Bump ip from 2.0.0 to 2.0.1 in /console-webapp (#2331)

Bumps [ip](https://github.com/indutny/node-ip) from 2.0.0 to 2.0.1.
- [Commits](https://github.com/indutny/node-ip/compare/v2.0.0...v2.0.1)

---
updated-dependencies:
- dependency-name: ip
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/workflows/codeql.yml

@@ -33,7 +33,7 @@ jobs:
       uses: actions/setup-java@v3
       with:
         distribution: 'temurin'
-        java-version: '11'
+        java-version: '17'
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.gitignore

@@ -117,3 +117,6 @@ core/**/registrar_dbg*.css
 # Appengine generated files
 core/WEB-INF/appengine-generated/*.bin
 core/WEB-INF/appengine-generated/*.xml
+
+# jEnv
+.java-version

.java-version

@@ -0,0 +1 @@
+17

build.gradle

@@ -61,7 +61,7 @@ dependencyLocking {
 
 node {
   download = false
-  version = "16.19.0"
+  version = "20.10.0"
 }
 
 wrapper {
@@ -211,6 +211,30 @@ allprojects {
         options.fork = true
         options.forkOptions.executable =
           file("${System.env.JAVA_HOME}/bin/javac")
+        options.compilerArgs = ["--add-exports",
+                                "jdk.compiler/com.sun.tools.javac.main=ALL-UNNAMED",
+                                "--add-exports",
+                                "jdk.compiler/com.sun.tools.javac.comp=ALL-UNNAMED",
+                                "--add-exports",
+                                "jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED",
+                                "--add-exports",
+                                "jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED",
+                                "--add-exports",
+                                "jdk.compiler/com.sun.tools.javac.code=ALL-UNNAMED",
+                                "--add-exports",
+                                "jdk.compiler/com.sun.tools.javac.processing=ALL-UNNAMED",
+                                "--add-exports",
+                                "jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED",
+                                "--add-exports",
+                                "jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED"]
+        options.forkOptions.jvmArgs = ["-J--add-exports=jdk.compiler/com.sun.tools.javac.main=ALL-UNNAMED",
+                                       "-J--add-exports=jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED",
+                                       "-J--add-exports=jdk.compiler/com.sun.tools.javac.comp=ALL-UNNAMED",
+                                       "-J--add-exports=jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED",
+                                       "-J--add-exports=jdk.compiler/com.sun.tools.javac.code=ALL-UNNAMED",
+                                       "-J--add-exports=jdk.compiler/com.sun.tools.javac.processing=ALL-UNNAMED",
+                                       "-J--add-exports=jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED",
+                                       "-J--add-exports=jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED"]
       }
     }
   }
@@ -358,16 +382,12 @@ subprojects {
 
   apply from: "${rootDir.path}/java_common.gradle"
 
-  if (!rootProject.enableCrossReferencing.toBoolean()) {
-    compileJava {
-      // TODO: Remove this once we migrate off of AppEngine.
-      options.release = 8
-    }
-    compileTestJava {
-      // TODO: Remove this once we migrate off of AppEngine.
-      options.release = 8
-    }
-  }
+  // When changing Java version here, be sure to update BEAM Java runtime:
+  // search for `flex-template-base-image` and update the parameter value.
+  // There are at least two instances, one in core/build.gradle, one in
+  // release/stage_beam_pipeline.sh
+  sourceCompatibility = JavaVersion.VERSION_17
+  targetCompatibility = JavaVersion.VERSION_17
 
   project.tasks.test.dependsOn runPresubmits
 
@@ -479,10 +499,14 @@ def createGetBuildSrcDirectDepsTask(outputFileName) {
 
 rootProject.ext {
   invokeJavaDiffFormatScript = { action ->
-    println("JAVA_HOME=${System.env.JAVA_HOME}")
-    println("PATH=${System.env.PATH}")
-    println(ext.execInBash("type java", "${rootDir}"))
-    println(ext.execInBash("java -version", "${rootDir}"))
+    def javaHome = project.findProperty('org.gradle.java.home')
+    def javaBin
+    if (javaHome != null) {
+      javaBin = "$javaHome/bin/java"
+    } else {
+      javaBin = ext.execInBash("which java", rootDir)
+    }
+    println("Running the formatting tool with $javaBin")
     def scriptDir = rootDir.path.endsWith('buildSrc')
             ? "${rootDir}/../java-format"
             : "${rootDir}/java-format"
@@ -493,7 +517,7 @@ rootProject.ext {
     def pythonExe = getPythonExecutable()
 
     return ext.execInBash(
-        "PYTHON=${pythonExe} ${formatDiffScript} ${action}", "${workingDir}")
+        "JAVA=${javaBin} PYTHON=${pythonExe} ${formatDiffScript} ${action}", "${workingDir}")
   }
 }
 

config/presubmits.py

@@ -87,7 +87,7 @@ PRESUBMITS = {
     PresubmitCheck(
         r".*Copyright 20\d{2} The Nomulus Authors\. All Rights Reserved\.",
         ("java", "js", "soy", "sql", "py", "sh", "gradle", "ts"), {
-            ".git", "/build/", "/generated/", "/generated_tests/",
+            ".git", "/build/", "/bin/generated-sources/", "/bin/generated-test-sources/",
             "node_modules/", "LoggerConfig.java", "registrar_bin.",
             "registrar_dbg.", "google-java-format-diff.py",
             "nomulus.golden.sql", "soyutils_usegoog.js", "javascript/checks.js"

console-webapp/.eslintrc.json

@@ -31,7 +31,10 @@
             "style": "kebab-case"
           }
         ],
-        "eol-last": ["error", "always"]
+        "eol-last": [
+          "error",
+          "always"
+        ]
       }
     },
     {

console-webapp/package.json

@@ -16,35 +16,35 @@
   },
   "private": true,
   "dependencies": {
-    "@angular/animations": "^15.2.2",
-    "@angular/cdk": "^15.2.2",
-    "@angular/common": "^15.2.2",
-    "@angular/compiler": "^15.2.2",
-    "@angular/core": "^15.2.2",
-    "@angular/forms": "^15.2.2",
-    "@angular/material": "^15.2.2",
-    "@angular/platform-browser": "^15.2.2",
-    "@angular/platform-browser-dynamic": "^15.2.2",
-    "@angular/router": "^15.2.2",
+    "@angular/animations": "^17.0.7",
+    "@angular/cdk": "^17.0.4",
+    "@angular/common": "^17.0.7",
+    "@angular/compiler": "^17.0.7",
+    "@angular/core": "^17.0.7",
+    "@angular/forms": "^17.0.7",
+    "@angular/material": "^17.0.4",
+    "@angular/platform-browser": "^17.0.7",
+    "@angular/platform-browser-dynamic": "^17.0.7",
+    "@angular/router": "^17.0.7",
     "rxjs": "~7.5.0",
     "tslib": "^2.3.0",
-    "zone.js": "~0.11.4"
+    "zone.js": "~0.14.2"
   },
   "devDependencies": {
-    "@angular-devkit/build-angular": "^15.2.4",
-    "@angular-eslint/builder": "15.2.1",
-    "@angular-eslint/eslint-plugin": "15.2.1",
-    "@angular-eslint/eslint-plugin-template": "15.2.1",
-    "@angular-eslint/schematics": "15.2.1",
-    "@angular-eslint/template-parser": "15.2.1",
-    "@angular/cli": "~15.2.4",
-    "@angular/compiler-cli": "^15.2.2",
+    "@angular-devkit/build-angular": "^17.0.7",
+    "@angular-eslint/builder": "17.1.1",
+    "@angular-eslint/eslint-plugin": "17.1.1",
+    "@angular-eslint/eslint-plugin-template": "17.1.1",
+    "@angular-eslint/schematics": "17.1.1",
+    "@angular-eslint/template-parser": "17.1.1",
+    "@angular/cli": "~17.0.7",
+    "@angular/compiler-cli": "^17.0.7",
     "@types/jasmine": "~4.0.0",
     "@types/node": "^18.11.18",
-    "@typescript-eslint/eslint-plugin": "5.48.2",
-    "@typescript-eslint/parser": "5.48.2",
+    "@typescript-eslint/eslint-plugin": "^5.59.2",
+    "@typescript-eslint/parser": "^5.59.2",
     "concurrently": "^7.6.0",
-    "eslint": "^8.33.0",
+    "eslint": "^8.39.0",
     "jasmine-core": "~4.3.0",
     "karma": "~6.4.0",
     "karma-chrome-launcher": "~3.1.0",
@@ -52,6 +52,6 @@
     "karma-jasmine": "~5.1.0",
     "karma-jasmine-html-reporter": "~2.0.0",
     "prettier": "2.8.7",
-    "typescript": "~4.9.4"
+    "typescript": "~5.2.2"
   }
-}
+}

console-webapp/src/app/app.component.spec.ts

@@ -17,11 +17,19 @@ import { RouterTestingModule } from '@angular/router/testing';
 import { AppComponent } from './app.component';
 import { BrowserAnimationsModule } from '@angular/platform-browser/animations';
 import { MaterialModule } from './material.module';
+import { HttpClientTestingModule } from '@angular/common/http/testing';
+import { BackendService } from './shared/services/backend.service';
 
 describe('AppComponent', () => {
   beforeEach(async () => {
     await TestBed.configureTestingModule({
-      imports: [RouterTestingModule, MaterialModule, BrowserAnimationsModule],
+      imports: [
+        HttpClientTestingModule,
+        RouterTestingModule,
+        MaterialModule,
+        BrowserAnimationsModule,
+      ],
+      providers: [BackendService],
       declarations: [AppComponent],
     }).compileComponents();
   });

console-webapp/src/app/app.component.ts

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-import { AfterViewInit, Component, ViewChild } from '@angular/core';
+import { AfterViewInit, Component, ViewChild, effect } from '@angular/core';
 import { RegistrarService } from './registrar/registrar.service';
 import { UserDataService } from './shared/services/userData.service';
 import { GlobalLoaderService } from './shared/services/globalLoader.service';
@@ -36,11 +36,13 @@ export class AppComponent implements AfterViewInit {
     protected globalLoader: GlobalLoaderService,
     protected router: Router
   ) {
-    registrarService.activeRegistrarIdChange.subscribe(() => {
-      this.renderRouter = false;
-      setTimeout(() => {
-        this.renderRouter = true;
-      }, 400);
+    effect(() => {
+      if (registrarService.registrarId()) {
+        this.renderRouter = false;
+        setTimeout(() => {
+          this.renderRouter = true;
+        }, 400);
+      }
     });
   }
 

console-webapp/src/app/domains/domainList.component.spec.ts

@@ -15,6 +15,10 @@
 import { ComponentFixture, TestBed } from '@angular/core/testing';
 
 import { DomainListComponent } from './domainList.component';
+import { HttpClientTestingModule } from '@angular/common/http/testing';
+import { MaterialModule } from '../material.module';
+import { BackendService } from '../shared/services/backend.service';
+import { BrowserAnimationsModule } from '@angular/platform-browser/animations';
 
 describe('DomainListComponent', () => {
   let component: DomainListComponent;
@@ -23,6 +27,12 @@ describe('DomainListComponent', () => {
   beforeEach(async () => {
     await TestBed.configureTestingModule({
       declarations: [DomainListComponent],
+      imports: [
+        HttpClientTestingModule,
+        MaterialModule,
+        BrowserAnimationsModule,
+      ],
+      providers: [BackendService],
     }).compileComponents();
 
     fixture = TestBed.createComponent(DomainListComponent);

console-webapp/src/app/domains/domainList.service.ts

@@ -52,7 +52,7 @@ export class DomainListService {
   ) {
     return this.backendService
       .getDomains(
-        this.registrarService.activeRegistrarId,
+        this.registrarService.registrarId(),
         this.checkpointTime,
         pageNumber,
         resultsPerPage,

console-webapp/src/app/header/header.component.scss

@@ -18,6 +18,8 @@
     text-decoration: none;
   }
   &__header {
+    margin-top: 0;
+    margin-bottom: 10px;
     @media (max-width: 599px) {
       .mat-toolbar {
         padding: 0;

console-webapp/src/app/home/widgets/billingWidget.component.ts

@@ -23,8 +23,10 @@ export class BillingWidgetComponent {
   constructor(public registrarService: RegistrarService) {}
 
   public get driveFolderUrl(): string {
-    if (this.registrarService?.registrar.driveFolderId) {
-      return `https://drive.google.com/drive/folders/${this.registrarService?.registrar.driveFolderId}`;
+    if (this.registrarService.registrar()?.driveFolderId) {
+      return `https://drive.google.com/drive/folders/${
+        this.registrarService.registrar()?.driveFolderId
+      }`;
     }
     return '';
   }

console-webapp/src/app/registrar/emptyRegistrar.component.ts

@@ -12,9 +12,8 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-import { Component } from '@angular/core';
+import { Component, effect } from '@angular/core';
 import { ActivatedRoute, Router } from '@angular/router';
-import { Subscription } from 'rxjs';
 
 import { RegistrarService } from './registrar.service';
 
@@ -24,22 +23,15 @@ import { RegistrarService } from './registrar.service';
   styleUrls: ['./emptyRegistrar.component.scss'],
 })
 export class EmptyRegistrar {
-  private registrarIdChangeSubscription?: Subscription;
-
   constructor(
     private route: ActivatedRoute,
     protected registrarService: RegistrarService,
     private router: Router
   ) {
-    this.registrarIdChangeSubscription =
-      registrarService.activeRegistrarIdChange.subscribe((newRegistrarId) => {
-        if (newRegistrarId) {
-          this.router.navigate([this.route.snapshot.paramMap.get('nextUrl')]);
-        }
-      });
-  }
-
-  ngOnDestroy() {
-    this.registrarIdChangeSubscription?.unsubscribe();
+    effect(() => {
+      if (registrarService.registrarId()) {
+        this.router.navigate([this.route.snapshot.paramMap.get('nextUrl')]);
+      }
+    });
   }
 }

console-webapp/src/app/registrar/registrar.guard.spec.ts

@@ -15,18 +15,23 @@
 import { TestBed } from '@angular/core/testing';
 
 import { RegistrarGuard } from './registrar.guard';
-import { Router, RouterStateSnapshot } from '@angular/router';
+import {
+  ActivatedRouteSnapshot,
+  Router,
+  RouterStateSnapshot,
+} from '@angular/router';
 import { RegistrarService } from './registrar.service';
 
 describe('RegistrarGuard', () => {
   let guard: RegistrarGuard;
   let dummyRegistrarService: RegistrarService;
   let routeSpy: Router;
-  let dummyRoute: RouterStateSnapshot = {} as RouterStateSnapshot;
+  let dummyRoute: RouterStateSnapshot;
 
   beforeEach(() => {
     routeSpy = jasmine.createSpyObj<Router>('Router', ['navigate']);
     dummyRegistrarService = { activeRegistrarId: '' } as RegistrarService;
+    dummyRoute = { url: '/value' } as RouterStateSnapshot;
 
     TestBed.configureTestingModule({
       providers: [
@@ -39,7 +44,7 @@ describe('RegistrarGuard', () => {
 
   it('should not be able to activate when activeRegistrarId is empty', () => {
     guard = TestBed.inject(RegistrarGuard);
-    const res = guard.canActivate();
+    const res = guard.canActivate(new ActivatedRouteSnapshot(), dummyRoute);
     expect(res).toBeFalsy();
   });
 
@@ -48,17 +53,16 @@ describe('RegistrarGuard', () => {
       useValue: { activeRegistrarId: 'value' },
     });
     guard = TestBed.inject(RegistrarGuard);
-    const res = guard.canActivate();
+    const res = guard.canActivate(new ActivatedRouteSnapshot(), dummyRoute);
     expect(res).toBeTrue();
   });
 
-  it('should navigate to registrars when activeRegistrarId is empty', () => {
-    const dummyRoute = { url: '/value' } as RouterStateSnapshot;
+  it('should navigate to empty-registrar screen when activeRegistrarId is empty', () => {
     guard = TestBed.inject(RegistrarGuard);
-    guard.canActivate();
+    guard.canActivate(new ActivatedRouteSnapshot(), dummyRoute);
     expect(routeSpy.navigate).toHaveBeenCalledOnceWith([
-      '/registrars',
-      { nextUrl: '/value' },
+      '/empty-registrar',
+      { nextUrl: dummyRoute.url },
     ]);
   });
 });

console-webapp/src/app/registrar/registrar.guard.ts

@@ -34,7 +34,7 @@ export class RegistrarGuard {
     _: ActivatedRouteSnapshot,
     state: RouterStateSnapshot
   ): Promise<boolean> | boolean {
-    if (this.registrarService.activeRegistrarId) {
+    if (this.registrarService.registrarId()) {
       return true;
     }
     return this.router.navigate([

console-webapp/src/app/registrar/registrar.service.spec.ts

@@ -17,6 +17,7 @@ import { TestBed } from '@angular/core/testing';
 import { RegistrarService } from './registrar.service';
 import { BackendService } from '../shared/services/backend.service';
 import { HttpClientTestingModule } from '@angular/common/http/testing';
+import { MatSnackBar } from '@angular/material/snack-bar';
 
 describe('RegistrarService', () => {
   let service: RegistrarService;
@@ -24,7 +25,7 @@ describe('RegistrarService', () => {
   beforeEach(() => {
     TestBed.configureTestingModule({
       imports: [HttpClientTestingModule],
-      providers: [BackendService],
+      providers: [BackendService, MatSnackBar],
     });
     service = TestBed.inject(RegistrarService);
   });

console-webapp/src/app/registrar/registrar.service.ts

@@ -12,8 +12,8 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-import { Injectable } from '@angular/core';
-import { Observable, Subject, tap } from 'rxjs';
+import { Injectable, computed, signal } from '@angular/core';
+import { Observable, tap } from 'rxjs';
 
 import { BackendService } from '../shared/services/backend.service';
 import {
@@ -52,9 +52,11 @@ export interface Registrar {
   providedIn: 'root',
 })
 export class RegistrarService implements GlobalLoader {
-  activeRegistrarId: string = '';
-  registrars: Registrar[] = [];
-  activeRegistrarIdChange: Subject<string> = new Subject<string>();
+  registrarId = signal<string>('');
+  registrars = signal<Registrar[]>([]);
+  registrar = computed<Registrar | undefined>(() =>
+    this.registrars().find((r) => r.registrarId === this.registrarId())
+  );
 
   constructor(
     private backend: BackendService,
@@ -67,22 +69,15 @@ export class RegistrarService implements GlobalLoader {
     this.globalLoader.startGlobalLoader(this);
   }
 
