "ianaId",
+          "icannReferralEmail", "referralEmail",
+          "driveFolderId", "driveId",
+          "emailAddress", "consoleUserEmail",
+          "localizedAddress", "address");
+
+  private ImmutableMap<String, String> registrarParamMap =
+      ImmutableMap.of(
+          "registrarId",
+          "regIdTest",
+          "registrarName",
+          "name",
+          "billingAccountMap",
+          "{\"USD\": \"789\"}",
+          "ianaIdentifier",
+          "123",
+          "icannReferralEmail",
+          "cannReferralEmail@gmail.com",
+          "driveFolderId",
+          "testDriveId",
+          "emailAddress",
+          "testEmailAddress@gmail.com",
+          "localizedAddress",
+          "{ \"street\": [\"test street\"], \"city\": \"test city\", \"state\": \"test state\","
+              + " \"zip\": \"00700\", \"countryCode\": \"US\" }");
+
   @RegisterExtension
   final JpaTestExtensions.JpaIntegrationTestExtension jpa =
       new JpaTestExtensions.Builder().buildIntegrationTestExtension();
@@ -53,6 +107,7 @@ class RegistrarsActionTest {
     persistResource(registrar);
     RegistrarsAction action =
         createAction(
+            Action.Method.GET,
             AuthResult.create(
                 AuthLevel.USER,
                 UserAuthInfo.create(
@@ -60,22 +115,98 @@ class RegistrarsActionTest {
                         new UserRoles.Builder().setGlobalRole(GlobalRole.SUPPORT_LEAD).build()))));
     action.run();
     assertThat(response.getStatus()).isEqualTo(HttpStatusCodes.STATUS_CODE_OK);
-    assertThat(response.getPayload()).isEqualTo("[\"NewRegistrar\",\"TheRegistrar\"]");
+    String payload = response.getPayload();
+    assertThat(
+            ImmutableList.of("\"registrarId\":\"NewRegistrar\"", "\"registrarId\":\"TheRegistrar\"")
+                .stream()
+                .allMatch(s -> payload.contains(s)))
+        .isTrue();
   }
 
   @Test
-  void testSuccess_getRegistrarIds() {
+  void testSuccess_getRegistrars() {
     saveRegistrar("registrarId");
     RegistrarsAction action =
         createAction(
+            Action.Method.GET,
             AuthResult.create(
                 AuthLevel.USER,
                 UserAuthInfo.create(
                     createUser(new UserRoles.Builder().setGlobalRole(GlobalRole.FTE).build()))));
     action.run();
     assertThat(response.getStatus()).isEqualTo(HttpStatusCodes.STATUS_CODE_OK);
+    String payload = response.getPayload();
+    assertThat(
+            ImmutableList.of(
+                    "\"registrarId\":\"NewRegistrar\"",
+                    "\"registrarId\":\"TheRegistrar\"",
+                    "\"registrarId\":\"registrarId\"")
+                .stream()
+                .allMatch(s -> payload.contains(s)))
+        .isTrue();
+  }
+
+  @Test
+  void testSuccess_createRegistrar() {
+    RegistrarsAction action =
+        createAction(
+            Action.Method.POST,
+            AuthResult.create(
+                AuthLevel.USER,
+                UserAuthInfo.create(createUser(new UserRoles.Builder().setIsAdmin(true).build()))));
+    action.run();
+    assertThat(response.getStatus()).isEqualTo(HttpStatusCodes.STATUS_CODE_OK);
+    Registrar r = loadRegistrar("regIdTest");
+    assertThat(r).isNotNull();
+    assertThat(
+            loadAllOf(RegistrarPoc.class).stream()
+                .filter(rPOC -> rPOC.getEmailAddress().equals("testEmailAddress@gmail.com"))
+                .findAny()
+                .isPresent())
+        .isTrue();
+  }
+
+  @Test
+  void testFailure_createRegistrar_missingValue() {
+    ImmutableMap<String, String> copy = ImmutableMap.copyOf(registrarParamMap);
+    copy.keySet()
+        .forEach(
+            key -> {
+              registrarParamMap =
+                  ImmutableMap.copyOf(
+                      copy.entrySet().stream()
+                          .filter(entry -> !entry.getKey().equals(key))
+                          .collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue)));
+              RegistrarsAction action =
+                  createAction(
+                      Action.Method.POST,
+                      AuthResult.create(
+                          AuthLevel.USER,
+                          UserAuthInfo.create(
+                              createUser(new UserRoles.Builder().setIsAdmin(true).build()))));
+              action.run();
+              assertThat(response.getStatus()).isEqualTo(HttpStatusCodes.STATUS_CODE_BAD_REQUEST);
+              assertThat(response.getPayload())
+                  .isEqualTo(
+                      GSON.toJson(
+                          String.format(
+                              "Missing value for %s", userFriendlyKeysToRegistrarKeys.get(key))));
+            });
+  }
+
+  @Test
+  void testFailure_createRegistrar_existingRegistrar() {
+    saveRegistrar("regIdTest");
+    RegistrarsAction action =
+        createAction(
+            Action.Method.POST,
+            AuthResult.create(
+                AuthLevel.USER,
+                UserAuthInfo.create(createUser(new UserRoles.Builder().setIsAdmin(true).build()))));
+    action.run();
+    assertThat(response.getStatus()).isEqualTo(HttpStatusCodes.STATUS_CODE_BAD_REQUEST);
     assertThat(response.getPayload())
-        .isEqualTo("[\"NewRegistrar\",\"TheRegistrar\",\"registrarId\"]");
+        .isEqualTo(GSON.toJson("Registrar with registrarId regIdTest already exists"));
   }
 
