mirror of
https://github.com/google/nomulus
synced 2026-07-07 00:27:12 +00:00
Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 779d0c9d37 | |||
| 2855944214 | |||
| 992d1c1349 | |||
| f50290ce1d |
@@ -1192,6 +1192,12 @@ public final class RegistryConfig {
|
||||
return config.auth.oauthClientId;
|
||||
}
|
||||
|
||||
@Provides
|
||||
@Config("fallbackOauthClientId")
|
||||
public static String provideFallbackOauthClientId(RegistryConfigSettings config) {
|
||||
return config.auth.fallbackOauthClientId;
|
||||
}
|
||||
|
||||
/**
|
||||
* Provides the OAuth scopes required for accessing Google APIs using the default credential.
|
||||
*/
|
||||
|
||||
@@ -61,6 +61,7 @@ public class RegistryConfigSettings {
|
||||
public static class Auth {
|
||||
public List<String> allowedServiceAccountEmails;
|
||||
public String oauthClientId;
|
||||
public String fallbackOauthClientId;
|
||||
}
|
||||
|
||||
/** Configuration options for accessing Google APIs. */
|
||||
|
||||
@@ -321,6 +321,10 @@ auth:
|
||||
# the same as this one.
|
||||
oauthClientId: iap-oauth-clientid
|
||||
|
||||
# Same as above, but serve as a fallback, so we can switch the client ID of
|
||||
# the proxy without downtime.
|
||||
fallbackOauthClientId: fallback-oauth-clientid
|
||||
|
||||
credentialOAuth:
|
||||
# OAuth scopes required for accessing Google APIs using the default
|
||||
# credential.
|
||||
|
||||
+7
@@ -18,6 +18,13 @@
|
||||
value="alpha"/>
|
||||
</system-properties>
|
||||
|
||||
|
||||
<!-- Enable external traffic to go through VPC, required for static ip -->
|
||||
<vpc-access-connector>
|
||||
<name>projects/domain-registry-alpha/locations/us-central1/connectors/appengine-connector</name>
|
||||
<egress-setting>all-traffic</egress-setting>
|
||||
</vpc-access-connector>
|
||||
|
||||
<static-files>
|
||||
<include path="/*.html" expiration="1m"/>
|
||||
</static-files>
|
||||
|
||||
+6
@@ -18,6 +18,12 @@
|
||||
value="crash"/>
|
||||
</system-properties>
|
||||
|
||||
<!-- Enable external traffic to go through VPC, required for static ip -->
|
||||
<vpc-access-connector>
|
||||
<name>projects/domain-registry-crash/locations/us-central1/connectors/appengine-connector</name>
|
||||
<egress-setting>all-traffic</egress-setting>
|
||||
</vpc-access-connector>
|
||||
|
||||
<static-files>
|
||||
<include path="/*.html" expiration="1m"/>
|
||||
</static-files>
|
||||
|
||||
@@ -22,6 +22,12 @@
|
||||
<include path="/*.html" expiration="1h"/>
|
||||
</static-files>
|
||||
|
||||
<!-- Enable external traffic to go through VPC, required for static ip -->
|
||||
<vpc-access-connector>
|
||||
<name>projects/domain-registry-qa/locations/us-central1/connectors/appengine-connector</name>
|
||||
<egress-setting>all-traffic</egress-setting>
|
||||
</vpc-access-connector>
|
||||
|
||||
<!-- Prevent uncaught servlet errors from leaking a stack trace. -->
|
||||
<static-error-handlers>
|
||||
<handler file="error.html"/>
|
||||
|
||||
@@ -550,6 +550,10 @@ public class Tld extends ImmutableObject implements Buildable, UnsafeSerializabl
|
||||
@JsonSerialize(using = SortedEnumSetSerializer.class)
|
||||
Set<IdnTableEnum> idnTables;
|
||||
|
||||
// TODO(11/30/2023): uncomment below two lines
|
||||
// /** The start time of this TLD's enrollment in the BSA program, if applicable. */
|
||||
// @JsonIgnore @Nullable DateTime bsaEnrollStartTime;
|
||||
|
||||
public String getTldStr() {
|
||||
return tldStr;
|
||||
}
|
||||
@@ -569,6 +573,15 @@ public class Tld extends ImmutableObject implements Buildable, UnsafeSerializabl
|
||||
return tldType;
|
||||
}
|
||||
|
||||
/** Returns the time when this TLD was enrolled in the Brand Safety Alliance (BSA) program. */
|
||||
@JsonIgnore // Annotation can be removed once we add the field and annotate it.
