mirror of
https://github.com/google/nomulus
synced 2026-05-20 06:41:51 +00:00
Compare commits
11 Commits
proxy-2025
...
nomulus-20
| Author | SHA1 | Date | |
|---|---|---|---|
|
d23640a54f | ||
|
cc347264f1 | ||
|
|
e5d4cbb9fc | ||
|
|
8c1e0ff4de | ||
|
|
5cef2dd8b5 | ||
|
|
62b2585220 | ||
|
8692fe35db | ||
|
|
18614ba11e | ||
|
|
427f6db820 | ||
|
5aa40b2208 | ||
|
|
95c89bc856 |
@@ -243,7 +243,7 @@ hibernate:
|
||||
# that BEAM pipelines are not subject to the maximumPoolSize value defined
|
||||
# here. See PersistenceModule.java for more information.
|
||||
hikariMinimumIdle: 1
|
||||
hikariMaximumPoolSize: 20
|
||||
hikariMaximumPoolSize: 40
|
||||
hikariIdleTimeout: 300000
|
||||
# The batch size is basically the number of insertions / updates in a single
|
||||
# transaction that will be batched together into one INSERT/UPDATE statement.
|
||||
|
||||
@@ -88,6 +88,7 @@
|
||||
should exist between the RECURRING_BILLING cursor's time and the execution
|
||||
time of the action.
|
||||
</description>
|
||||
<!-- Runs shortly after DeleteExpiredDomainsAction so it can delete domains before they renew -->
|
||||
<schedule>0 3 * * *</schedule>
|
||||
</task>
|
||||
|
||||
@@ -98,7 +99,8 @@
|
||||
This job runs an action that deletes domains that are past their
|
||||
autorenew end date.
|
||||
</description>
|
||||
<schedule>7 3 * * *</schedule>
|
||||
<!-- Runs shortly before ExpandBillingRecurrencesPipeline to catch and delete domains before they renew -->
|
||||
<schedule>45 2 * * *</schedule>
|
||||
</task>
|
||||
|
||||
<task>
|
||||
|
||||
@@ -146,6 +146,7 @@
|
||||
This job runs an action that deletes domains that are past their
|
||||
autorenew end date.
|
||||
</description>
|
||||
<schedule>7 3 * * *</schedule>
|
||||
<!-- Runs shortly before ExpandBillingRecurrencesPipeline to catch and delete domains before they renew -->
|
||||
<schedule>45 2 * * *</schedule>
|
||||
</task>
|
||||
</entries>
|
||||
|
||||
@@ -130,6 +130,7 @@
|
||||
should exist between the RECURRING_BILLING cursor's time and the execution
|
||||
time of the action.
|
||||
</description>
|
||||
<!-- Runs shortly after DeleteExpiredDomainsAction so it can delete domains before they renew -->
|
||||
<schedule>0 3 * * *</schedule>
|
||||
</task>
|
||||
|
||||
@@ -140,7 +141,8 @@
|
||||
This job runs an action that deletes domains that are past their
|
||||
autorenew end date.
|
||||
</description>
|
||||
<schedule>7 3 * * *</schedule>
|
||||
<!-- Runs shortly before ExpandBillingRecurrencesPipeline to catch and delete domains before they renew -->
|
||||
<schedule>45 2 * * *</schedule>
|
||||
</task>
|
||||
|
||||
<task>
|
||||
|
||||
@@ -57,6 +57,7 @@
|
||||
This job runs an action that deletes domains that are past their
|
||||
autorenew end date.
|
||||
</description>
|
||||
<schedule>7 3 * * *</schedule>
|
||||
<!-- Runs shortly before ExpandBillingRecurrencesPipeline to catch and delete domains before they renew -->
|
||||
<schedule>45 2 * * *</schedule>
|
||||
</task>
|
||||
</entries>
|
||||
|
||||
@@ -90,6 +90,7 @@
|
||||
should exist between the RECURRING_BILLING cursor's time and the execution
|
||||
time of the action.
|
||||
</description>
|
||||
<!-- Runs shortly after DeleteExpiredDomainsAction so it can delete domains before they renew -->
|
||||
<schedule>0 3 * * *</schedule>
|
||||
</task>
|
||||
|
||||
@@ -113,7 +114,8 @@
|
||||
This job runs an action that deletes domains that are past their
|
||||
autorenew end date.
|
||||
</description>
|
||||
<schedule>7 3 * * *</schedule>
|
||||
<!-- Runs shortly before ExpandBillingRecurrencesPipeline to catch and delete domains before they renew -->
|
||||
<schedule>45 2 * * *</schedule>
|
||||
</task>
|
||||
|
||||
<task>
|
||||
|
||||
@@ -17,10 +17,7 @@ package google.registry.loadtest;
|
||||
import static com.google.common.base.Preconditions.checkArgument;
|
||||
import static com.google.common.collect.ImmutableList.toImmutableList;
|
||||
import static com.google.common.collect.Lists.partition;
|
||||
import static google.registry.security.XsrfTokenManager.X_CSRF_TOKEN;
|
||||
import static google.registry.util.ResourceUtils.readResourceUtf8;
|
||||
import static java.util.Arrays.asList;
|
||||
import static org.joda.time.DateTimeZone.UTC;
|
||||
|
||||
import com.google.cloud.tasks.v2.Task;
|
||||
import com.google.common.collect.ImmutableList;
|
||||
@@ -34,7 +31,7 @@ import google.registry.request.Action;
|
||||
import google.registry.request.Action.GaeService;
|
||||
import google.registry.request.Parameter;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.security.XsrfTokenManager;
|
||||
import google.registry.util.Clock;
|
||||
import google.registry.util.RegistryEnvironment;
|
||||
import jakarta.inject.Inject;
|
||||
import java.time.Instant;
|
||||
@@ -67,11 +64,9 @@ public class LoadTestAction implements Runnable {
|
||||
private static final int NUM_QUEUES = 10;
|
||||
private static final int MAX_TASKS_PER_LOAD = 100;
|
||||
private static final int ARBITRARY_VALID_HOST_LENGTH = 40;
|
||||
private static final int MAX_CONTACT_LENGTH = 13;
|
||||
private static final int MAX_DOMAIN_LABEL_LENGTH = 63;
|
||||
|
||||
private static final String EXISTING_DOMAIN = "testdomain";
|
||||
private static final String EXISTING_CONTACT = "contact";
|
||||
private static final String EXISTING_HOST = "ns1";
|
||||
|
||||
private static final Random random = new Random();
|
||||
@@ -85,8 +80,8 @@ public class LoadTestAction implements Runnable {
|
||||
|
||||
/**
|
||||
* The number of seconds to delay the execution of the first load testing tasks by. Preparatory
|
||||
* work of creating independent contacts and hosts that will be used for later domain creation
|
||||
* testing occurs during this period, so make sure that it is long enough.
|
||||
* work of creating independent hosts that will be used for later domain creation testing occurs
|
||||
* during this period, so make sure that it is long enough.
|
||||
*/
|
||||
@Inject
|
||||
@Parameter("delaySeconds")
|
||||
@@ -120,21 +115,6 @@ public class LoadTestAction implements Runnable {
|
||||
@Parameter("domainChecks")
|
||||
int domainChecksPerSecond;
|
||||
|
||||
/** The number of successful contact creates to enqueue per second over the length of the test. */
|
||||
@Inject
|
||||
@Parameter("successfulContactCreates")
|
||||
int successfulContactCreatesPerSecond;
|
||||
|
||||
/** The number of failed contact creates to enqueue per second over the length of the test. */
|
||||
@Inject
|
||||
@Parameter("failedContactCreates")
|
||||
int failedContactCreatesPerSecond;
|
||||
|
||||
/** The number of successful contact infos to enqueue per second over the length of the test. */
|
||||
@Inject
|
||||
@Parameter("contactInfos")
|
||||
int contactInfosPerSecond;
|
||||
|
||||
/** The number of successful host creates to enqueue per second over the length of the test. */
|
||||
@Inject
|
||||
@Parameter("successfulHostCreates")
|
||||
@@ -152,9 +132,8 @@ public class LoadTestAction implements Runnable {
|
||||
|
||||
@Inject CloudTasksUtils cloudTasksUtils;
|
||||
|
||||
private final String xmlContactCreateTmpl;
|
||||
private final String xmlContactCreateFail;
|
||||
private final String xmlContactInfo;
|
||||
@Inject Clock clock;
|
||||
|
||||
private final String xmlDomainCheck;
|
||||
private final String xmlDomainCreateTmpl;
|
||||
private final String xmlDomainCreateFail;
|
||||
@@ -163,53 +142,35 @@ public class LoadTestAction implements Runnable {
|
||||
private final String xmlHostCreateFail;
|
||||
private final String xmlHostInfo;
|
||||
|
||||
/**
|
||||
* The XSRF token to be used for making requests to the epptool endpoint.
