Skip to content

Commit

Permalink
Revert "Use fs/promises to read CA_CERT"
Browse files Browse the repository at this point in the history
This reverts commit 64e9018.
  • Loading branch information
dmlemeshko committed Nov 21, 2023
1 parent 43038d7 commit e6e0198
Showing 1 changed file with 15 additions and 18 deletions.
33 changes: 15 additions & 18 deletions packages/kbn-es/src/utils/docker.ts
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
*/
import chalk from 'chalk';
import execa from 'execa';
import fs from 'fs';
import Fsp from 'fs/promises';
import { resolve, basename, join } from 'path';
import { Client, ClientOptions, HttpConnection } from '@elastic/elasticsearch';
Expand Down Expand Up @@ -730,30 +731,26 @@ export async function runServerlessCluster(log: ToolingLog, options: ServerlessO
portCmd[1].lastIndexOf(':')
)}`;

let clientExtOptions = {};
if (options.ssl) {
const ca = await Fsp.readFile(CA_CERT_PATH);
clientExtOptions = {
tls: {
ca,
// NOTE: Even though we've added ca into the tls options, we are using 127.0.0.1 instead of localhost
// for the ip which is not validated. As such we are getting the error
// Hostname/IP does not match certificate's altnames: IP: 127.0.0.1 is not in the cert's list:
// To work around that we are overriding the function checkServerIdentity too
checkServerIdentity: () => {
return undefined;
},
},
};
}

const client = getESClient({
node: esNodeUrl,
auth: {
username: ELASTIC_SERVERLESS_SUPERUSER,
password: ELASTIC_SERVERLESS_SUPERUSER_PASSWORD,
},
...clientExtOptions,
...(options.ssl
? {
tls: {
ca: [fs.readFileSync(CA_CERT_PATH)],
// NOTE: Even though we've added ca into the tls options, we are using 127.0.0.1 instead of localhost
// for the ip which is not validated. As such we are getting the error
// Hostname/IP does not match certificate's altnames: IP: 127.0.0.1 is not in the cert's list:
// To work around that we are overriding the function checkServerIdentity too
checkServerIdentity: () => {
return undefined;
},
},
}
: {}),
});

const readyPromise = waitUntilClusterReady({ client, expectedStatus: 'green', log }).then(
Expand Down

0 comments on commit e6e0198

Please sign in to comment.