|
||||
@Nullable
|
||||
public DateTime getBsaEnrollStartTime() {
|
||||
// TODO(11/30/2023): uncomment below.
|
||||
// return this.bsaEnrollStartTime;
|
||||
return null;
|
||||
}
|
||||
|
||||
/** Retrieve whether invoicing is enabled. */
|
||||
public boolean isInvoicingEnabled() {
|
||||
return invoicingEnabled;
|
||||
@@ -939,6 +952,7 @@ public class Tld extends ImmutableObject implements Buildable, UnsafeSerializabl
|
||||
}
|
||||
|
||||
public Builder setReservedListsByName(Set<String> reservedListNames) {
|
||||
// TODO(b/309175133): forbid if enrolled with BSA
|
||||
checkArgument(reservedListNames != null, "reservedListNames must not be null");
|
||||
ImmutableSet.Builder<ReservedList> builder = new ImmutableSet.Builder<>();
|
||||
for (String reservedListName : reservedListNames) {
|
||||
@@ -958,6 +972,7 @@ public class Tld extends ImmutableObject implements Buildable, UnsafeSerializabl
|
||||
}
|
||||
|
||||
public Builder setReservedLists(Set<ReservedList> reservedLists) {
|
||||
// TODO(b/309175133): forbid if enrolled with BSA
|
||||
checkArgumentNotNull(reservedLists, "reservedLists must not be null");
|
||||
ImmutableSet.Builder<String> nameBuilder = new ImmutableSet.Builder<>();
|
||||
for (ReservedList reservedList : reservedLists) {
|
||||
@@ -1076,6 +1091,7 @@ public class Tld extends ImmutableObject implements Buildable, UnsafeSerializabl
|
||||
}
|
||||
|
||||
public Builder setIdnTables(ImmutableSet<IdnTableEnum> idnTables) {
|
||||
// TODO(b/309175133): forbid if enrolled with BSA.
|
||||
getInstance().idnTables = idnTables;
|
||||
return this;
|
||||
}
|
||||
@@ -1085,6 +1101,13 @@ public class Tld extends ImmutableObject implements Buildable, UnsafeSerializabl
|
||||
return this;
|
||||
}
|
||||
|
||||
public Builder setBsaEnrollStartTime(DateTime enrollTime) {
|
||||
// TODO(b/309175133): forbid if enrolled with BSA
|
||||
// TODO(11/30/2023): uncomment below line
|
||||
// getInstance().bsaEnrollStartTime = enrollTime;
|
||||
return this;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Tld build() {
|
||||
final Tld instance = getInstance();
|
||||
|
||||
@@ -55,6 +55,9 @@ public class AuthModule {
|
||||
@Qualifier
|
||||
@interface RegularOidc {}
|
||||
|
||||
@Qualifier
|
||||
@interface RegularOidcFallback {}
|
||||
|
||||
@Provides
|
||||
@IapOidc
|
||||
@Singleton
|
||||
@@ -71,6 +74,14 @@ public class AuthModule {
|
||||
return TokenVerifier.newBuilder().setAudience(clientId).setIssuer(REGULAR_ISSUER_URL).build();
|
||||
}
|
||||
|
||||
@Provides
|
||||
@RegularOidcFallback
|
||||
@Singleton
|
||||
TokenVerifier provideFallbackRegularTokenVerifier(
|
||||
@Config("fallbackOauthClientId") String clientId) {
|
||||
return TokenVerifier.newBuilder().setAudience(clientId).setIssuer(REGULAR_ISSUER_URL).build();
|
||||
}
|
||||
|
||||
@Provides
|
||||
@IapOidc
|
||||
@Singleton
|
||||
|
||||
+27
-4
@@ -25,6 +25,7 @@ import google.registry.model.console.User;
|
||||
import google.registry.model.console.UserDao;
|
||||
import google.registry.request.auth.AuthModule.IapOidc;
|
||||
import google.registry.request.auth.AuthModule.RegularOidc;
|
||||
import google.registry.request.auth.AuthModule.RegularOidcFallback;
|
||||
import google.registry.request.auth.AuthSettings.AuthLevel;
|
||||
import java.util.Optional;
|
||||
import javax.annotation.Nullable;
|
||||
@@ -53,6 +54,8 @@ public abstract class OidcTokenAuthenticationMechanism implements Authentication
|
||||
|
||||
protected final TokenVerifier tokenVerifier;
|
||||
|
||||
protected final Optional<TokenVerifier> fallbackTokenVerifier;
|
||||