   @Test
@@ -83,6 +214,7 @@ class RegistrarsActionTest {
     saveRegistrar("registrarId");
     RegistrarsAction action =
         createAction(
+            Action.Method.GET,
             AuthResult.create(
                 AuthLevel.USER,
                 UserAuthInfo.create(
@@ -105,8 +237,44 @@ class RegistrarsActionTest {
         .build();
   }
 
-  private RegistrarsAction createAction(AuthResult authResult) {
+  private RegistrarsAction createAction(Action.Method method, AuthResult authResult) {
     response = new FakeResponse();
-    return new RegistrarsAction(authResult, response, GSON);
+    when(request.getMethod()).thenReturn(method.toString());
+    if (method.equals(Action.Method.GET)) {
+      return new RegistrarsAction(
+          request,
+          authResult,
+          response,
+          GSON,
+          Optional.ofNullable(null),
+          passwordGenerator,
+          passcodeGenerator);
+    } else {
+      try {
+        doReturn(new BufferedReader(new StringReader(registrarParamMap.toString())))
+            .when(request)
+            .getReader();
+      } catch (IOException e) {
+        return new RegistrarsAction(
+            request,
+            authResult,
+            response,
+            GSON,
+            Optional.ofNullable(null),
+            passwordGenerator,
+            passcodeGenerator);
+      }
+      Optional<Registrar> maybeRegistrar =
+          RegistrarConsoleModule.provideRegistrar(
+              GSON, RequestModule.provideJsonBody(request, GSON));
+      return new RegistrarsAction(
+          request,
+          authResult,
+          response,
+          GSON,
+          maybeRegistrar,
+          passwordGenerator,
+          passcodeGenerator);
+    }
   }
 }

core/src/test/java/google/registry/ui/server/console/settings/ContactActionTest.java

@@ -41,7 +41,6 @@ import google.registry.request.auth.AuthSettings.AuthLevel;
 import google.registry.request.auth.UserAuthInfo;
 import google.registry.testing.FakeResponse;
 import google.registry.ui.server.registrar.RegistrarConsoleModule;
-import google.registry.util.UtilsModule;
 import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.StringReader;
@@ -73,7 +72,7 @@ class ContactActionTest {
   private Registrar testRegistrar;
   private final HttpServletRequest request = mock(HttpServletRequest.class);
   private RegistrarPoc testRegistrarPoc;
-  private static final Gson GSON = UtilsModule.provideGson();
+  private static final Gson GSON = RequestModule.provideGson();
   private FakeResponse response;
 