-  public get registrar(): Registrar {
-    return this.registrars.filter(
-      (r) => r.registrarId === this.activeRegistrarId
-    )[0];
-  }
-
   public updateSelectedRegistrar(registrarId: string) {
-    this.activeRegistrarId = registrarId;
-    this.activeRegistrarIdChange.next(registrarId);
+    this.registrarId.set(registrarId);
   }
 
   public loadRegistrars(): Observable<Registrar[]> {
     return this.backend.getRegistrars().pipe(
       tap((registrars) => {
         if (registrars) {
-          this.registrars = registrars;
+          this.registrars.set(registrars);
         }
       })
     );

console-webapp/src/app/registrar/registrarSelector.component.html

@@ -5,20 +5,20 @@
     routerLinkActive="active"
     *ngIf="isMobile; else desktop"
   >
-    {{ registrarService.activeRegistrarId || "Select registrar" }}
+    {{ registrarService.registrarId() || "Select registrar" }}
     <mat-icon>open_in_new</mat-icon>
   </button>
   <ng-template #desktop>
     <mat-form-field class="mat-form-field-density-5" appearance="fill">
       <mat-label>Registrar</mat-label>
       <mat-select
-        [ngModel]="registrarService.activeRegistrarId"
+        [ngModel]="registrarService.registrarId()"
         (selectionChange)="
           registrarService.updateSelectedRegistrar($event.value)
         "
       >
         <mat-option
-          *ngFor="let registrar of registrarService.registrars"
+          *ngFor="let registrar of registrarService.registrars()"
           [value]="registrar.registrarId"
         >
           {{ registrar.registrarId }}

console-webapp/src/app/registrar/registrarSelector.component.spec.ts

@@ -15,6 +15,10 @@
 import { ComponentFixture, TestBed } from '@angular/core/testing';
 
 import { RegistrarSelectorComponent } from './registrarSelector.component';
+import { HttpClientTestingModule } from '@angular/common/http/testing';
+import { MaterialModule } from '../material.module';
+import { BackendService } from '../shared/services/backend.service';
+import { BrowserAnimationsModule } from '@angular/platform-browser/animations';
 
 describe('RegistrarSelectorComponent', () => {
   let component: RegistrarSelectorComponent;
@@ -22,6 +26,12 @@ describe('RegistrarSelectorComponent', () => {
 
   beforeEach(async () => {
     await TestBed.configureTestingModule({
+      imports: [
+        HttpClientTestingModule,
+        MaterialModule,
+        BrowserAnimationsModule,
+      ],
+      providers: [BackendService],
       declarations: [RegistrarSelectorComponent],
     }).compileComponents();
 

console-webapp/src/app/registrar/registrarsTable.component.ts

@@ -87,7 +87,7 @@ export class RegistrarComponent {
 
   constructor(protected registrarService: RegistrarService) {
     this.dataSource = new MatTableDataSource<Registrar>(
-      registrarService.registrars
+      registrarService.registrars()
     );
   }
 

console-webapp/src/app/settings/contact/contact.component.html

@@ -1,41 +1,41 @@
-<div *ngIf="loading" class="contact__loading">
+@if (loading) {
+<div class="contact__loading">
   <mat-progress-bar mode="indeterminate"></mat-progress-bar>
 </div>
-<div *ngIf="!loading">
-  <div
-    class="contact__empty-contacts"
-    *ngIf="contactService.contacts.length === 0"
-  >
+} @else {
+<div>
+  @if (contactService.contacts().length === 0) {
+  <div class="contact__empty-contacts">
     <mat-icon class="contact__empty-contacts-icon secondary-text"
       >apps_outage</mat-icon
     >
     <h1>No contacts found</h1>
   </div>
-  <div *ngFor="let group of groupedData">
-    <div class="contact__cards-wrapper" *ngIf="group.contacts.length">
-      <h3>{{ group.label }}s</h3>
-      <mat-divider></mat-divider>
-      <div class="contact__cards">
-        <mat-card class="contact__card" *ngFor="let contact of group.contacts">
-          <mat-card-title>{{ contact.name }}</mat-card-title>
-          <p *ngIf="contact.phoneNumber">{{ contact.phoneNumber }}</p>
-          <p *ngIf="contact.emailAddress">{{ contact.emailAddress }}</p>
-          <mat-card-actions class="contact__card-actions">
-            <button
-              mat-button
-              color="primary"
-              (click)="openDetails($event, contact)"
-            >
-              <mat-icon>edit</mat-icon>Edit
-            </button>
-            <button mat-button color="accent" (click)="deleteContact(contact)">
-              <mat-icon>delete</mat-icon>Delete
-            </button>
-          </mat-card-actions>
-        </mat-card>
-      </div>
+  } @else { @for (group of groupedContacts(); track group.emailAddress) {
+  <div class="contact__cards-wrapper">
+    <h3>{{ group.label }}s</h3>
+    <mat-divider></mat-divider>
+    <div class="contact__cards">
+      <mat-card class="contact__card" *ngFor="let contact of group.contacts">
+        <mat-card-title>{{ contact.name }}</mat-card-title>
+        <p *ngIf="contact.phoneNumber">{{ contact.phoneNumber }}</p>
+        <p *ngIf="contact.emailAddress">{{ contact.emailAddress }}</p>
+        <mat-card-actions class="contact__card-actions">
+          <button
+            mat-button
+            color="primary"
+            (click)="openDetails($event, contact)"
+          >
+            <mat-icon>edit</mat-icon>Edit
+          </button>
+          <button mat-button color="accent" (click)="deleteContact(contact)">
+            <mat-icon>delete</mat-icon>Delete
+          </button>
+        </mat-card-actions>
+      </mat-card>
     </div>
   </div>
+  } }
   <div class="contact__actions">
     <button mat-raised-button color="primary" (click)="openCreateNew($event)">
       <mat-icon>add</mat-icon>Create a Contact
@@ -45,3 +45,4 @@
     #contactDetailsWrapper
   ></app-dialog-bottom-sheet-wrapper>
 </div>
+}

console-webapp/src/app/settings/contact/contact.component.ts

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-import { Component, ViewChild } from '@angular/core';
+import { Component, ViewChild, computed } from '@angular/core';
 import { Contact, ContactService } from './contact.service';
 import { HttpErrorResponse } from '@angular/common/http';
 import { MatSnackBar } from '@angular/material/snack-bar';
@@ -70,9 +70,9 @@ export class ContactDetailsDialogComponent implements DialogBottomSheetContent {
 
   init(params: ContactDetailsParams) {
     this.params = params;
-    this.contactIndex = this.contactService.contacts.findIndex(
-      (c) => c === params.data.contact
-    );
+    this.contactIndex = this.contactService
+      .contacts()
+      .findIndex((c) => c === params.data.contact);
     this.contact = JSON.parse(JSON.stringify(params.data.contact));
   }
 
@@ -115,6 +115,16 @@ export class ContactDetailsDialogComponent implements DialogBottomSheetContent {
 })
 export default class ContactComponent {
   public static PATH = 'contact';
+  public groupedContacts = computed(() => {
+    return this.contactService.contacts().reduce((acc, contact) => {
+      contact.types.forEach((contactType) => {
+        acc
+          .find((group: GroupedContacts) => group.value === contactType)
+          ?.contacts.push(contact);
+      });
+      return acc;
+    }, JSON.parse(JSON.stringify(contactTypes)));
+  });
 
   @ViewChild('contactDetailsWrapper')
   detailsComponentWrapper!: DialogBottomSheetWrapper;
@@ -131,17 +141,6 @@ export default class ContactComponent {
     });
   }
 
-  public get groupedData() {
-    return this.contactService.contacts?.reduce((acc, contact) => {
-      contact.types.forEach((type) => {
-        acc
-          .find((group: GroupedContacts) => group.value === type)
-          ?.contacts.push(contact);
-      });
-      return acc;
-    }, JSON.parse(JSON.stringify(contactTypes)));
-  }
-
   deleteContact(contact: Contact) {
     if (confirm(`Please confirm contact ${contact.name} delete`)) {
       this.contactService.deleteContact(contact).subscribe({

console-webapp/src/app/settings/contact/contact.service.ts

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-import { Injectable } from '@angular/core';
+import { Injectable, signal } from '@angular/core';
 import { Observable, tap } from 'rxjs';
 import { RegistrarService } from 'src/app/registrar/registrar.service';
 import { BackendService } from 'src/app/shared/services/backend.service';
@@ -33,7 +33,7 @@ export interface Contact {
   providedIn: 'root',
 })
 export class ContactService {
-  contacts: Contact[] = [];
+  contacts = signal<Contact[]>([]);
 
   constructor(
     private backend: BackendService,
@@ -42,39 +42,37 @@ export class ContactService {
 
   // TODO: Come up with a better handling for registrarId
   fetchContacts(): Observable<Contact[]> {
-    return this.backend
-      .getContacts(this.registrarService.activeRegistrarId)
-      .pipe(
-        tap((contacts = []) => {
-          this.contacts = contacts;
-        })
-      );
+    return this.backend.getContacts(this.registrarService.registrarId()).pipe(
+      tap((contacts = []) => {
+        this.contacts.set(contacts);
+      })
+    );
   }
 
   saveContacts(contacts: Contact[]): Observable<Contact[]> {
     return this.backend
-      .postContacts(this.registrarService.activeRegistrarId, contacts)
+      .postContacts(this.registrarService.registrarId(), contacts)
       .pipe(
         tap((_) => {
-          this.contacts = contacts;
+          this.contacts.set(contacts);
         })
       );
   }
 
   updateContact(index: number, contact: Contact) {
-    const newContacts = this.contacts.map((c, i) =>
+    const newContacts = this.contacts().map((c, i) =>
       i === index ? contact : c
     );
     return this.saveContacts(newContacts);
   }
 
   addContact(contact: Contact) {
-    const newContacts = this.contacts.concat([contact]);
+    const newContacts = this.contacts().concat([contact]);
     return this.saveContacts(newContacts);
   }
 
   deleteContact(contact: Contact) {
-    const newContacts = this.contacts.filter((c) => c !== contact);
+    const newContacts = this.contacts().filter((c) => c !== contact);
     return this.saveContacts(newContacts);
   }
 }

console-webapp/src/app/settings/security/security.component.spec.ts

@@ -15,19 +15,24 @@
 import { ComponentFixture, TestBed, waitForAsync } from '@angular/core/testing';
 
 import SecurityComponent from './security.component';
-import { SecurityService } from './security.service';
+import { SecurityService, apiToUiConverter } from './security.service';
 import { BackendService } from 'src/app/shared/services/backend.service';
 import { HttpClientTestingModule } from '@angular/common/http/testing';
 import { MaterialModule } from 'src/app/material.module';
 import { BrowserAnimationsModule } from '@angular/platform-browser/animations';
 import { of } from 'rxjs';
 import { FormsModule } from '@angular/forms';
+import {
+  Registrar,
+  RegistrarService,
+} from 'src/app/registrar/registrar.service';
 
 describe('SecurityComponent', () => {
   let component: SecurityComponent;
   let fixture: ComponentFixture<SecurityComponent>;
   let fetchSecurityDetailsSpy: Function;
   let saveSpy: Function;
+  let dummyRegistrarService: RegistrarService;
 
   beforeEach(async () => {
     const securityServiceSpy = jasmine.createSpyObj(SecurityService, [
@@ -40,9 +45,9 @@ describe('SecurityComponent', () => {
 
     saveSpy = securityServiceSpy.saveChanges;
 
-    securityServiceSpy.securitySettings = {
-      ipAddressAllowList: [{ value: '123.123.123.123' }],
-    };
+    dummyRegistrarService = {
+      registrar: { ipAddressAllowList: ['123.123.123.123'] },
+    } as RegistrarService;
 
     await TestBed.configureTestingModule({
       imports: [
@@ -52,7 +57,10 @@ describe('SecurityComponent', () => {
         FormsModule,
       ],
       declarations: [SecurityComponent],
-      providers: [BackendService],
+      providers: [
+        BackendService,
+        { provide: RegistrarService, useValue: dummyRegistrarService },
+      ],
     })
       .overrideComponent(SecurityComponent, {
         set: {
@@ -72,10 +80,6 @@ describe('SecurityComponent', () => {
     expect(component).toBeTruthy();
   });
 
-  it('should call fetch spy', () => {
-    expect(fetchSecurityDetailsSpy).toHaveBeenCalledTimes(1);
-  });
-
   it('should render ip allow list', waitForAsync(() => {
     component.enableEdit();
     fixture.whenStable().then(() => {
@@ -121,16 +125,17 @@ describe('SecurityComponent', () => {
   });
 
   it('should create temporary data structure', () => {
-    expect(component.dataSource).toBe(
-      component.securityService.securitySettings
-    );
-    component.enableEdit();
-    expect(component.dataSource).not.toBe(
-      component.securityService.securitySettings
+    expect(component.dataSource).toEqual(
+      apiToUiConverter(dummyRegistrarService.registrar)
     );
+    component.removeIpEntry(0);
+    expect(component.dataSource).toEqual({ ipAddressAllowList: [] });
+    expect(dummyRegistrarService.registrar).toEqual({
+      ipAddressAllowList: ['123.123.123.123'],
+    } as Registrar);
     component.cancel();
-    expect(component.dataSource).toBe(
-      component.securityService.securitySettings
+    expect(component.dataSource).toEqual(
+      apiToUiConverter(dummyRegistrarService.registrar)
     );
   });
 

console-webapp/src/app/settings/security/security.component.ts

@@ -40,7 +40,7 @@ export default class SecurityComponent {
     private _snackBar: MatSnackBar,
     public registrarService: RegistrarService
   ) {
-    this.dataSource = apiToUiConverter(this.registrarService.registrar);
+    this.dataSource = apiToUiConverter(this.registrarService.registrar());
   }
 
   enableEdit() {
@@ -76,6 +76,6 @@ export default class SecurityComponent {
   }
 
   resetDataSource() {
-    this.dataSource = apiToUiConverter(this.registrarService.registrar);
+    this.dataSource = apiToUiConverter(this.registrarService.registrar());
   }
 }

console-webapp/src/app/settings/security/security.service.spec.ts

@@ -24,6 +24,7 @@ import {
 import { HttpClientTestingModule } from '@angular/common/http/testing';
 import SecurityComponent from './security.component';
 import { BackendService } from 'src/app/shared/services/backend.service';
+import { MatSnackBar } from '@angular/material/snack-bar';
 
 describe('SecurityService', () => {
   const uiMockData: SecuritySettings = {
@@ -43,7 +44,7 @@ describe('SecurityService', () => {
     TestBed.configureTestingModule({
       imports: [HttpClientTestingModule],
       declarations: [SecurityComponent],
-      providers: [SecurityService, BackendService],
+      providers: [MatSnackBar, SecurityService, BackendService],
     });
     service = TestBed.inject(SecurityService);
   });

console-webapp/src/app/settings/security/security.service.ts

@@ -64,7 +64,7 @@ export class SecurityService {
   saveChanges(newSecuritySettings: SecuritySettings) {
     return this.backend
       .postSecuritySettings(
-        this.registrarService.activeRegistrarId,
+        this.registrarService.registrarId(),
         uiToApiConverter(newSecuritySettings)
       )
       .pipe(

console-webapp/src/app/settings/whois/whois.component.html

@@ -133,9 +133,8 @@
         <h3>Address Line 1:</h3>
       </div>
       <div class="settings-whois__section-form">
-        <mat-form-field>
+        <mat-form-field *ngIf="registrar.localizedAddress?.street">
           <input
-            *ngIf="registrar.localizedAddress?.street"
             matInput
             type="text"
             [(ngModel)]="(registrar.localizedAddress?.street)![0]"
@@ -149,9 +148,8 @@
         <h3>City:</h3>
       </div>
       <div class="settings-whois__section-form">
-        <mat-form-field>
+        <mat-form-field *ngIf="registrar.localizedAddress">
           <input
-            *ngIf="registrar.localizedAddress"
             matInput
             type="text"
             [(ngModel)]="registrar.localizedAddress.city"
@@ -167,9 +165,8 @@
         <h3>Address Line 2:</h3>
       </div>
       <div class="settings-whois__section-form">
-        <mat-form-field>
+        <mat-form-field *ngIf="registrar.localizedAddress?.street">
           <input
-            *ngIf="registrar.localizedAddress?.street"
             matInput
             type="text"
             [(ngModel)]="(registrar.localizedAddress?.street)![1]"
@@ -183,9 +180,8 @@
         <h3>State/Region:</h3>
       </div>
       <div class="settings-whois__section-form">
-        <mat-form-field>
+        <mat-form-field *ngIf="registrar.localizedAddress">
           <input
-            *ngIf="registrar.localizedAddress"
             matInput
             type="text"
             [(ngModel)]="registrar.localizedAddress.state"
@@ -201,9 +197,8 @@
         <h3>Address Line 3:</h3>
       </div>
       <div class="settings-whois__section-form">
-        <mat-form-field>
+        <mat-form-field *ngIf="registrar.localizedAddress?.street">
           <input
-            *ngIf="registrar.localizedAddress?.street"
             matInput
             type="text"
             [(ngModel)]="(registrar.localizedAddress?.street)![2]"
@@ -217,9 +212,8 @@
         <h3>Country Code:</h3>
       </div>
       <div class="settings-whois__section-form">
-        <mat-form-field>
+        <mat-form-field *ngIf="registrar.localizedAddress">
           <input
-            *ngIf="registrar.localizedAddress"
             matInput
             type="text"
             [(ngModel)]="registrar.localizedAddress.countryCode"

console-webapp/src/app/settings/whois/whois.component.spec.ts

@@ -15,6 +15,11 @@
 import { ComponentFixture, TestBed } from '@angular/core/testing';
 
 import WhoisComponent from './whois.component';
+import { MaterialModule } from 'src/app/material.module';
+import { BackendService } from 'src/app/shared/services/backend.service';
+import { HttpClientTestingModule } from '@angular/common/http/testing';
+import { RegistrarService } from 'src/app/registrar/registrar.service';
+import { BrowserAnimationsModule } from '@angular/platform-browser/animations';
 
 describe('WhoisComponent', () => {
   let component: WhoisComponent;
@@ -23,6 +28,15 @@ describe('WhoisComponent', () => {
   beforeEach(async () => {
     await TestBed.configureTestingModule({
       declarations: [WhoisComponent],
+      imports: [
+        HttpClientTestingModule,
+        MaterialModule,
+        BrowserAnimationsModule,
+      ],
+      providers: [
+        BackendService,
+        { provide: RegistrarService, useValue: { registrar: {} } },
+      ],
     }).compileComponents();
 
     fixture = TestBed.createComponent(WhoisComponent);

console-webapp/src/theme.scss

@@ -35,15 +35,6 @@ $theme-warn: mat.define-palette(mat.$red-palette);
   @include form-field-density(-5);
 }
 