|
||||
protected final TokenExtractor tokenExtractor;
|
||||
|
||||
private final ImmutableSet<String> serviceAccountEmails;
|
||||
@@ -60,9 +63,11 @@ public abstract class OidcTokenAuthenticationMechanism implements Authentication
|
||||
protected OidcTokenAuthenticationMechanism(
|
||||
ImmutableSet<String> serviceAccountEmails,
|
||||
TokenVerifier tokenVerifier,
|
||||
@Nullable TokenVerifier fallbackTokenVerifier,
|
||||
TokenExtractor tokenExtractor) {
|
||||
this.serviceAccountEmails = serviceAccountEmails;
|
||||
this.tokenVerifier = tokenVerifier;
|
||||
this.fallbackTokenVerifier = Optional.ofNullable(fallbackTokenVerifier);
|
||||
this.tokenExtractor = tokenExtractor;
|
||||
}
|
||||
|
||||
@@ -77,7 +82,7 @@ public abstract class OidcTokenAuthenticationMechanism implements Authentication
|
||||
if (rawIdToken == null) {
|
||||
return AuthResult.NOT_AUTHENTICATED;
|
||||
}
|
||||
JsonWebSignature token;
|
||||
JsonWebSignature token = null;
|
||||
try {
|
||||
token = tokenVerifier.verify(rawIdToken);
|
||||
} catch (Exception e) {
|
||||
@@ -86,8 +91,25 @@ public abstract class OidcTokenAuthenticationMechanism implements Authentication
|
||||
RegistryEnvironment.get().equals(RegistryEnvironment.PRODUCTION)
|
||||
? "Raw token redacted in prod"
|
||||
: rawIdToken);
|
||||
return AuthResult.NOT_AUTHENTICATED;
|
||||
}
|
||||
|
||||
if (token == null) {
|
||||
if (fallbackTokenVerifier.isPresent()) {
|
||||
try {
|
||||
token = fallbackTokenVerifier.get().verify(rawIdToken);
|
||||
} catch (Exception e) {
|
||||
logger.atInfo().withCause(e).log(
|
||||
"Failed OIDC fallback verification attempt:\n%s",
|
||||
RegistryEnvironment.get().equals(RegistryEnvironment.PRODUCTION)
|
||||
? "Raw token redacted in prod"
|
||||
: rawIdToken);
|
||||
return AuthResult.NOT_AUTHENTICATED;
|
||||
}
|
||||
} else {
|
||||
return AuthResult.NOT_AUTHENTICATED;
|
||||
}
|
||||
}
|
||||
|
||||
String email = (String) token.getPayload().get("email");
|
||||
if (email == null) {
|
||||
logger.atWarning().log("No email address from the OIDC token:\n%s", token.getPayload());
|
||||
@@ -141,7 +163,7 @@ public abstract class OidcTokenAuthenticationMechanism implements Authentication
|
||||
@Config("allowedServiceAccountEmails") ImmutableSet<String> serviceAccountEmails,
|
||||
@IapOidc TokenVerifier tokenVerifier,
|
||||
@IapOidc TokenExtractor tokenExtractor) {
|
||||
super(serviceAccountEmails, tokenVerifier, tokenExtractor);
|
||||
super(serviceAccountEmails, tokenVerifier, null, tokenExtractor);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -161,8 +183,9 @@ public abstract class OidcTokenAuthenticationMechanism implements Authentication
|
||||
protected RegularOidcAuthenticationMechanism(
|
||||
@Config("allowedServiceAccountEmails") ImmutableSet<String> serviceAccountEmails,
|
||||
@RegularOidc TokenVerifier tokenVerifier,
|
||||
@RegularOidcFallback TokenVerifier fallbackTokenVerifier,
|
||||
@RegularOidc TokenExtractor tokenExtractor) {
|
||||
super(serviceAccountEmails, tokenVerifier, tokenExtractor);
|
||||
super(serviceAccountEmails, tokenVerifier, fallbackTokenVerifier, tokenExtractor);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -58,13 +58,25 @@ public class RefreshDnsForAllDomainsAction implements Runnable {
|
||||
|
||||
private static final FluentLogger logger = FluentLogger.forEnclosingClass();
|
||||
|
||||
/** The number of DNS updates to enqueue per transaction. */
|
||||
private static final int DEFAULT_BATCH_SIZE = 250;
|
||||
|
||||
/**
|
||||
* The default number of DNS updates it is safe to execute per minute.