|
||||
*
|
||||
* <p>Note that the email address is set to empty, because the logged-in user hitting this
|
||||
* endpoint will not be the same as when the tasks themselves fire and hit the epptool endpoint.
|
||||
*/
|
||||
private final String xsrfToken;
|
||||
|
||||
@Inject
|
||||
LoadTestAction(@Parameter("tld") String tld, XsrfTokenManager xsrfTokenManager) {
|
||||
xmlContactCreateTmpl = loadXml("contact_create");
|
||||
xmlContactCreateFail = xmlContactCreateTmpl.replace("%contact%", EXISTING_CONTACT);
|
||||
xmlContactInfo = loadXml("contact_info").replace("%contact%", EXISTING_CONTACT);
|
||||
LoadTestAction(@Parameter("tld") String tld) {
|
||||
xmlDomainCheck =
|
||||
loadXml("domain_check").replace("%tld%", tld).replace("%domain%", EXISTING_DOMAIN);
|
||||
xmlDomainCreateTmpl = loadXml("domain_create").replace("%tld%", tld);
|
||||
xmlDomainCreateFail =
|
||||
xmlDomainCreateTmpl
|
||||
.replace("%domain%", EXISTING_DOMAIN)
|
||||
.replace("%contact%", EXISTING_CONTACT)
|
||||
.replace("%host%", EXISTING_HOST);
|
||||
xmlDomainInfo =
|
||||
loadXml("domain_info").replace("%tld%", tld).replace("%domain%", EXISTING_DOMAIN);
|
||||
xmlHostCreateTmpl = loadXml("host_create");
|
||||
xmlHostCreateFail = xmlHostCreateTmpl.replace("%host%", EXISTING_HOST);
|
||||
xmlHostInfo = loadXml("host_info").replace("%host%", EXISTING_HOST);
|
||||
xsrfToken = xsrfTokenManager.generateToken("");
|
||||
}
|
||||
|
||||
@Override
|
||||
public void run() {
|
||||
validateAndLogRequest();
|
||||
DateTime initialStartSecond = DateTime.now(UTC).plusSeconds(delaySeconds);
|
||||
DateTime initialStartSecond = clock.nowUtc().plusSeconds(delaySeconds);
|
||||
ImmutableList.Builder<String> preTaskXmls = new ImmutableList.Builder<>();
|
||||
ImmutableList.Builder<String> contactNamesBuilder = new ImmutableList.Builder<>();
|
||||
ImmutableList.Builder<String> hostPrefixesBuilder = new ImmutableList.Builder<>();
|
||||
for (int i = 0; i < successfulDomainCreatesPerSecond; i++) {
|
||||
String contactName = getRandomLabel(MAX_CONTACT_LENGTH);
|
||||
String hostPrefix = getRandomLabel(ARBITRARY_VALID_HOST_LENGTH);
|
||||
contactNamesBuilder.add(contactName);
|
||||
hostPrefixesBuilder.add(hostPrefix);
|
||||
preTaskXmls.add(
|
||||
xmlContactCreateTmpl.replace("%contact%", contactName),
|
||||
xmlHostCreateTmpl.replace("%host%", hostPrefix));
|
||||
}
|
||||
enqueue(createTasks(preTaskXmls.build(), DateTime.now(UTC)));
|
||||
ImmutableList<String> contactNames = contactNamesBuilder.build();
|
||||
enqueue(createTasks(preTaskXmls.build(), clock.nowUtc()));
|
||||
ImmutableList<String> hostPrefixes = hostPrefixesBuilder.build();
|
||||
|
||||
ImmutableList.Builder<Task> tasks = new ImmutableList.Builder<>();
|
||||
@@ -217,30 +178,17 @@ public class LoadTestAction implements Runnable {
|
||||
DateTime startSecond = initialStartSecond.plusSeconds(offsetSeconds);
|
||||
// The first "failed" creates might actually succeed if the object doesn't already exist, but
|
||||
// that shouldn't affect the load numbers.
|
||||
tasks.addAll(
|
||||
createTasks(
|
||||
createNumCopies(xmlContactCreateFail, failedContactCreatesPerSecond), startSecond));
|
||||
tasks.addAll(
|
||||
createTasks(createNumCopies(xmlHostCreateFail, failedHostCreatesPerSecond), startSecond));
|
||||
tasks.addAll(
|
||||
createTasks(
|
||||
createNumCopies(xmlDomainCreateFail, failedDomainCreatesPerSecond), startSecond));
|
||||
// We can do infos on the known existing objects.
|
||||
tasks.addAll(
|
||||
createTasks(createNumCopies(xmlContactInfo, contactInfosPerSecond), startSecond));
|
||||
tasks.addAll(createTasks(createNumCopies(xmlHostInfo, hostInfosPerSecond), startSecond));
|
||||
tasks.addAll(createTasks(createNumCopies(xmlDomainInfo, domainInfosPerSecond), startSecond));
|
||||
// The domain check template uses "example.TLD" which won't exist, and one existing domain.
|
||||
tasks.addAll(
|
||||
createTasks(createNumCopies(xmlDomainCheck, domainChecksPerSecond), startSecond));
|
||||
// Do successful creates on random names
|
||||
tasks.addAll(
|
||||
createTasks(
|
||||
createNumCopies(xmlContactCreateTmpl, successfulContactCreatesPerSecond)
|
||||
.stream()
|
||||
.map(randomNameReplacer("%contact%", MAX_CONTACT_LENGTH))
|
||||
.collect(toImmutableList()),
|
||||
startSecond));
|
||||
tasks.addAll(
|
||||
createTasks(
|
||||
createNumCopies(xmlHostCreateTmpl, successfulHostCreatesPerSecond)
|
||||
@@ -253,7 +201,6 @@ public class LoadTestAction implements Runnable {
|
||||
createNumCopies(xmlDomainCreateTmpl, successfulDomainCreatesPerSecond)
|
||||
.stream()
|
||||
.map(randomNameReplacer("%domain%", MAX_DOMAIN_LABEL_LENGTH))
|
||||
.map(listNameReplacer("%contact%", contactNames))
|
||||
.map(listNameReplacer("%host%", hostPrefixes))
|
||||
.collect(toImmutableList()),
|
||||
startSecond));
|
||||
@@ -272,9 +219,6 @@ public class LoadTestAction implements Runnable {
|
||||
|| failedDomainCreatesPerSecond > 0
|
||||
|| domainInfosPerSecond > 0
|
||||
|| domainChecksPerSecond > 0
|
||||
|| successfulContactCreatesPerSecond > 0
|
||||
|| failedContactCreatesPerSecond > 0
|
||||
|| contactInfosPerSecond > 0
|
||||
|| successfulHostCreatesPerSecond > 0
|
||||
|| failedHostCreatesPerSecond > 0
|
||||
|| hostInfosPerSecond > 0,
|
||||
@@ -282,8 +226,7 @@ public class LoadTestAction implements Runnable {
|
||||
logger.atInfo().log(
|
||||
"Running load test with the following params. registrarId: %s, delaySeconds: %d, "
|
||||
+ "runSeconds: %d, successful|failed domain creates/s: %d|%d, domain infos/s: %d, "
|
||||
+ "domain checks/s: %d, successful|failed contact creates/s: %d|%d, "
|
||||
+ "contact infos/s: %d, successful|failed host creates/s: %d|%d, host infos/s: %d.",
|
||||
+ "domain checks/s: %d, successful|failed host creates/s: %d|%d, host infos/s: %d.",
|
||||
registrarId,
|
||||
delaySeconds,
|
||||
runSeconds,
|
||||
@@ -291,9 +234,6 @@ public class LoadTestAction implements Runnable {
|
||||
failedDomainCreatesPerSecond,
|
||||
domainInfosPerSecond,
|
||||
domainChecksPerSecond,
|
||||
successfulContactCreatesPerSecond,
|
||||
failedContactCreatesPerSecond,
|
||||
contactInfosPerSecond,
|
||||
successfulHostCreatesPerSecond,
|
||||
failedHostCreatesPerSecond,
|
||||
hostInfosPerSecond);
|
||||
@@ -303,10 +243,10 @@ public class LoadTestAction implements Runnable {
|
||||
return readResourceUtf8(LoadTestAction.class, String.format("templates/%s.xml", name));
|
||||
}
|
||||
|
||||
private List<String> createNumCopies(String xml, int numCopies) {
|
||||
private ImmutableList<String> createNumCopies(String xml, int numCopies) {
|
||||
String[] xmls = new String[numCopies];
|
||||
Arrays.fill(xmls, xml);
|
||||
return asList(xmls);
|
||||
return ImmutableList.copyOf(xmls);
|
||||
}
|
||||
|
||||
private Function<String, String> listNameReplacer(final String toReplace, List<String> choices) {
|
||||
@@ -326,35 +266,27 @@ public class LoadTestAction implements Runnable {
|
||||
return name.toString();
|
||||
}
|
||||
|
||||
private List<Task> createTasks(List<String> xmls, DateTime start) {
|
||||
private ImmutableList<Task> createTasks(ImmutableList<String> xmls, DateTime start) {
|
||||
ImmutableList.Builder<Task> tasks = new ImmutableList.Builder<>();
|
||||
for (int i = 0; i < xmls.size(); i++) {
|
||||
// Space tasks evenly within across a second.