   @RegisterExtension
@@ -239,8 +238,7 @@ class ContactActionTest {
     if (method.equals(Action.Method.GET)) {
       return new ContactAction(request, authResult, response, GSON, registrarId, Optional.empty());
     } else {
-      when(request.getReader())
-          .thenReturn(new BufferedReader(new StringReader("{\"contacts\":" + contacts + "}")));
+      when(request.getReader()).thenReturn(new BufferedReader(new StringReader(contacts)));
       Optional<ImmutableSet<RegistrarPoc>> maybeContacts =
           RegistrarConsoleModule.provideContacts(
               GSON, RequestModule.provideJsonBody(request, GSON));

core/src/test/java/google/registry/ui/server/console/settings/SecurityActionTest.java

@@ -15,21 +15,17 @@
 package google.registry.ui.server.console.settings;
 
 import static com.google.common.truth.Truth.assertThat;
-import static google.registry.testing.CertificateSamples.SAMPLE_CERT;
 import static google.registry.testing.CertificateSamples.SAMPLE_CERT2;
 import static google.registry.testing.DatabaseHelper.loadRegistrar;
-import static google.registry.testing.DatabaseHelper.persistResource;
 import static google.registry.testing.SqlHelper.saveRegistrar;
 import static google.registry.util.DateTimeUtils.START_OF_TIME;
 import static org.mockito.Mockito.doReturn;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
 
 import com.google.api.client.http.HttpStatusCodes;
 import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.ImmutableSetMultimap;
 import com.google.common.collect.ImmutableSortedMap;
-import com.google.common.net.InetAddresses;
 import com.google.gson.Gson;
 import google.registry.flows.certs.CertificateChecker;
 import google.registry.model.console.GlobalRole;
@@ -37,7 +33,6 @@ import google.registry.model.console.User;
 import google.registry.model.console.UserRoles;
 import google.registry.model.registrar.Registrar;
 import google.registry.persistence.transaction.JpaTestExtensions;
-import google.registry.request.Action;
 import google.registry.request.RequestModule;
 import google.registry.request.auth.AuthResult;
 import google.registry.request.auth.AuthSettings.AuthLevel;
@@ -46,8 +41,6 @@ import google.registry.request.auth.UserAuthInfo;
 import google.registry.testing.FakeClock;
 import google.registry.testing.FakeResponse;
 import google.registry.ui.server.registrar.RegistrarConsoleModule;
-import google.registry.util.CidrAddressBlock;
-import google.registry.util.UtilsModule;
 import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.StringReader;
@@ -66,7 +59,7 @@ class SecurityActionTest {
           "{\"registrarId\": \"registrarId\", \"clientCertificate\": \"%s\","
               + " \"ipAddressAllowList\": [\"192.168.1.1/32\"]}",
           SAMPLE_CERT2);
-  private static final Gson GSON = UtilsModule.provideGson();
+  private static final Gson GSON = RequestModule.provideGson();
   private final HttpServletRequest request = mock(HttpServletRequest.class);
   private final FakeClock clock = new FakeClock();
   private Registrar testRegistrar;
@@ -94,39 +87,11 @@ class SecurityActionTest {
     testRegistrar = saveRegistrar("registrarId");
   }
 