|
||||
*
|
||||
* <p>This is mostly a guess based on existing system performance, but the point is to be on the
|
||||
* safe side and not cause contention with ongoing DNS updates from clients.
|
||||
*/
|
||||
private static final int DEFAULT_REFRESH_QPS = 7;
|
||||
|
||||
private final Response response;
|
||||
private final ImmutableSet<String> tlds;
|
||||
|
||||
// Recommended value for batch size is between 200 and 500
|
||||
private final int batchSize;
|
||||
|
||||
private final int refreshQps;
|
||||
|
||||
private final Random random;
|
||||
|
||||
@Inject
|
||||
@@ -72,10 +84,12 @@ public class RefreshDnsForAllDomainsAction implements Runnable {
|
||||
Response response,
|
||||
@Parameter(PARAM_TLDS) ImmutableSet<String> tlds,
|
||||
@Parameter("batchSize") Optional<Integer> batchSize,
|
||||
@Parameter("refreshQps") Optional<Integer> refreshQps,
|
||||
Random random) {
|
||||
this.response = response;
|
||||
this.tlds = tlds;
|
||||
this.batchSize = batchSize.orElse(DEFAULT_BATCH_SIZE);
|
||||
this.refreshQps = refreshQps.orElse(DEFAULT_REFRESH_QPS);
|
||||
this.random = random;
|
||||
}
|
||||
|
||||
@@ -83,7 +97,7 @@ public class RefreshDnsForAllDomainsAction implements Runnable {
|
||||
public void run() {
|
||||
assertTldsExist(tlds);
|
||||
checkArgument(batchSize > 0, "Must specify a positive number for batch size");
|
||||
int smearMinutes = tm().transact(this::calculateSmearMinutes, TRANSACTION_REPEATABLE_READ);
|
||||
Duration smear = tm().transact(this::calculateSmear, TRANSACTION_REPEATABLE_READ);
|
||||
|
||||
ImmutableList<String> domainsBatch;
|
||||
@Nullable String lastInPreviousBatch = null;
|
||||
@@ -91,17 +105,16 @@ public class RefreshDnsForAllDomainsAction implements Runnable {
|
||||
Optional<String> lastInPreviousBatchOpt = Optional.ofNullable(lastInPreviousBatch);
|
||||
domainsBatch =
|
||||
tm().transact(
|
||||
() -> refreshBatch(lastInPreviousBatchOpt, smearMinutes),
|
||||
TRANSACTION_REPEATABLE_READ);
|
||||
() -> refreshBatch(lastInPreviousBatchOpt, smear), TRANSACTION_REPEATABLE_READ);
|
||||
lastInPreviousBatch = domainsBatch.isEmpty() ? null : getLast(domainsBatch);
|
||||
} while (domainsBatch.size() == batchSize);
|
||||
}
|
||||
|
||||
/**
|
||||
* Calculates the number of smear minutes to enqueue refreshes so that the DNS queue does not get
|
||||
* Calculates the smear duration to enqueue refreshes so that the DNS queue does not get
|
||||
* overloaded.
