CBG-4317 uptake fix for TLS without certs for import feed

base/dcp_feed_type.go

@@ -296,9 +296,16 @@ func getCbgtCredentials(dbName string) (cbgtCreds, bool) {
 	return creds, found
 }
 
-// See the comment of cbgtRootCAsProvider for usage details.
+// setCbgtRootCertsForBucket creates root certificates for a given bucket. If TLS should be used, this function must be called. If tls certificate verification is skipped, then this function should be called with pool as nil. See the comment of cbgtRootCAsProvider for usage details.
 func setCbgtRootCertsForBucket(bucketUUID string, pool *x509.CertPool) {
 	cbgtGlobalsLock.Lock()
 	defer cbgtGlobalsLock.Unlock()
 	cbgtRootCertPools[bucketUUID] = pool
 }
+
+// removeCbgtRootCertsForBucket removes all the root certificates for a bucket. See the comment of cbgtRootCAsProvider for usage details.
+func removeCbgtRootCertsForBucket(bucketUUID string) {
+	cbgtGlobalsLock.Lock()
+	defer cbgtGlobalsLock.Unlock()
+	delete(cbgtRootCertPools, bucketUUID)
+}

base/dcp_sharded.go

@@ -451,6 +451,7 @@ func (c *CbgtContext) Stop() {
 
 func (c *CbgtContext) RemoveFeedCredentials(dbName string) {
 	removeCbgtCredentials(dbName)
+	removeCbgtRootCertsForBucket(c.sourceUUID)
 }
 
 // Format of dest key for retrieval of import dest from cbgtDestFactories

go.mod

@@ -6,11 +6,11 @@ require (
 	dario.cat/mergo v1.0.0
 	github.com/KimMachineGun/automemlimit v0.6.1
 	github.com/coreos/go-oidc/v3 v3.11.0
-	github.com/couchbase/cbgt v1.4.1
+	github.com/couchbase/cbgt v1.4.2-0.20241112001929-b9fdd9b009b1
 	github.com/couchbase/clog v0.1.0
 	github.com/couchbase/go-blip v0.0.0-20231212195435-3490e96d30e3
 	github.com/couchbase/gocb/v2 v2.9.1
-	github.com/couchbase/gocbcore/v10 v10.5.1
+	github.com/couchbase/gocbcore/v10 v10.5.2
 	github.com/couchbase/gomemcached v0.2.1
 	github.com/couchbase/goutils v0.1.2
 	github.com/couchbase/sg-bucket v0.0.0-20240606153601-d152b90edccb
@@ -35,14 +35,13 @@ require (
 	github.com/shirou/gopsutil/v3 v3.23.10
 	github.com/stretchr/testify v1.9.0
 	golang.org/x/crypto v0.25.0
-	golang.org/x/exp v0.0.0-20230905200255-921286631fa9
+	golang.org/x/exp v0.0.0-20231226003508-02704c960a9b
 	golang.org/x/net v0.27.0
 	golang.org/x/oauth2 v0.21.0
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1
 )
 
 require (
-	github.com/aws/aws-sdk-go v1.44.299 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/cilium/ebpf v0.9.1 // indirect
@@ -53,11 +52,10 @@ require (
 	github.com/couchbase/go-couchbase v0.1.1 // indirect
 	github.com/couchbase/gocbcoreps v0.1.3 // indirect
 	github.com/couchbase/goprotostellar v1.0.2 // indirect
-	github.com/couchbase/tools-common/cloud v1.0.0 // indirect
-	github.com/couchbase/tools-common/fs v1.0.0 // indirect
-	github.com/couchbase/tools-common/testing v1.0.0 // indirect
-	github.com/couchbase/tools-common/types v1.0.0 // indirect
-	github.com/couchbase/tools-common/utils v1.0.0 // indirect
+	github.com/couchbase/tools-common/cloud/v5 v5.0.3 // indirect
+	github.com/couchbase/tools-common/fs v1.0.2 // indirect
+	github.com/couchbase/tools-common/testing v1.0.1 // indirect
+	github.com/couchbase/tools-common/types v1.1.4 // indirect
 	github.com/couchbaselabs/gocbconnstr/v2 v2.0.0-20240607131231-fb385523de28 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/docker/go-units v0.4.0 // indirect
@@ -98,7 +96,7 @@ require (
 	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/sys v0.22.0 // indirect
 	golang.org/x/text v0.16.0 // indirect
-	golang.org/x/time v0.3.0 // indirect
+	golang.org/x/time v0.5.0 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240401170217-c3f982113cda // indirect
 	google.golang.org/grpc v1.63.2 // indirect
 	google.golang.org/protobuf v1.33.0 // indirect