-  @Test
-  void testSuccess_getRegistrarInfo() throws IOException {
-    persistResource(
-        testRegistrar
-            .asBuilder()
-            .setClientCertificate(SAMPLE_CERT, clock.nowUtc())
-            .setIpAddressAllowList(
-                ImmutableSet.of(
-                    CidrAddressBlock.create(InetAddresses.forString("192.168.1.1"), 32),
-                    CidrAddressBlock.create(InetAddresses.forString("2001:db8::1"), 128)))
-            .build());
-    SecurityAction action =
-        createAction(
-            Action.Method.GET,
-            AuthResult.create(
-                AuthLevel.USER,
-                UserAuthInfo.create(
-                    createUser(new UserRoles.Builder().setGlobalRole(GlobalRole.FTE).build()))),
-            testRegistrar.getRegistrarId());
-    action.run();
-    assertThat(response.getStatus()).isEqualTo(HttpStatusCodes.STATUS_CODE_OK);
-    String payload = response.getPayload().replace("\\n", "").replace("\\u003d", "=");
-    assertThat(payload).contains(SAMPLE_CERT.replace("\n", ""));
-    assertThat(payload).contains("192.168.1.1/32");
-    assertThat(payload).contains("2001:db8:0:0:0:0:0:1/128");
-  }
-
   @Test
   void testSuccess_postRegistrarInfo() throws IOException {
     clock.setTo(DateTime.parse("2020-11-01T00:00:00Z"));
     SecurityAction action =
         createAction(
-            Action.Method.POST,
             AuthResult.create(
                 AuthLevel.USER,
                 UserAuthInfo.create(
@@ -149,28 +114,12 @@ class SecurityActionTest {
         .build();
   }
 
-  private SecurityAction createAction(
-      Action.Method method, AuthResult authResult, String registrarId) throws IOException {
-    when(request.getMethod()).thenReturn(method.toString());
-    if (method.equals(Action.Method.GET)) {
+  private SecurityAction createAction(AuthResult authResult, String registrarId)
+      throws IOException {
+    doReturn(new BufferedReader(new StringReader(jsonRegistrar1))).when(request).getReader();
+    Optional<Registrar> maybeRegistrar =
+        RegistrarConsoleModule.provideRegistrar(GSON, RequestModule.provideJsonBody(request, GSON));
       return new SecurityAction(
-          request,
-          authResult,
-          response,
-          GSON,
-          certificateChecker,
-          registrarAccessor,
-          registrarId,
-          Optional.empty());
-    } else {
-      doReturn(new BufferedReader(new StringReader("{\"registrar\":" + jsonRegistrar1 + "}")))
-          .when(request)
-          .getReader();
-      Optional<Registrar> maybeRegistrar =
-          RegistrarConsoleModule.provideRegistrar(
-              GSON, RequestModule.provideJsonBody(request, GSON));
-      return new SecurityAction(
-          request,
           authResult,
           response,
           GSON,
@@ -178,6 +127,6 @@ class SecurityActionTest {
           registrarAccessor,
           registrarId,
           maybeRegistrar);
-    }
+
   }
 }

core/src/test/resources/google/registry/module/frontend/frontend_routing.txt

@@ -1,9 +1,9 @@
 PATH                           CLASS                         METHODS  OK AUTH_METHODS MIN  USER_POLICY
 /_dr/epp                       EppTlsAction                  POST     n  API          APP  PUBLIC
 /console-api/domain            ConsoleDomainGetAction        GET      n  API,LEGACY   USER PUBLIC
-/console-api/registrars        RegistrarsAction              GET      n  API,LEGACY   USER PUBLIC
+/console-api/registrars        RegistrarsAction              GET,POST n  API,LEGACY   USER PUBLIC
 /console-api/settings/contacts ContactAction                 GET,POST n  API,LEGACY   USER PUBLIC
-/console-api/settings/security SecurityAction                GET,POST n  API,LEGACY   USER PUBLIC
+/console-api/settings/security SecurityAction                POST     n  API,LEGACY   USER PUBLIC
 /registrar                     ConsoleUiAction               GET      n  API,LEGACY   NONE PUBLIC
 /registrar-create              ConsoleRegistrarCreatorAction POST,GET n  API,LEGACY   NONE PUBLIC
 /registrar-ote-setup           ConsoleOteSetupAction         POST,GET n  API,LEGACY   NONE PUBLIC

