aef5ff7491
The test is flaky most likely because when TLS certificate rewrite happens simultaneously with an ANN request, the handshake can hang for a long time (~60s). This leads to a timeout in the test case. This change introduces a checkpoint in the test so that it will wait for the certificate rewrite to happen before sending an ANN request, which should prevent the handshake from hanging and make the test more reliable. Fixes: #28012
48 lines
1.4 KiB
C++
48 lines
1.4 KiB
C++
/*
|
|
* Copyright (C) 2025-present ScyllaDB
|
|
*/
|
|
|
|
/*
|
|
* SPDX-License-Identifier: LicenseRef-ScyllaDB-Source-Available-1.0
|
|
*/
|
|
|
|
#pragma once
|
|
#include "utils/updateable_value.hh"
|
|
#include "utils/log.hh"
|
|
#include <seastar/core/future.hh>
|
|
#include <seastar/core/sstring.hh>
|
|
#include <seastar/net/tls.hh>
|
|
#include <seastar/core/shared_ptr.hh>
|
|
#include <seastar/core/gate.hh>
|
|
#include <unordered_map>
|
|
|
|
namespace vector_search {
|
|
|
|
/// Manages the TLS truststore for secure (HTTPS) connections to the vector store service.
|
|
class truststore {
|
|
public:
|
|
using options_type = utils::updateable_value<std::unordered_map<seastar::sstring, seastar::sstring>>;
|
|
using invoke_on_others_type = std::function<seastar::future<>(std::function<seastar::future<>(truststore&)>)>;
|
|
|
|
explicit truststore(logging::logger& logger, options_type options, invoke_on_others_type invoke_on_others);
|
|
|
|
seastar::future<seastar::shared_ptr<seastar::tls::certificate_credentials>> get();
|
|
seastar::future<> stop();
|
|
|
|
unsigned reload_count() const {
|
|
return _reload_count;
|
|
}
|
|
|
|
private:
|
|
seastar::future<seastar::tls::credentials_builder> create_builder() const;
|
|
|
|
logging::logger& _logger;
|
|
options_type _options;
|
|
seastar::shared_ptr<seastar::tls::certificate_credentials> _credentials;
|
|
invoke_on_others_type _invoke_on_others;
|
|
seastar::gate _gate;
|
|
unsigned _reload_count = 0;
|
|
};
|
|
|
|
} // namespace vector_search
|