|
||||
Instant scheduleTime =
|
||||
Instant.ofEpochMilli(start.plusMillis((int) (1000.0 / xmls.size() * i)).getMillis());
|
||||
tasks.add(
|
||||
Task.newBuilder()
|
||||
.setAppEngineHttpRequest(
|
||||
cloudTasksUtils
|
||||
.createTask(
|
||||
EppToolAction.class,
|
||||
Action.Method.POST,
|
||||
ImmutableMultimap.of(
|
||||
"clientId",
|
||||
registrarId,
|
||||
"superuser",
|
||||
Boolean.FALSE.toString(),
|
||||
"dryRun",
|
||||
Boolean.FALSE.toString(),
|
||||
"xml",
|
||||
xmls.get(i)))
|
||||
.toBuilder()
|
||||
.getAppEngineHttpRequest()
|
||||
.toBuilder()
|
||||
// TODO: investigate if the following is necessary now that
|
||||
// LegacyAuthenticationMechanism is gone.
|
||||
.putHeaders(X_CSRF_TOKEN, xsrfToken)
|
||||
.build())
|
||||
cloudTasksUtils
|
||||
.createTask(
|
||||
EppToolAction.class,
|
||||
Action.Method.POST,
|
||||
ImmutableMultimap.of(
|
||||
"clientId",
|
||||
registrarId,
|
||||
"superuser",
|
||||
Boolean.FALSE.toString(),
|
||||
"dryRun",
|
||||
Boolean.FALSE.toString(),
|
||||
"xml",
|
||||
xmls.get(i)))
|
||||
.toBuilder()
|
||||
.setScheduleTime(
|
||||
Timestamp.newBuilder()
|
||||
.setSeconds(scheduleTime.getEpochSecond())
|
||||
@@ -365,7 +297,7 @@ public class LoadTestAction implements Runnable {
|
||||
return tasks.build();
|
||||
}
|
||||
|
||||
private void enqueue(List<Task> tasks) {
|
||||
private void enqueue(ImmutableList<Task> tasks) {
|
||||
List<List<Task>> chunks = partition(tasks, MAX_TASKS_PER_LOAD);
|
||||
// Farm out tasks to multiple queues to work around queue qps quotas.
|
||||
for (int i = 0; i < chunks.size(); i++) {
|
||||
|
||||
@@ -1,33 +0,0 @@
|
||||
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
|
||||
<command>
|
||||
<create>
|
||||
<contact:create
|
||||
xmlns:contact="urn:ietf:params:xml:ns:contact-1.0">
|
||||
<contact:id>%contact%</contact:id>
|
||||
<contact:postalInfo type="int">
|
||||
<contact:name>John Doe</contact:name>
|
||||
<contact:org>Example Inc.</contact:org>
|
||||
<contact:addr>
|
||||
<contact:street>123 Example Dr.</contact:street>
|
||||
<contact:street>Suite 100</contact:street>
|
||||
<contact:city>Dulles</contact:city>
|
||||
<contact:sp>VA</contact:sp>
|
||||
<contact:pc>20166-6503</contact:pc>
|
||||
<contact:cc>US</contact:cc>
|
||||
</contact:addr>
|
||||
</contact:postalInfo>
|
||||
<contact:voice x="1234">+1.7035555555</contact:voice>
|
||||
<contact:fax>+1.7035555556</contact:fax>
|
||||
<contact:email>jdoe@example.com</contact:email>
|
||||
<contact:authInfo>
|
||||
<contact:pw>2fooBAR</contact:pw>
|
||||
</contact:authInfo>
|
||||
<contact:disclose flag="1">
|
||||
<contact:voice/>
|
||||
<contact:email/>
|
||||
</contact:disclose>
|
||||
</contact:create>
|
||||
</create>
|
||||
<clTRID>trid</clTRID>
|
||||
</command>
|
||||
</epp>
|
||||
@@ -1,14 +0,0 @@
|
||||
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
|
||||
<command>
|
||||
<info>
|
||||
<contact:info
|
||||
xmlns:contact="urn:ietf:params:xml:ns:contact-1.0">
|
||||
<contact:id>%contact%</contact:id>
|
||||
<contact:authInfo>
|
||||
<contact:pw>2fooBAR</contact:pw>
|
||||
</contact:authInfo>
|
||||
</contact:info>
|
||||
</info>
|
||||
<clTRID>trid</clTRID>
|
||||
</command>
|
||||
</epp>
|
||||
@@ -8,9 +8,6 @@
|
||||
<domain:ns>
|
||||
<domain:hostObj>%host%.example.com</domain:hostObj>
|
||||
</domain:ns>
|
||||
<domain:registrant>%contact%</domain:registrant>
|
||||
<domain:contact type="admin">%contact%</domain:contact>
|
||||
<domain:contact type="tech">%contact%</domain:contact>
|
||||
<domain:authInfo>
|
||||
<domain:pw>2fooBAR</domain:pw>
|
||||
</domain:authInfo>
|
||||
|
||||
@@ -4,6 +4,7 @@
|
||||
<host:create
|
||||
xmlns:host="urn:ietf:params:xml:ns:host-1.0">
|
||||
<host:name>%host%.example.com</host:name>
|
||||
<host:addr ip="v4">8.8.8.8</host:addr>
|
||||
</host:create>
|
||||
</create>
|
||||
<clTRID>trid</clTRID>
|
||||
|
||||
@@ -18,11 +18,12 @@ import static com.google.common.base.Throwables.getRootCause;
|
||||
import static google.registry.request.Action.Method.POST;
|
||||
import static jakarta.servlet.http.HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
|
||||
import static jakarta.servlet.http.HttpServletResponse.SC_OK;
|
||||
import static java.util.stream.Collectors.joining;
|
||||
|
||||
import com.google.cloud.storage.BlobId;
|
||||
import com.google.common.base.Splitter;
|
||||
import com.google.common.collect.ImmutableList;
|
||||
import com.google.common.collect.ImmutableMap;
|
||||
import com.google.common.collect.ImmutableMultimap;
|
||||
import com.google.common.collect.Iterables;
|
||||
import com.google.common.flogger.FluentLogger;
|
||||
import com.google.common.io.ByteStreams;
|
||||
@@ -41,7 +42,6 @@ import jakarta.inject.Inject;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.util.Optional;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
/** Copy all registrar detail reports in a given bucket's subdirectory from GCS to Drive. */
|
||||
@Action(
|
||||
@@ -98,7 +98,8 @@ public final class CopyDetailReportsAction implements Runnable {
|
||||
response.setPayload(String.format("Failure, encountered %s", e.getMessage()));
|
||||
return;
|
||||
}
|
||||
ImmutableMap.Builder<String, Throwable> copyErrorsBuilder = new ImmutableMap.Builder<>();
|
||||
ImmutableMultimap.Builder<String, Throwable> copyErrorsBuilder =
|
||||
new ImmutableMultimap.Builder<>();
|
||||
for (String detailReportName : detailReportObjectNames) {
|
||||
// The standard report format is "invoice_details_yyyy-MM_registrarId_tld.csv
|
||||
// TODO(larryruili): Determine a safer way of enforcing this.