core/src/test/resources/google/registry/tools/tld.yaml

@@ -0,0 +1,55 @@
+tldStr: "xn--q9jyb4c"
+roidSuffix: "Q9JYB4C"
+pricingEngineClassName: "google.registry.model.pricing.StaticPremiumListPricingEngine"
+dnsWriters:
+- "VoidDnsWriter"
+numDnsPublishLocks: 1
+dnsAPlusAaaaTtl: null
+dnsNsTtl: null
+dnsDsTtl: null
+tldUnicode: "みんな"
+driveFolderId: null
+tldType: "REAL"
+invoicingEnabled: false
+tldStateTransitions:
+  "1970-01-01T00:00:00.000Z": "GENERAL_AVAILABILITY"
+creationTime: "2022-09-01T00:00:00.000Z"
+reservedListNames: []
+premiumListName: "xn--q9jyb4c"
+escrowEnabled: false
+dnsPaused: false
+addGracePeriodLength: 432000000
+anchorTenantAddGracePeriodLength: 2592000000
+autoRenewGracePeriodLength: 3888000000
+redemptionGracePeriodLength: 2592000000
+renewGracePeriodLength: 432000000
+transferGracePeriodLength: 432000000
+automaticTransferLength: 432000000
+pendingDeleteLength: 432000000
+currency: "USD"
+createBillingCost:
+  currency: "USD"
+  amount: 13.00
+restoreBillingCost:
+  currency: "USD"
+  amount: 17.00
+serverStatusChangeBillingCost:
+  currency: "USD"
+  amount: 19.00
+registryLockOrUnlockBillingCost:
+  currency: "USD"
+  amount: 0.00
+renewBillingCostTransitions:
+  "1970-01-01T00:00:00.000Z":
+    currency: "USD"
+    amount: 11.00
+lordnUsername: null
+claimsPeriodEnd: "294247-01-10T04:00:54.775Z"
+allowedRegistrantContactIds: []
+allowedFullyQualifiedHostNames: []
+defaultPromoTokens: []
+idnTables: []
+eapFeeSchedule:
+  "1970-01-01T00:00:00.000Z":
+    currency: "USD"
+    amount: 0.00

integration/build.gradle

@@ -77,6 +77,10 @@ task extractSqlIntegrationTestSuite (type: Copy) {
   }
   into unpackedTestDir
   includeEmptyDirs = false
+
+  if (nomulus_version == USE_LOCAL) {
+    dependsOn ':core:testUberJar'
+  }
 }
 
 // TODO(weiminyu): inherit from FilteringTest (defined in :core).

release/cloudbuild-delete.yaml

@@ -1,8 +1,3 @@
-# To run the build locally, install cloud-build-local first.
-# Then run:
-# cloud-build-local --config=cloudbuild-delete.yaml --dryrun=false \
-# --substitutions=TAG_NAME=[TAG],_ENV=[ENV] ..
-#
 # This will delete all stopped GAE versions (save 3) as there is a limit on how
 # many versions can exist in a project.
 #

release/cloudbuild-deploy.yaml

@@ -1,10 +1,3 @@
-# To run the build locally, install cloud-build-local first.
-# Then run:
-# cloud-build-local --config=cloudbuild-deploy.yaml --dryrun=false \
-# --substitutions=TAG_NAME=[TAG],_ENV=[ENV] ..
-#
-# This will deploy the GAE config files and save the deployed tags in GCS.
-#
 # To manually trigger a build on GCB, run:
 # gcloud builds submit --config=cloudbuild-deploy.yaml \
 # --substitutions=TAG_NAME=[TAG],_ENV=[ENV] ..

