horizon: allow setting WEBSSO_KEYSTONE_URL

This patch enables users to override WEBSSO_KEYSTONE_URL variable for
Horizon.

As per docs:

> Use this when OPENSTACK_KEYSTONE_URL is set to an internal Keystone
endpoint and is not reachable from the external network where the
identity provider lives. This URL will take precedence over
OPENSTACK_KEYSTONE_URL if the login choice is an external identity
provider (IdP).

Change-Id: I542dadb8ada14ebab8257cc0693641b14c8adcc0
Signed-off-by: Marek Skrobacki <skrobul@skrobul.com>

horizon/Chart.yaml

@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Horizon
 name: horizon
-version: 0.3.27
+version: 0.3.28
 home: https://docs.openstack.org/horizon/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Horizon/OpenStack_Project_Horizon_vertical.png
 sources:

horizon/values.yaml

@@ -460,6 +460,11 @@ conf:
         # Determines which authentication choice to show as default.
         WEBSSO_INITIAL_CHOICE = "{{ .Values.conf.horizon.local_settings.config.auth.sso.initial_choice }}"
 
+        {{- if .Values.conf.horizon.local_settings.config.auth.sso.websso_keystone_url }}
+        # The full auth URL for the Keystone endpoint used for web single-sign-on authentication.
+        WEBSSO_KEYSTONE_URL = "{{ .Values.conf.horizon.local_settings.config.auth.sso.websso_keystone_url }}"
+        {{- end }}
+
         # The list of authentication mechanisms
         # which include keystone federation protocols.
         # Current supported protocol IDs are 'saml2' and 'oidc'

releasenotes/notes/horizon.yaml

@@ -64,4 +64,5 @@ horizon:
   - 0.3.25 Implement "CSRF_TRUSTED_ORIGINS" option support in horizon
   - 0.3.26 Fix templating of CSRF_TRUSTED_ORIGINS
   - 0.3.27 Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal by default
+  - 0.3.28 Add WEBSSO_KEYSTONE_URL value
 ...