|
||||
*/
|
||||
private int calculateSmearMinutes() {
|
||||
private Duration calculateSmear() {
|
||||
Long activeDomains =
|
||||
tm().query(
|
||||
"SELECT COUNT(*) FROM Domain WHERE tld IN (:tlds) AND deletionTime = :endOfTime",
|
||||
@@ -109,7 +122,7 @@ public class RefreshDnsForAllDomainsAction implements Runnable {
|
||||
.setParameter("tlds", tlds)
|
||||
.setParameter("endOfTime", END_OF_TIME)
|
||||
.getSingleResult();
|
||||
return Math.max(activeDomains.intValue() / 1000, 1);
|
||||
return Duration.standardSeconds(Math.max(activeDomains / refreshQps, 1));
|
||||
}
|
||||
|
||||
private ImmutableList<String> getBatch(Optional<String> lastInPreviousBatch) {
|
||||
@@ -127,11 +140,12 @@ public class RefreshDnsForAllDomainsAction implements Runnable {
|
||||
}
|
||||
|
||||
@VisibleForTesting
|
||||
ImmutableList<String> refreshBatch(Optional<String> lastInPreviousBatch, int smearMinutes) {
|
||||
ImmutableList<String> refreshBatch(Optional<String> lastInPreviousBatch, Duration smear) {
|
||||
ImmutableList<String> domainBatch = getBatch(lastInPreviousBatch);
|
||||
try {
|
||||
// Smear the task execution time over the next N minutes.
|
||||
requestDomainDnsRefresh(domainBatch, Duration.standardMinutes(random.nextInt(smearMinutes)));
|
||||
// Smear the task execution time over the next N seconds.
|
||||
requestDomainDnsRefresh(
|
||||
domainBatch, Duration.standardSeconds(random.nextInt((int) smear.getStandardSeconds())));
|
||||
} catch (Throwable t) {
|
||||
logger.atSevere().withCause(t).log("Error while enqueuing DNS refresh batch");
|
||||
response.setStatus(HttpStatus.SC_OK);
|
||||
|
||||
@@ -81,4 +81,10 @@ public class ToolsServerModule {
|
||||
static Optional<Integer> provideBatchSize(HttpServletRequest req) {
|
||||
return extractOptionalIntParameter(req, "batchSize");
|
||||
}
|
||||
|
||||
@Provides
|
||||
@Parameter("refreshQps")
|
||||
static Optional<Integer> provideRefreshQps(HttpServletRequest req) {
|
||||
return extractOptionalIntParameter(req, "refreshQps");
|
||||
}
|
||||
}
|
||||
|
||||
+23
-5
@@ -19,7 +19,6 @@ import static com.google.common.truth.Truth.assertThat;
|
||||
import static google.registry.request.auth.AuthModule.BEARER_PREFIX;
|
||||
import static google.registry.request.auth.AuthModule.IAP_HEADER_NAME;
|
||||
import static google.registry.testing.DatabaseHelper.insertInDb;
|
||||
import static org.mockito.ArgumentMatchers.eq;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
@@ -70,7 +69,7 @@ public class OidcTokenAuthenticationMechanismTest {
|
||||
|
||||
private AuthResult authResult;
|
||||
private OidcTokenAuthenticationMechanism authenticationMechanism =
|
||||
new OidcTokenAuthenticationMechanism(serviceAccounts, tokenVerifier, e -> rawToken) {};
|
||||
new OidcTokenAuthenticationMechanism(serviceAccounts, tokenVerifier, null, e -> rawToken) {};
|
||||
|
||||
@RegisterExtension
|
||||
public final JpaTestExtensions.JpaUnitTestExtension jpaExtension =
|
||||
@@ -78,7 +77,7 @@ public class OidcTokenAuthenticationMechanismTest {
|
||||
|
||||
@BeforeEach
|
||||
void beforeEach() throws Exception {
|
||||
when(tokenVerifier.verify(eq(rawToken))).thenReturn(jwt);
|
||||
when(tokenVerifier.verify(rawToken)).thenReturn(jwt);
|
||||
payload.setEmail(email);
|
||||
payload.setSubject(gaiaId);
|
||||
insertInDb(user);
|
||||
@@ -98,18 +97,30 @@ public class OidcTokenAuthenticationMechanismTest {
|
||||
@Test
|
||||
void testAuthenticate_noTokenFromRequest() {
|
||||
authenticationMechanism =
|
||||
new OidcTokenAuthenticationMechanism(serviceAccounts, tokenVerifier, e -> null) {};
|
||||
new OidcTokenAuthenticationMechanism(serviceAccounts, tokenVerifier, null, e -> null) {};
|
||||
authResult = authenticationMechanism.authenticate(request);
|
||||