-@import "@angular/material/theming";
-
-// Define application specific typography settings, font-family, etc
-$typography-configuration: mat-typography-config(
-  $font-family: 'Roboto, "Helvetica Neue", sans-serif',
-);
-
-@include angular-material-typography($typography-configuration);
-
 /** 
 ** Light theme
 **/

core/Dockerfile

@@ -1,3 +1,3 @@
-FROM gcr.io/distroless/java:debug
+FROM gcr.io/distroless/java17-debian11:debug
 ADD build/libs/nomulus.jar /nomulus.jar
 ENTRYPOINT ["/usr/bin/java", "-jar", "/nomulus.jar"]

core/build.gradle

@@ -776,7 +776,7 @@ if (environment == 'alpha') {
             gs://${gcpProject}-deploy/live/beam/${metaDataBaseName} \
             --image-gcr-path ${imageName}:live \
             --sdk-language JAVA \
-            --flex-template-base-image JAVA11 \
+            --flex-template-base-image JAVA17 \
             --metadata-file ${projectDir}/src/main/resources/${metaData} \
             --jar ${uberJarName} \
             --env FLEX_TEMPLATE_JAVA_MAIN_CLASS=${mainClass} \

core/src/main/java/google/registry/batch/CloudTasksUtils.java

@@ -207,7 +207,7 @@ public class CloudTasksUtils implements Serializable {
       Service service,
       Multimap<String, String> params,
       Optional<Integer> jitterSeconds) {
-    if (!jitterSeconds.isPresent() || jitterSeconds.get() <= 0) {
+    if (jitterSeconds.isEmpty() || jitterSeconds.get() <= 0) {
       return createTask(path, method, service, params);
     }
     return createTaskWithDelay(

core/src/main/java/google/registry/batch/DeleteExpiredDomainsAction.java

@@ -171,7 +171,7 @@ public class DeleteExpiredDomainsAction implements Runnable {
         tm().transact(
                 () -> {
                   Domain transDomain = tm().loadByKey(domain.createVKey());
-                  if (!domain.getAutorenewEndTime().isPresent()
+                  if (domain.getAutorenewEndTime().isEmpty()
                       || domain.getAutorenewEndTime().get().isAfter(tm().getTransactionTime())) {
                     logger.atSevere().log(
                         "Failed to delete domain %s because of its autorenew end time: %s.",

core/src/main/java/google/registry/batch/SendExpiringCertificateNotificationEmailAction.java

@@ -21,7 +21,6 @@ import static org.apache.http.HttpStatus.SC_INTERNAL_SERVER_ERROR;
 import static org.apache.http.HttpStatus.SC_OK;
 import static org.joda.time.DateTimeZone.UTC;
 
-import com.google.auto.value.AutoValue;
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableSet;
@@ -125,7 +124,7 @@ public class SendExpiringCertificateNotificationEmailAction implements Runnable
     return Streams.stream(Registrar.loadAllCached())
         .map(
             registrar ->
-                RegistrarInfo.create(
+                new RegistrarInfo(
                     registrar,
                     registrar.getClientCertificate().isPresent()
                         && certificateChecker.shouldReceiveExpiringNotification(
@@ -151,7 +150,7 @@ public class SendExpiringCertificateNotificationEmailAction implements Runnable
       DateTime lastExpiringCertNotificationSentDate,
       CertificateType certificateType,
       Optional<String> certificate) {
-    if (!certificate.isPresent()
+    if (certificate.isEmpty()
         || !certificateChecker.shouldReceiveExpiringNotification(
             lastExpiringCertNotificationSentDate, certificate.get())) {
       return false;
@@ -333,19 +332,6 @@ public class SendExpiringCertificateNotificationEmailAction implements Runnable
     }
   }
 
-  @AutoValue
-  public abstract static class RegistrarInfo {
-
-    static RegistrarInfo create(
-        Registrar registrar, boolean isCertExpiring, boolean isFailOverCertExpiring) {
-      return new AutoValue_SendExpiringCertificateNotificationEmailAction_RegistrarInfo(
-          registrar, isCertExpiring, isFailOverCertExpiring);
-    }
-
-    public abstract Registrar registrar();
-
-    public abstract boolean isCertExpiring();
-
-    public abstract boolean isFailOverCertExpiring();
-  }
+  record RegistrarInfo(
+      Registrar registrar, boolean isCertExpiring, boolean isFailOverCertExpiring) {}
 }

core/src/main/java/google/registry/beam/billing/BillingEvent.java

@@ -21,26 +21,21 @@ import google.registry.reporting.billing.BillingModule;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
-import java.io.Serializable;
 import java.util.regex.Pattern;
 import org.apache.beam.sdk.coders.AtomicCoder;
 import org.apache.beam.sdk.coders.Coder;
+import org.apache.beam.sdk.coders.DoubleCoder;
+import org.apache.beam.sdk.coders.NullableCoder;
 import org.apache.beam.sdk.coders.StringUtf8Coder;
+import org.apache.beam.sdk.coders.VarIntCoder;
+import org.apache.beam.sdk.coders.VarLongCoder;
 import org.joda.time.DateTime;
 import org.joda.time.format.DateTimeFormat;
 import org.joda.time.format.DateTimeFormatter;
 
-/**
- * A POJO representing a single billable event, parsed from a {@code SchemaAndRecord}.
- *
- * <p>This is a trivially serializable class that allows Beam to transform the results of a Cloud
- * SQL query into a standard Java representation, giving us the type guarantees and ease of
- * manipulation Cloud SQL lacks.
- */
+/** A POJO representing a single billable event, parsed from a {@code SchemaAndRecord}. */
 @AutoValue
-public abstract class BillingEvent implements Serializable {
-
-  private static final long serialVersionUID = -3593088371541450077L;
+public abstract class BillingEvent {
 
   private static final DateTimeFormatter DATE_TIME_FORMATTER =
       DateTimeFormat.forPattern("yyyy-MM-dd HH:mm:ss zzz");
@@ -85,7 +80,7 @@ public abstract class BillingEvent implements Serializable {
   /** Returns the tld this event was generated for. */
   abstract String tld();
 
-  /** Returns the billable action this event was generated for (i.e. RENEW, CREATE, TRANSFER...) */
+  /** Returns the billable action this event was generated for (i.e., RENEW, CREATE, TRANSFER...) */
   abstract String action();
 
   /** Returns the fully qualified domain name this event was generated for. */
@@ -97,7 +92,7 @@ public abstract class BillingEvent implements Serializable {
   /** Returns the number of years this billing event is made out for. */
   abstract int years();
 
-  /** Returns the 3-letter currency code for the billing event (i.e. USD or JPY.) */
+  /** Returns the 3-letter currency code for the billing event (i.e., USD or JPY.) */
   abstract String currency();
 
   /** Returns the cost associated with this billing event. */
@@ -203,9 +198,7 @@ public abstract class BillingEvent implements Serializable {
 
   /** Key for each {@code BillingEvent}, when aggregating for the overall invoice. */
   @AutoValue
-  abstract static class InvoiceGroupingKey implements Serializable {
-
-    private static final long serialVersionUID = -151561764235256205L;
+  abstract static class InvoiceGroupingKey {
 
     private static final ImmutableList<String> INVOICE_HEADERS =
         ImmutableList.of(
@@ -277,8 +270,14 @@ public abstract class BillingEvent implements Serializable {
 
     /** Coder that provides deterministic (de)serialization for {@code InvoiceGroupingKey}. */
     static class InvoiceGroupingKeyCoder extends AtomicCoder<InvoiceGroupingKey> {
+      private static final Coder<String> stringCoder = StringUtf8Coder.of();
+      private static final InvoiceGroupingKeyCoder INSTANCE = new InvoiceGroupingKeyCoder();
 
-      private static final long serialVersionUID = 6680701524304107547L;
+      public static InvoiceGroupingKeyCoder of() {
+        return INSTANCE;
+      }
+
+      private InvoiceGroupingKeyCoder() {}
 
       @Override
       public void encode(InvoiceGroupingKey value, OutputStream outStream) throws IOException {
@@ -295,7 +294,6 @@ public abstract class BillingEvent implements Serializable {
 
       @Override
       public InvoiceGroupingKey decode(InputStream inStream) throws IOException {
-        Coder<String> stringCoder = StringUtf8Coder.of();
         return new AutoValue_BillingEvent_InvoiceGroupingKey(
             stringCoder.decode(inStream),
             stringCoder.decode(inStream),
@@ -308,4 +306,55 @@ public abstract class BillingEvent implements Serializable {
       }
     }
   }
+
+  static class BillingEventCoder extends AtomicCoder<BillingEvent> {
+    private static final Coder<String> stringCoder = StringUtf8Coder.of();
+    private static final Coder<Integer> integerCoder = VarIntCoder.of();
+    private static final Coder<Long> longCoder = VarLongCoder.of();
+    private static final Coder<Double> doubleCoder = DoubleCoder.of();
+    private static final BillingEventCoder INSTANCE = new BillingEventCoder();
+
+    static NullableCoder<BillingEvent> ofNullable() {
+      return NullableCoder.of(INSTANCE);
+    }
+
+    private BillingEventCoder() {}
+
+    @Override
+    public void encode(BillingEvent value, OutputStream outStream) throws IOException {
+      longCoder.encode(value.id(), outStream);
+      stringCoder.encode(DATE_TIME_FORMATTER.print(value.billingTime()), outStream);
+      stringCoder.encode(DATE_TIME_FORMATTER.print(value.eventTime()), outStream);
+      stringCoder.encode(value.registrarId(), outStream);
+      stringCoder.encode(value.billingId(), outStream);
+      stringCoder.encode(value.poNumber(), outStream);
+      stringCoder.encode(value.tld(), outStream);
+      stringCoder.encode(value.action(), outStream);
+      stringCoder.encode(value.domain(), outStream);
+      stringCoder.encode(value.repositoryId(), outStream);
+      integerCoder.encode(value.years(), outStream);
+      stringCoder.encode(value.currency(), outStream);
+      doubleCoder.encode(value.amount(), outStream);
+      stringCoder.encode(value.flags(), outStream);
+    }
+
+    @Override
+    public BillingEvent decode(InputStream inStream) throws IOException {
+      return new AutoValue_BillingEvent(
+          longCoder.decode(inStream),
+          DATE_TIME_FORMATTER.parseDateTime(stringCoder.decode(inStream)),
+          DATE_TIME_FORMATTER.parseDateTime(stringCoder.decode(inStream)),
+          stringCoder.decode(inStream),
+          stringCoder.decode(inStream),
+          stringCoder.decode(inStream),
+          stringCoder.decode(inStream),
+          stringCoder.decode(inStream),
+          stringCoder.decode(inStream),
+          stringCoder.decode(inStream),
+          integerCoder.decode(inStream),
+          stringCoder.decode(inStream),
+          doubleCoder.decode(inStream),
+          stringCoder.decode(inStream));
+    }
+  }
 }

core/src/main/java/google/registry/beam/billing/InvoicingPipeline.java

@@ -18,6 +18,7 @@ import static com.google.common.collect.ImmutableSet.toImmutableSet;
 import static org.apache.beam.sdk.values.TypeDescriptors.strings;
 
 import com.google.common.flogger.FluentLogger;
+import google.registry.beam.billing.BillingEvent.BillingEventCoder;
 import google.registry.beam.billing.BillingEvent.InvoiceGroupingKey;
 import google.registry.beam.billing.BillingEvent.InvoiceGroupingKey.InvoiceGroupingKeyCoder;
 import google.registry.beam.common.RegistryJpaIO;
@@ -30,6 +31,7 @@ import google.registry.reporting.billing.BillingModule;
 import google.registry.util.DomainNameUtils;
 import google.registry.util.ResourceUtils;
 import google.registry.util.SqlTemplate;
+import java.io.Serial;
 import java.io.Serializable;
 import java.time.YearMonth;
 import java.util.Objects;
@@ -37,13 +39,13 @@ import java.util.Optional;
 import java.util.regex.Pattern;
 import org.apache.beam.sdk.Pipeline;
 import org.apache.beam.sdk.PipelineResult;
-import org.apache.beam.sdk.coders.SerializableCoder;
 import org.apache.beam.sdk.coders.StringUtf8Coder;
 import org.apache.beam.sdk.io.FileIO;
 import org.apache.beam.sdk.io.TextIO;
 import org.apache.beam.sdk.options.PipelineOptionsFactory;
 import org.apache.beam.sdk.transforms.Contextful;
 import org.apache.beam.sdk.transforms.Count;
+import org.apache.beam.sdk.transforms.Distinct;
 import org.apache.beam.sdk.transforms.Filter;
 import org.apache.beam.sdk.transforms.MapElements;
 import org.apache.beam.sdk.transforms.PTransform;
@@ -65,7 +67,7 @@ import org.joda.money.CurrencyUnit;
  */
 public class InvoicingPipeline implements Serializable {
 
-  private static final long serialVersionUID = 5386330443625580081L;
+  @Serial private static final long serialVersionUID = 5386330443625580081L;
 
   private static final Pattern SQL_COMMENT_REGEX =
       Pattern.compile("^\\s*--.*\\n", Pattern.MULTILINE);
@@ -97,13 +99,11 @@ public class InvoicingPipeline implements Serializable {
     Read<Object[], google.registry.beam.billing.BillingEvent> read =
         RegistryJpaIO.<Object[], google.registry.beam.billing.BillingEvent>read(
                 makeCloudSqlQuery(options.getYearMonth()), false, row -> parseRow(row).orElse(null))
-            .withCoder(SerializableCoder.of(google.registry.beam.billing.BillingEvent.class));
-
-    PCollection<google.registry.beam.billing.BillingEvent> billingEventsWithNulls =
-        pipeline.apply("Read BillingEvents from Cloud SQL", read);
-
-    // Remove null billing events
-    return billingEventsWithNulls.apply(Filter.by(Objects::nonNull));
+            .withCoder(BillingEventCoder.ofNullable());
+    return pipeline
+        .apply("Read BillingEvents from Cloud SQL", read)
+        .apply("Remove null elements", Filter.by(Objects::nonNull))
+        .apply("Remove duplicates", Distinct.create());
   }
 
   private static Optional<google.registry.beam.billing.BillingEvent> parseRow(Object[] row) {
@@ -142,7 +142,7 @@ public class InvoicingPipeline implements Serializable {
       extends PTransform<
           PCollection<google.registry.beam.billing.BillingEvent>, PCollection<String>> {
 
-    private static final long serialVersionUID = -8090619008258393728L;
+    @Serial private static final long serialVersionUID = -8090619008258393728L;
 
     @Override
     public PCollection<String> expand(
@@ -152,9 +152,9 @@ public class InvoicingPipeline implements Serializable {
               "Map to invoicing key",
               MapElements.into(TypeDescriptor.of(InvoiceGroupingKey.class))
                   .via(google.registry.beam.billing.BillingEvent::getInvoiceGroupingKey))
+          .setCoder(InvoiceGroupingKeyCoder.of())
           .apply(
               "Filter out free events", Filter.by((InvoiceGroupingKey key) -> key.unitPrice() != 0))
-          .setCoder(new InvoiceGroupingKeyCoder())
           .apply("Count occurrences", Count.perElement())
           .apply(
               "Format as CSVs",
@@ -163,7 +163,12 @@ public class InvoicingPipeline implements Serializable {
     }
   }
 
-  /** Saves the billing events to a single overall invoice CSV file. */
+  /**
+   * Saves the billing events to a single overall invoice CSV file. TextIO always produces the file
+   * of type text/plain, which we then update to desired text/csv before sending an email to billing
+   * team {@link google.registry.reporting.billing.BillingEmailUtils#emailOverallInvoice()
+   * emailOverallInvoice}
+   */
   static void saveInvoiceCsv(
       PCollection<google.registry.beam.billing.BillingEvent> billingEvents,
       InvoicingPipelineOptions options) {

core/src/main/java/google/registry/beam/common/RegistryJpaIO.java

@@ -209,9 +209,16 @@ public final class RegistryJpaIO {
 
       @ProcessElement
       public void processElement(OutputReceiver<T> outputReceiver) {
-        tm().transact(
+        // Note the use of no-retry transaction here. The results from the query are streamed to the
+        // output receiver inside the transaction, which cannot be rolled back in case of a retry,
+        // which in turn results in duplicate elements. If we try to pass the results to the output
+        // receiver outside the transaction, they have to be materialized into a list containing all
+        // the elements (without resorting to manual pagination) and greatly decrease the
+        // parallelism of the pipeline.
+        tm().transactNoRetry(
                 () -> {
                   query.stream().map(resultMapper::apply).forEach(outputReceiver::output);
+                  return null;
                 });
       }
     }

core/src/main/java/google/registry/beam/spec11/Spec11Pipeline.java

@@ -17,7 +17,6 @@ package google.registry.beam.spec11;
 import static com.google.common.base.Preconditions.checkArgument;
 import static google.registry.persistence.transaction.TransactionManagerFactory.tm;
 
-import com.google.auto.value.AutoValue;
 import com.google.common.collect.ImmutableSet;
 import dagger.Component;
 import dagger.Module;
@@ -199,7 +198,7 @@ public class Spec11Pipeline implements Serializable {
                     (KV<DomainNameInfo, ThreatMatch> kv) ->
                         KV.of(
                             kv.getKey().registrarId(),
-                            EmailAndThreatMatch.create(
+                            new EmailAndThreatMatch(
                                 kv.getKey().registrarEmailAddress(), kv.getValue()))))
         .apply("Group by registrar client ID", GroupByKey.create())
         .apply(
@@ -281,15 +280,5 @@ public class Spec11Pipeline implements Serializable {
     Spec11Pipeline spec11Pipeline();
   }
 
