From 320cd0f1acd767c9b105eafac06e9ba875fe145a Mon Sep 17 00:00:00 2001
From: Mahesh Shekhar <mahesh.shekhar@equalexperts.com>
Date: Thu, 6 Jun 2024 17:57:21 +0530
Subject: [PATCH 1/3] Added Mtls binding for cloudflare

---
 .changelog/2366.txt      |  3 +++
 workers_bindings.go      | 29 +++++++++++++++++++++++++++++
 workers_bindings_test.go | 22 +++++++++++++++++++---
 workers_test.go          |  5 +++++
 4 files changed, 56 insertions(+), 3 deletions(-)
 create mode 100644 .changelog/2366.txt

diff --git a/.changelog/2366.txt b/.changelog/2366.txt
new file mode 100644
index 00000000000..dc8b52f0ea3
--- /dev/null
+++ b/.changelog/2366.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+workers: Add mTLS cert binding for Cloudflare Workers
+```
\ No newline at end of file
diff --git a/workers_bindings.go b/workers_bindings.go
index 0516c5b3f72..d152542a066 100644
--- a/workers_bindings.go
+++ b/workers_bindings.go
@@ -46,6 +46,8 @@ const (
 	DispatchNamespaceBindingType WorkerBindingType = "dispatch_namespace"
 	// WorkerD1DataseBindingType is for D1 databases.
 	WorkerD1DataseBindingType WorkerBindingType = "d1"
+	// WorkerMtlsCertificateBindingType is for mtls certificates.
+	WorkerMtlsCertificateBindingType WorkerBindingType = "mtls_certificate"
 )
 
 type ListWorkerBindingsParams struct {
@@ -433,6 +435,28 @@ func (b WorkerD1DatabaseBinding) serialize(bindingName string) (workerBindingMet
 	}, nil, nil
 }
 
+// WorkerMtlsCertificateBinding is a binding to a mtls certificate.
+type WorkerMtlsCertificateBinding struct {
+	CertificateID string
+}
+
+// Type returns the type of the binding.
+func (b WorkerMtlsCertificateBinding) Type() WorkerBindingType {
+	return WorkerMtlsCertificateBindingType
+}
+
+func (b WorkerMtlsCertificateBinding) serialize(bindingName string) (workerBindingMeta, workerBindingBodyWriter, error) {
+	if b.CertificateID == "" {
+		return nil, nil, fmt.Errorf(`certificate ID for binding "%s" cannot be empty`, bindingName)
+	}
+
+	return workerBindingMeta{
+		"name": bindingName,
+		"type": b.Type(),
+		"id":   b.CertificateID,
+	}, nil, nil
+}
+
 // UnsafeBinding is for experimental or deprecated bindings, and allows specifying any binding type or property.
 type UnsafeBinding map[string]interface{}
 
@@ -562,6 +586,11 @@ func (api *API) ListWorkerBindings(ctx context.Context, rc *ResourceContainer, p
 			bindingListItem.Binding = WorkerD1DatabaseBinding{
 				DatabaseID: database_id,
 			}
+		case WorkerMtlsCertificateBindingType:
+			certificate_id := jsonBinding["certificate_id"].(string)
+			bindingListItem.Binding = WorkerMtlsCertificateBinding{
+				CertificateID: certificate_id,
+			}
 		default:
 			bindingListItem.Binding = WorkerInheritBinding{}
 		}
diff --git a/workers_bindings_test.go b/workers_bindings_test.go
index bb7f141fa8b..9573d41b1c6 100644
--- a/workers_bindings_test.go
+++ b/workers_bindings_test.go
@@ -35,7 +35,7 @@ func TestListWorkerBindings(t *testing.T) {
 	assert.NoError(t, err)
 
 	assert.Equal(t, successResponse, res.Response)
-	assert.Equal(t, 9, len(res.BindingList))
+	assert.Equal(t, 10, len(res.BindingList))
 