assertThat(authResult).isEqualTo(AuthResult.NOT_AUTHENTICATED);
|
||||
}
|
||||
|
||||
@Test
|
||||
void testAuthenticate_invalidToken() throws Exception {
|
||||
when(tokenVerifier.verify(eq(rawToken))).thenThrow(new VerificationException("Bad token"));
|
||||
when(tokenVerifier.verify(rawToken)).thenThrow(new VerificationException("Bad token"));
|
||||
authResult = authenticationMechanism.authenticate(request);
|
||||
assertThat(authResult).isEqualTo(AuthResult.NOT_AUTHENTICATED);
|
||||
}
|
||||
|
||||
@Test
|
||||
void testAuthenticate_fallbackVerifier() throws Exception {
|
||||
TokenVerifier fallbackVerifier = mock(TokenVerifier.class);
|
||||
when(tokenVerifier.verify(rawToken)).thenThrow(new VerificationException("Bad token"));
|
||||
when(fallbackVerifier.verify(rawToken)).thenReturn(jwt);
|
||||
authenticationMechanism =
|
||||
new OidcTokenAuthenticationMechanism(
|
||||
serviceAccounts, tokenVerifier, fallbackVerifier, e -> rawToken) {};
|
||||
authResult = authenticationMechanism.authenticate(request);
|
||||
assertThat(authResult.isAuthenticated()).isEqualTo(true);
|
||||
}
|
||||
|
||||
@Test
|
||||
void testAuthenticate_noEmailAddress() throws Exception {
|
||||
payload.setEmail(null);
|
||||
@@ -223,5 +234,12 @@ public class OidcTokenAuthenticationMechanismTest {
|
||||
String provideOauthClientId() {
|
||||
return "client-id";
|
||||
}
|
||||
|
||||
@Provides
|
||||
@Singleton
|
||||
@Config("fallbackOauthClientId")
|
||||
String provideFallbackOauthClientId() {
|
||||
return "fallback-client-id";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -16,6 +16,7 @@ package google.registry.tools;
|
||||
import static com.google.common.truth.Truth.assertThat;
|
||||
import static google.registry.model.EntityYamlUtils.createObjectMapper;
|
||||
import static google.registry.model.domain.token.AllocationToken.TokenType.DEFAULT_PROMO;
|
||||
import static google.registry.persistence.transaction.TransactionManagerFactory.tm;
|
||||
import static google.registry.testing.DatabaseHelper.createTld;
|
||||
import static google.registry.testing.DatabaseHelper.persistPremiumList;
|
||||
import static google.registry.testing.DatabaseHelper.persistResource;
|
||||
@@ -47,6 +48,8 @@ import google.registry.model.tld.label.PremiumListDao;
|
||||
import java.io.File;
|
||||
import java.util.logging.Logger;
|
||||
import org.joda.money.Money;
|
||||
import org.joda.time.DateTime;
|
||||
import org.joda.time.DateTimeZone;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Disabled;
|
||||
import org.junit.jupiter.api.Test;
|
||||
@@ -98,6 +101,20 @@ public class ConfigureTldCommandTest extends CommandTestCase<ConfigureTldCommand
|
||||
assertThat(updatedTld.getCreateBillingCost()).isEqualTo(Money.of(USD, 25));
|
||||
testTldConfiguredSuccessfully(updatedTld, "tld.yaml");
|
||||
assertThat(updatedTld.getBreakglassMode()).isFalse();
|
||||
assertThat(tld.getBsaEnrollStartTime()).isNull();
|
||||
}
|
||||
|
||||
@Test
|
||||
void testSuccess_updateTld_bsaTimeUnaffected() throws Exception {
|
||||
Tld tld = createTld("tld");
|
||||
DateTime bsaStartTime = DateTime.now(DateTimeZone.UTC);
|
||||
tm().transact(() -> tm().put(tld.asBuilder().setBsaEnrollStartTime(bsaStartTime).build()));
|
||||
File tldFile = tmpDir.resolve("tld.yaml").toFile();
|
||||
Files.asCharSink(tldFile, UTF_8).write(loadFile(getClass(), "tld.yaml"));
|
||||
runCommandForced("--input=" + tldFile);
|
||||
// TODO(11/30/2023): uncomment below two lines
|
||||
// Tld updatedTld = Tld.get("tld");
|
||||
// assertThat(tld.getBsaEnrollStartTime()).isEqualTo(bsaStartTime);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
+5
-4
@@ -35,6 +35,7 @@ import google.registry.testing.FakeResponse;
|
||||
import java.util.Optional;
|
||||
import java.util.Random;
|
||||