-  @AutoValue
-  abstract static class EmailAndThreatMatch implements Serializable {
-
-    abstract String email();
-
-    abstract ThreatMatch threatMatch();
-
-    static EmailAndThreatMatch create(String email, ThreatMatch threatMatch) {
-      return new AutoValue_Spec11Pipeline_EmailAndThreatMatch(email, threatMatch);
-    }
-  }
+  record EmailAndThreatMatch(String email, ThreatMatch threatMatch) implements Serializable {}
 }

core/src/main/java/google/registry/bsa/BsaDiffCreator.java

@@ -206,9 +206,7 @@ class BsaDiffCreator {
                           BlockLabel.of(
                               entry.getKey(),
                               LabelType.NEW_ORDER_ASSOCIATION,
-                              idnChecker.getAllValidIdns(entry.getKey()).stream()
-                                  .map(IdnTableEnum::name)
-                                  .collect(toImmutableSet()))),
+                              getAllValidIdnNames(entry.getKey()))),
               newAndRemaining.asMap().entrySet().stream()
                   .filter(e -> e.getValue().size() > 1 || !e.getValue().contains(ORDER_ID_SENTINEL))
                   .filter(entry -> !entry.getValue().contains(ORDER_ID_SENTINEL))
@@ -217,13 +215,17 @@ class BsaDiffCreator {
                           BlockLabel.of(
                               entry.getKey(),
                               LabelType.CREATE,
-                              idnChecker.getAllValidIdns(entry.getKey()).stream()
-                                  .map(IdnTableEnum::name)
-                                  .collect(toImmutableSet()))),
+                              getAllValidIdnNames(entry.getKey()))),
               Sets.difference(deleted.keySet(), newAndRemaining.keySet()).stream()
-                  .map(label -> BlockLabel.of(label, LabelType.DELETE, ImmutableSet.of())))
+                  .map(label -> BlockLabel.of(label, LabelType.DELETE, getAllValidIdnNames(label))))
           .flatMap(x -> x);
     }
+
+    ImmutableSet<String> getAllValidIdnNames(String label) {
+      return idnChecker.getAllValidIdns(label).stream()
+          .map(IdnTableEnum::name)
+          .collect(toImmutableSet());
+    }
   }
 
   static class Canonicals<T> {

core/src/main/java/google/registry/bsa/BsaDownloadAction.java

@@ -116,7 +116,7 @@ public class BsaDownloadAction implements Runnable {
       return null;
     }
     Optional<DownloadSchedule> scheduleOptional = downloadScheduler.schedule();
-    if (!scheduleOptional.isPresent()) {
+    if (scheduleOptional.isEmpty()) {
       logger.atInfo().log("Nothing to do.");
       return null;
     }
@@ -162,6 +162,7 @@ public class BsaDownloadAction implements Runnable {
         // Fall through
       case MAKE_ORDER_AND_LABEL_DIFF:
         diff = diffCreator.createDiff(schedule, lazyIdnChecker.get());
+        // TODO(weiminyu): log the diff stats
         gcsClient.writeOrderDiffs(schedule.jobName(), diff.getOrders());
         gcsClient.writeLabelDiffs(schedule.jobName(), diff.getLabels());
         schedule.updateJobStage(DownloadStage.APPLY_ORDER_AND_LABEL_DIFF);

core/src/main/java/google/registry/bsa/BsaRefreshAction.java

@@ -54,7 +54,7 @@ public class BsaRefreshAction implements Runnable {
   private final GcsClient gcsClient;
   private final BsaReportSender bsaReportSender;
   private final int transactionBatchSize;
-  private final Duration domainTxnMaxDuration;
+  private final Duration domainCreateTxnCommitTimeLag;
   private final BsaLock bsaLock;
   private final Clock clock;
   private final Response response;
@@ -65,7 +65,7 @@ public class BsaRefreshAction implements Runnable {
       GcsClient gcsClient,
       BsaReportSender bsaReportSender,
       @Config("bsaTxnBatchSize") int transactionBatchSize,
-      @Config("domainTxnMaxDuration") Duration domainTxnMaxDuration,
+      @Config("domainCreateTxnCommitTimeLag") Duration domainCreateTxnCommitTimeLag,
       BsaLock bsaLock,
       Clock clock,
       Response response) {
@@ -73,7 +73,7 @@ public class BsaRefreshAction implements Runnable {
     this.gcsClient = gcsClient;
     this.bsaReportSender = bsaReportSender;
     this.transactionBatchSize = transactionBatchSize;
-    this.domainTxnMaxDuration = domainTxnMaxDuration;
+    this.domainCreateTxnCommitTimeLag = domainCreateTxnCommitTimeLag;
     this.bsaLock = bsaLock;
     this.clock = clock;
     this.response = response;
@@ -102,14 +102,17 @@ public class BsaRefreshAction implements Runnable {
       return null;
     }
     Optional<RefreshSchedule> maybeSchedule = scheduler.schedule();
-    if (!maybeSchedule.isPresent()) {
+    if (maybeSchedule.isEmpty()) {
       logger.atInfo().log("No completed downloads yet. Exiting.");
       return null;
     }
     RefreshSchedule schedule = maybeSchedule.get();
     DomainsRefresher refresher =
         new DomainsRefresher(
-            schedule.prevRefreshTime(), clock.nowUtc(), domainTxnMaxDuration, transactionBatchSize);
+            schedule.prevRefreshTime(),
+            clock.nowUtc(),
+            domainCreateTxnCommitTimeLag,
+            transactionBatchSize);
     switch (schedule.stage()) {
       case CHECK_FOR_CHANGES:
         ImmutableList<UnblockableDomainChange> blockabilityChanges =
@@ -132,10 +135,12 @@ public class BsaRefreshAction implements Runnable {
       case UPLOAD_REMOVALS:
         try (Stream<UnblockableDomainChange> changes =
             gcsClient.readRefreshChanges(schedule.jobName())) {
+          // Unblockables with changes in REASON are removed then added back. That is why they are
+          // included in this stage.
           Optional<String> report =
               JsonSerializations.toUnblockableDomainsRemovalReport(
                   changes
-                      .filter(UnblockableDomainChange::isDelete)
+                      .filter(UnblockableDomainChange::isChangeOrDelete)
                       .map(UnblockableDomainChange::domainName));
           if (report.isPresent()) {
             gcsClient.logRemovedUnblockableDomainsReport(
@@ -153,12 +158,12 @@ public class BsaRefreshAction implements Runnable {
           Optional<String> report =
               JsonSerializations.toUnblockableDomainsReport(
                   changes
-                      .filter(UnblockableDomainChange::isAddOrChange)
+                      .filter(UnblockableDomainChange::isNewOrChange)
                       .map(UnblockableDomainChange::newValue));
           if (report.isPresent()) {
-            gcsClient.logRemovedUnblockableDomainsReport(
+            gcsClient.logAddedUnblockableDomainsReport(
                 schedule.jobName(), LINE_SPLITTER.splitToStream(report.get()));
-            bsaReportSender.removeUnblockableDomainsUpdates(report.get());
+            bsaReportSender.addUnblockableDomainsUpdates(report.get());
           } else {
             logger.atInfo().log("No new Unblockable domains to add.");
           }

core/src/main/java/google/registry/bsa/BsaStringUtils.java

@@ -30,7 +30,7 @@ public class BsaStringUtils {
   public static final Splitter LINE_SPLITTER = Splitter.on('\n');
 
   public static String getLabelInDomain(String domainName) {
-    List<String> parts = DOMAIN_SPLITTER.limit(1).splitToList(domainName);
+    List<String> parts = DOMAIN_SPLITTER.splitToList(domainName);
     checkArgument(!parts.isEmpty(), "Not a valid domain: [%s]", domainName);
     return parts.get(0);
   }

core/src/main/java/google/registry/bsa/BsaTransactions.java

@@ -14,28 +14,42 @@
 
 package google.registry.bsa;
 
+import static com.google.common.base.Verify.verify;
 import static google.registry.persistence.PersistenceModule.TransactionIsolationLevel.TRANSACTION_REPEATABLE_READ;
+import static google.registry.persistence.transaction.JpaTransactionManagerImpl.isInTransaction;
+import static google.registry.persistence.transaction.TransactionManagerFactory.replicaTm;
 import static google.registry.persistence.transaction.TransactionManagerFactory.tm;
 
 import com.google.errorprone.annotations.CanIgnoreReturnValue;
+import google.registry.persistence.transaction.TransactionManager.ThrowingRunnable;
 import java.util.concurrent.Callable;
 
 /**
  * Helpers for executing JPA transactions for BSA processing.
  *
- * <p>All mutating transactions for BSA may be executed at the {@code TRANSACTION_REPEATABLE_READ}
- * level.
+ * <p>All mutating transactions for BSA are executed at the {@code TRANSACTION_REPEATABLE_READ}
+ * level since the global {@link BsaLock} ensures there is a single writer at any time.
+ *
+ * <p>All domain and label queries can use the replica since all processing are snapshot based.
  */
 public final class BsaTransactions {
 
   @CanIgnoreReturnValue
   public static <T> T bsaTransact(Callable<T> work) {
-    return tm().transact(work, TRANSACTION_REPEATABLE_READ);
+    verify(!isInTransaction(), "May only be used for top-level transactions.");
+    return tm().transact(TRANSACTION_REPEATABLE_READ, work);
+  }
+
+  public static void bsaTransact(ThrowingRunnable work) {
+    verify(!isInTransaction(), "May only be used for top-level transactions.");
+    tm().transact(TRANSACTION_REPEATABLE_READ, work);
   }
 
   @CanIgnoreReturnValue
   public static <T> T bsaQuery(Callable<T> work) {
-    return tm().transact(work, TRANSACTION_REPEATABLE_READ);
+    verify(!isInTransaction(), "May only be used for top-level transactions.");
+    // TRANSACTION_REPEATABLE_READ is default on replica.
+    return replicaTm().transact(work);
   }
 
   private BsaTransactions() {}

core/src/main/java/google/registry/bsa/GcsClient.java

@@ -161,7 +161,7 @@ public class GcsClient {
   }
 
   Stream<UnblockableDomainChange> readRefreshChanges(String jobName) {
-    BlobId blobId = getBlobId(jobName, UNBLOCKABLE_DOMAINS_FILE);
+    BlobId blobId = getBlobId(jobName, REFRESHED_UNBLOCKABLE_DOMAINS_FILE);
     return readStream(blobId).map(UnblockableDomainChange::deserialize);
   }
 

core/src/main/java/google/registry/bsa/ReservedDomainsUtils.java

@@ -19,6 +19,7 @@ import static com.google.common.collect.ImmutableSet.toImmutableSet;
 import static google.registry.bsa.BsaStringUtils.DOMAIN_JOINER;
 import static google.registry.flows.domain.DomainFlowUtils.isReserved;
 import static google.registry.model.tld.Tlds.findTldForName;
+import static google.registry.model.tld.label.ReservedList.loadReservedLists;
 
 import com.google.common.collect.ImmutableSet;
 import com.google.common.net.InternetDomainName;
@@ -51,12 +52,9 @@ public final class ReservedDomainsUtils {
         .flatMap(ImmutableSet::stream);
   }
 
-  /** Returns */
+  /** Returns all reserved domains in a given {@code tld} as of {@code now}. */
   static ImmutableSet<String> getAllReservedDomainsInTld(Tld tld, DateTime now) {
-    return tld.getReservedListNames().stream()
-        .map(ReservedList::get)
-        .filter(Optional::isPresent)
-        .map(Optional::get)
+    return loadReservedLists(tld.getReservedListNames()).stream()
         .map(ReservedList::getReservedListEntries)
         .map(Map::keySet)
         .flatMap(Set::stream)

core/src/main/java/google/registry/bsa/UploadBsaUnavailableDomainsAction.java

@@ -14,17 +14,21 @@
 
 package google.registry.bsa;
 
+import static com.google.common.collect.ImmutableList.toImmutableList;
 import static com.google.common.collect.ImmutableSet.toImmutableSet;
+import static com.google.common.collect.Iterables.getLast;
 import static google.registry.model.tld.Tld.isEnrolledWithBsa;
 import static google.registry.model.tld.Tlds.getTldEntitiesOfType;
 import static google.registry.model.tld.label.ReservedList.loadReservedLists;
 import static google.registry.persistence.transaction.TransactionManagerFactory.replicaTm;
+import static google.registry.request.Action.Method.GET;
 import static google.registry.request.Action.Method.POST;
 import static java.nio.charset.StandardCharsets.US_ASCII;
 
 import com.google.api.client.http.HttpStatusCodes;
 import com.google.cloud.storage.BlobId;
 import com.google.common.base.Joiner;
+import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.ImmutableSortedSet;
 import com.google.common.collect.Ordering;
@@ -46,8 +50,10 @@ import java.io.IOException;
 import java.io.OutputStream;
 import java.io.OutputStreamWriter;
 import java.io.Writer;
+import java.util.Optional;
 import java.util.zip.GZIPOutputStream;
 import javax.inject.Inject;
+import javax.persistence.TypedQuery;
 import okhttp3.MediaType;
 import okhttp3.MultipartBody;
 import okhttp3.OkHttpClient;
@@ -68,12 +74,14 @@ import org.joda.time.DateTime;
 @Action(
     service = Service.BSA,
     path = "/_dr/task/uploadBsaUnavailableNames",
-    method = POST,
+    method = {GET, POST},
     auth = Auth.AUTH_API_ADMIN)
 public class UploadBsaUnavailableDomainsAction implements Runnable {
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();
 
+  private static final int BATCH_SIZE = 40000;
+
   Clock clock;
 
   BsaCredential bsaCredential;
@@ -104,11 +112,16 @@ public class UploadBsaUnavailableDomainsAction implements Runnable {
 
   @Override
   public void run() {
+    // TODO(mcilwain): Implement a date Cursor, have the cronjob run frequently, and short-circuit
+    //                 the run if the daily upload is already completed.
     DateTime runTime = clock.nowUtc();
-    String unavailableDomains =
-        Joiner.on("\n").join(replicaTm().transact(() -> getUnavailableDomains(runTime)));
-    uploadToGcs(unavailableDomains, runTime);
-    uploadToBsa(unavailableDomains, runTime);
+    String unavailableDomains = Joiner.on("\n").join(getUnavailableDomains(runTime));
+    if (unavailableDomains.isEmpty()) {
+      logger.atWarning().log("No unavailable domains found; terminating.");
+    } else {
+      uploadToGcs(unavailableDomains, runTime);
+      uploadToBsa(unavailableDomains, runTime);
+    }
   }
 
   /** Uploads the unavailable domains list to GCS in the unavailable domains bucket. */
@@ -182,37 +195,68 @@ public class UploadBsaUnavailableDomainsAction implements Runnable {
   }
 
   private ImmutableSortedSet<String> getUnavailableDomains(DateTime runTime) {
+    // Get list of TLDs to process.
     ImmutableSet<Tld> bsaEnabledTlds =
         getTldEntitiesOfType(TldType.REAL).stream()
             .filter(tld -> isEnrolledWithBsa(tld, runTime))
             .collect(toImmutableSet());
 
-    logger.atInfo().log("Getting unavailable domains in TLDs: %s ...", bsaEnabledTlds);
+    logger.atInfo().log(
+        "Getting unavailable domains in TLDs: %s ...",
+        bsaEnabledTlds.stream().map(Tld::getTldStr).collect(toImmutableSet()));
 
     ImmutableSortedSet.Builder<String> unavailableDomains =
         new ImmutableSortedSet.Builder<>(Ordering.natural());
-    for (Tld tld : bsaEnabledTlds) {
-      for (ReservedList reservedList : loadReservedLists(tld.getReservedListNames())) {
-        if (reservedList.getShouldPublish()) {
-          unavailableDomains.addAll(
-              reservedList.getReservedListEntries().keySet().stream()
-                  .map(label -> toDomain(label, tld))
-                  .collect(toImmutableSet()));
-        }
-      }
-    }
 
-    unavailableDomains.addAll(
-        replicaTm()
-            .query(
-                "SELECT domainName FROM Domain "
-                    + "WHERE tld IN :tlds "
-                    + "AND deletionTime > :now ",
-                String.class)
-            .setParameter(
-                "tlds", bsaEnabledTlds.stream().map(Tld::getTldStr).collect(toImmutableSet()))
-            .setParameter("now", runTime)
-            .getResultList());
+    // Add domains on reserved lists to unavailable names list.
+    replicaTm()
+        .transact(
+            () -> {
+              for (Tld tld : bsaEnabledTlds) {
+                for (ReservedList reservedList : loadReservedLists(tld.getReservedListNames())) {
+                  unavailableDomains.addAll(
+                      reservedList.getReservedListEntries().keySet().stream()
+                          .map(label -> toDomain(label, tld))
+                          .collect(toImmutableSet()));
+                }
+              }
+            });
+
+    // Add existing domains to unavailable names list, in batches so as to not time out on replica.
+    ImmutableSet<String> tldNames =
+        bsaEnabledTlds.stream().map(Tld::getTldStr).collect(toImmutableSet());
+    ImmutableList<String> domainsBatch;
+    Optional<String> lastDomain = Optional.empty();
+    do {
+      final Optional<String> lastDomainCopy = lastDomain;
+      domainsBatch =
+          replicaTm()
+              .transact(
+                  () -> {
+                    String sql =
+                        String.format(
+                            "SELECT domainName FROM Domain "
+                                + "WHERE tld IN :tlds "
+                                + "AND deletionTime > :now "
+                                + "%s ORDER BY domainName ASC",
+                            lastDomainCopy.isPresent()
+                                ? "AND domainName > :lastInPreviousBatch"
+                                : "");
+                    TypedQuery<String> query =
+                        replicaTm()
+                            .query(sql, String.class)
+                            .setParameter("tlds", tldNames)
+                            .setParameter("now", runTime);
+                    lastDomainCopy.ifPresent(l -> query.setParameter("lastInPreviousBatch", l));
+                    return query
+                        .setMaxResults(BATCH_SIZE)
+                        .getResultStream()
+                        .collect(toImmutableList());
+                  });
+      unavailableDomains.addAll(domainsBatch);
+      lastDomain = Optional.ofNullable(domainsBatch.isEmpty() ? null : getLast(domainsBatch));
+    } while (domainsBatch.size() == BATCH_SIZE);
+
     ImmutableSortedSet<String> result = unavailableDomains.build();
     logger.atInfo().log("Found %d total unavailable domains.", result.size());
     return result;

core/src/main/java/google/registry/bsa/api/UnblockableDomain.java

@@ -18,19 +18,13 @@ import static google.registry.bsa.BsaStringUtils.DOMAIN_JOINER;
 import static google.registry.bsa.BsaStringUtils.PROPERTY_JOINER;
 import static google.registry.bsa.BsaStringUtils.PROPERTY_SPLITTER;
 
-import com.google.auto.value.AutoValue;
 import java.util.List;
 
 /**
  * A domain name whose second-level domain (SLD) matches a BSA label but is not blocked. It may be
  * already registered, or on the TLD's reserve list.
  */
-// TODO(1/15/2024): rename to UnblockableDomain.
-@AutoValue
-public abstract class UnblockableDomain {
-  abstract String domainName();
-
-  abstract Reason reason();
+public record UnblockableDomain(String domainName, Reason reason) {
 
   /** Reasons why a valid domain name cannot be blocked. */
   public enum Reason {
@@ -45,14 +39,10 @@ public abstract class UnblockableDomain {
 
   public static UnblockableDomain deserialize(String text) {
     List<String> items = PROPERTY_SPLITTER.splitToList(text);
-    return of(items.get(0), Reason.valueOf(items.get(1)));
-  }
-
-  public static UnblockableDomain of(String domainName, Reason reason) {
-    return new AutoValue_UnblockableDomain(domainName, reason);
+    return new UnblockableDomain(items.get(0), Reason.valueOf(items.get(1)));
   }
 
   public static UnblockableDomain of(String label, String tld, Reason reason) {
-    return of(DOMAIN_JOINER.join(label, tld), reason);
+    return new UnblockableDomain(DOMAIN_JOINER.join(label, tld), reason);
   }
 }

core/src/main/java/google/registry/bsa/api/UnblockableDomainChange.java

@@ -49,15 +49,19 @@ public abstract class UnblockableDomainChange {
   @Memoized
   public UnblockableDomain newValue() {
     verify(newReason().isPresent(), "Removed unblockable does not have new value.");
-    return UnblockableDomain.of(unblockable().domainName(), newReason().get());
+    return new UnblockableDomain(unblockable().domainName(), newReason().get());
   }
 
