fix(swarm): stack deployments [BE-12478] (#1547)

This commit 9b9d103b29, introduced in docker 29, changed the behaviour of how the --tlsXXX flags are handled. Before this change leading and trailing quotes would be stripped. This meant that an invalid path that we were passing for the tls ca cert was being cleaned up to be an empty string. To preserve the old behaviour we now pass an empty string.

api/exec/swarm_stack.go

@@ -183,7 +183,7 @@ func (manager *SwarmStackManager) prepareDockerCommandAndArgs(binaryPath, config
 		if !endpoint.TLSConfig.TLSSkipVerify {
 			args = append(args, "--tlsverify", "--tlscacert", endpoint.TLSConfig.TLSCACertPath)
 		} else {
-			args = append(args, "--tlscacert", "''")
+			args = append(args, "--tlscacert", "")
 		}
 
 		if endpoint.TLSConfig.TLSCertPath != "" && endpoint.TLSConfig.TLSKeyPath != "" {

api/exec/swarm_stack_test.go

@@ -3,7 +3,9 @@ package exec
 import (
 	"testing"
 
+	portainer "github.com/portainer/portainer/api"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestConfigFilePaths(t *testing.T) {
@@ -13,3 +15,29 @@ func TestConfigFilePaths(t *testing.T) {
 	output := configureFilePaths(args, filePaths)
 	assert.ElementsMatch(t, expected, output, "wrong output file paths")
 }
+
+func TestPrepareDockerCommandAndArgs(t *testing.T) {
+	binaryPath := "/test/dist"
+	configPath := "/test/config"
+	manager := &SwarmStackManager{
+		binaryPath: binaryPath,
+		configPath: configPath,
+	}
+
+	endpoint := &portainer.Endpoint{
+		URL: "tcp://test:9000",
+		TLSConfig: portainer.TLSConfiguration{
+			TLS:           true,
+			TLSSkipVerify: true,
+		},
+	}
+
+	command, args, err := manager.prepareDockerCommandAndArgs(binaryPath, configPath, endpoint)
+	require.NoError(t, err)
+
+	expectedCommand := "/test/dist/docker"
+	expectedArgs := []string{"--config", "/test/config", "-H", "tcp://test:9000", "--tls", "--tlscacert", ""}
+
+	require.Equal(t, expectedCommand, command)
+	require.Equal(t, expectedArgs, args)
+}