 	assert.Equal(t, res.BindingList[0], WorkerBindingListItem{
 		Name: "MY_KV",
@@ -106,6 +106,15 @@ func TestListWorkerBindings(t *testing.T) {
 		},
 	})
 	assert.Equal(t, WorkerD1DataseBindingType, res.BindingList[8].Binding.Type())
+
+	assert.Equal(t, res.BindingList[9], WorkerBindingListItem{
+		Name: "MY_CERTIFICATE",
+		Binding: WorkerMtlsCertificateBinding{
+			CertificateID: "e0eeaf74-279a-45e3-8d27-65f336b94161",
+		},
+	})
+
+	assert.Equal(t, WorkerMtlsCertificateBindingType, res.BindingList[9].Binding.Type())
 }
 
 func TestListWorkerBindings_Wfp(t *testing.T) {
@@ -125,7 +134,7 @@ func TestListWorkerBindings_Wfp(t *testing.T) {
 	assert.NoError(t, err)
 
 	assert.Equal(t, successResponse, res.Response)
-	assert.Equal(t, 9, len(res.BindingList))
+	assert.Equal(t, 10, len(res.BindingList))
 
 	assert.Equal(t, res.BindingList[0], WorkerBindingListItem{
 		Name: "MY_KV",
@@ -181,7 +190,6 @@ func TestListWorkerBindings_Wfp(t *testing.T) {
 			Dataset: "my_dataset",
 		},
 	})
-
 	assert.Equal(t, WorkerAnalyticsEngineBindingType, res.BindingList[7].Binding.Type())
 
 	assert.Equal(t, res.BindingList[8], WorkerBindingListItem{
@@ -191,6 +199,14 @@ func TestListWorkerBindings_Wfp(t *testing.T) {
 		},
 	})
 	assert.Equal(t, WorkerD1DataseBindingType, res.BindingList[8].Binding.Type())
+
+	assert.Equal(t, res.BindingList[9], WorkerBindingListItem{
+		Name: "MY_CERTIFICATE",
+		Binding: WorkerMtlsCertificateBinding{
+			CertificateID: "e0eeaf74-279a-45e3-8d27-65f336b94161",
+		},
+	})
+	assert.Equal(t, WorkerMtlsCertificateBindingType, res.BindingList[9].Binding.Type())
 }
 
 func ExampleUnsafeBinding() {
diff --git a/workers_test.go b/workers_test.go
index 6175440a130..261c108f64b 100644
--- a/workers_test.go
+++ b/workers_test.go
@@ -145,6 +145,11 @@ const (
 				"name": "MY_DATABASE",
 				"type": "d1",
 				"database_id": "cef5331f-e5c7-4c8a-a415-7908ae45f92a"
+			},
+			{
+				"name": "MY_CERTIFICATE",
+				"type": "mtls_certificate",
+				"certificate_id": "e0eeaf74-279a-45e3-8d27-65f336b94161"
 			}
 		],
 		"success": true,

From ba1417eb6612bb311107776f337fbcd9bb87e54a Mon Sep 17 00:00:00 2001
From: Mahesh Shekhar <mahesh.shekhar@equalexperts.com>
Date: Thu, 6 Jun 2024 22:13:19 +0530
Subject: [PATCH 2/3] Added Mtls binding for cloudflare

---
 .changelog/{2366.txt => 2387.txt} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename .changelog/{2366.txt => 2387.txt} (100%)

diff --git a/.changelog/2366.txt b/.changelog/2387.txt
similarity index 100%
rename from .changelog/2366.txt
rename to .changelog/2387.txt

From 79d53366cbdb03f69d844c6e29d2f3592e24269a Mon Sep 17 00:00:00 2001
From: Mahesh Shekhar <mahesh.shekhar@equalexperts.com>
Date: Thu, 6 Jun 2024 22:16:03 +0530
Subject: [PATCH 3/3] Added Mtls binding for cloudflare

---
 .changelog/{2387.txt => 2394.txt} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename .changelog/{2387.txt => 2394.txt} (100%)

diff --git a/.changelog/2387.txt b/.changelog/2394.txt
similarity index 100%
rename from .changelog/2387.txt
rename to .changelog/2394.txt