-  public boolean isAddOrChange() {
+  public boolean isNewOrChange() {
     return newReason().isPresent();
   }
 
+  public boolean isChangeOrDelete() {
+    return !isNew();
+  }
+
   public boolean isDelete() {
-    return !this.isAddOrChange();
+    return !this.isNewOrChange();
   }
 
   public boolean isNew() {
@@ -74,7 +78,7 @@ public abstract class UnblockableDomainChange {
   public static UnblockableDomainChange deserialize(String text) {
     List<String> items = BsaStringUtils.PROPERTY_SPLITTER.splitToList(text);
     return of(
-        UnblockableDomain.of(items.get(0), Reason.valueOf(items.get(1))),
+        new UnblockableDomain(items.get(0), Reason.valueOf(items.get(1))),
         Objects.equals(items.get(2), DELETE_REASON_PLACEHOLDER)
             ? Optional.empty()
             : Optional.of(Reason.valueOf(items.get(2))));

core/src/main/java/google/registry/bsa/persistence/BsaLabelUtils.java

@@ -14,6 +14,9 @@
 
 package google.registry.bsa.persistence;
 
+import static com.google.common.collect.ImmutableList.toImmutableList;
+import static com.google.common.collect.ImmutableMap.toImmutableMap;
+import static com.google.common.collect.ImmutableSet.toImmutableSet;
 import static google.registry.config.RegistryConfig.getEppResourceCachingDuration;
 import static google.registry.config.RegistryConfig.getEppResourceMaxCachedEntries;
 import static google.registry.model.CacheUtils.newCacheBuilder;
@@ -22,10 +25,15 @@ import static google.registry.persistence.transaction.TransactionManagerFactory.
 import com.github.benmanes.caffeine.cache.CacheLoader;
 import com.github.benmanes.caffeine.cache.LoadingCache;
 import com.google.common.annotations.VisibleForTesting;
+import com.google.common.collect.ImmutableCollection;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
 import google.registry.persistence.VKey;
 import java.time.Duration;
 import java.util.Map;
 import java.util.Optional;
+import org.apache.commons.lang3.stream.Streams;
 
 /** Helpers for {@link BsaLabel}. */
 public final class BsaLabelUtils {
@@ -43,9 +51,11 @@ public final class BsaLabelUtils {
         @Override
         public Map<VKey<BsaLabel>, Optional<BsaLabel>> loadAll(
             Iterable<? extends VKey<BsaLabel>> keys) {
-          // TODO(b/309173359): need this for DomainCheckFlow
-          throw new UnsupportedOperationException(
-              "LoadAll not supported by the BsaLabel cache loader.");
+          ImmutableMap<VKey<? extends BsaLabel>, BsaLabel> existingLabels =
+              replicaTm().reTransact(() -> replicaTm().loadByKeysIfPresent(keys));
+          return Streams.of(keys)
+              .collect(
+                  toImmutableMap(key -> key, key -> Optional.ofNullable(existingLabels.get(key))));
         }
       };
 
@@ -84,4 +94,15 @@ public final class BsaLabelUtils {
   public static boolean isLabelBlocked(String domainLabel) {
     return cacheBsaLabels.get(BsaLabel.vKey(domainLabel)).isPresent();
   }
+
+  /** Returns the elements in {@code domainLabels} that are blocked by BSA. */
+  public static ImmutableSet<String> getBlockedLabels(ImmutableCollection<String> domainLabels) {
+    ImmutableList<VKey<BsaLabel>> queriedLabels =
+        domainLabels.stream().map(BsaLabel::vKey).collect(toImmutableList());
+    return cacheBsaLabels.getAll(queriedLabels).values().stream()
+        .filter(Optional::isPresent)
+        .map(Optional::get)
+        .map(BsaLabel::getLabel)
+        .collect(toImmutableSet());
+  }
 }

core/src/main/java/google/registry/bsa/persistence/BsaUnblockableDomain.java

@@ -105,6 +105,10 @@ class BsaUnblockableDomain {
     return new BsaUnblockableDomain(parts.get(0), parts.get(1), reason);
   }
 
+  static BsaUnblockableDomain of(UnblockableDomain unblockable) {
+    return of(unblockable.domainName(), Reason.valueOf(unblockable.reason().name()));
+  }
+
   static VKey<BsaUnblockableDomain> vKey(String domainName) {
     ImmutableList<String> parts = ImmutableList.copyOf(DOMAIN_SPLITTER.splitToList(domainName));
     verify(parts.size() == 2, "Invalid domain name: %s", domainName);

core/src/main/java/google/registry/bsa/persistence/DomainsRefresher.java

@@ -17,9 +17,15 @@ package google.registry.bsa.persistence;
 import static com.google.common.collect.ImmutableList.toImmutableList;
 import static com.google.common.collect.ImmutableMap.toImmutableMap;
 import static com.google.common.collect.ImmutableSet.toImmutableSet;
+import static google.registry.bsa.BsaTransactions.bsaQuery;
+import static google.registry.bsa.BsaTransactions.bsaTransact;
 import static google.registry.bsa.ReservedDomainsUtils.getAllReservedNames;
 import static google.registry.bsa.ReservedDomainsUtils.isReservedDomain;
-import static google.registry.bsa.persistence.Queries.queryLivesDomains;
+import static google.registry.bsa.persistence.Queries.batchReadUnblockables;
+import static google.registry.bsa.persistence.Queries.queryBsaLabelByLabels;
+import static google.registry.bsa.persistence.Queries.queryNewlyCreatedDomains;
+import static google.registry.model.tld.Tld.isEnrolledWithBsa;
+import static google.registry.model.tld.Tlds.getTldEntitiesOfType;
 import static google.registry.persistence.transaction.TransactionManagerFactory.tm;
 import static java.util.stream.Collectors.groupingBy;
 
@@ -36,7 +42,10 @@ import google.registry.bsa.api.UnblockableDomain.Reason;
 import google.registry.bsa.api.UnblockableDomainChange;
 import google.registry.model.ForeignKeyUtils;
 import google.registry.model.domain.Domain;
+import google.registry.model.tld.Tld;
+import google.registry.model.tld.Tld.TldType;
 import google.registry.util.BatchedStreams;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
@@ -100,6 +109,8 @@ public final class DomainsRefresher {
 
     ImmutableSet<String> upgradedDomains =
         upgrades.stream().map(UnblockableDomainChange::domainName).collect(toImmutableSet());
+    // Upgrades are collected in its own txn after downgrades so need reconciliation. Conflicts are
+    // unlikely but possible: domains may be recreated or reserved names added during the interval.
     ImmutableList<UnblockableDomainChange> trueDowngrades =
         downgrades.stream()
             .filter(c -> !upgradedDomains.contains(c.domainName()))
@@ -124,7 +135,7 @@ public final class DomainsRefresher {
     ImmutableList<BsaUnblockableDomain> batch;
     Optional<BsaUnblockableDomain> lastRead = Optional.empty();
     do {
-      batch = Queries.batchReadUnblockables(lastRead, transactionBatchSize);
+      batch = batchReadUnblockables(lastRead, transactionBatchSize);
       if (!batch.isEmpty()) {
         lastRead = Optional.of(batch.get(batch.size() - 1));
         changes.addAll(recheckStaleDomainsBatch(batch));
@@ -191,42 +202,81 @@ public final class DomainsRefresher {
   }
 
   public ImmutableList<UnblockableDomainChange> getNewUnblockables() {
-    ImmutableSet<String> newCreated = getNewlyCreatedUnblockables(prevRefreshStartTime, now);
-    ImmutableSet<String> newReserved = getNewlyReservedUnblockables(now, transactionBatchSize);
-    SetView<String> reservedNotCreated = Sets.difference(newReserved, newCreated);
-    return Streams.concat(
+    // TODO(weiminyu): both methods below use `queryBsaLabelByLabels`. Should combine in a single
+    // query.
+    HashSet<String> newCreated =
+        Sets.newHashSet(bsaQuery(() -> getNewlyCreatedUnblockables(prevRefreshStartTime, now)));
+    // We cannot identify new reserved unblockables so must look at all of them. There are not many
+    // of these.
+    HashSet<String> allReserved =
+        Sets.newHashSet(bsaQuery(() -> getAllReservedUnblockables(now, transactionBatchSize)));
+    HashSet<String> reservedNotCreated = Sets.newHashSet(Sets.difference(allReserved, newCreated));
+
+    ImmutableList.Builder<UnblockableDomainChange> changes = new ImmutableList.Builder<>();
+    ImmutableList<BsaUnblockableDomain> batch;
+    Optional<BsaUnblockableDomain> lastRead = Optional.empty();
+    do {
+      batch = batchReadUnblockables(lastRead, transactionBatchSize);
+      if (batch.isEmpty()) {
+        break;
+      }
+      lastRead = Optional.of(batch.get(batch.size() - 1));
+      for (BsaUnblockableDomain unblockable : batch) {
+        String domainName = unblockable.domainName();
+        if (unblockable.reason.equals(BsaUnblockableDomain.Reason.REGISTERED)) {
+          newCreated.remove(domainName);
+          reservedNotCreated.remove(domainName);
+        } else {
+          reservedNotCreated.remove(domainName);
+          if (newCreated.remove(domainName)) {
+            changes.add(
+                UnblockableDomainChange.ofChanged(
+                    unblockable.toUnblockableDomain(), Reason.REGISTERED));
+          }
+        }
+      }
+    } while (batch.size() == transactionBatchSize);
+
+    Streams.concat(
             newCreated.stream()
-                .map(name -> UnblockableDomain.of(name, Reason.REGISTERED))
+                .map(name -> new UnblockableDomain(name, Reason.REGISTERED))
                 .map(UnblockableDomainChange::ofNew),
             reservedNotCreated.stream()
-                .map(name -> UnblockableDomain.of(name, Reason.RESERVED))
+                .map(name -> new UnblockableDomain(name, Reason.RESERVED))
                 .map(UnblockableDomainChange::ofNew))
-        .collect(toImmutableList());
+        .forEach(changes::add);
+    return changes.build();
   }
 
   static ImmutableSet<String> getNewlyCreatedUnblockables(
       DateTime prevRefreshStartTime, DateTime now) {
-    ImmutableSet<String> liveDomains = queryLivesDomains(prevRefreshStartTime, now);
-    return getUnblockedDomainNames(liveDomains);
+    ImmutableSet<String> bsaEnabledTlds =
+        getTldEntitiesOfType(TldType.REAL).stream()
+            .filter(tld -> isEnrolledWithBsa(tld, now))
+            .map(Tld::getTldStr)
+            .collect(toImmutableSet());
+    ImmutableSet<String> liveDomains =
+        queryNewlyCreatedDomains(bsaEnabledTlds, prevRefreshStartTime, now);
+    return getBlockedDomainNames(liveDomains);
   }
 
-  static ImmutableSet<String> getNewlyReservedUnblockables(DateTime now, int batchSize) {
+  static ImmutableSet<String> getAllReservedUnblockables(DateTime now, int batchSize) {
     Stream<String> allReserved = getAllReservedNames(now);
     return BatchedStreams.toBatches(allReserved, batchSize)
-        .map(DomainsRefresher::getUnblockedDomainNames)
+        .map(DomainsRefresher::getBlockedDomainNames)
         .flatMap(ImmutableSet::stream)
         .collect(toImmutableSet());
   }
 
-  static ImmutableSet<String> getUnblockedDomainNames(ImmutableCollection<String> domainNames) {
+  static ImmutableSet<String> getBlockedDomainNames(ImmutableCollection<String> domainNames) {
     Map<String, List<String>> labelToNames =
         domainNames.stream().collect(groupingBy(BsaStringUtils::getLabelInDomain));
     ImmutableSet<String> bsaLabels =
-        Queries.queryBsaLabelByLabels(ImmutableSet.copyOf(labelToNames.keySet()))
+        queryBsaLabelByLabels(ImmutableSet.copyOf(labelToNames.keySet()))
             .map(BsaLabel::getLabel)
             .collect(toImmutableSet());
     return labelToNames.entrySet().stream()
-        .filter(entry -> !bsaLabels.contains(entry.getKey()))
+        .filter(entry -> bsaLabels.contains(entry.getKey()))
         .map(Entry::getValue)
         .flatMap(List::stream)
         .collect(toImmutableSet());
@@ -239,20 +289,21 @@ public final class DomainsRefresher {
                 .collect(
                     groupingBy(
                         change -> change.isDelete() ? "remove" : "change", toImmutableSet())));
-    tm().transact(
-            () -> {
-              if (changesByType.containsKey("remove")) {
-                tm().delete(
-                        changesByType.get("remove").stream()
-                            .map(c -> BsaUnblockableDomain.vKey(c.domainName()))
-                            .collect(toImmutableSet()));
-              }
-              if (changesByType.containsKey("change")) {
-                tm().putAll(
-                        changesByType.get("change").stream()
-                            .map(UnblockableDomainChange::newValue)
-                            .collect(toImmutableSet()));
-              }
-            });
+    bsaTransact(
+        () -> {
+          if (changesByType.containsKey("remove")) {
+            tm().delete(
+                    changesByType.get("remove").stream()
+                        .map(c -> BsaUnblockableDomain.vKey(c.domainName()))
+                        .collect(toImmutableSet()));
+          }
+          if (changesByType.containsKey("change")) {
+            tm().putAll(
+                    changesByType.get("change").stream()
+                        .map(UnblockableDomainChange::newValue)
+                        .map(BsaUnblockableDomain::of)
+                        .collect(toImmutableSet()));
+          }
+        });
   }
 }

core/src/main/java/google/registry/bsa/persistence/LabelDiffUpdates.java

@@ -67,6 +67,7 @@ public final class LabelDiffUpdates {
             labels.stream().collect(groupingBy(BlockLabel::labelType, toImmutableList())));
 
     tm().transact(
+            TRANSACTION_REPEATABLE_READ,
             () -> {
               for (Map.Entry<LabelType, ImmutableList<BlockLabel>> entry :
                   labelsByType.entrySet()) {
@@ -128,8 +129,7 @@ public final class LabelDiffUpdates {
                     break;
                 }
               }
-            },
-            TRANSACTION_REPEATABLE_READ);
+            });
     logger.atInfo().log("Processed %s of labels.", labels.size());
     return nonBlockedDomains.build();
   }
@@ -152,7 +152,7 @@ public final class LabelDiffUpdates {
     ImmutableSet<String> registeredDomainNames =
         ImmutableSet.copyOf(ForeignKeyUtils.load(Domain.class, validDomainNames, now).keySet());
     for (String domain : registeredDomainNames) {
-      nonBlockedDomains.add(UnblockableDomain.of(domain, Reason.REGISTERED));
+      nonBlockedDomains.add(new UnblockableDomain(domain, Reason.REGISTERED));
       tm().put(BsaUnblockableDomain.of(domain, BsaUnblockableDomain.Reason.REGISTERED));
     }
 
@@ -161,7 +161,7 @@ public final class LabelDiffUpdates {
             .filter(domain -> isReservedDomain(domain, now))
             .collect(toImmutableSet());
     for (String domain : reservedDomainNames) {
-      nonBlockedDomains.add(UnblockableDomain.of(domain, Reason.RESERVED));
+      nonBlockedDomains.add(new UnblockableDomain(domain, Reason.RESERVED));
       tm().put(BsaUnblockableDomain.of(domain, BsaUnblockableDomain.Reason.RESERVED));
     }
     return nonBlockedDomains.build();

core/src/main/java/google/registry/bsa/persistence/Queries.java

@@ -16,14 +16,13 @@ package google.registry.bsa.persistence;
 
 import static com.google.common.base.Verify.verify;
 import static google.registry.bsa.BsaStringUtils.DOMAIN_SPLITTER;
-import static google.registry.persistence.transaction.TransactionManagerFactory.tm;
+import static google.registry.bsa.BsaTransactions.bsaQuery;
+import static google.registry.persistence.transaction.JpaTransactionManagerImpl.em;
 
 import com.google.common.collect.ImmutableCollection;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableSet;
 import google.registry.model.CreateAutoTimestamp;
-import google.registry.model.ForeignKeyUtils;
-import google.registry.model.domain.Domain;
 import java.util.List;
 import java.util.Optional;
 import java.util.stream.Collectors;
@@ -36,15 +35,14 @@ class Queries {
   private Queries() {}
 
   private static Object detach(Object obj) {
-    tm().getEntityManager().detach(obj);
+    em().detach(obj);
     return obj;
   }
 
   static Stream<BsaUnblockableDomain> queryBsaUnblockableDomainByLabels(
       ImmutableCollection<String> labels) {
     return ((Stream<?>)
-            tm().getEntityManager()
-                .createQuery("FROM BsaUnblockableDomain WHERE label in (:labels)")
+            em().createQuery("FROM BsaUnblockableDomain WHERE label in (:labels)")
                 .setParameter("labels", labels)
                 .getResultStream())
         .map(Queries::detach)
@@ -53,8 +51,7 @@ class Queries {
 
   static Stream<BsaLabel> queryBsaLabelByLabels(ImmutableCollection<String> labels) {
     return ((Stream<?>)
-            tm().getEntityManager()
-                .createQuery("FROM BsaLabel where label in (:labels)")
+            em().createQuery("FROM BsaLabel where label in (:labels)")
                 .setParameter("labels", labels)
                 .getResultStream())
         .map(Queries::detach)
@@ -62,8 +59,7 @@ class Queries {
   }
 
   static int deleteBsaLabelByLabels(ImmutableCollection<String> labels) {
-    return tm().getEntityManager()
-        .createQuery("DELETE FROM BsaLabel where label IN (:deleted_labels)")
+    return em().createQuery("DELETE FROM BsaLabel where label IN (:deleted_labels)")
         .setParameter("deleted_labels", labels)
         .executeUpdate();
   }
@@ -71,14 +67,15 @@ class Queries {
   static ImmutableList<BsaUnblockableDomain> batchReadUnblockables(
       Optional<BsaUnblockableDomain> lastRead, int batchSize) {
     return ImmutableList.copyOf(
-        tm().getEntityManager()
-            .createQuery(
-                "FROM BsaUnblockableDomain d WHERE d.label > :label OR (d.label = :label AND d.tld"
-                    + " >  :tld) ORDER BY d.tld, d.label ")
-            .setParameter("label", lastRead.map(d -> d.label).orElse(""))
-            .setParameter("tld", lastRead.map(d -> d.tld).orElse(""))
-            .setMaxResults(batchSize)
-            .getResultList());
+        bsaQuery(
+            () ->
+                em().createQuery(
+                        "FROM BsaUnblockableDomain d WHERE d.label > :label OR (d.label = :label"
+                            + " AND d.tld >  :tld) ORDER BY d.tld, d.label ")
+                    .setParameter("label", lastRead.map(d -> d.label).orElse(""))
+                    .setParameter("tld", lastRead.map(d -> d.tld).orElse(""))
+                    .setMaxResults(batchSize)
+                    .getResultList()));
   }
 
   static ImmutableSet<String> queryUnblockablesByNames(ImmutableSet<String> domains) {
@@ -96,17 +93,20 @@ class Queries {
             "SELECT CONCAT(d.label, '.', d.tld) FROM \"BsaUnblockableDomain\" d "
                 + "WHERE (d.label, d.tld) IN (%s)",
             labelTldParis);
-    return ImmutableSet.copyOf(tm().getEntityManager().createNativeQuery(sql).getResultList());
+    return ImmutableSet.copyOf(em().createNativeQuery(sql).getResultList());
   }
 
