From 950a671e206d8fb4d507f31b47e4452f6c6f5cac Mon Sep 17 00:00:00 2001
From: Daniel Adam <daniel.adam1922@protonmail.com>
Date: Thu, 31 Oct 2024 11:24:05 +0100
Subject: [PATCH] fixup! Add HTTP client to certificate manager

---
 certificate-authority/config.yaml               | 1 +
 pkg/security/certManager/general/certManager.go | 4 +++-
 pkg/security/certManager/server/certManager.go  | 1 +
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/certificate-authority/config.yaml b/certificate-authority/config.yaml
index 6cff2ac34..15f6ebfe4 100644
--- a/certificate-authority/config.yaml
+++ b/certificate-authority/config.yaml
@@ -29,6 +29,7 @@ apis:
       keyFile: "/secrets/private/cert.key"
       certFile: "/secrets/private/cert.crt"
       clientCertificateRequired: true
+
     authorization:
       ownerClaim: "sub"
       audience: ""
diff --git a/pkg/security/certManager/general/certManager.go b/pkg/security/certManager/general/certManager.go
index 8930bfde7..d6b3808aa 100644
--- a/pkg/security/certManager/general/certManager.go
+++ b/pkg/security/certManager/general/certManager.go
@@ -33,10 +33,12 @@ type Config struct {
 	ClientCertificateRequired bool                  `yaml:"clientCertificateRequired" json:"clientCertificateRequired" description:"require client certificate"`
 	UseSystemCAPool           bool                  `yaml:"useSystemCAPool" json:"useSystemCaPool" description:"use system certification pool"`
 	CRL                       pkgTls.CRLConfig      `yaml:"crl" json:"crl"`
+
+	CAPoolIsOptional bool `yaml:"-" json:"-"`
 }
 
 func (c Config) Validate() error {
-	if len(c.CAPool) == 0 && !c.UseSystemCAPool {
+	if len(c.CAPool) == 0 && !c.UseSystemCAPool && !c.CAPoolIsOptional {
 		return fmt.Errorf("caPool('%v')", c.CAPool)
 	}
 	if c.CertFile == "" {
diff --git a/pkg/security/certManager/server/certManager.go b/pkg/security/certManager/server/certManager.go
index 743af8619..5d522b624 100644
--- a/pkg/security/certManager/server/certManager.go
+++ b/pkg/security/certManager/server/certManager.go
@@ -83,6 +83,7 @@ func New(config Config, fileWatcher *fsnotify.Watcher, logger log.Logger, tracer
 	}
 	cfg := general.Config{
 		CAPool:                    config.caPoolArray,
+		CAPoolIsOptional:          config.CAPoolIsOptional,
 		KeyFile:                   config.KeyFile,
 		CertFile:                  config.CertFile,
 		ClientCertificateRequired: config.ClientCertificateRequired,