|
||||
@@ -145,17 +146,18 @@ public final class CopyDetailReportsAction implements Runnable {
|
||||
response.setStatus(SC_OK);
|
||||
response.setContentType(MediaType.PLAIN_TEXT_UTF_8);
|
||||
StringBuilder payload = new StringBuilder().append("Copied detail reports.\n");
|
||||
ImmutableMap<String, Throwable> copyErrors = copyErrorsBuilder.build();
|
||||
ImmutableMultimap<String, Throwable> copyErrors = copyErrorsBuilder.build();
|
||||
if (!copyErrors.isEmpty()) {
|
||||
payload.append("The following errors were encountered:\n");
|
||||
payload.append(
|
||||
copyErrors.entrySet().stream()
|
||||
.map(
|
||||
entrySet ->
|
||||
String.format(
|
||||
"Registrar: %s\nError: %s\n",
|
||||
entrySet.getKey(), entrySet.getValue().getMessage()))
|
||||
.collect(Collectors.joining()));
|
||||
for (var registrarId : copyErrors.keySet()) {
|
||||
payload.append(
|
||||
String.format(
|
||||
"Registrar: %s\nError: %s\n",
|
||||
registrarId,
|
||||
copyErrors.get(registrarId).stream()
|
||||
.map(Throwable::getMessage)
|
||||
.collect(joining("\n\t"))));
|
||||
}
|
||||
}
|
||||
response.setPayload(payload.toString());
|
||||
emailUtils.sendAlertEmail(payload.toString());
|
||||
|
||||
@@ -14,7 +14,6 @@
|
||||
|
||||
package google.registry.tools;
|
||||
|
||||
|
||||
import com.beust.jcommander.Parameter;
|
||||
import com.beust.jcommander.Parameters;
|
||||
import com.google.common.collect.ImmutableMap;
|
||||
@@ -52,11 +51,6 @@ class LoadTestCommand extends ConfirmingCommand implements CommandWithConnection
|
||||
description = "Number of domains to create per second.")
|
||||
int successfulDomainCreates = 1;
|
||||
|
||||
@Parameter(
|
||||
names = {"--successful_contact_creates"},
|
||||
description = "Number of contact records to create per second.")
|
||||
int successfulContactCreates = 1;
|
||||
|
||||
@Parameter(
|
||||
names = {"--host_infos"},
|
||||
description = "Number of successful host:info commands to send per second.")
|
||||
@@ -67,11 +61,6 @@ class LoadTestCommand extends ConfirmingCommand implements CommandWithConnection
|
||||
description = "Number of successful domain:info commands to send per second.")
|
||||
int domainInfos = 1;
|
||||
|
||||
@Parameter(
|
||||
names = {"--contact_infos"},
|
||||
description = "Number of successful contact:info commands to send per second.")
|
||||
int contactInfos = 1;
|
||||
|
||||
@Parameter(
|
||||
names = {"--run_seconds"},
|
||||
description = "Time to run the load test in seconds.")
|
||||
@@ -120,10 +109,8 @@ class LoadTestCommand extends ConfirmingCommand implements CommandWithConnection
|
||||
.put("clientId", clientId)
|
||||
.put("successfulHostCreates", successfulHostCreates)
|
||||
.put("successfulDomainCreates", successfulDomainCreates)
|
||||
.put("successfulContactCreates", successfulContactCreates)
|
||||
.put("hostInfos", hostInfos)
|
||||
.put("domainInfos", domainInfos)
|
||||
.put("contactInfos", contactInfos)
|
||||
.put("runSeconds", runSeconds)
|
||||
.build();
|
||||
|
||||
|
||||
@@ -35,7 +35,6 @@ import com.google.common.collect.ImmutableList;
|
||||
import com.google.common.collect.ImmutableMap;
|
||||
import com.google.common.io.CharStreams;
|
||||
import com.google.common.net.MediaType;
|
||||
import com.google.re2j.Pattern;
|
||||
import google.registry.config.RegistryConfig.Config;
|
||||
import google.registry.request.Action.GaeService;
|
||||
import google.registry.request.Action.GkeService;
|
||||
@@ -56,9 +55,6 @@ import org.json.simple.JSONValue;
|
||||
*/
|
||||
public class ServiceConnection {
|
||||
|
||||
/** Pattern to heuristically extract title tag contents in HTML responses. */
|
||||
protected static final Pattern HTML_TITLE_TAG_PATTERN = Pattern.compile("<title>(.*?)</title>");
|
||||
|
||||
private final Service service;
|
||||
private final boolean useCanary;
|
||||
private final HttpRequestFactory requestFactory;
|
||||
|
||||
@@ -120,7 +120,7 @@ public class SecurityAction extends ConsoleApiAction {
|
||||
}
|
||||
}
|
||||
} catch (InsecureCertificateException e) {
|
||||
setFailedResponse("Invalid certificate in parameter", SC_BAD_REQUEST);
|
||||
setFailedResponse(e.getMessage(), SC_BAD_REQUEST);
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
@@ -178,21 +178,56 @@ class CopyDetailReportsActionTest {
|
||||
verify(emailUtils)
|
||||
.sendAlertEmail(
|
||||
"""
|
||||
Copied detail reports.
|
||||
The following errors were encountered:
|
||||
Registrar: TheRegistrar
|
||||
Error: java.io.IOException: expected
|
||||
""");
|
||||
Copied detail reports.
|
||||
The following errors were encountered:
|
||||
Registrar: TheRegistrar
|
||||
Error: java.io.IOException: expected
|
||||
""");
|
||||
assertThat(response.getStatus()).isEqualTo(SC_OK);
|
||||
assertThat(response.getContentType()).isEqualTo(MediaType.PLAIN_TEXT_UTF_8);
|
||||
assertThat(response.getPayload())
|
||||
.isEqualTo(
|
||||
"""
|
||||
Copied detail reports.
|
||||
The following errors were encountered:
|
||||
Registrar: TheRegistrar
|
||||
Error: java.io.IOException: expected
|
||||
""");
|
||||
Copied detail reports.
|
||||
The following errors were encountered:
|
||||
Registrar: TheRegistrar
|
||||
Error: java.io.IOException: expected
|
||||
""");
|
||||
}
|
||||
|
||||
@Test
|
||||
void testFail_tooManyFailures_one_registrar_sendsAlertEmail_continues() throws IOException {
|
||||
gcsUtils.createFromBytes(
|
||||
BlobId.of("test-bucket", "results/invoice_details_2017-10_TheRegistrar_hello.csv"),
|
||||
"hola,mundo\n3,4".getBytes(UTF_8));
|
||||
|
||||
gcsUtils.createFromBytes(
|
||||
BlobId.of("test-bucket", "results/invoice_details_2017-10_TheRegistrar_test.csv"),
|
||||
"hello,world\n1,2".getBytes(UTF_8));
|
||||
when(driveConnection.createOrUpdateFile(any(), any(), any(), any()))
|
||||
.thenThrow(new IOException("expected"));
|
||||
|
||||
action.run();
|
||||
verify(emailUtils)
|
||||
.sendAlertEmail(
|
||||
"""
|
||||
Copied detail reports.