-  static ImmutableSet<String> queryLivesDomains(DateTime minCreationTime, DateTime now) {
-    ImmutableSet<String> candidates =
-        ImmutableSet.copyOf(
-            tm().getEntityManager()
-                .createQuery(
-                    "SELECT domainName FROM Domain WHERE creationTime >= :time ", String.class)
-                .setParameter("time", CreateAutoTimestamp.create(minCreationTime))
-                .getResultList());
-    return ImmutableSet.copyOf(ForeignKeyUtils.load(Domain.class, candidates, now).keySet());
+  static ImmutableSet<String> queryNewlyCreatedDomains(
+      ImmutableCollection<String> tlds, DateTime minCreationTime, DateTime now) {
+    return ImmutableSet.copyOf(
+        em().createQuery(
+                "SELECT domainName FROM Domain WHERE creationTime >= :minCreationTime "
+                    + "AND deletionTime > :now "
+                    + "AND tld in (:tlds)",
+                String.class)
+            .setParameter("minCreationTime", CreateAutoTimestamp.create(minCreationTime))
+            .setParameter("now", now)
+            .setParameter("tlds", tlds)
+            .getResultList());
   }
 }

core/src/main/java/google/registry/bsa/persistence/RefreshScheduler.java

@@ -52,7 +52,7 @@ public class RefreshScheduler {
               }
               // No previously completed refreshes. Need start time of a completed download as
               // lower bound of refresh checks.
-              if (!mostRecentDownload.isPresent()) {
+              if (mostRecentDownload.isEmpty()) {
                 return Optional.empty();
               }
 

core/src/main/java/google/registry/config/RegistryConfig.java

@@ -721,6 +721,17 @@ public final class RegistryConfig {
       return "gs://" + billingBucket;
     }
 
+    /**
+     * Returns origin part of the URL of the billing invoice file
+     *
+     * @see google.registry.beam.billing.InvoicingPipeline
+     */
+    @Provides
+    @Config("billingInvoiceOriginUrl")
+    public static String provideBillingInvoiceOriginUrl(RegistryConfigSettings config) {
+      return config.billing.billingInvoiceOriginUrl;
+    }
+
     /**
      * Returns whether or not we should publish invoices to partners automatically by default.
      *
@@ -1472,9 +1483,9 @@ public final class RegistryConfig {
     }
 
     @Provides
-    @Config("domainTxnMaxDuration")
-    public static Duration provideDomainTxnMaxDuration(RegistryConfigSettings config) {
-      return Duration.standardSeconds(config.bsa.domainTxnMaxDurationSeconds);
+    @Config("domainCreateTxnCommitTimeLag")
+    public static Duration provideDomainCreateTxnCommitTimeLag(RegistryConfigSettings config) {
+      return Duration.standardSeconds(config.bsa.domainCreateTxnCommitTimeLagSeconds);
     }
 
     @Provides

core/src/main/java/google/registry/config/RegistryConfigSettings.java

@@ -173,6 +173,7 @@ public class RegistryConfigSettings {
     public List<String> invoiceEmailRecipients;
     public String invoiceReplyToEmailAddress;
     public String invoiceFilePrefix;
+    public String billingInvoiceOriginUrl;
   }
 
   /** Configuration for Registry Data Escrow (RDE). */
@@ -273,7 +274,7 @@ public class RegistryConfigSettings {
     public int bsaDownloadIntervalMinutes;
     public int bsaMaxNopIntervalHours;
     public int bsaTxnBatchSize;
-    public int domainTxnMaxDurationSeconds;
+    public int domainCreateTxnCommitTimeLagSeconds;
     public String authUrl;
     public int authTokenExpirySeconds;
     public Map<String, String> dataUrls;

core/src/main/java/google/registry/config/files/default-config.yaml

@@ -381,6 +381,7 @@ billing:
   # Optional return address that overrides the default.
   invoiceReplyToEmailAddress: null
   invoiceFilePrefix: REG-INV
+  billingInvoiceOriginUrl: https://billing-origin-url/
 
 rde:
   # URL prefix of ICANN's server to upload RDE reports to. Nomulus adds /TLD/ID
@@ -624,9 +625,18 @@ bsa:
   # Max time period during which downloads can be skipped because checksums have
   # not changed from the previous one.
   bsaMaxNopIntervalHours: 24
-  # A very lax upper bound of the time it takes to execute a transaction that
-  # mutates a domain. Please See `BsaRefreshAction` for use case.
-  domainTxnMaxDurationSeconds: 60
+  # A very lax upper bound of the lag between a domain-creating transaction's
+  # recorded and actual commit time. In Nomulus, a domain's creation time is the
+  # start time of the transaction, while the domain is only visible after the
+  # transaction commits. Let `l` represents this lag, then at any point of time
+  # `t`, a query of domains by creation time is only guaranteed to find those
+  # created before `t - l`. Please See `BsaRefreshAction` for use case.
+  #
+  # The value below is decided by finding the longest domain-creation EPP
+  # request over the past 3 months (60 seconds, which is much longer than the
+  # transaction time), and add to it the maximum allowed replication lag (30
+  # seconds).
+  domainCreateTxnCommitTimeLagSeconds: 90
   # Number of entities (labels and unblockable domains) to process in a single
   # DB transaction.
   bsaTxnBatchSize: 1000

core/src/main/java/google/registry/config/files/tld/example.yaml

@@ -0,0 +1,60 @@
+# Example of a TLD configuration file. TLD configuration files are stored in
+# the internal repository and synced regularly to the database using the
+# release/cloudbuild-tld-sync.yaml job. The file can be created using the exact
+# output from the getTldCommand of an existing TLD.
+
+addGracePeriodLength: "PT432000S"
+allowedFullyQualifiedHostNames: []
+allowedRegistrantContactIds: []
+anchorTenantAddGracePeriodLength: "PT2592000S"
+autoRenewGracePeriodLength: "PT3888000S"
+automaticTransferLength: "PT432000S"
+claimsPeriodEnd: "294247-01-10T04:00:54.775Z"
+createBillingCost:
+  currency: "USD"
+  amount: 8.00
+creationTime: "2017-01-03T19:52:47.770Z"
+currency: "USD"
+defaultPromoTokens: []
+dnsAPlusAaaaTtl: null
+dnsDsTtl: null
+dnsNsTtl: null
+dnsPaused: true
+dnsWriters:
+- "VoidDnsWriter"
+driveFolderId: null
+eapFeeSchedule:
+  "1970-01-01T00:00:00.000Z":
+    currency: "USD"
+    amount: 0.00
+escrowEnabled: false
+idnTables: []
+invoicingEnabled: false
+lordnUsername: null
+numDnsPublishLocks: 1
+pendingDeleteLength: "PT432000S"
+premiumListName: null
+pricingEngineClassName: "google.registry.model.pricing.StaticPremiumListPricingEngine"
+redemptionGracePeriodLength: "PT2592000S"
+registryLockOrUnlockBillingCost:
+  currency: "USD"
+  amount: 0.00
+renewBillingCostTransitions:
+  "1970-01-01T00:00:00.000Z":
+    currency: "USD"
+    amount: 8.00
+renewGracePeriodLength: "PT432000S"
+reservedListNames: []
+restoreBillingCost:
+  currency: "USD"
+  amount: 50.00
+roidSuffix: "EXAMPLE"
+serverStatusChangeBillingCost:
+  currency: "USD"
+  amount: 0.00
+tldStateTransitions:
+  "1970-01-01T00:00:00.000Z": "GENERAL_AVAILABILITY"
+tldStr: "example"
+tldType: "TEST"
+tldUnicode: "example"
+transferGracePeriodLength: "PT432000S"

core/src/main/java/google/registry/dns/writer/clouddns/CloudDnsWriter.java

@@ -128,7 +128,7 @@ public class CloudDnsWriter extends BaseDnsWriter {
     // Return early if no DNS records should be published.
     // desiredRecordsBuilder is populated with an empty set to indicate that all existing records
     // should be deleted.
-    if (!domain.isPresent() || !domain.get().shouldPublishToDns()) {
+    if (domain.isEmpty() || !domain.get().shouldPublishToDns()) {
       desiredRecords.put(absoluteDomainName, ImmutableSet.of());
       return;
     }
@@ -192,7 +192,7 @@ public class CloudDnsWriter extends BaseDnsWriter {
     Optional<Host> host = loadByForeignKey(Host.class, hostName, clock.nowUtc());
 
     // Return early if the host is deleted.
-    if (!host.isPresent()) {
+    if (host.isEmpty()) {
       desiredRecords.put(absoluteHostName, ImmutableSet.of());
       return;
     }
@@ -247,7 +247,7 @@ public class CloudDnsWriter extends BaseDnsWriter {
     Optional<InternetDomainName> tld = Tlds.findTldForName(host);
 
     // Host not managed by our registry, no need to update DNS.
-    if (!tld.isPresent()) {
+    if (tld.isEmpty()) {
       logger.atSevere().log("publishHost called for invalid host '%s'.", hostName);
       return;
     }

core/src/main/java/google/registry/dns/writer/dnsupdate/DnsUpdateWriter.java

@@ -157,7 +157,7 @@ public class DnsUpdateWriter extends BaseDnsWriter {
     Optional<InternetDomainName> tld = Tlds.findTldForName(host);
 
     // host not managed by our registry, no need to update DNS.
-    if (!tld.isPresent()) {
+    if (tld.isEmpty()) {
       return;
     }
 

core/src/main/java/google/registry/env/alpha/default/WEB-INF/cloud-scheduler-tasks.xml

@@ -138,4 +138,15 @@
     </description>
     <schedule>*/1 * * * *</schedule>
   </task>
+
+  <task>
+    <url><![CDATA[/_dr/task/uploadBsaUnavailableNames]]></url>
+    <name>uploadBsaUnavailableNames</name>
+    <description>
+      This job uploads all unavailable domain names (those registered and
+      reserved) to the BSA.
+    </description>
+    <service>bsa</service>
+    <schedule>23 8,20 * * *</schedule>
+  </task>
 </entries>

core/src/main/java/google/registry/env/production/backend/WEB-INF/appengine-web.xml

@@ -1,10 +1,9 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
 
-  <runtime>java8</runtime>
+  <runtime>java17</runtime>
   <service>backend</service>
-  <!--app-engine-apis>true</app-engine-apis-->
-  <threadsafe>true</threadsafe>
+  <app-engine-apis>true</app-engine-apis>
   <sessions-enabled>true</sessions-enabled>
   <instance-class>B4_1G</instance-class>
   <basic-scaling>

core/src/main/java/google/registry/env/production/bsa/WEB-INF/appengine-web.xml

@@ -1,10 +1,9 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
 
-  <runtime>java8</runtime>
+  <runtime>java17</runtime>
   <service>bsa</service>
-  <!--app-engine-apis>true</app-engine-apis-->
-  <threadsafe>true</threadsafe>
+  <app-engine-apis>true</app-engine-apis>
   <sessions-enabled>true</sessions-enabled>
   <instance-class>B4_1G</instance-class>
   <basic-scaling>

core/src/main/java/google/registry/env/production/default/WEB-INF/appengine-web.xml

@@ -1,10 +1,9 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
 
-  <runtime>java8</runtime>
+  <runtime>java17</runtime>
   <service>default</service>
-  <!--app-engine-apis>true</app-engine-apis-->
-  <threadsafe>true</threadsafe>
+  <app-engine-apis>true</app-engine-apis>
   <sessions-enabled>true</sessions-enabled>
   <instance-class>B4_1G</instance-class>
   <manual-scaling>

core/src/main/java/google/registry/env/production/default/WEB-INF/cloud-scheduler-tasks.xml

@@ -273,4 +273,38 @@
     </description>
     <schedule>0 15 * * 1</schedule>
   </task>
+
+  <task>
+    <url><![CDATA[/_dr/task/bsaDownload]]></url>
+    <name>bsaDownload</name>
+    <service>bsa</service>
+    <description>
+      Downloads the BSA block list and processes the changes.
+    </description>
+    <!-- Runs every hour. -->
+    <schedule>0 * * * *</schedule>
+  </task>
+
+  <task>
+    <url><![CDATA[/_dr/task/bsaRefresh]]></url>
+    <name>bsaRefresh</name>
+    <service>bsa</service>
+    <description>
+      Checks for changes in registered domains and reserved labels, and updates
+      the unblockable domains list.
+    </description>
+    <!-- Runs every 30 minutes. -->
+    <schedule>15,45 * * * *</schedule>
+  </task>
+
+  <task>
+    <url><![CDATA[/_dr/task/uploadBsaUnavailableNames]]></url>
+    <name>uploadBsaUnavailableNames</name>
+    <description>
+      This job uploads all unavailable domain names (those registered and
+      reserved) to the BSA.
+    </description>
+    <service>bsa</service>
+    <schedule>23 8,20 * * *</schedule>
+  </task>
 </entries>

core/src/main/java/google/registry/env/production/pubapi/WEB-INF/appengine-web.xml

@@ -1,10 +1,9 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
 
-  <runtime>java8</runtime>
+  <runtime>java17</runtime>
   <service>pubapi</service>
-  <!--app-engine-apis>true</app-engine-apis-->
-  <threadsafe>true</threadsafe>
+  <app-engine-apis>true</app-engine-apis>
   <sessions-enabled>true</sessions-enabled>
   <instance-class>B4_1G</instance-class>
   <manual-scaling>

core/src/main/java/google/registry/env/production/tools/WEB-INF/appengine-web.xml

@@ -1,10 +1,9 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
 
-  <runtime>java8</runtime>
+  <runtime>java17</runtime>
   <service>tools</service>
-  <!--app-engine-apis>true</app-engine-apis-->
-  <threadsafe>true</threadsafe>
+  <app-engine-apis>true</app-engine-apis>
   <sessions-enabled>true</sessions-enabled>
   <instance-class>B4_1G</instance-class>
   <basic-scaling>

core/src/main/java/google/registry/env/sandbox/backend/WEB-INF/appengine-web.xml

@@ -1,10 +1,9 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
 
-  <runtime>java8</runtime>
+  <runtime>java17</runtime>
   <service>backend</service>
-  <!--app-engine-apis>true</app-engine-apis-->
-  <threadsafe>true</threadsafe>
+  <app-engine-apis>true</app-engine-apis>
   <sessions-enabled>true</sessions-enabled>
   <instance-class>B4</instance-class>
   <basic-scaling>

core/src/main/java/google/registry/env/sandbox/bsa/WEB-INF/appengine-web.xml

@@ -1,10 +1,9 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
 
-  <runtime>java8</runtime>
+  <runtime>java17</runtime>
   <service>bsa</service>
-  <!--app-engine-apis>true</app-engine-apis-->
-  <threadsafe>true</threadsafe>
+  <app-engine-apis>true</app-engine-apis>
   <sessions-enabled>true</sessions-enabled>
   <instance-class>B4</instance-class>
   <basic-scaling>

core/src/main/java/google/registry/env/sandbox/default/WEB-INF/appengine-web.xml

@@ -1,10 +1,9 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
 
-  <runtime>java8</runtime>
+  <runtime>java17</runtime>
   <service>default</service>
-  <!--app-engine-apis>true</app-engine-apis-->
-  <threadsafe>true</threadsafe>
+  <app-engine-apis>true</app-engine-apis>
   <sessions-enabled>true</sessions-enabled>
   <instance-class>B4_1G</instance-class>
   <manual-scaling>

core/src/main/java/google/registry/env/sandbox/default/WEB-INF/cloud-scheduler-tasks.xml

