fixup! Add HTTP client to certificate manager

certificate-authority/config.yaml

@@ -29,6 +29,7 @@ apis:
       keyFile: "/secrets/private/cert.key"
       certFile: "/secrets/private/cert.crt"
       clientCertificateRequired: true
+
     authorization:
       ownerClaim: "sub"
       audience: ""

pkg/security/certManager/general/certManager.go

@@ -33,10 +33,12 @@ type Config struct {
 	ClientCertificateRequired bool                  `yaml:"clientCertificateRequired" json:"clientCertificateRequired" description:"require client certificate"`
 	UseSystemCAPool           bool                  `yaml:"useSystemCAPool" json:"useSystemCaPool" description:"use system certification pool"`
 	CRL                       pkgTls.CRLConfig      `yaml:"crl" json:"crl"`
+
+	CAPoolIsOptional bool `yaml:"-" json:"-"`
 }
 
 func (c Config) Validate() error {
-	if len(c.CAPool) == 0 && !c.UseSystemCAPool {
+	if len(c.CAPool) == 0 && !c.UseSystemCAPool && !c.CAPoolIsOptional {
 		return fmt.Errorf("caPool('%v')", c.CAPool)
 	}
 	if c.CertFile == "" {

pkg/security/certManager/server/certManager.go

@@ -83,6 +83,7 @@ func New(config Config, fileWatcher *fsnotify.Watcher, logger log.Logger, tracer
 	}
 	cfg := general.Config{
 		CAPool:                    config.caPoolArray,
+		CAPoolIsOptional:          config.CAPoolIsOptional,
 		KeyFile:                   config.KeyFile,
 		CertFile:                  config.CertFile,
 		ClientCertificateRequired: config.ClientCertificateRequired,