|
||||
The following errors were encountered:
|
||||
Registrar: TheRegistrar
|
||||
Error: java.io.IOException: expected
|
||||
\tjava.io.IOException: expected
|
||||
""");
|
||||
assertThat(response.getStatus()).isEqualTo(SC_OK);
|
||||
assertThat(response.getContentType()).isEqualTo(MediaType.PLAIN_TEXT_UTF_8);
|
||||
assertThat(response.getPayload())
|
||||
.isEqualTo(
|
||||
"""
|
||||
Copied detail reports.
|
||||
The following errors were encountered:
|
||||
Registrar: TheRegistrar
|
||||
Error: java.io.IOException: expected
|
||||
\tjava.io.IOException: expected
|
||||
""");
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@@ -50,10 +50,8 @@ class LoadTestCommandTest extends CommandTestCase<LoadTestCommand> {
|
||||
.put("clientId", "acme")
|
||||
.put("successfulHostCreates", 1)
|
||||
.put("successfulDomainCreates", 1)
|
||||
.put("successfulContactCreates", 1)
|
||||
.put("hostInfos", 1)
|
||||
.put("domainInfos", 1)
|
||||
.put("contactInfos", 1)
|
||||
.put("runSeconds", 9200)
|
||||
.build();
|
||||
verify(connection)
|
||||
@@ -69,10 +67,8 @@ class LoadTestCommandTest extends CommandTestCase<LoadTestCommand> {
|
||||
"--client_id=NewRegistrar",
|
||||
"--successful_host_creates=10",
|
||||
"--successful_domain_creates=11",
|
||||
"--successful_contact_creates=12",
|
||||
"--host_infos=13",
|
||||
"--domain_infos=14",
|
||||
"--contact_infos=15",
|
||||
"--run_seconds=16");
|
||||
ImmutableMap<String, Object> params =
|
||||
new ImmutableMap.Builder<String, Object>()
|
||||
@@ -80,10 +76,8 @@ class LoadTestCommandTest extends CommandTestCase<LoadTestCommand> {
|
||||
.put("clientId", "NewRegistrar")
|
||||
.put("successfulHostCreates", 10)
|
||||
.put("successfulDomainCreates", 11)
|
||||
.put("successfulContactCreates", 12)
|
||||
.put("hostInfos", 13)
|
||||
.put("domainInfos", 14)
|
||||
.put("contactInfos", 15)
|
||||
.put("runSeconds", 16)
|
||||
.build();
|
||||
verify(connection)
|
||||
|
||||
@@ -20,6 +20,7 @@ import static google.registry.testing.DatabaseHelper.loadRegistrar;
|
||||
import static google.registry.testing.DatabaseHelper.loadSingleton;
|
||||
import static google.registry.testing.SqlHelper.saveRegistrar;
|
||||
import static google.registry.util.DateTimeUtils.START_OF_TIME;
|
||||
import static jakarta.servlet.http.HttpServletResponse.SC_BAD_REQUEST;
|
||||
import static jakarta.servlet.http.HttpServletResponse.SC_OK;
|
||||
import static org.mockito.Mockito.doReturn;
|
||||
import static org.mockito.Mockito.when;
|
||||
@@ -54,30 +55,52 @@ class SecurityActionTest extends ConsoleActionBaseTestCase {
|
||||
SAMPLE_CERT2);
|
||||
private Registrar testRegistrar;
|
||||
|
||||
private static final String VALIDITY_TOO_LONG_CERT_PEM =
|
||||
"-----BEGIN CERTIFICATE-----\n"
|
||||
+ "MIIDejCCAv+gAwIBAgIQHNcSEt4VENkSgtozEEoQLzAKBggqhkjOPQQDAzB8MQsw\n"
|
||||
+ "CQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0b24xGDAW\n"
|
||||
+ "BgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNvbSBSb290IENl\n"
|
||||
+ "cnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzAeFw0xOTAzMDcxOTQyNDJaFw0zNDAz\n"
|
||||
+ "MDMxOTQyNDJaMG8xCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4GA1UE\n"
|
||||
+ "BwwHSG91c3RvbjERMA8GA1UECgwIU1NMIENvcnAxKzApBgNVBAMMIlNTTC5jb20g\n"
|
||||
+ "U1NMIEludGVybWVkaWF0ZSBDQSBFQ0MgUjIwdjAQBgcqhkjOPQIBBgUrgQQAIgNi\n"
|
||||
+ "AASEOWn30uEYKDLFu4sCjFQ1VupFaeMtQjqVWyWSA7+KFljnsVaFQ2hgs4cQk1f/\n"
|
||||
+ "RQ2INSwdVCYU0i5qsbom20rigUhDh9dM/r6bEZ75eFE899kSCI14xqThYVLPdLEl\n"
|
||||
+ "+dyjggFRMIIBTTASBgNVHRMBAf8ECDAGAQH/AgEAMB8GA1UdIwQYMBaAFILRhXMw\n"
|
||||
+ "5zUE044CkvvlpNHEIejNMHgGCCsGAQUFBwEBBGwwajBGBggrBgEFBQcwAoY6aHR0\n"
|
||||
+ "cDovL3d3dy5zc2wuY29tL3JlcG9zaXRvcnkvU1NMY29tLVJvb3RDQS1FQ0MtMzg0\n"
|
||||
+ "LVIxLmNydDAgBggrBgEFBQcwAYYUaHR0cDovL29jc3BzLnNzbC5jb20wEQYDVR0g\n"
|
||||
+ "BAowCDAGBgRVHSAAMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATA7BgNV\n"
|
||||
+ "HR8ENDAyMDCgLqAshipodHRwOi8vY3Jscy5zc2wuY29tL3NzbC5jb20tZWNjLVJv\n"
|
||||
+ "b3RDQS5jcmwwHQYDVR0OBBYEFA10Zgpen+Is7NXCXSUEf3Uyuv99MA4GA1UdDwEB\n"
|
||||
+ "/wQEAwIBhjAKBggqhkjOPQQDAwNpADBmAjEAxYt6Ylk/N8Fch/3fgKYKwI5A011Q\n"
|
||||
+ "MKW0h3F9JW/NX/F7oYtWrxljheH8n2BrkDybAjEAlCxkLE0vQTYcFzrR24oogyw6\n"
|
||||
+ "VkgTm92+jiqJTO5SSA9QUa092S5cTKiHkH2cOM6m\n"
|
||||
+ "-----END CERTIFICATE-----";
|
||||
|
||||
private AuthenticatedRegistrarAccessor registrarAccessor =
|
||||
AuthenticatedRegistrarAccessor.createForTesting(
|
||||
ImmutableSetMultimap.of("registrarId", AuthenticatedRegistrarAccessor.Role.ADMIN));
|
||||
|
||||
private CertificateChecker certificateChecker =
|
||||
new CertificateChecker(
|
||||
ImmutableSortedMap.of(START_OF_TIME, 20825, DateTime.parse("2020-09-01T00:00:00Z"), 398),
|
||||
30,
|
||||
15,
|
||||
2048,
|
||||
ImmutableSet.of("secp256r1", "secp384r1"),
|
||||
clock);
|
||||
|
||||
@BeforeEach
|
||||
void beforeEach() {
|
||||
testRegistrar = saveRegistrar("registrarId");
|
||||
}
|
||||
|
||||
@Test
|
||||
void testSuccess_postRegistrarInfo() throws IOException {
|
||||
CertificateChecker lenientChecker =
|
||||
new CertificateChecker(
|
||||
ImmutableSortedMap.of(
|
||||
START_OF_TIME, 20825, DateTime.parse("2020-09-01T00:00:00Z"), 398),
|
||||
30,
|
||||
15,
|
||||
2048,
|
||||
ImmutableSet.of("secp256r1", "secp384r1"),
|
||||
clock);
|
||||
|
||||
clock.setTo(DateTime.parse("2020-11-01T00:00:00Z"));
|
||||
SecurityAction action =
|
||||
createAction(
|
||||
testRegistrar.getRegistrarId());
|
||||
SecurityAction action = createAction(testRegistrar.getRegistrarId(), lenientChecker);
|
||||
action.run();
|
||||
assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_OK);
|
||||
Registrar r = loadRegistrar(testRegistrar.getRegistrarId());
|
||||
@@ -90,9 +113,39 @@ class SecurityActionTest extends ConsoleActionBaseTestCase {
|
||||
assertThat(history.getDescription()).hasValue("registrarId|IP_CHANGE,PRIMARY_SSL_CERT_CHANGE");
|
||||
}
|
||||
|
||||
private SecurityAction createAction(String registrarId) throws IOException {
|
||||
@Test
|
||||
void testFailure_validityPeriodTooLong_returnsSpecificError() throws IOException {
|
||||
CertificateChecker strictChecker =
|
||||
new CertificateChecker(
|
||||
ImmutableSortedMap.of(START_OF_TIME, 398),
|
||||
30,
|
||||
15,
|
||||
2048,
|
||||
ImmutableSet.of("secp256r1", "secp384r1"),
|
||||
clock);
|
||||
|
||||
clock.setTo(DateTime.parse("2025-01-01T00:00:00Z"));
|
||||
String escapedCert = VALIDITY_TOO_LONG_CERT_PEM.replace("\n", "\\n");
|
||||
String jsonWithBadCert =
|
||||
String.format(
|
||||
"{\"registrarId\": \"registrarId\", \"clientCertificate\": \"%s\"}", escapedCert);
|
||||
|
||||
SecurityAction action =
|
||||
createAction(testRegistrar.getRegistrarId(), jsonWithBadCert, strictChecker);
|
||||
action.run();
|
||||
|
||||
String expectedError =
|
||||
"Certificate validity period is too long; it must be less than or equal to 398 days.";
|
||||
FakeResponse response = (FakeResponse) consoleApiParams.response();
|
||||
assertThat(response.getStatus()).isEqualTo(SC_BAD_REQUEST);
|
||||
assertThat(response.getPayload()).isEqualTo(expectedError);
|
||||
}
|
||||
|
||||
private SecurityAction createAction(
|
||||
String registrarId, String jsonBody, CertificateChecker certificateChecker)
|
||||
throws IOException {
|
||||
when(consoleApiParams.request().getMethod()).thenReturn(Action.Method.POST.toString());
|
||||
doReturn(new BufferedReader(new StringReader(jsonRegistrar1)))
|
||||
doReturn(new BufferedReader(new StringReader(jsonBody)))
|
||||
.when(consoleApiParams.request())
|
||||
.getReader();
|
||||
Optional<Registrar> maybeRegistrar =
|
||||
@@ -101,4 +154,9 @@ class SecurityActionTest extends ConsoleActionBaseTestCase {
|
||||
return new SecurityAction(
|
||||
consoleApiParams, certificateChecker, registrarAccessor, registrarId, maybeRegistrar);
|
||||
}
|
||||
|
||||
private SecurityAction createAction(String registrarId, CertificateChecker certificateChecker)
|
||||
throws IOException {
|
||||
return createAction(registrarId, jsonRegistrar1, certificateChecker);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -25,7 +25,7 @@ spec:
|
||||
value: /_dr/epptool
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /loadtest
|
||||
value: /_dr/loadtest
|
||||
backendRefs:
|
||||
- group: net.gke.io
|
||||
kind: ServiceImport
|
||||
@@ -58,7 +58,7 @@ spec:
|
||||
value: "true"
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /loadtest
|
||||
value: /_dr/loadtest
|
||||
headers:
|
||||
- name: "canary"
|
||||
value: "true"
|
||||
|
||||
@@ -25,8 +25,11 @@ spec:
|
||||
name: http
|
||||
resources:
|
||||
requests:
|
||||
cpu: "100m"
|
||||
memory: "512Mi"
|
||||
cpu: "500m"
|
||||
memory: "1Gi"
|
||||
limits:
|
||||
cpu: "1000m"
|
||||
memory: "1Gi"
|
||||
args: [ENVIRONMENT]
|
||||
env:
|
||||
- name: POD_ID
|
||||
@@ -61,7 +64,7 @@ spec:
|
||||
name: cpu
|
||||
target:
|
||||
type: Utilization
|
||||
averageUtilization: 100
|
||||
averageUtilization: 80
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
|
||||
@@ -41,7 +41,7 @@ spec:
|
||||
# class from performance, which has implicit pod-slots 1
|
||||
cloud.google.com/pod-slots: 0
|
||||
cpu: "500m"
|
||||
memory: "2Gi"
|
||||
memory: "1Gi"
|
||||
args: [ENVIRONMENT]
|
||||
env:
|
||||
- name: POD_ID
|
||||
@@ -76,7 +76,7 @@ spec:
|
||||
name: cpu
|
||||
target:
|
||||
type: Utilization
|
||||
averageUtilization: 100
|
||||
averageUtilization: 80
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
|
||||
@@ -25,8 +25,11 @@ spec:
|
||||
name: http
|
||||
resources:
|
||||
requests:
|
||||
cpu: "100m"
|
||||
cpu: "1000m"
|
||||
memory: "1Gi"
|
||||
limits:
|
||||
cpu: "1000m"
|
||||
memory: "2Gi"
|
||||
args: [ENVIRONMENT]
|
||||
env:
|
||||
- name: POD_ID
|
||||
@@ -50,7 +53,10 @@ spec:
|
||||
name: epp
|
||||
resources:
|
||||
requests:
|
||||
cpu: "100m"
|
||||
cpu: "1000m"
|
||||
memory: "512Mi"
|
||||
limits:
|
||||
cpu: "1000m"
|
||||
memory: "512Mi"
|
||||
args: [--env, PROXY_ENV, --log, --local]
|
||||
env:
|
||||
@@ -85,12 +91,12 @@ spec:
|
||||
minReplicas: 5
|
||||
maxReplicas: 20
|
||||
metrics:
|
||||
- type: Resource
|
||||
resource:
|
||||
name: cpu
|
||||
target:
|
||||
type: Utilization
|
||||
averageUtilization: 100
|
||||
- type: Resource
|
||||
resource:
|
||||
name: cpu
|
||||
target:
|
||||
type: Utilization
|
||||
averageUtilization: 80
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
|
||||
@@ -34,13 +34,13 @@ spec:
|
||||
# explicit pod-slots 0 is required in order to downgrade node
|
||||
# class from performance, which has implicit pod-slots 1
|
||||
cloud.google.com/pod-slots: 0
|
||||
cpu: "100m"
|
||||
cpu: "500m"
|
||||
memory: "1Gi"
|
||||
limits:
|
||||
# explicit pod-slots 0 is required in order to downgrade node
|
||||
# class from performance, which has implicit pod-slots 1
|
||||
cloud.google.com/pod-slots: 0
|
||||
cpu: "500m"
|
||||
cpu: "1000m"
|
||||
memory: "2Gi"
|
||||
args: [ENVIRONMENT]
|
||||
env:
|
||||
@@ -76,7 +76,7 @@ spec:
|
||||
name: cpu
|
||||
target:
|
||||
type: Utilization
|
||||
averageUtilization: 100
|
||||
averageUtilization: 80
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
|
||||
@@ -1,30 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
