LOG-4184: fix config forwarding to default Loki using vector

Signed-off-by: Vitalii Parfonov <vparfono@redhat.com>

internal/generator/vector/output/loki/loki.go

@@ -2,6 +2,7 @@ package loki
 
 import (
 	"fmt"
+	"github.com/openshift/cluster-logging-operator/internal/generator/url"
 	"strings"
 
 	"github.com/openshift/cluster-logging-operator/internal/generator/vector/helpers"
@@ -193,20 +194,21 @@ func TLSConf(o logging.OutputSpec, secret *corev1.Secret) []Element {
 	conf := []Element{}
 
 	hasTLS := false
+	u, _ := url.Parse(o.URL)
 	conf = append(conf, security.TLSConf{
 		ComponentID:        strings.ToLower(vectorhelpers.Replacer.Replace(o.Name)),
 		InsecureSkipVerify: o.TLS != nil && o.TLS.InsecureSkipVerify,
 	})
 
-	if o.Name == logging.OutputNameDefault || security.HasTLSCertAndKey(secret) {
+	if o.Secret != nil && (o.Name == logging.OutputNameDefault || security.HasTLSCertAndKey(secret)) {
 		hasTLS = true
 		kc := TLSKeyCert{
 			CertPath: security.SecretPath(o.Secret.Name, constants.ClientCertKey),
 			KeyPath:  security.SecretPath(o.Secret.Name, constants.ClientPrivateKey),
 		}
 		conf = append(conf, kc)
 	}
-	if o.Name == logging.OutputNameDefault || security.HasCABundle(secret) {
+	if o.Secret != nil && (o.Name == logging.OutputNameDefault || security.HasCABundle(secret)) {
 		hasTLS = true
 		ca := CAFile{
 			CAFilePath: security.SecretPath(o.Secret.Name, constants.TrustedCABundleKey),
@@ -216,10 +218,7 @@ func TLSConf(o logging.OutputSpec, secret *corev1.Secret) []Element {
 	if o.TLS != nil && o.TLS.InsecureSkipVerify {
 		hasTLS = true
 	}
-	if !hasTLS {
-		return []Element{}
-	}
-	if o.Secret == nil && secret != nil {
+	if o.Secret == nil && secret != nil && url.IsTLSScheme(u.Scheme) {
 		// Set CA from logcollector ServiceAccount for internal Loki
 		return []Element{
 			security.TLSConf{
@@ -230,6 +229,9 @@ func TLSConf(o logging.OutputSpec, secret *corev1.Secret) []Element {
 			},
 		}
 	}
+	if !hasTLS {
+		return []Element{}
+	}
 	return conf
 }