MB-48068. Each TLS refresh get SSL host/port

Change-Id: I5e3036e6069fa21dd331e69c2368cb646cdb90fa
Reviewed-on: http://review.couchbase.org/c/query/+/159751
Reviewed-by: Donald Haggart <donald.haggart@couchbase.com>
Reviewed-by: Marco Greco <marco.greco@couchbase.com>
Tested-by: Sitaram Vemulapalli <sitaram.vemulapalli@couchbase.com>

build.sh

@@ -58,18 +58,18 @@ DevStandaloneSetup() {
              cp -rp $JSEVAL $GOPATH/lib
            fi
        fi
-    # gocbcore points to master; gocbcore/v9 points to 9.1.4
+    # gocbcore points to master; gocbcore/v9 points to 9.1.6
        if [[ -d ../gocbcore/v9 ]]
        then
            cd ../gocbcore/v9
-           C=`git log --pretty=oneline --abbrev-commit -n 1|grep -c "v9.1.4"`
+           C=`git log --pretty=oneline --abbrev-commit -n 1|grep -c "v9.1.6"`
            cd -
        else
            C=0
        fi
        if [[ $C -eq 0 ]]
        then
-           (cd ..; rm -rf gocbcore/v9; git clone -b v9.1.4 https://github.com/couchbase/gocbcore.git gocbcore/v9)
+           (cd ..; rm -rf gocbcore/v9; git clone -b v9.1.6 https://github.com/couchbase/gocbcore.git gocbcore/v9)
        fi
     # bleve version
        if [[ ! -d ../../blevesearch/bleve/v2 ]]; then

datastore/couchbase/gcagent/client.go

@@ -11,6 +11,7 @@ package gcagent
 import (
 	"crypto/tls"
 	"crypto/x509"
+	"fmt"
 	"io/ioutil"
 	"strings"
 	"sync"
@@ -67,16 +68,17 @@ func (auth *MemcachedAuthProvider) Certificate(req gocbcore.AuthCertRequest) (*t
 
 // Call this method with a TLS certificate file name to make communication
 type Client struct {
-	config        *gocbcore.AgentConfig
-	sslConfig     *gocbcore.AgentConfig
-	transactions  *gctx.Manager
-	rootCAs       *x509.CertPool
-	agentProvider *AgentProvider
-	mutex         sync.RWMutex
-	atrLocations  map[string]gctx.LostATRLocation
+	config       *gocbcore.AgentConfig
+	transactions *gctx.Manager
+	rootCAs      *x509.CertPool
+	mutex        sync.RWMutex
+	sslConfigFn  SSLConfigFn
+	atrLocations map[string]gctx.LostATRLocation
 }
 
-func NewClient(url, sslHost, sslPort, certFile string) (rv *Client, err error) {
+type SSLConfigFn func() (*gocbcore.AgentConfig, error)
+
+func NewClient(url string, sslHostFn func() (string, string), certFile string) (rv *Client, err error) {
 	var connSpec *connstr.ConnSpec
 
 	rv = &Client{}
@@ -87,19 +89,22 @@ func NewClient(url, sslHost, sslPort, certFile string) (rv *Client, err error) {
 		return nil, err
 	}
 
-	// create SSL agent config file
-	if len(connSpec.Addresses) > 0 {
-		if sslHost == "" {
-			sslHost = connSpec.Addresses[0].Host
-		}
-		surl := "couchbases://" + sslHost
-		if sslPort != "" {
-			// couchbases schema with custom port will not allowed http bootstrap.
-			surl = "http://" + sslHost + ":" + sslPort
-		}
-		if rv.sslConfig, _, err = agentConfig(surl, options); err != nil {
-			return nil, err
+	rv.sslConfigFn = func() (*gocbcore.AgentConfig, error) {
+		// create SSL agent config file
+		sslHost, sslPort := sslHostFn()
+		if len(connSpec.Addresses) > 0 {
+			if sslHost == "" {
+				sslHost = connSpec.Addresses[0].Host
+			}
+			surl := "couchbases://" + sslHost
+			if sslPort != "" {
+				// couchbases schema with custom port will not allowed http bootstrap.
+				surl = "http://" + sslHost + ":" + sslPort
+			}
+			sslConfig, _, err1 := agentConfig(surl, options)
+			return sslConfig, err1
 		}
+		return nil, fmt.Errorf("no ssl address")
 	}
 
 	if certFile != "" {
@@ -109,7 +114,6 @@ func NewClient(url, sslHost, sslPort, certFile string) (rv *Client, err error) {
 	}
 
 	// generic provider
-	rv.agentProvider, err = rv.CreateAgentProvider("")
 	rv.atrLocations = make(map[string]gctx.LostATRLocation, 32)
 
 	return rv, err
@@ -189,22 +193,10 @@ func (c *Client) CreateAgentProvider(bucketName string) (*AgentProvider, error)
 	return ap, err
 }
 
-func (c *Client) AgentProvider() *AgentProvider {
-	return c.agentProvider
-}
-
-func (c *Client) Agent() *gocbcore.Agent {
-	return c.agentProvider.Agent()
-}
-
 func (c *Client) Close() {
-	if c.agentProvider != nil {
-		c.agentProvider.Close()
-	}
 	if c.transactions != nil {
 		c.transactions.Close()
 	}
-	c.agentProvider = nil
 	c.transactions = nil
 	c.mutex.Lock()
 	c.rootCAs = nil
@@ -222,19 +214,13 @@ func (c *Client) InitTLS(certFile string) error {
 	c.mutex.Lock()
 	c.rootCAs = CA_Pool
 	c.mutex.Unlock()
-	if c.agentProvider != nil {
-		return c.agentProvider.Refresh()
-	}
 	return nil
 }
 
 func (c *Client) ClearTLS() {
 	c.mutex.Lock()
 	c.rootCAs = nil
 	c.mutex.Unlock()
-	if c.agentProvider != nil {
-		c.agentProvider.Refresh()
-	}
 }
 
 func (c *Client) TLSRootCAs() *x509.CertPool {

datastore/couchbase/gcagent/txagent.go

@@ -57,7 +57,11 @@ func (ap *AgentProvider) CreateOrRefreshAgent() error {
 	rootCAs := ap.client.TLSRootCAs()
 	if rootCAs != nil {
 		// Use SSL config
-		config = *ap.client.sslConfig
+		cconfig, cerr := ap.client.sslConfigFn()
+		if cerr != nil {
+			return cerr
+		}
+		config = *cconfig
 		config.UseTLS = true
 		config.TLSRootCAProvider = func() *x509.CertPool {
 			return rootCAs

datastore/couchbase/txcouchbase.go

@@ -725,8 +725,11 @@ func initGocb(s *store) (err errors.Error) {
 	txConfig.Internal.EnableNonFatalGets = true
 	txConfig.Internal.EnableParallelUnstaging = true
 
-	sslHost, sslPort := getSSLHostPort(s)
-	client, cerr := gcagent.NewClient(s.URL(), sslHost, sslPort, certFile)
+	client, cerr := gcagent.NewClient(s.URL(),
+		func() (string, string) {
+			return getSSLHostPort(s)
+		},
+		certFile)
 	s.nslock.Lock()
 	defer s.nslock.Unlock()