release/cloudbuild-dev-resource.yaml

@@ -1,8 +1,3 @@
-# To run the build locally, install cloud-build-local first.
-# See: https://cloud.google.com/cloud-build/docs/build-debug-locally
-# In the root of a nomulus source tree, run:
-# cloud-build-local --config=cloudbuild-dev-resource.yaml --dryrun=false ..
-#
 # This will compile javadoc for the FOSS version of the code base and replace
 # the content at gs://${PROJECT_ID}-javadoc with the it. The compiled javadoc
 # can then be accesssed at https://storage.googleapis.com/${PROJECT_ID}-javadoc

release/cloudbuild-kythe.yaml

@@ -1,8 +1,3 @@
-# To run the build locally, install cloud-build-local first.
-# See: https://cloud.google.com/cloud-build/docs/build-debug-locally
-# In the root of a nomulus source tree, run:
-# cloud-build-local --config=cloudbuild-kythe.yaml --dryrun=false \
-#   --substitutions _KYTHE_VERSION=[kythe_version],COMMIT_SHA=[hash] ..
 # This will download kythe version ${kythe_version} (must be higher than
 # v0.0.39 and build a ${hash}.kzip file for Kythe to enable cross referencing.
 #

release/cloudbuild-nomulus.yaml

@@ -1,15 +1,3 @@
-# To run the build locally, install cloud-build-local first.
-# See: https://cloud.google.com/cloud-build/docs/build-debug-locally
-# You will need access to a private registry, so be sure to install the docker
-# credential helper.
-# Then, in the root of a nomulus source tree, run:
-# cloud-build-local --config=cloudbuild-nomulus.yaml --dryrun=false \
-#   --substitutions TAG_NAME=[TAG] ..
-# This will build the contents of the current directory and generate the
-# nomulus war-files locally.
-# The PROJECT_ID is the current project name that gcloud uses.
-# You can add "--push true" to have the image pushed to GCR.
-#
 # To manually trigger a build on GCB, run:
 # gcloud builds submit --config cloudbuild-nomulus.yaml --substitutions TAG_NAME=[TAG] ..
 #

release/cloudbuild-proxy.yaml

@@ -1,9 +1,3 @@
-# To run the build locally, install cloud-build-local first.
-# You will need access to a private registry, so be sure to install the docker
-# credential helper.
-# See: https://cloud.google.com/cloud-build/docs/build-debug-locally
-# Then run:
-# cloud-build-local --config=cloudbuild-proxy.yaml --dryrun=false --substitutions TAG_NAME=[TAG] ..
 # This will create a docker image named gcr.io/[PROJECT_ID]/proxy:[TAG] locally.
 # The PROJECT_ID is the current project name that gcloud uses.
 #

release/cloudbuild-release.yaml

@@ -1,11 +1,3 @@
-# To run the build locally, install cloud-build-local first.
-# You will need access to a private registry, so be sure to install the docker
-# credential helper.
-# See: https://cloud.google.com/cloud-build/docs/build-debug-locally
-# Then run:
-# cloud-build-local --config=cloudbuild-release.yaml --dryrun=false \
-#   --substitutions TAG_NAME=[TAG],_INTERNAL_REPO_URL=[URL] ..
-#
 # To manually trigger a build on GCB, run:
 # gcloud builds submit --config cloudbuild-release.yaml --substitutions \
 #   TAG_NAME=[TAG],_INTERNAL_REPO_URL=[URL] ..

release/cloudbuild-renew-prober-certs.yaml

@@ -1,8 +1,3 @@
-# To run the build locally, install cloud-build-local first.
-# Then run:
-# cloud-build-local --config=cloudbuild-renew-prober-certs.yaml --dryrun=false \
-# --substitutions=_ENV=[ENV] ..
-#
 # This will generate a new SSL certificate and apply it to the probers in the
 # environment specified by ${_ENV}.
 #

release/cloudbuild-schema-deploy.yaml

@@ -1,8 +1,3 @@
-# To run the build locally, install cloud-build-local first.
-# Then run:
-# cloud-build-local --config=cloudbuild-schema-deploy.yaml --dryrun=false \
-# --substitutions=TAG_NAME=[TAG],_ENV=[ENV] ..
-#
 # This will deploy Cloud SQL schema release with tag value ${TAG_NAME} to
 # the environment specified by ${_ENV}.
 #

release/cloudbuild-schema-verify.yaml

@@ -2,11 +2,6 @@
 # '_ENV' variable is the same as the golden schema in the current release for
 # that environment.
 #
-# To run the build locally, install cloud-build-local first.
-# Then run:
-# cloud-build-local --config=cloudbuild-schema-verify.yaml --dryrun=false \
-# --substitutions=_ENV=[ENV] ..
-#
 # To manually trigger a build on GCB, run:
 # gcloud builds submit --config=cloudbuild-schema-verify.yaml \
 # --substitutions=_ENV=[ENV] ..

