From f0cf5481d2f46d45076cc3ab9a6e445fe35dd1d4 Mon Sep 17 00:00:00 2001 From: Tor Colvin Date: Mon, 2 Dec 2024 09:35:14 -0500 Subject: [PATCH] reset cert pools only in a test --- base/dcp_feed_type.go | 7 ------- base/dcp_sharded.go | 2 +- base/util_testing.go | 12 ++++++++++++ rest/config_test.go | 1 + 4 files changed, 14 insertions(+), 8 deletions(-) diff --git a/base/dcp_feed_type.go b/base/dcp_feed_type.go index ed3b53c9a8..e6bef0b62b 100644 --- a/base/dcp_feed_type.go +++ b/base/dcp_feed_type.go @@ -302,10 +302,3 @@ func setCbgtRootCertsForBucket(bucketUUID string, pool *x509.CertPool) { defer cbgtGlobalsLock.Unlock() cbgtRootCertPools[bucketUUID] = pool } - -// removeCbgtRootCertsForBucket removes all the root certificates for a bucket. See the comment of cbgtRootCAsProvider for usage details. -func removeCbgtRootCertsForBucket(bucketUUID string) { - cbgtGlobalsLock.Lock() - defer cbgtGlobalsLock.Unlock() - delete(cbgtRootCertPools, bucketUUID) -} diff --git a/base/dcp_sharded.go b/base/dcp_sharded.go index 84ff59f29f..8efc924336 100644 --- a/base/dcp_sharded.go +++ b/base/dcp_sharded.go @@ -451,7 +451,7 @@ func (c *CbgtContext) Stop() { func (c *CbgtContext) RemoveFeedCredentials(dbName string) { removeCbgtCredentials(dbName) - removeCbgtRootCertsForBucket(c.sourceUUID) + // CBG-4394: removing root certs for the bucket should be done, but it is keyed based on the bucket UUID, and multiple dbs can use the same bucket } // Format of dest key for retrieval of import dest from cbgtDestFactories diff --git a/base/util_testing.go b/base/util_testing.go index 44edcb5e81..0471387be6 100644 --- a/base/util_testing.go +++ b/base/util_testing.go @@ -19,6 +19,7 @@ import ( "io" "io/fs" "log" + "maps" "math/rand" "os" "path/filepath" @@ -978,3 +979,14 @@ func numFilesInDir(t *testing.T, dir string, recursive bool) int { require.NoError(t, err) return numFiles } + +// ResetCBGTCertPools resets the cert pools used for cbgt in a test. +func ResetCBGTCertPools(t *testing.T) { + // CBG-4394: removing root certs for the bucket should be done, but it is keyed based on the bucket UUID, and multiple dbs can use the same bucket + cbgtGlobalsLock.Lock() + defer cbgtGlobalsLock.Unlock() + oldRootCAs := maps.Clone(cbgtRootCertPools) + t.Cleanup(func() { + cbgtRootCertPools = oldRootCAs + }) +} diff --git a/rest/config_test.go b/rest/config_test.go index c6f17880bf..75ff917f63 100644 --- a/rest/config_test.go +++ b/rest/config_test.go @@ -3140,6 +3140,7 @@ func TestRevCacheMemoryLimitConfig(t *testing.T) { } func TestTLSWithoutCerts(t *testing.T) { + base.ResetCBGTCertPools(t) // CBG-4394: removing root certs for the bucket should be done, but it is keyed based on the bucket UUID, and multiple dbs can use the same bucket rt := NewRestTester(t, &RestTesterConfig{ PersistentConfig: true, MutateStartupConfig: func(config *StartupConfig) {