reset cert pools only in a test

torcolvin · torcolvin · commit 78f6e519d6ab · 2024-12-02T14:03:21.000-05:00
diff --git a/base/dcp_feed_type.go b/base/dcp_feed_type.go
@@ -302,10 +302,3 @@ func setCbgtRootCertsForBucket(bucketUUID string, pool *x509.CertPool) {
 	defer cbgtGlobalsLock.Unlock()
 	cbgtRootCertPools[bucketUUID] = pool
 }
-
-// removeCbgtRootCertsForBucket removes all the root certificates for a bucket. See the comment of cbgtRootCAsProvider for usage details.
-func removeCbgtRootCertsForBucket(bucketUUID string) {
-	cbgtGlobalsLock.Lock()
-	defer cbgtGlobalsLock.Unlock()
-	delete(cbgtRootCertPools, bucketUUID)
-}
diff --git a/base/dcp_sharded.go b/base/dcp_sharded.go
@@ -451,7 +451,7 @@ func (c *CbgtContext) Stop() {
 
 func (c *CbgtContext) RemoveFeedCredentials(dbName string) {
 	removeCbgtCredentials(dbName)
-	removeCbgtRootCertsForBucket(c.sourceUUID)
+	// CBG-4394: removing root certs for the bucket should be done, but it is keyed based on the bucket UUID, and multiple dbs can use the same bucket
 }
 
 // Format of dest key for retrieval of import dest from cbgtDestFactories
diff --git a/base/util_testing.go b/base/util_testing.go
@@ -19,6 +19,7 @@ import (
 	"io"
 	"io/fs"
 	"log"
+	"maps"
 	"math/rand"
 	"os"
 	"path/filepath"
@@ -978,3 +979,14 @@ func numFilesInDir(t *testing.T, dir string, recursive bool) int {
 	require.NoError(t, err)
 	return numFiles
 }
+
+// ResetCBGTCertPools resets the cert pools used for cbgt in a test.
+func ResetCBGTCertPools(t *testing.T) {
+	// CBG-4394: removing root certs for the bucket should be done, but it is keyed based on the bucket UUID, and multiple dbs can use the same bucket
+	cbgtGlobalsLock.Lock()
+	defer cbgtGlobalsLock.Unlock()
+	oldRootCAs := maps.Clone(cbgtRootCertPools)
+	t.Cleanup(func() {
+		cbgtRootCertPools = oldRootCAs
+	})
+}
diff --git a/rest/config_test.go b/rest/config_test.go
@@ -3140,6 +3140,7 @@ func TestRevCacheMemoryLimitConfig(t *testing.T) {
 }
 
 func TestTLSWithoutCerts(t *testing.T) {
+	base.ResetCBGTCertPools(t) // CBG-4394: removing root certs for the bucket should be done, but it is keyed based on the bucket UUID, and multiple dbs can use the same bucket
 	rt := NewRestTester(t, &RestTesterConfig{
 		PersistentConfig: true,
 		MutateStartupConfig: func(config *StartupConfig) {

Original file line number	Diff line number	Diff line change
`@@ -451,7 +451,7 @@ func (c *CbgtContext) Stop() {`
`451`	`451`
`452`	`452`	`func (c *CbgtContext) RemoveFeedCredentials(dbName string) {`
`453`	`453`	`removeCbgtCredentials(dbName)`
`454`		`- removeCbgtRootCertsForBucket(c.sourceUUID)`
	`454`	`+ // CBG-4394: removing root certs for the bucket should be done, but it is keyed based on the bucket UUID, and multiple dbs can use the same bucket`
`455`	`455`	`}`
`456`	`456`
`457`	`457`	`// Format of dest key for retrieval of import dest from cbgtDestFactories`
Original file line number	Diff line number	Diff line change
`@@ -3140,6 +3140,7 @@ func TestRevCacheMemoryLimitConfig(t *testing.T) {`
`3140`	`3140`	`}`
`3141`	`3141`
`3142`	`3142`	`func TestTLSWithoutCerts(t *testing.T) {`
	`3143`	`+ base.ResetCBGTCertPools(t) // CBG-4394: removing root certs for the bucket should be done, but it is keyed based on the bucket UUID, and multiple dbs can use the same bucket`
`3143`	`3144`	`rt := NewRestTester(t, &RestTesterConfig{`
`3144`	`3145`	`PersistentConfig: true,`
`3145`	`3146`	`MutateStartupConfig: func(config *StartupConfig) {`