import org.joda.time.DateTime;
|
||||
import org.joda.time.Duration;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.RegisterExtension;
|
||||
@@ -55,7 +56,7 @@ public class RefreshDnsForAllDomainsActionTest {
|
||||
createTld("bar");
|
||||
action =
|
||||
new RefreshDnsForAllDomainsAction(
|
||||
response, ImmutableSet.of("bar"), Optional.of(10), new Random());
|
||||
response, ImmutableSet.of("bar"), Optional.of(10), Optional.empty(), new Random());
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -74,9 +75,9 @@ public class RefreshDnsForAllDomainsActionTest {
|
||||
// Set batch size to 1 since each batch will be enqueud at the same time
|
||||
action =
|
||||
new RefreshDnsForAllDomainsAction(
|
||||
response, ImmutableSet.of("bar"), Optional.of(1), new Random());
|
||||
tm().transact(() -> action.refreshBatch(Optional.empty(), 1000));
|
||||
tm().transact(() -> action.refreshBatch(Optional.empty(), 1000));
|
||||
response, ImmutableSet.of("bar"), Optional.of(1), Optional.of(7), new Random());
|
||||
tm().transact(() -> action.refreshBatch(Optional.empty(), Duration.standardMinutes(1000)));
|
||||
tm().transact(() -> action.refreshBatch(Optional.empty(), Duration.standardMinutes(1000)));
|
||||
ImmutableList<DnsRefreshRequest> refreshRequests =
|
||||
tm().transact(
|
||||
() ->
|
||||
|
||||
@@ -261,11 +261,11 @@ td.section {
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="property_name">generated on</td>
|
||||
<td class="property_value">2023-11-02 18:26:18.901466</td>
|
||||
<td class="property_value">2023-11-09 01:49:59.861801</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="property_name">last flyway file</td>
|
||||
<td id="lastFlywayFile" class="property_value">V149__add_bsa_domain_in_use_table.sql</td>
|
||||
<td id="lastFlywayFile" class="property_value">V150__add_tld_bsa_enroll_date.sql</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
@@ -285,7 +285,7 @@ td.section {
|
||||
generated on
|
||||
</text>
|
||||
<text text-anchor="start" x="3835.5" y="-10.8" font-family="Helvetica,sans-Serif" font-size="14.00">
|
||||
2023-11-02 18:26:18.901466
|
||||
2023-11-09 01:49:59.861801
|
||||
</text>
|
||||
<polygon fill="none" stroke="#888888" points="3748,-4 3748,-44 4013,-44 4013,-4 3748,-4" /> <!-- allocationtoken_a08ccbef -->
|
||||
<g id="node1" class="node">
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -147,3 +147,4 @@ V146__last_update_time_via_epp.sql
|
||||
V147__drop_gaia_id_from_user.sql
|
||||
V148__add_bsa_download_and_label_tables.sql
|
||||
V149__add_bsa_domain_in_use_table.sql
|
||||
V150__add_tld_bsa_enroll_date.sql
|
||||
|
||||
@@ -0,0 +1,15 @@
|
||||
-- Copyright 2023 The Nomulus Authors. All Rights Reserved.
|
||||
--
|
||||
-- Licensed under the Apache License, Version 2.0 (the "License");
|
||||
-- you may not use this file except in compliance with the License.
|
||||
-- You may obtain a copy of the License at
|
||||
--
|
||||
-- http://www.apache.org/licenses/LICENSE-2.0
|
||||
--
|
||||
-- Unless required by applicable law or agreed to in writing, software
|
||||
-- distributed under the License is distributed on an "AS IS" BASIS,
|
||||
-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
-- See the License for the specific language governing permissions and
|
||||
-- limitations under the License.
|
||||
|
||||
ALTER TABLE public."Tld" ADD COLUMN bsa_enroll_start_time timestamptz;
|
||||
@@ -1146,7 +1146,8 @@ CREATE TABLE public."Tld" (
|
||||
dns_ds_ttl interval,
|
||||
dns_ns_ttl interval,
|
||||
idn_tables text[],
|
||||
breakglass_mode boolean DEFAULT false NOT NULL
|
||||
breakglass_mode boolean DEFAULT false NOT NULL,
|
||||
bsa_enroll_start_time timestamp with time zone
|
||||
);
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user