|
||||
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
|
||||
<command>
|
||||
<create>
|
||||
<contact:create
|
||||
xmlns:contact="urn:ietf:params:xml:ns:contact-1.0">
|
||||
<contact:id>@@RANDOM_CONTACT@@-@@CHANNEL_NUMBER@@</contact:id>
|
||||
<contact:postalInfo type="int">
|
||||
<contact:name>John Doe</contact:name>
|
||||
<contact:org>Example, Inc.</contact:org>
|
||||
<contact:addr>
|
||||
<contact:street>111 Example Street</contact:street>
|
||||
<contact:street></contact:street>
|
||||
<contact:city>Los Angeles</contact:city>
|
||||
<contact:sp>CA</contact:sp>
|
||||
<contact:pc>90210</contact:pc>
|
||||
<contact:cc>US</contact:cc>
|
||||
</contact:addr>
|
||||
</contact:postalInfo>
|
||||
<contact:voice>+1.2020202022</contact:voice>
|
||||
<contact:fax>+1.2022022022</contact:fax>
|
||||
<contact:email>test@email.com</contact:email>
|
||||
<contact:authInfo>
|
||||
<contact:pw>somepassword</contact:pw>
|
||||
</contact:authInfo>
|
||||
</contact:create>
|
||||
</create>
|
||||
<clTRID>epp-client-contact-create-@@NOW@@-@@CHANNEL_NUMBER@@</clTRID>
|
||||
</command>
|
||||
</epp>
|
||||
@@ -9,9 +9,6 @@
|
||||
<domain:ns>
|
||||
<domain:hostObj>ns1.domain.com</domain:hostObj>
|
||||
</domain:ns>
|
||||
<domain:registrant>@@RANDOM_CONTACT@@-@@CHANNEL_NUMBER@@</domain:registrant>
|
||||
<domain:contact type="admin">@@RANDOM_CONTACT@@-@@CHANNEL_NUMBER@@</domain:contact>
|
||||
<domain:contact type="tech">@@RANDOM_CONTACT@@-@@CHANNEL_NUMBER@@</domain:contact>
|
||||
<domain:authInfo>
|
||||
<domain:pw>somepassword</domain:pw>
|
||||
</domain:authInfo>
|
||||
|
||||
@@ -33,6 +33,7 @@ do
|
||||
--project "${project}" --zone "${parts[1]}"
|
||||
sed s/GCP_PROJECT/${project}/g "./kubernetes/proxy-deployment-${environment}.yaml" | \
|
||||
kubectl apply -f -
|
||||
kubectl apply -f "./kubernetes/proxy-limit-range.yaml" --force
|
||||
kubectl apply -f "./kubernetes/proxy-service.yaml" --force
|
||||
# Alpha does not have canary
|
||||
if [[ ${environment} != "alpha" ]]; then
|
||||
|
||||
14
proxy/kubernetes/proxy-limit-range.yaml
Normal file
14
proxy/kubernetes/proxy-limit-range.yaml
Normal file
@@ -0,0 +1,14 @@
|
||||
apiVersion: v1
|
||||
kind: LimitRange
|
||||
metadata:
|
||||
name: resource-limits
|
||||
namespace: default
|
||||
spec:
|
||||
limits:
|
||||
- type: Container
|
||||
default:
|
||||
cpu: "300m"
|
||||
memory: "512Mi"
|
||||
defaultRequest:
|
||||
cpu: "100m"
|
||||
memory: "350Mi"
|
||||
@@ -33,3 +33,10 @@ spec:
|
||||
name: proxy-deployment-canary
|
||||
maxReplicas: 10
|
||||
minReplicas: 1
|
||||
metrics:
|
||||
- type: Resource
|
||||
resource:
|
||||
name: cpu
|
||||
target:
|
||||
type: Utilization
|
||||
averageUtilization: 100
|
||||
|
||||
@@ -33,3 +33,11 @@ spec:
|
||||
name: proxy-deployment
|
||||
maxReplicas: 50
|
||||
minReplicas: 10
|
||||
metrics:
|
||||
- type: Resource
|
||||
resource:
|
||||
name: cpu
|
||||
target:
|
||||
type: Utilization
|
||||
averageUtilization: 100
|
||||
|
||||
|
||||
@@ -19,8 +19,11 @@ import static com.google.common.base.Preconditions.checkNotNull;
|
||||
import static google.registry.networking.handler.SslServerInitializer.CLIENT_CERTIFICATE_PROMISE_KEY;
|
||||
import static google.registry.proxy.handler.ProxyProtocolHandler.REMOTE_ADDRESS_KEY;
|
||||
import static google.registry.util.X509Utils.getCertificateHash;
|
||||
import static java.nio.charset.StandardCharsets.US_ASCII;
|
||||
|
||||
import com.google.common.base.Strings;
|
||||
import com.google.common.flogger.FluentLogger;
|
||||
import com.google.common.io.BaseEncoding;
|
||||
import google.registry.proxy.metric.FrontendMetrics;
|
||||
import google.registry.util.ProxyHttpHeaders;
|
||||
import io.netty.buffer.ByteBuf;
|
||||
@@ -36,7 +39,11 @@ import io.netty.handler.ssl.SslHandshakeCompletionEvent;
|
||||
import io.netty.util.AttributeKey;
|
||||
import io.netty.util.concurrent.Promise;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.util.Optional;
|
||||
import java.util.function.Supplier;
|
||||
import java.util.regex.Matcher;
|
||||
import java.util.regex.Pattern;
|
||||
import javax.annotation.Nullable;
|
||||
|
||||
/** Handler that processes EPP protocol logic. */
|
||||
public class EppServiceHandler extends HttpsRelayServiceHandler {
|
||||
@@ -57,6 +64,8 @@ public class EppServiceHandler extends HttpsRelayServiceHandler {
|
||||
private String sslClientCertificateHash;
|
||||
private String clientAddress;
|
||||
|
||||
private Optional<String> maybeRegistrarId = Optional.empty();
|
||||
|
||||
public EppServiceHandler(
|
||||
String relayHost,
|
||||
String relayPath,
|
||||
@@ -128,6 +137,9 @@ public class EppServiceHandler extends HttpsRelayServiceHandler {
|
||||
.set(ProxyHttpHeaders.FALLBACK_IP_ADDRESS, clientAddress)
|
||||
.set(HttpHeaderNames.CONTENT_TYPE, EPP_CONTENT_TYPE)
|
||||
.set(HttpHeaderNames.ACCEPT, EPP_CONTENT_TYPE);
|
||||
|
||||
maybeSetRegistrarIdHeader(request);
|
||||
|
||||
return request;
|
||||
}
|
||||
|
||||
@@ -142,4 +154,54 @@ public class EppServiceHandler extends HttpsRelayServiceHandler {
|
||||
}
|
||||
super.write(ctx, msg, promise);
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets and caches the Registrar-ID header on the request if the ID can be found.
|
||||
*
|
||||
* <p>This method first checks if the registrar ID has already been determined. If not, it
|
||||
* inspects the cookies for a "SESSION_INFO" cookie, from which it attempts to extract the
|
||||
* registrar ID.
|
||||
*
|
||||
* @param request The {@link FullHttpRequest} on which to potentially set the registrar ID header.