@@ -173,4 +173,27 @@
     <!-- Runs every hour. -->
     <schedule>0 * * * *</schedule>
   </task>
+
+  <task>
+    <url><![CDATA[/_dr/task/bsaRefresh]]></url>
+    <name>bsaRefresh</name>
+    <service>bsa</service>
+    <description>
+      Checks for changes in registered domains and reserved labels, and updates
+      the unblockable domains list.
+    </description>
+    <!-- Runs every 30 minutes. -->
+    <schedule>15,45 * * * *</schedule>
+  </task>
+
+  <task>
+    <url><![CDATA[/_dr/task/uploadBsaUnavailableNames]]></url>
+    <name>uploadBsaUnavailableNames</name>
+    <description>
+      This job uploads all unavailable domain names (those registered and
+      reserved) to the BSA.
+    </description>
+    <service>bsa</service>
+    <schedule>23 8,20 * * *</schedule>
+  </task>
 </entries>

core/src/main/java/google/registry/env/sandbox/pubapi/WEB-INF/appengine-web.xml

@@ -1,10 +1,9 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
 
-  <runtime>java8</runtime>
+  <runtime>java17</runtime>
   <service>pubapi</service>
-  <!--app-engine-apis>true</app-engine-apis-->
-  <threadsafe>true</threadsafe>
+  <app-engine-apis>true</app-engine-apis>
   <sessions-enabled>true</sessions-enabled>
   <instance-class>B4_1G</instance-class>
   <manual-scaling>

core/src/main/java/google/registry/env/sandbox/tools/WEB-INF/appengine-web.xml

@@ -1,10 +1,9 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
 
-  <runtime>java8</runtime>
+  <runtime>java17</runtime>
   <service>tools</service>
-  <!--app-engine-apis>true</app-engine-apis-->
-  <threadsafe>true</threadsafe>
+  <app-engine-apis>true</app-engine-apis>
   <sessions-enabled>true</sessions-enabled>
   <instance-class>B4</instance-class>
   <basic-scaling>

core/src/main/java/google/registry/export/ExportPremiumTermsAction.java

@@ -115,7 +115,7 @@ public class ExportPremiumTermsAction implements Runnable {
           "Skipping premium terms export for TLD %s because Drive folder isn't specified.", tldStr);
       return Optional.of("Skipping export because no Drive folder is associated with this TLD");
     }
-    if (!tld.getPremiumListName().isPresent()) {
+    if (tld.getPremiumListName().isEmpty()) {
       logger.atInfo().log("No premium terms to export for TLD '%s'.", tldStr);
       return Optional.of("No premium lists configured");
     }

core/src/main/java/google/registry/export/sheet/SyncRegistrarsSheet.java

@@ -63,7 +63,7 @@ class SyncRegistrarsSheet {
   boolean wereRegistrarsModified() {
     Optional<Cursor> cursor =
         tm().transact(() -> tm().loadByKeyIfPresent(Cursor.createGlobalVKey(SYNC_REGISTRAR_SHEET)));
-    DateTime lastUpdateTime = !cursor.isPresent() ? START_OF_TIME : cursor.get().getCursorTime();
+    DateTime lastUpdateTime = cursor.isEmpty() ? START_OF_TIME : cursor.get().getCursorTime();
     for (Registrar registrar : Registrar.loadAllCached()) {
       if (DateTimeUtils.isAtOrAfter(registrar.getLastUpdateTime(), lastUpdateTime)) {
         return true;

core/src/main/java/google/registry/export/sheet/SyncRegistrarsSheetAction.java

@@ -112,11 +112,11 @@ public class SyncRegistrarsSheetAction implements Runnable {
   @Override
   public void run() {
     final Optional<String> sheetId = Optional.ofNullable(idParam.orElse(idConfig.orElse(null)));
-    if (!sheetId.isPresent()) {
+    if (sheetId.isEmpty()) {
       Result.MISSINGNO.send(response, null);
       return;
     }
-    if (!idParam.isPresent()) {
+    if (idParam.isEmpty()) {
       if (!syncRegistrarsSheet.wereRegistrarsModified()) {
         Result.NOTMODIFIED.send(response, null);
         return;

core/src/main/java/google/registry/flows/CheckApiAction.java

@@ -159,7 +159,7 @@ public class CheckApiAction implements Runnable {
               ? "In use"
               : (isReserved
                   ? reservedError.get()
-                  : (isBsaBlocked ? "Blocked by the Brand Safety Alliance" : null));
+                  : (isBsaBlocked ? "Blocked by a GlobalBlock service" : null));
 
       ImmutableMap.Builder<String, Object> responseBuilder = new ImmutableMap.Builder<>();
       metricBuilder.status(SUCCESS).availability(availability);

core/src/main/java/google/registry/flows/EppController.java

@@ -22,7 +22,6 @@ import static google.registry.flows.FlowUtils.unmarshalEpp;
 import static java.nio.charset.StandardCharsets.UTF_8;
 
 import com.google.common.annotations.VisibleForTesting;
-import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.flogger.FluentLogger;
 import google.registry.flows.FlowModule.EppExceptionInProviderException;
@@ -45,7 +44,7 @@ import org.json.simple.JSONValue;
 public final class EppController {
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();
-  private static final String LOG_SEPARATOR = Strings.repeat("=", 40);
+  private static final String LOG_SEPARATOR = "=".repeat(40);
 
   @Inject FlowComponent.Builder flowComponentBuilder;
   @Inject EppMetric.Builder eppMetricBuilder;

core/src/main/java/google/registry/flows/FlowMetadata.java

@@ -14,25 +14,21 @@
 
 package google.registry.flows;
 
-import com.google.auto.value.AutoValue;
-import google.registry.model.ImmutableObject;
+import com.google.auto.value.AutoBuilder;
 
 /** Object to hold metadata specific to a particular execution of a flow. */
-@AutoValue
-public abstract class FlowMetadata extends ImmutableObject {
-
-  public abstract boolean isSuperuser();
+public record FlowMetadata(boolean isSuperuser) {
 
   public static Builder newBuilder() {
-    return new AutoValue_FlowMetadata.Builder();
+    return new AutoBuilder_FlowMetadata_Builder();
   }
 
   /** Builder for {@link FlowMetadata} */
-  @AutoValue.Builder
-  public abstract static class Builder {
+  @AutoBuilder
+  public interface Builder {
 
-    public abstract Builder setSuperuser(boolean isSuperuser);
+    Builder setIsSuperuser(boolean isSuperuser);
 
-    public abstract FlowMetadata build();
+    FlowMetadata build();
   }
 }

core/src/main/java/google/registry/flows/FlowModule.java

@@ -314,7 +314,7 @@ public class FlowModule {
 
   @Provides
   static FlowMetadata provideFlowMetadata(@Superuser boolean isSuperuser) {
-    return FlowMetadata.newBuilder().setSuperuser(isSuperuser).build();
+    return FlowMetadata.newBuilder().setIsSuperuser(isSuperuser).build();
   }
 
   /** Wrapper class to carry an {@link EppException} to the calling code. */

core/src/main/java/google/registry/flows/FlowRunner.java

@@ -17,7 +17,6 @@ package google.registry.flows;
 import static google.registry.persistence.transaction.TransactionManagerFactory.tm;
 import static google.registry.xml.XmlTransformer.prettyPrint;
 
-import com.google.common.base.Strings;
 import com.google.common.flogger.FluentLogger;
 import google.registry.flows.FlowModule.DryRun;
 import google.registry.flows.FlowModule.InputXml;
@@ -36,7 +35,7 @@ import javax.inject.Provider;
 /** Run a flow, either transactionally or not, with logging and retrying as needed. */
 public class FlowRunner {
 
-  private static final String COMMAND_LOG_FORMAT = "EPP Command" + Strings.repeat("\n\t%s", 8);
+  private static final String COMMAND_LOG_FORMAT = "EPP Command" + "\n\t%s".repeat(8);
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();
 
@@ -81,6 +80,7 @@ public class FlowRunner {
       // TODO(mcilwain/weiminyu): Use transactReadOnly() here for TransactionalFlow and transact()
       //                          for MutatingFlow.
       return tm().transact(
+              isolationLevelOverride.orElse(null),
               () -> {
                 try {
                   EppOutput output = EppOutput.create(flowProvider.get().run());
@@ -96,8 +96,7 @@ public class FlowRunner {
                 } catch (EppException e) {
                   throw new EppRuntimeException(e);
                 }
-              },
-              isolationLevelOverride.orElse(null));
+              });
     } catch (DryRunException e) {
       return e.output;
     } catch (EppRuntimeException e) {

core/src/main/java/google/registry/flows/ResourceFlowUtils.java

@@ -122,7 +122,7 @@ public final class ResourceFlowUtils {
   /** Check that the given AuthInfo is present for a resource being transferred. */
   public static void verifyAuthInfoPresentForResourceTransfer(Optional<AuthInfo> authInfo)
       throws EppException {
-    if (!authInfo.isPresent()) {
+    if (authInfo.isEmpty()) {
       throw new MissingTransferRequestAuthInfoException();
     }
   }
@@ -160,7 +160,7 @@ public final class ResourceFlowUtils {
         domain.getReferencedContacts().stream()
             .filter(key -> key.getKey().equals(authRepoId))
             .findFirst();
-    if (!foundContact.isPresent()) {
+    if (foundContact.isEmpty()) {
       throw new BadAuthInfoForResourceException();
     }
     // Check the authInfo against the contact.

core/src/main/java/google/registry/flows/TlsCredentials.java

@@ -105,7 +105,7 @@ public class TlsCredentials implements TransportCredentials {
     }
     // In the rare unexpected case that the client inet address wasn't passed along at all, then
     // by default deny access.
-    if (!clientInetAddr.isPresent()) {
+    if (clientInetAddr.isEmpty()) {
       logger.atWarning().log(
           "Authentication error: Missing IP address for registrar %s.", registrar.getRegistrarId());
       throw new BadRegistrarIpAddressException(clientInetAddr);
@@ -129,8 +129,8 @@ public class TlsCredentials implements TransportCredentials {
 
   @VisibleForTesting
   void validateCertificateHash(Registrar registrar) throws AuthenticationErrorException {
-    if (!registrar.getClientCertificateHash().isPresent()
-        && !registrar.getFailoverClientCertificateHash().isPresent()) {
+    if (registrar.getClientCertificateHash().isEmpty()
+        && registrar.getFailoverClientCertificateHash().isEmpty()) {
       if (requireSslCertificates) {
         throw new RegistrarCertificateNotConfiguredException();
       } else {
@@ -140,7 +140,7 @@ public class TlsCredentials implements TransportCredentials {
       }
     }
     // Check that the request included the certificate hash
-    if (!clientCertificateHash.isPresent()) {
+    if (clientCertificateHash.isEmpty()) {
       logger.atInfo().log(
           "Request from registrar %s did not include X-SSL-Certificate.",
           registrar.getRegistrarId());

core/src/main/java/google/registry/flows/contact/ContactTransferQueryFlow.java

@@ -75,7 +75,7 @@ public final class ContactTransferQueryFlow implements TransactionalFlow {
     }
     // Note that the authorization info on the command (if present) has already been verified. If
     // it's present, then the other checks are unnecessary.
-    if (!authInfo.isPresent()
+    if (authInfo.isEmpty()
         && !registrarId.equals(contact.getTransferData().getGainingRegistrarId())
         && !registrarId.equals(contact.getTransferData().getLosingRegistrarId())) {
       throw new NotAuthorizedToViewTransferException();

core/src/main/java/google/registry/flows/custom/DomainRenewFlowCustomLogic.java

@@ -14,6 +14,7 @@
 
 package google.registry.flows.custom;
 
+import com.google.auto.value.AutoBuilder;
 import com.google.auto.value.AutoValue;
 import com.google.common.collect.ImmutableList;
 import google.registry.flows.EppException;
@@ -81,30 +82,23 @@ public class DomainRenewFlowCustomLogic extends BaseFlowCustomLogic {
   }
 
   /** A class to encapsulate parameters for a call to {@link #afterValidation}. */
-  @AutoValue
-  public abstract static class AfterValidationParameters extends ImmutableObject {
-
-    public abstract Domain existingDomain();
-
-    public abstract int years();
-
-    public abstract DateTime now();
+  public record AfterValidationParameters(Domain existingDomain, int years, DateTime now) {
 
     public static Builder newBuilder() {
-      return new AutoValue_DomainRenewFlowCustomLogic_AfterValidationParameters.Builder();
+      return new AutoBuilder_DomainRenewFlowCustomLogic_AfterValidationParameters_Builder();
     }
 
     /** Builder for {@link AfterValidationParameters}. */
-    @AutoValue.Builder
-    public abstract static class Builder {
+    @AutoBuilder
+    public interface Builder {
 
-      public abstract Builder setExistingDomain(Domain existingDomain);
+      Builder setExistingDomain(Domain existingDomain);
 
-      public abstract Builder setYears(int years);
+      Builder setYears(int years);
 
-      public abstract Builder setNow(DateTime now);
+      Builder setNow(DateTime now);
 
-      public abstract AfterValidationParameters build();
+      AfterValidationParameters build();
     }
   }
 

core/src/main/java/google/registry/flows/domain/DomainCheckFlow.java

@@ -18,6 +18,7 @@ import static com.google.common.base.Strings.emptyToNull;
 import static com.google.common.collect.ImmutableList.toImmutableList;
 import static com.google.common.collect.ImmutableMap.toImmutableMap;
 import static com.google.common.collect.ImmutableSet.toImmutableSet;
+import static google.registry.bsa.persistence.BsaLabelUtils.getBlockedLabels;
 import static google.registry.flows.FlowUtils.validateRegistrarIsLoggedIn;
 import static google.registry.flows.ResourceFlowUtils.verifyTargetIdCount;
 import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld;
@@ -25,6 +26,7 @@ import static google.registry.flows.domain.DomainFlowUtils.checkHasBillingAccoun
 import static google.registry.flows.domain.DomainFlowUtils.getReservationTypes;
 import static google.registry.flows.domain.DomainFlowUtils.handleFeeRequest;
 import static google.registry.flows.domain.DomainFlowUtils.isAnchorTenant;
+import static google.registry.flows.domain.DomainFlowUtils.isRegisterBsaCreate;
 import static google.registry.flows.domain.DomainFlowUtils.isReserved;
 import static google.registry.flows.domain.DomainFlowUtils.isValidReservedCreate;
 import static google.registry.flows.domain.DomainFlowUtils.validateDomainName;
@@ -34,6 +36,7 @@ import static google.registry.model.tld.Tld.TldState.START_DATE_SUNRISE;
 import static google.registry.model.tld.label.ReservationType.getTypeOfHighestSeverity;
 import static google.registry.persistence.transaction.TransactionManagerFactory.tm;
 
+import com.google.common.collect.ImmutableCollection;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.ImmutableSet;
@@ -83,9 +86,12 @@ import google.registry.model.tld.label.ReservationType;
 import google.registry.persistence.VKey;
 import google.registry.pricing.PricingEngineProxy;
 import google.registry.util.Clock;
+import java.util.Collection;
 import java.util.HashSet;
+import java.util.Map;
 import java.util.Optional;
 import java.util.Set;
+import java.util.stream.Collectors;
 import javax.inject.Inject;
 import org.joda.time.DateTime;
 
@@ -177,6 +183,12 @@ public final class DomainCheckFlow implements TransactionalFlow {
             .build());
     ImmutableMap<String, VKey<Domain>> existingDomains =
         ForeignKeyUtils.load(Domain.class, domainNames, now);
+    // Check block labels only when there are unregistered domains, since "In use" goes before
+    // "Blocked by BSA".
+    ImmutableSet<InternetDomainName> bsaBlockedDomainNames =
+        existingDomains.size() == parsedDomains.size()
+            ? ImmutableSet.of()
+            : getBsaBlockedDomains(parsedDomains.values());
     Optional<AllocationTokenExtension> allocationTokenExtension =
         eppInput.getSingleExtension(AllocationTokenExtension.class);
     Optional<AllocationTokenDomainCheckResults> tokenDomainCheckResults =
@@ -203,10 +215,11 @@ public final class DomainCheckFlow implements TransactionalFlow {
           getMessageForCheck(
               parsedDomains.get(domainName),
               existingDomains,
+              bsaBlockedDomainNames,
               domainCheckResults,
               tldStates,
               allocationToken);
-      boolean isAvailable = !message.isPresent();
+      boolean isAvailable = message.isEmpty();
       checksBuilder.add(DomainCheck.create(isAvailable, domainName, message.orElse(null)));
       if (isAvailable) {
         availableDomains.add(domainName);
@@ -234,6 +247,7 @@ public final class DomainCheckFlow implements TransactionalFlow {
   private Optional<String> getMessageForCheck(
       InternetDomainName domainName,
       ImmutableMap<String, VKey<Domain>> existingDomains,
+      ImmutableSet<InternetDomainName> bsaBlockedDomains,
       ImmutableMap<InternetDomainName, String> tokenCheckResults,
       ImmutableMap<String, TldState> tldStates,
       Optional<AllocationToken> allocationToken) {
@@ -251,7 +265,18 @@ public final class DomainCheckFlow implements TransactionalFlow {
         }
       }
     }
-    return Optional.ofNullable(emptyToNull(tokenCheckResults.get(domainName)));
+    Optional<String> tokenResult =
+        Optional.ofNullable(emptyToNull(tokenCheckResults.get(domainName)));
+    if (tokenResult.isPresent()) {
+      return tokenResult;
+    }
+    if (isRegisterBsaCreate(domainName, allocationToken)
+        || !bsaBlockedDomains.contains(domainName)) {
+      return Optional.empty();
+    }
+    // TODO(weiminyu): extract to a constant for here and CheckApiAction.
+    // Excerpt from BSA's custom message. Max len 32 chars by EPP XML schema.
+    return Optional.of("Blocked by a GlobalBlock service");
   }
 
   /** Handle the fee check extension. */
@@ -264,7 +289,7 @@ public final class DomainCheckFlow implements TransactionalFlow {
       throws EppException {
     Optional<FeeCheckCommandExtension> feeCheckOpt =
         eppInput.getSingleExtension(FeeCheckCommandExtension.class);
-    if (!feeCheckOpt.isPresent()) {
+    if (feeCheckOpt.isEmpty()) {
       return ImmutableList.of(); // No fee checks were requested.
     }
     FeeCheckCommandExtension<?, ?> feeCheck = feeCheckOpt.get();
@@ -415,6 +440,21 @@ public final class DomainCheckFlow implements TransactionalFlow {
     return availabilityCheckDomains;
   }
 
