From e6e019895e351173fba24cb3610130d38c618b9c Mon Sep 17 00:00:00 2001
From: Dzmitry Lemechko <dzmitry.lemechko@elastic.co>
Date: Tue, 21 Nov 2023 15:01:36 +0100
Subject: [PATCH] Revert "Use fs/promises to read CA_CERT"

This reverts commit 64e9018fc5c105dd03b1af0ae8bc6ed4c94e21aa.
---
 packages/kbn-es/src/utils/docker.ts | 33 +++++++++++++----------------
 1 file changed, 15 insertions(+), 18 deletions(-)

diff --git a/packages/kbn-es/src/utils/docker.ts b/packages/kbn-es/src/utils/docker.ts
index e60298d6951d8..73e5e1fc77288 100644
--- a/packages/kbn-es/src/utils/docker.ts
+++ b/packages/kbn-es/src/utils/docker.ts
@@ -7,6 +7,7 @@
  */
 import chalk from 'chalk';
 import execa from 'execa';
+import fs from 'fs';
 import Fsp from 'fs/promises';
 import { resolve, basename, join } from 'path';
 import { Client, ClientOptions, HttpConnection } from '@elastic/elasticsearch';
@@ -730,30 +731,26 @@ export async function runServerlessCluster(log: ToolingLog, options: ServerlessO
     portCmd[1].lastIndexOf(':')
   )}`;
 
-  let clientExtOptions = {};
-  if (options.ssl) {
-    const ca = await Fsp.readFile(CA_CERT_PATH);
-    clientExtOptions = {
-      tls: {
-        ca,
-        // NOTE: Even though we've added ca into the tls options, we are using 127.0.0.1 instead of localhost
-        // for the ip which is not validated. As such we are getting the error
-        // Hostname/IP does not match certificate's altnames: IP: 127.0.0.1 is not in the cert's list:
-        // To work around that we are overriding the function checkServerIdentity too
-        checkServerIdentity: () => {
-          return undefined;
-        },
-      },
-    };
-  }
-
   const client = getESClient({
     node: esNodeUrl,
     auth: {
       username: ELASTIC_SERVERLESS_SUPERUSER,
       password: ELASTIC_SERVERLESS_SUPERUSER_PASSWORD,
     },
-    ...clientExtOptions,
+    ...(options.ssl
+      ? {
+          tls: {
+            ca: [fs.readFileSync(CA_CERT_PATH)],
+            // NOTE: Even though we've added ca into the tls options, we are using 127.0.0.1 instead of localhost
+            // for the ip which is not validated. As such we are getting the error
+            // Hostname/IP does not match certificate's altnames: IP: 127.0.0.1 is not in the cert's list:
+            // To work around that we are overriding the function checkServerIdentity too
+            checkServerIdentity: () => {
+              return undefined;
+            },
+          },
+        }
+      : {}),
   });
 
   const readyPromise = waitUntilClusterReady({ client, expectedStatus: 'green', log }).then(