From a0385bf042f09010f3c3c2bfd944838d961979d9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= <pawel.gronowski@docker.com>
Date: Wed, 9 Apr 2025 14:13:59 +0200
Subject: [PATCH] swarm/init: Test `init --external-ca` with custom cert
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
---
 cli/command/swarm/client_test.go |  6 ++---
 cli/command/swarm/init_test.go   | 40 +++++++++++++++++++++++++++-----
 2 files changed, 37 insertions(+), 9 deletions(-)

diff --git a/cli/command/swarm/client_test.go b/cli/command/swarm/client_test.go
index 9e37db0e60..5b4a0aa32e 100644
--- a/cli/command/swarm/client_test.go
+++ b/cli/command/swarm/client_test.go
@@ -12,7 +12,7 @@ import (
 type fakeClient struct {
 	client.Client
 	infoFunc              func() (system.Info, error)
-	swarmInitFunc         func() (string, error)
+	swarmInitFunc         func(req swarm.InitRequest) (string, error)
 	swarmInspectFunc      func() (swarm.Swarm, error)
 	nodeInspectFunc       func() (swarm.Node, []byte, error)
 	swarmGetUnlockKeyFunc func() (types.SwarmUnlockKeyResponse, error)
@@ -36,9 +36,9 @@ func (cli *fakeClient) NodeInspectWithRaw(context.Context, string) (swarm.Node,
 	return swarm.Node{}, []byte{}, nil
 }
 
-func (cli *fakeClient) SwarmInit(context.Context, swarm.InitRequest) (string, error) {
+func (cli *fakeClient) SwarmInit(_ context.Context, req swarm.InitRequest) (string, error) {
 	if cli.swarmInitFunc != nil {
-		return cli.swarmInitFunc()
+		return cli.swarmInitFunc(req)
 	}
 	return "", nil
 }
diff --git a/cli/command/swarm/init_test.go b/cli/command/swarm/init_test.go
index f76ae79c66..0d62cd7d56 100644
--- a/cli/command/swarm/init_test.go
+++ b/cli/command/swarm/init_test.go
@@ -4,12 +4,15 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"os"
+	"path/filepath"
 	"testing"
 
 	"github.com/docker/cli/internal/test"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/swarm"
 	"gotest.tools/v3/assert"
+	is "gotest.tools/v3/assert/cmp"
 	"gotest.tools/v3/golden"
 )
 
@@ -17,7 +20,7 @@ func TestSwarmInitErrorOnAPIFailure(t *testing.T) {
 	testCases := []struct {
 		name                  string
 		flags                 map[string]string
-		swarmInitFunc         func() (string, error)
+		swarmInitFunc         func(swarm.InitRequest) (string, error)
 		swarmInspectFunc      func() (swarm.Swarm, error)
 		swarmGetUnlockKeyFunc func() (types.SwarmUnlockKeyResponse, error)
 		nodeInspectFunc       func() (swarm.Node, []byte, error)
@@ -25,14 +28,14 @@ func TestSwarmInitErrorOnAPIFailure(t *testing.T) {
 	}{
 		{
 			name: "init-failed",
-			swarmInitFunc: func() (string, error) {
+			swarmInitFunc: func(swarm.InitRequest) (string, error) {
 				return "", errors.New("error initializing the swarm")
 			},
 			expectedError: "error initializing the swarm",
 		},
 		{
 			name: "init-failed-with-ip-choice",
-			swarmInitFunc: func() (string, error) {
+			swarmInitFunc: func(swarm.InitRequest) (string, error) {
 				return "", errors.New("could not choose an IP address to advertise")
 			},
 			expectedError: "could not choose an IP address to advertise - specify one with --advertise-addr",
@@ -86,14 +89,14 @@ func TestSwarmInit(t *testing.T) {
 	testCases := []struct {
 		name                  string
 		flags                 map[string]string
-		swarmInitFunc         func() (string, error)
+		swarmInitFunc         func(req swarm.InitRequest) (string, error)
 		swarmInspectFunc      func() (swarm.Swarm, error)
 		swarmGetUnlockKeyFunc func() (types.SwarmUnlockKeyResponse, error)
 		nodeInspectFunc       func() (swarm.Node, []byte, error)
 	}{
 		{
 			name: "init",
-			swarmInitFunc: func() (string, error) {
+			swarmInitFunc: func(swarm.InitRequest) (string, error) {
 				return "nodeID", nil
 			},
 		},
@@ -102,7 +105,7 @@ func TestSwarmInit(t *testing.T) {
 			flags: map[string]string{
 				flagAutolock: "true",
 			},
-			swarmInitFunc: func() (string, error) {
+			swarmInitFunc: func(swarm.InitRequest) (string, error) {
 				return "nodeID", nil
 			},
 			swarmGetUnlockKeyFunc: func() (types.SwarmUnlockKeyResponse, error) {
@@ -132,3 +135,28 @@ func TestSwarmInit(t *testing.T) {
 		})
 	}
 }
+
+func TestSwarmInitWithExternalCA(t *testing.T) {
+	cli := test.NewFakeCli(&fakeClient{
+		swarmInitFunc: func(req swarm.InitRequest) (string, error) {
+			if assert.Check(t, is.Len(req.Spec.CAConfig.ExternalCAs, 1)) {
+				assert.Equal(t, req.Spec.CAConfig.ExternalCAs[0].CACert, cert)
+				assert.Equal(t, req.Spec.CAConfig.ExternalCAs[0].Protocol, swarm.ExternalCAProtocolCFSSL)
+				assert.Equal(t, req.Spec.CAConfig.ExternalCAs[0].URL, "https://example.com")
+			}
+			return "nodeID", nil
+		},
+	})
+
+	tempDir := t.TempDir()
+	certFile := filepath.Join(tempDir, "cert.pem")
+	err := os.WriteFile(certFile, []byte(cert), 0644)
+	assert.NilError(t, err)
+
+	cmd := newInitCommand(cli)
+	cmd.SetArgs([]string{})
+	cmd.SetOut(io.Discard)
+	cmd.SetErr(io.Discard)
+	assert.NilError(t, cmd.Flags().Set(flagExternalCA, "protocol=cfssl,url=https://example.com,cacert="+certFile))
+	assert.NilError(t, cmd.Execute())
+}