release/cloudbuild-sync.yaml

@@ -1,6 +1,3 @@
-# To run the build locally, install cloud-build-local first.
-# Then run:
-# cloud-build-local --config=cloudbuild-sync.yaml --dryrun=false --substitutions TAG_NAME=[TAG] ..
 # This will sync the folder gs://[PROJECT_ID]-deploy/[TAG] to gs://[PROJECT_ID]-deploy/live.
 # The PROJECT_ID is the current project name that gcloud uses.
 #

release/cloudbuild-tag.yaml

@@ -1,7 +1,3 @@
-# To run the build locally, install cloud-build-local first.
-# Then run:
-# cloud-build-local --config=cloudbuild-tag.yaml --dryrun=false --substitutions \
-#   TAG_NAME=[TAG],_IMAGE=[IMAGE] ..
 # This will add a "live" tag to the image in gcr.io/[PROJECT_ID]/[IMAGE]:[TAG].
 # The PROJECT_ID is the current project name that gcloud uses.
 #

release/update_num_instances.sh

@@ -0,0 +1,55 @@
+#!/bin/bash
+# Copyright 2023 The Nomulus Authors. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This script updates number of instances of the service running on GCP
+# Required parameters are:
+# 1) projectId
+# 2) service name
+#
+# Example:
+# ./update_num_instances.sh domain-registry-sandbox pubapi
+set -e
+project=$1
+service=$2
+[[ -z "$1" || -z "$2" ]] && { echo "2 parameters required - projectId and service" ; exit 1; }
+echo "Project: $project";
+echo "Service: $service";
+
+deployed_version=$(gcloud app versions list --service "${service}" \
+    --project "${project}" \
+    --filter "TRAFFIC_SPLIT>0.00" \
+    --format="csv[no-heading](VERSION.ID)")
+
+service_description=$(curl -H "Authorization: Bearer $(gcloud auth print-access-token)" https://appengine.googleapis.com/v1/apps/${project}/services/${service}/versions/${deployed_version})
+echo "Service configuration: $service_description"
+
+echo "Input new number of instances: "
+
+read num_instances
+
+if [[ -n ${num_instances//[0-9]/} ]]; then
+    echo "Should be an integer"
+    exit 1;
+fi
+
+echo "Settings new number of instances: $num_instances"
+
+curl -X PATCH https://appengine.googleapis.com/v1/apps/${project}/services/${service}/versions/${deployed_version}?updateMask=manualScaling.instances \
+    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
+    -H 'Content-Type: application/json' \
+    -d "{ \"manualScaling\": { \"instances\": $num_instances }}"
+
+service_description=$(curl -H "Authorization: Bearer $(gcloud auth print-access-token)" https://appengine.googleapis.com/v1/apps/${project}/services/${service}/versions/${deployed_version})
+echo "Updated service configuration: $service_description"

util/src/main/java/google/registry/util/CidrAddressBlock.java

@@ -19,10 +19,6 @@ import static com.google.common.base.Preconditions.checkArgument;
 import com.google.common.collect.AbstractSequentialIterator;
 import com.google.common.flogger.FluentLogger;
 import com.google.common.net.InetAddresses;
-import com.google.gson.TypeAdapter;
-import com.google.gson.stream.JsonReader;
-import com.google.gson.stream.JsonWriter;
-import java.io.IOException;
 import java.io.Serializable;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
@@ -481,19 +477,10 @@ public class CidrAddressBlock implements Iterable<InetAddress>, Serializable {
     return getCidrString(ip, netmask);
   }
 