|
||||
* @see #extractRegistrarIdFromSessionInfo(String)
|
||||
*/
|
||||
private void maybeSetRegistrarIdHeader(FullHttpRequest request) {
|
||||
if (maybeRegistrarId.isEmpty()) {
|
||||
maybeRegistrarId =
|
||||
cookieStore.entrySet().stream()
|
||||
.map(e -> e.getValue())
|
||||
.filter(cookie -> "SESSION_INFO".equals(cookie.name()))
|
||||
.findFirst()
|
||||
.flatMap(cookie -> extractRegistrarIdFromSessionInfo(cookie.value()));
|
||||
}
|
||||
|
||||
if (maybeRegistrarId.isPresent() && !Strings.isNullOrEmpty(maybeRegistrarId.get())) {
|
||||
request.headers().set(ProxyHttpHeaders.REGISTRAR_ID, maybeRegistrarId.get());
|
||||
}
|
||||
}
|
||||
|
||||
/** Extracts the registrar ID from a Base64-encoded session info string. */
|
||||
private Optional<String> extractRegistrarIdFromSessionInfo(@Nullable String sessionInfo) {
|
||||
if (sessionInfo == null) {
|
||||
return Optional.empty();
|
||||
}
|
||||
|
||||
try {
|
||||
String decodedString = new String(BaseEncoding.base64Url().decode(sessionInfo), US_ASCII);
|
||||
Pattern pattern = Pattern.compile("clientId=([^,\\s]+)?");
|
||||
Matcher matcher = pattern.matcher(decodedString);
|
||||
|
||||
if (matcher.find()) {
|
||||
String maybeRegistrarIdMatch = matcher.group(1);
|
||||
if (!maybeRegistrarIdMatch.equals("null")) {
|
||||
return Optional.of(maybeRegistrarIdMatch);
|
||||
}
|
||||
}
|
||||
|
||||
} catch (Throwable e) {
|
||||
logger.atSevere().withCause(e).log("Failed to decode session info from Base64");
|
||||
}
|
||||
|
||||
return Optional.empty();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -70,7 +70,7 @@ public abstract class HttpsRelayServiceHandler extends ByteToMessageCodec<FullHt
|
||||
protected static final ImmutableSet<Class<? extends Exception>> NON_FATAL_OUTBOUND_EXCEPTIONS =
|
||||
ImmutableSet.of(NonOkHttpResponseException.class);
|
||||
|
||||
private final Map<String, Cookie> cookieStore = new LinkedHashMap<>();
|
||||
protected final Map<String, Cookie> cookieStore = new LinkedHashMap<>();
|
||||
private final String relayHost;
|
||||
private final String relayPath;
|
||||
private final boolean canary;
|
||||
|
||||
@@ -20,6 +20,7 @@ import static google.registry.proxy.TestUtils.assertHttpRequestEquivalent;
|
||||
import static google.registry.proxy.TestUtils.makeEppHttpResponse;
|
||||
import static google.registry.proxy.handler.ProxyProtocolHandler.REMOTE_ADDRESS_KEY;
|
||||
import static google.registry.util.X509Utils.getCertificateHash;
|
||||
import static java.nio.charset.StandardCharsets.US_ASCII;
|
||||
import static java.nio.charset.StandardCharsets.UTF_8;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
import static org.mockito.Mockito.mock;
|
||||
@@ -27,6 +28,7 @@ import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.verifyNoMoreInteractions;
|
||||
|
||||
import com.google.common.base.Throwables;
|
||||
import com.google.common.io.BaseEncoding;
|
||||
import google.registry.proxy.TestUtils;
|
||||
import google.registry.proxy.handler.HttpsRelayServiceHandler.NonOkHttpResponseException;
|
||||
import google.registry.proxy.metric.FrontendMetrics;
|
||||
@@ -357,4 +359,82 @@ class EppServiceHandlerTest {
|
||||
assertThat((Object) channel.readOutbound()).isNull();
|
||||
assertThat(channel.isActive()).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
void testSuccess_registrarIdHeader_isSetFromSessionInfoCookie() throws Exception {
|
||||
setHandshakeSuccess();
|
||||
channel.readInbound(); // Read and discard the initial hello request.
|
||||
|
||||
// Simulate a server response that sets the SESSION_INFO cookie.
|
||||
String registrarId = "TheRegistrar";
|
||||
String sessionInfoValue =
|
||||
BaseEncoding.base64Url()
|
||||
.encode(("alpha,clientId=" + registrarId + ",beta").getBytes(US_ASCII));
|
||||
Cookie sessionCookie = new DefaultCookie("SESSION_INFO", sessionInfoValue);
|
||||
channel.writeOutbound(
|
||||
makeEppHttpResponse("<epp>greeting</epp>", HttpResponseStatus.OK, sessionCookie));
|
||||
channel.readOutbound(); // Read and discard the response sent to the client.
|
||||
|
||||
// Simulate a subsequent client request and check for the registrar ID header.
|
||||
String clientRequestContent = "<epp>login</epp>";
|
||||
channel.writeInbound(Unpooled.wrappedBuffer(clientRequestContent.getBytes(UTF_8)));
|
||||
|
||||
FullHttpRequest relayedRequest = channel.readInbound();
|
||||
FullHttpRequest expectedRequest = makeEppHttpRequest(clientRequestContent, sessionCookie);
|
||||
expectedRequest.headers().set(ProxyHttpHeaders.REGISTRAR_ID, registrarId);
|
||||
|
||||
assertHttpRequestEquivalent(relayedRequest, expectedRequest);
|
||||
assertThat((Object) channel.readInbound()).isNull();
|
||||
assertThat(channel.isActive()).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
void testSuccess_registrarIdHeader_isNotSetWhenSessionInfoCookieIsMissing() throws Exception {
|
||||
setHandshakeSuccess();
|
||||
channel.readInbound(); // Read and discard the initial hello request.
|
||||
|
||||
// Simulate a server response that does NOT set the SESSION_INFO cookie.
|
||||
Cookie otherCookie = new DefaultCookie("some_other_cookie", "some_value");
|
||||
channel.writeOutbound(
|
||||
makeEppHttpResponse("<epp>greeting</epp>", HttpResponseStatus.OK, otherCookie));
|
||||
channel.readOutbound(); // Read and discard the response sent to the client.
|
||||
|
||||
// Simulate a subsequent client request and verify the header is absent.
|
||||
String clientRequestContent = "<epp>login</epp>";
|
||||
channel.writeInbound(Unpooled.wrappedBuffer(clientRequestContent.getBytes(UTF_8)));
|
||||
|
||||
FullHttpRequest relayedRequest = channel.readInbound();
|
||||
FullHttpRequest expectedRequest = makeEppHttpRequest(clientRequestContent, otherCookie);
|
||||
|
||||
assertHttpRequestEquivalent(relayedRequest, expectedRequest);
|
||||
assertThat(relayedRequest.headers().contains(ProxyHttpHeaders.REGISTRAR_ID)).isFalse();
|
||||
assertThat((Object) channel.readInbound()).isNull();
|
||||
assertThat(channel.isActive()).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
void testSuccess_registrarIdHeader_isNotSetWhenClientIdIsNull() throws Exception {
|
||||
setHandshakeSuccess();
|
||||
channel.readInbound(); // Read and discard the initial hello request.
|
||||
|
||||
// Simulate a server response with a SESSION_INFO cookie where clientId is "null".
|
||||
String sessionInfoValue =
|
||||
BaseEncoding.base64Url().encode("alpha,clientId=null,beta".getBytes(US_ASCII));
|
||||
Cookie sessionCookie = new DefaultCookie("SESSION_INFO", sessionInfoValue);
|
||||
channel.writeOutbound(
|
||||
makeEppHttpResponse("<epp>greeting</epp>", HttpResponseStatus.OK, sessionCookie));
|
||||
channel.readOutbound(); // Read and discard the response sent to the client.
|
||||
|
||||
// Simulate a subsequent client request and verify the header is absent.
|
||||
String clientRequestContent = "<epp>login</epp>";
|
||||
channel.writeInbound(Unpooled.wrappedBuffer(clientRequestContent.getBytes(UTF_8)));
|
||||
|
||||
FullHttpRequest relayedRequest = channel.readInbound();
|
||||
FullHttpRequest expectedRequest = makeEppHttpRequest(clientRequestContent, sessionCookie);
|
||||
|
||||
assertHttpRequestEquivalent(relayedRequest, expectedRequest);
|
||||
assertThat(relayedRequest.headers().contains(ProxyHttpHeaders.REGISTRAR_ID)).isFalse();
|
||||
assertThat((Object) channel.readInbound()).isNull();
|
||||
assertThat(channel.isActive()).isTrue();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -30,6 +30,9 @@ public final class ProxyHttpHeaders {
|
||||
/** HTTP header name used to pass the client IP address from the proxy to Nomulus. */
|
||||
public static final String IP_ADDRESS = "Nomulus-Client-Address";
|
||||
|
||||
/** HTTP header name used to pass the Registrar Id from the proxy to Nomulus. */
|
||||
public static final String REGISTRAR_ID = "Nomulus-Registrar-Id";
|
||||
|
||||
/**
|
||||
* Fallback HTTP header name used to pass the client IP address from the proxy to Nomulus.
|
||||
*
|
||||
|
||||
Reference in New Issue
Block a user