From 51b6cf466443411ffe25a371990b157ffe0cf7df Mon Sep 17 00:00:00 2001
From: josebb <jose.bautista.barato@gmail.com>
Date: Thu, 10 Mar 2022 17:33:21 +0200
Subject: [PATCH] Support SSL identity endpoint in horizon

Change-Id: I14c99d6966f3610425c5430d40f28d7bce7d2750
---
 horizon/Chart.yaml                | 2 +-
 horizon/templates/deployment.yaml | 8 ++++++--
 horizon/values.yaml               | 3 +++
 releasenotes/notes/horizon.yaml   | 1 +
 4 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/horizon/Chart.yaml b/horizon/Chart.yaml
index 39ea283033..01964b7031 100644
--- a/horizon/Chart.yaml
+++ b/horizon/Chart.yaml
@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Horizon
 name: horizon
-version: 0.2.25
+version: 0.2.26
 home: https://docs.openstack.org/horizon/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Horizon/OpenStack_Project_Horizon_vertical.png
 sources:
diff --git a/horizon/templates/deployment.yaml b/horizon/templates/deployment.yaml
index e3978c588c..a23b56df17 100644
--- a/horizon/templates/deployment.yaml
+++ b/horizon/templates/deployment.yaml
@@ -70,6 +70,10 @@ spec:
             valueFrom:
               fieldRef:
                 fieldPath: status.podIP
+{{- if or .Values.manifests.certificates .Values.tls.identity }}
+          - name: REQUESTS_CA_BUNDLE
+            value: "/etc/openstack-dashboard/certs/ca.crt"
+{{- end }}
           lifecycle:
             preStop:
               exec:
@@ -157,7 +161,7 @@ spec:
               mountPath: /tmp/favicon.ico
               subPath: favicon.ico
             {{- end }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.secrets.tls.dashboard.dashboard.internal "path" "/etc/openstack-dashboard/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{- dict "enabled" (or $envAll.Values.manifests.certificates $envAll.Values.tls.identity) "name" $envAll.Values.secrets.tls.dashboard.dashboard.internal "path" "/etc/openstack-dashboard/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
 {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
 {{ if $mounts_horizon.volumeMounts }}{{ toYaml $mounts_horizon.volumeMounts | indent 12 }}{{ end }}
       volumes:
@@ -181,6 +185,6 @@ spec:
             name: horizon-logo
         {{- end }}
 {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.secrets.tls.dashboard.dashboard.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{- dict "enabled" (or $envAll.Values.manifests.certificates $envAll.Values.tls.identity) "name" $envAll.Values.secrets.tls.dashboard.dashboard.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
 {{ if $mounts_horizon.volumes }}{{ toYaml $mounts_horizon.volumes | indent 8 }}{{ end }}
 {{- end }}
diff --git a/horizon/values.yaml b/horizon/values.yaml
index 1f58555371..68b75afc75 100644
--- a/horizon/values.yaml
+++ b/horizon/values.yaml
@@ -1236,6 +1236,9 @@ secrets:
   oci_image_registry:
     horizon: horizon-oci-image-registry
 
+tls:
+  identity: false
+
 # typically overridden by environmental
 # values, but should include all endpoints
 # required by this chart
diff --git a/releasenotes/notes/horizon.yaml b/releasenotes/notes/horizon.yaml
index 534b5db944..b9a79ef43b 100644
--- a/releasenotes/notes/horizon.yaml
+++ b/releasenotes/notes/horizon.yaml
@@ -35,4 +35,5 @@ horizon:
   - 0.2.23 Add Xena and Yoga value overrides
   - 0.2.24 Remove blank lines in logo configmap
   - 0.2.25 Added OCI registry authentication
+  - 0.2.26 Support SSL identity endpoint
 ...