+  static ImmutableSet<InternetDomainName> getBsaBlockedDomains(
+      ImmutableCollection<InternetDomainName> parsedDomains) {
+    Map<String, ImmutableList<InternetDomainName>> labelToDomainNames =
+        parsedDomains.stream()
+            .collect(
+                Collectors.groupingBy(
+                    parsedDomain -> parsedDomain.parts().get(0), toImmutableList()));
+    ImmutableSet<String> blockedLabels =
+        getBlockedLabels(ImmutableList.copyOf(labelToDomainNames.keySet()));
+    labelToDomainNames.keySet().retainAll(blockedLabels);
+    return labelToDomainNames.values().stream()
+        .flatMap(Collection::stream)
+        .collect(toImmutableSet());
+  }
+
   /** By server policy, fee check names must be listed in the availability check. */
   static class OnlyCheckedNamesCanBeFeeCheckedException extends ParameterValuePolicyErrorException {
     OnlyCheckedNamesCanBeFeeCheckedException() {

core/src/main/java/google/registry/flows/domain/DomainCreateFlow.java

@@ -276,7 +276,7 @@ public final class DomainCreateFlow implements MutatingFlow {
             now,
             eppInput.getSingleExtension(AllocationTokenExtension.class));
     boolean defaultTokenUsed = false;
-    if (!allocationToken.isPresent()) {
+    if (allocationToken.isEmpty()) {
       allocationToken =
           DomainFlowUtils.checkForDefaultToken(
               tld, command.getDomainName(), CommandName.CREATE, registrarId, now);
@@ -330,7 +330,7 @@ public final class DomainCreateFlow implements MutatingFlow {
               .verifySignedMarks(launchCreate.get().getSignedMarks(), domainLabel, now)
               .getId();
     }
-    verifyNotBlockedByBsa(domainLabel, tld, now);
+    verifyNotBlockedByBsa(domainName, tld, now, allocationToken);
     flowCustomLogic.afterValidation(
         DomainCreateFlowCustomLogic.AfterValidationParameters.newBuilder()
             .setDomainName(domainName)
@@ -421,8 +421,7 @@ public final class DomainCreateFlow implements MutatingFlow {
           createNameCollisionOneTimePollMessage(targetId, domainHistory, registrarId, now));
     }
     entitiesToSave.add(domain, domainHistory);
-    if (allocationToken.isPresent()
-        && TokenType.SINGLE_USE.equals(allocationToken.get().getTokenType())) {
+    if (allocationToken.isPresent() && allocationToken.get().getTokenType().isOneTimeUse()) {
       entitiesToSave.add(
           allocationTokenFlowUtils.redeemToken(
               allocationToken.get(), domainHistory.getHistoryEntryId()));
@@ -520,7 +519,7 @@ public final class DomainCreateFlow implements MutatingFlow {
     if (behavior.equals(RegistrationBehavior.BYPASS_TLD_STATE)
         || behavior.equals(RegistrationBehavior.ANCHOR_TENANT)) {
       // Non-trademarked names with the state check bypassed are always available
-      if (!claimsList.getClaimKey(domainLabel).isPresent()) {
+      if (claimsList.getClaimKey(domainLabel).isEmpty()) {
         return;
       }
       if (!currentState.equals(START_DATE_SUNRISE)) {

core/src/main/java/google/registry/flows/domain/DomainFlowUtils.java

@@ -27,6 +27,7 @@ import static com.google.common.collect.Sets.intersection;
 import static com.google.common.collect.Sets.union;
 import static google.registry.bsa.persistence.BsaLabelUtils.isLabelBlocked;
 import static google.registry.model.domain.Domain.MAX_REGISTRATION_YEARS;
+import static google.registry.model.domain.token.AllocationToken.TokenType.REGISTER_BSA;
 import static google.registry.model.tld.Tld.TldState.GENERAL_AVAILABILITY;
 import static google.registry.model.tld.Tld.TldState.PREDELEGATION;
 import static google.registry.model.tld.Tld.TldState.QUIET_PERIOD;
@@ -214,7 +215,7 @@ public class DomainFlowUtils {
       throw new DomainNameExistsAsTldException();
     }
     Optional<InternetDomainName> tldParsed = findTldForName(domainName);
-    if (!tldParsed.isPresent()) {
+    if (tldParsed.isEmpty()) {
       throw new TldDoesNotExistException(domainName.parent().toString());
     }
     if (domainName.parts().size() != tldParsed.get().parts().size() + 1) {
@@ -255,7 +256,7 @@ public class DomainFlowUtils {
     Optional<String> idnTableName =
         IDN_LABEL_VALIDATOR.findValidIdnTableForTld(
             domainName.parts().get(0), domainName.parent().toString());
-    if (!idnTableName.isPresent()) {
+    if (idnTableName.isEmpty()) {
       throw new InvalidIdnDomainLabelException();
     }
     return idnTableName.get();
@@ -265,9 +266,14 @@ public class DomainFlowUtils {
    * Verifies that the {@code domainLabel} is not blocked by any BSA block label for the given
    * {@code tld} at the specified time.
    */
-  public static void verifyNotBlockedByBsa(String domainLabel, Tld tld, DateTime now)
+  public static void verifyNotBlockedByBsa(
+      InternetDomainName domainName,
+      Tld tld,
+      DateTime now,
+      Optional<AllocationToken> allocationToken)
       throws DomainLabelBlockedByBsaException {
-    if (isBlockedByBsa(domainLabel, tld, now)) {
+    if (!isRegisterBsaCreate(domainName, allocationToken)
+        && isBlockedByBsa(domainName.parts().get(0), tld, now)) {
       throw new DomainLabelBlockedByBsaException();
     }
   }
@@ -311,6 +317,15 @@ public class DomainFlowUtils {
         && token.get().getDomainName().get().equals(domainName.toString());
   }
 
+  /** Returns whether a given domain create request may bypass the BSA block check. */
+  public static boolean isRegisterBsaCreate(
+      InternetDomainName domainName, Optional<AllocationToken> token) {
+    return token.isPresent()
+        && token.get().getTokenType().equals(REGISTER_BSA)
+        && token.get().getDomainName().isPresent()
+        && token.get().getDomainName().get().equals(domainName.toString());
+  }
+
   /** Check if the registrar running the flow has access to the TLD in question. */
   public static void checkAllowedAccessToTld(String registrarId, String tld) throws EppException {
     if (!Registrar.loadByRegistrarIdCached(registrarId).get().getAllowedTlds().contains(tld)) {
@@ -353,7 +368,7 @@ public class DomainFlowUtils {
       }
       ImmutableList<DomainDsData> invalidDigestTypes =
           dsData.stream()
-              .filter(ds -> !DigestType.fromWireValue(ds.getDigestType()).isPresent())
+              .filter(ds -> DigestType.fromWireValue(ds.getDigestType()).isEmpty())
               .collect(toImmutableList());
       if (!invalidDigestTypes.isEmpty()) {
         throw new InvalidDsRecordException(
@@ -801,7 +816,7 @@ public class DomainFlowUtils {
       FeesAndCredits feesAndCredits,
       boolean defaultTokenUsed)
       throws EppException {
-    if (feesAndCredits.hasAnyPremiumFees() && !feeCommand.isPresent()) {
+    if (feesAndCredits.hasAnyPremiumFees() && feeCommand.isEmpty()) {
       throw new FeesRequiredForPremiumNameException();
     }
     validateFeesAckedIfPresent(feeCommand, feesAndCredits, defaultTokenUsed);
@@ -822,7 +837,7 @@ public class DomainFlowUtils {
     // Check for the case where a fee command extension was required but not provided.
     // This only happens when the total fees are non-zero and include custom fees requiring the
     // extension.
-    if (!feeCommand.isPresent()) {
+    if (feeCommand.isEmpty()) {
       if (!feesAndCredits.getEapCost().isZero()) {
         throw new FeesRequiredDuringEarlyAccessProgramException(feesAndCredits.getEapCost());
       }
@@ -1034,7 +1049,7 @@ public class DomainFlowUtils {
   /** Validate the secDNS extension, if present. */
   static Optional<SecDnsCreateExtension> validateSecDnsExtension(
       Optional<SecDnsCreateExtension> secDnsCreate) throws EppException {
-    if (!secDnsCreate.isPresent()) {
+    if (secDnsCreate.isEmpty()) {
       return Optional.empty();
     }
     if (secDnsCreate.get().getDsData() == null) {

core/src/main/java/google/registry/flows/domain/DomainRenewFlow.java

@@ -73,7 +73,6 @@ import google.registry.model.domain.fee.FeeTransformResponseExtension;
 import google.registry.model.domain.metadata.MetadataExtension;
 import google.registry.model.domain.rgp.GracePeriodStatus;
 import google.registry.model.domain.token.AllocationToken;
-import google.registry.model.domain.token.AllocationToken.TokenType;
 import google.registry.model.domain.token.AllocationTokenExtension;
 import google.registry.model.eppcommon.AuthInfo;
 import google.registry.model.eppcommon.StatusValue;
@@ -183,7 +182,7 @@ public final class DomainRenewFlow implements MutatingFlow {
             CommandName.RENEW,
             eppInput.getSingleExtension(AllocationTokenExtension.class));
     boolean defaultTokenUsed = false;
-    if (!allocationToken.isPresent()) {
+    if (allocationToken.isEmpty()) {
       allocationToken =
           DomainFlowUtils.checkForDefaultToken(
               tld, existingDomain.getDomainName(), CommandName.RENEW, registrarId, now);
@@ -258,8 +257,7 @@ public final class DomainRenewFlow implements MutatingFlow {
     ImmutableSet.Builder<ImmutableObject> entitiesToSave = new ImmutableSet.Builder<>();
     entitiesToSave.add(
         newDomain, domainHistory, explicitRenewEvent, newAutorenewEvent, newAutorenewPollMessage);
-    if (allocationToken.isPresent()
-        && TokenType.SINGLE_USE.equals(allocationToken.get().getTokenType())) {
+    if (allocationToken.isPresent() && allocationToken.get().getTokenType().isOneTimeUse()) {
       entitiesToSave.add(
           allocationTokenFlowUtils.redeemToken(
               allocationToken.get(), domainHistory.getHistoryEntryId()));

core/src/main/java/google/registry/flows/domain/DomainTransferQueryFlow.java

@@ -81,7 +81,7 @@ public final class DomainTransferQueryFlow implements TransactionalFlow {
     }
     // Note that the authorization info on the command (if present) has already been verified. If
     // it's present, then the other checks are unnecessary.
-    if (!authInfo.isPresent()
+    if (authInfo.isEmpty()
         && !registrarId.equals(transferData.getGainingRegistrarId())
         && !registrarId.equals(transferData.getLosingRegistrarId())) {
       throw new NotAuthorizedToViewTransferException();

core/src/main/java/google/registry/flows/domain/DomainTransferRequestFlow.java

@@ -201,7 +201,7 @@ public final class DomainTransferRequestFlow implements MutatingFlow {
     Optional<FeesAndCredits> feesAndCredits;
     if (period.getValue() == 0) {
       feesAndCredits = Optional.empty();
-    } else if (!existingDomain.getCurrentBulkToken().isPresent()) {
+    } else if (existingDomain.getCurrentBulkToken().isEmpty()) {
       feesAndCredits =
           Optional.of(pricingLogic.getTransferPrice(tld, targetId, now, existingBillingRecurrence));
     } else {

core/src/main/java/google/registry/flows/domain/token/AllocationTokenFlowUtils.java

@@ -36,7 +36,6 @@ import google.registry.model.domain.fee.FeeQueryCommandExtensionItem.CommandName
 import google.registry.model.domain.token.AllocationToken;
 import google.registry.model.domain.token.AllocationToken.TokenBehavior;
 import google.registry.model.domain.token.AllocationToken.TokenStatus;
-import google.registry.model.domain.token.AllocationToken.TokenType;
 import google.registry.model.domain.token.AllocationTokenExtension;
 import google.registry.model.reporting.HistoryEntry.HistoryEntryId;
 import google.registry.model.tld.Tld;
@@ -105,8 +104,7 @@ public class AllocationTokenFlowUtils {
   /** Redeems a SINGLE_USE {@link AllocationToken}, returning the redeemed copy. */
   public AllocationToken redeemToken(AllocationToken token, HistoryEntryId redemptionHistoryId) {
     checkArgument(
-        TokenType.SINGLE_USE.equals(token.getTokenType()),
-        "Only SINGLE_USE tokens can be marked as redeemed");
+        token.getTokenType().isOneTimeUse(), "Only SINGLE_USE tokens can be marked as redeemed");
     return token.asBuilder().setRedemptionHistoryId(redemptionHistoryId).build();
   }
 
@@ -184,7 +182,7 @@ public class AllocationTokenFlowUtils {
     maybeTokenEntity =
         tm().transact(() -> tm().loadByKeyIfPresent(VKey.create(AllocationToken.class, token)));
 
-    if (!maybeTokenEntity.isPresent()) {
+    if (maybeTokenEntity.isEmpty()) {
       throw new InvalidAllocationTokenException();
     }
     if (maybeTokenEntity.get().isRedeemed()) {
@@ -201,7 +199,7 @@ public class AllocationTokenFlowUtils {
       DateTime now,
       Optional<AllocationTokenExtension> extension)
       throws EppException {
-    if (!extension.isPresent()) {
+    if (extension.isEmpty()) {
       return Optional.empty();
     }
     AllocationToken tokenEntity = loadToken(extension.get().getAllocationToken());
@@ -224,7 +222,7 @@ public class AllocationTokenFlowUtils {
       CommandName commandName,
       Optional<AllocationTokenExtension> extension)
       throws EppException {
-    if (!extension.isPresent()) {
+    if (extension.isEmpty()) {
       return Optional.empty();
     }
     AllocationToken tokenEntity = loadToken(extension.get().getAllocationToken());
@@ -256,7 +254,7 @@ public class AllocationTokenFlowUtils {
 
   public static Domain maybeApplyBulkPricingRemovalToken(
       Domain domain, Optional<AllocationToken> allocationToken) {
-    if (!allocationToken.isPresent()
+    if (allocationToken.isEmpty()
         || !TokenBehavior.REMOVE_BULK_PRICING.equals(allocationToken.get().getTokenBehavior())) {
       return domain;
     }

core/src/main/java/google/registry/flows/host/HostFlowUtils.java

@@ -81,7 +81,7 @@ public class HostFlowUtils {
   public static Optional<Domain> lookupSuperordinateDomain(
       InternetDomainName hostName, DateTime now) throws EppException {
     Optional<InternetDomainName> tld = findTldForName(hostName);
-    if (!tld.isPresent()) {
+    if (tld.isEmpty()) {
       // This is an host on a TLD we don't run, therefore obviously external, so we are done.
       return Optional.empty();
     }
@@ -91,7 +91,7 @@ public class HostFlowUtils {
             .skip(hostName.parts().size() - (tld.get().parts().size() + 1))
             .collect(joining("."));
     Optional<Domain> superordinateDomain = loadByForeignKey(Domain.class, domainName, now);
-    if (!superordinateDomain.isPresent() || !isActive(superordinateDomain.get(), now)) {
+    if (superordinateDomain.isEmpty() || !isActive(superordinateDomain.get(), now)) {
       throw new SuperordinateDomainDoesNotExistException(domainName);
     }
     return superordinateDomain;

core/src/main/java/google/registry/flows/picker/FlowPicker.java

@@ -148,23 +148,25 @@ public class FlowPicker {
    * <p>This provider must be tried before {@link #RESOURCE_CRUD_FLOW_PROVIDER}. Otherwise, the
    * regular domain update flow will match first.
    */
-  private static final FlowProvider DOMAIN_RESTORE_FLOW_PROVIDER = new FlowProvider() {
-    @Override
-    Class<? extends Flow> get(
-        EppInput eppInput, InnerCommand innerCommand, ResourceCommand resourceCommand) {
-      if (!(resourceCommand instanceof DomainCommand.Update)) {
-        return null;
-      }
-      Optional<RgpUpdateExtension> rgpUpdateExtension =
-          eppInput.getSingleExtension(RgpUpdateExtension.class);
-      if (!rgpUpdateExtension.isPresent()) {
-        return null;
-      }
-      // Restore command with an op of "report" is not currently supported.
-      return (rgpUpdateExtension.get().getRestoreCommand().getRestoreOp() == RestoreOp.REQUEST)
-          ? DomainRestoreRequestFlow.class
-          : UnimplementedRestoreFlow.class;
-    }};
+  private static final FlowProvider DOMAIN_RESTORE_FLOW_PROVIDER =
+      new FlowProvider() {
+        @Override
+        Class<? extends Flow> get(
+            EppInput eppInput, InnerCommand innerCommand, ResourceCommand resourceCommand) {
+          if (!(resourceCommand instanceof DomainCommand.Update)) {
+            return null;
+          }
+          Optional<RgpUpdateExtension> rgpUpdateExtension =
+              eppInput.getSingleExtension(RgpUpdateExtension.class);
+          if (rgpUpdateExtension.isEmpty()) {
+            return null;
+          }
+          // Restore command with an op of "report" is not currently supported.
+          return (rgpUpdateExtension.get().getRestoreCommand().getRestoreOp() == RestoreOp.REQUEST)
+              ? DomainRestoreRequestFlow.class
+              : UnimplementedRestoreFlow.class;
+        }
+      };
 
   /**
    * The claims check flow is keyed on the type of the {@link ResourceCommand} and on having the
@@ -180,7 +182,7 @@ public class FlowPicker {
           }
           Optional<LaunchCheckExtension> launchCheck =
               eppInput.getSingleExtension(LaunchCheckExtension.class);
-          if (!launchCheck.isPresent()
+          if (launchCheck.isEmpty()
               || CheckType.AVAILABILITY.equals(launchCheck.get().getCheckType())) {
             // We don't distinguish between registry phases for "avail", so don't bother checking
             // phase.

core/src/main/java/google/registry/flows/poll/PollAckFlow.java

@@ -86,7 +86,7 @@ public final class PollAckFlow implements MutatingFlow {
     // it as if it doesn't exist yet. Same for if the message ID year isn't the same as the actual
     // poll message's event time (that means they're passing in an old already-acked ID).
     Optional<PollMessage> maybePollMessage = tm().loadByKeyIfPresent(pollMessageKey);
-    if (!maybePollMessage.isPresent()
+    if (maybePollMessage.isEmpty()
         || !isBeforeOrAt(maybePollMessage.get().getEventTime(), now)
         || !makePollMessageExternalId(maybePollMessage.get()).equals(messageId)) {
       throw new MessageDoesNotExistException(messageId);

core/src/main/java/google/registry/flows/poll/PollRequestFlow.java

@@ -66,7 +66,7 @@ public final class PollRequestFlow implements TransactionalFlow {
     // Return the oldest message from the queue.
     DateTime now = tm().getTransactionTime();
     Optional<PollMessage> maybePollMessage = getFirstPollMessage(registrarId, now);
-    if (!maybePollMessage.isPresent()) {
+    if (maybePollMessage.isEmpty()) {
       return responseBuilder.setResultFromCode(SUCCESS_WITH_NO_MESSAGES).build();
     }
     PollMessage pollMessage = maybePollMessage.get();

core/src/main/java/google/registry/flows/session/LoginFlow.java

@@ -47,7 +47,6 @@ import google.registry.model.eppinput.EppInput.Options;
 import google.registry.model.eppinput.EppInput.Services;
 import google.registry.model.eppoutput.EppResponse;
 import google.registry.model.registrar.Registrar;
-import google.registry.util.PasswordUtils.HashAlgorithm;
 import java.util.Optional;
 import java.util.Set;
 import javax.inject.Inject;
@@ -123,7 +122,7 @@ public class LoginFlow implements MutatingFlow {
       serviceExtensionUrisBuilder.add(uri);
     }
     Optional<Registrar> registrar = Registrar.loadByRegistrarIdCached(login.getClientId());
-    if (!registrar.isPresent()) {
+    if (registrar.isEmpty()) {
       throw new BadRegistrarIdException(login.getClientId());
     }
 
@@ -142,20 +141,11 @@ public class LoginFlow implements MutatingFlow {
       throw new RegistrarAccountNotActiveException();
     }
 
-    if (login.getNewPassword().isPresent()
-        || registrar.get().getCurrentHashAlgorithm(login.getPassword()).orElse(null)
-            != HashAlgorithm.SCRYPT) {
-      String newPassword =
-          login
-              .getNewPassword()
-              .orElseGet(
-                  () -> {
-                    logger.atInfo().log("Rehashing existing registrar password with Scrypt");
-                    return login.getPassword();
-                  });
+    if (login.getNewPassword().isPresent()) {
+      String newPassword = login.getNewPassword().get();
       // Load fresh from database (bypassing the cache) to ensure we don't save stale data.
       Optional<Registrar> freshRegistrar = Registrar.loadByRegistrarId(login.getClientId());
-      if (!freshRegistrar.isPresent()) {
+      if (freshRegistrar.isEmpty()) {
         throw new BadRegistrarIdException(login.getClientId());
       }
       tm().put(freshRegistrar.get().asBuilder().setPassword(newPassword).build());