reset cert pools only in a test

couchbase · Dec 2, 2024 · f0cf548 · f0cf548
1 parent ea548ac
commit f0cf548
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 8 deletions.
diff --git a/base/dcp_feed_type.go b/base/dcp_feed_type.go
@@ -302,10 +302,3 @@ func setCbgtRootCertsForBucket(bucketUUID string, pool *x509.CertPool) {
 	defer cbgtGlobalsLock.Unlock()
 	cbgtRootCertPools[bucketUUID] = pool
 }
-
-// removeCbgtRootCertsForBucket removes all the root certificates for a bucket. See the comment of cbgtRootCAsProvider for usage details.
-func removeCbgtRootCertsForBucket(bucketUUID string) {
-	cbgtGlobalsLock.Lock()
-	defer cbgtGlobalsLock.Unlock()
-	delete(cbgtRootCertPools, bucketUUID)
-}
diff --git a/base/dcp_sharded.go b/base/dcp_sharded.go
@@ -451,7 +451,7 @@ func (c *CbgtContext) Stop() {
 
 func (c *CbgtContext) RemoveFeedCredentials(dbName string) {
 	removeCbgtCredentials(dbName)
-	removeCbgtRootCertsForBucket(c.sourceUUID)
+	// CBG-4394: removing root certs for the bucket should be done, but it is keyed based on the bucket UUID, and multiple dbs can use the same bucket
 }
 
 // Format of dest key for retrieval of import dest from cbgtDestFactories

diff --git a/base/util_testing.go b/base/util_testing.go
@@ -19,6 +19,7 @@ import (
 	"io"
 	"io/fs"
 	"log"
+	"maps"
 	"math/rand"
 	"os"
 	"path/filepath"
@@ -978,3 +979,14 @@ func numFilesInDir(t *testing.T, dir string, recursive bool) int {
 	require.NoError(t, err)
 	return numFiles
 }
+
+// ResetCBGTCertPools resets the cert pools used for cbgt in a test.
+func ResetCBGTCertPools(t *testing.T) {
+	// CBG-4394: removing root certs for the bucket should be done, but it is keyed based on the bucket UUID, and multiple dbs can use the same bucket
+	cbgtGlobalsLock.Lock()
+	defer cbgtGlobalsLock.Unlock()
+	oldRootCAs := maps.Clone(cbgtRootCertPools)
+	t.Cleanup(func() {
+		cbgtRootCertPools = oldRootCAs
+	})
+}
diff --git a/rest/config_test.go b/rest/config_test.go
@@ -3140,6 +3140,7 @@ func TestRevCacheMemoryLimitConfig(t *testing.T) {
 }
 
 func TestTLSWithoutCerts(t *testing.T) {
+	base.ResetCBGTCertPools(t) // CBG-4394: removing root certs for the bucket should be done, but it is keyed based on the bucket UUID, and multiple dbs can use the same bucket
 	rt := NewRestTester(t, &RestTesterConfig{
 		PersistentConfig: true,
 		MutateStartupConfig: func(config *StartupConfig) {