From 81f87595fe3f41ab9eb1216bfb09b10ff0ea80af Mon Sep 17 00:00:00 2001
From: Ying Li <ying.li@docker.com>
Date: Tue, 25 Apr 2017 15:40:46 -0700
Subject: [PATCH] Add the CACert parameter to the ExternalCA object in order to
 match swarmkit's API type.  Make sure this parameter gets propagated to
 swarmkit, and also add an extra option to the CLI when providing external CAs
 to parse the CA cert from a file.

Signed-off-by: Ying Li <ying.li@docker.com>
---
 cli/command/swarm/opts.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/cli/command/swarm/opts.go b/cli/command/swarm/opts.go
index 225d38d110..a28dd4aad4 100644
--- a/cli/command/swarm/opts.go
+++ b/cli/command/swarm/opts.go
@@ -2,7 +2,9 @@ package swarm
 
 import (
 	"encoding/csv"
+	"encoding/pem"
 	"fmt"
+	"io/ioutil"
 	"strings"
 	"time"
 
@@ -154,6 +156,15 @@ func parseExternalCA(caSpec string) (*swarm.ExternalCA, error) {
 		case "url":
 			hasURL = true
 			externalCA.URL = value
+		case "cacert":
+			cacontents, err := ioutil.ReadFile(value)
+			if err != nil {
+				return nil, errors.Wrap(err, "unable to read CA cert for external CA")
+			}
+			if pemBlock, _ := pem.Decode(cacontents); pemBlock == nil {
+				return nil, errors.New("CA cert for external CA must be in PEM format")
+			}
+			externalCA.CACert = string(cacontents)
 		default:
 			externalCA.Options[key] = value
 		}