-  public static class CidrAddressBlockAdapter extends TypeAdapter<CidrAddressBlock> {
+  public static class CidrAddressBlockAdapter extends StringBaseTypeAdapter<CidrAddressBlock> {
     @Override
-    public CidrAddressBlock read(JsonReader reader) throws IOException {
-      String stringValue = reader.nextString();
-      if (stringValue.equals("null")) {
-        return null;
-      }
+    protected CidrAddressBlock fromString(String stringValue) {
       return new CidrAddressBlock(stringValue);
     }
-
-    @Override
-    public void write(JsonWriter writer, CidrAddressBlock cidrAddressBlock) throws IOException {
-      writer.value(cidrAddressBlock.toString());
-    }
   }
 }

util/src/main/java/google/registry/util/DateTimeTypeAdapter.java

@@ -14,28 +14,15 @@
 
 package google.registry.util;
 
-import com.google.gson.TypeAdapter;
-import com.google.gson.stream.JsonReader;
-import com.google.gson.stream.JsonWriter;
 import java.io.IOException;
-import java.util.Objects;
 import org.joda.time.DateTime;
 import org.joda.time.format.ISODateTimeFormat;
 
 /** GSON type adapter for Joda {@link DateTime} objects. */
-public class DateTimeTypeAdapter extends TypeAdapter<DateTime> {
+public class DateTimeTypeAdapter extends StringBaseTypeAdapter<DateTime> {
 
   @Override
-  public void write(JsonWriter out, DateTime value) throws IOException {
-    out.value(Objects.toString(value));
-  }
-
-  @Override
-  public DateTime read(JsonReader in) throws IOException {
-    String stringValue = in.nextString();
-    if (stringValue.equals("null")) {
-      return null;
-    }
+  protected DateTime fromString(String stringValue) throws IOException {
     return ISODateTimeFormat.dateTime().withZoneUTC().parseDateTime(stringValue);
   }
 }

util/src/main/java/google/registry/util/StringBaseTypeAdapter.java

@@ -0,0 +1,41 @@
+// Copyright 2023 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package google.registry.util;
+
+import com.google.gson.TypeAdapter;
+import com.google.gson.stream.JsonReader;
+import com.google.gson.stream.JsonWriter;
+import java.io.IOException;
+import java.util.Objects;
+
+/** Abstract class for {@link TypeAdapter}s that can convert directly to/from strings. */
+public abstract class StringBaseTypeAdapter<T> extends TypeAdapter<T> {
+
+  @Override
+  public T read(JsonReader reader) throws IOException {
+    String stringValue = reader.nextString();
+    if (stringValue.equals("null")) {
+      return null;
+    }
+    return fromString(stringValue);
+  }
+
+  @Override
+  public void write(JsonWriter writer, T t) throws IOException {
+    writer.value(Objects.toString(t));
+  }
+
+  protected abstract T fromString(String stringValue) throws IOException;
+}

util/src/main/java/google/registry/util/UtilsModule.java

@@ -14,19 +14,15 @@
 
 package google.registry.util;
 
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
 import dagger.Binds;
 import dagger.Module;
 import dagger.Provides;
-import google.registry.util.CidrAddressBlock.CidrAddressBlockAdapter;
 import java.security.NoSuchAlgorithmException;
 import java.security.ProviderException;
 import java.security.SecureRandom;
 import java.util.Random;
 import javax.inject.Named;
 import javax.inject.Singleton;
-import org.joda.time.DateTime;
 
 /** Dagger module to provide instances of various utils classes. */
 @Module
@@ -75,13 +71,4 @@ public abstract class UtilsModule {
     return new RandomStringGenerator(StringGenerator.Alphabets.DIGITS_ONLY, secureRandom);
   }
 
-  @Singleton
-  @Provides
-  public static Gson provideGson() {
-    return new GsonBuilder()
-        .registerTypeAdapter(DateTime.class, new DateTimeTypeAdapter())
-        .registerTypeAdapter(CidrAddressBlock.class, new CidrAddressBlockAdapter())
-        .excludeFieldsWithoutExposeAnnotation()
-        .create();
-  }
 }