[bitnami/harbor] fix: core-secret-envvars.yaml now handles variables individually (#28474)

* fix: core-secret-envvars.yaml now handles variables individually

Signed-off-by: Julien D <un.common366@passinbox.com>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

* fix: move encryptedPassword logic to core-secret-envvars

Signed-off-by: Julien D <un.common366@passinbox.com>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

* fix: double base64enc fixed and version bump

Signed-off-by: Julien D <un.common366@passinbox.com>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

---------

Signed-off-by: Julien D <un.common366@passinbox.com>
Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
Co-authored-by: Bitnami Containers <bitnami-bot@vmware.com>

bitnami/harbor/templates/_helpers.tpl

@@ -143,10 +143,6 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 {{- end -}}
 {{- end -}}
 
-{{- define "harbor.database.encryptedPassword" -}}
-  {{- include "harbor.database.rawPassword" . | b64enc | quote -}}
-{{- end -}}
-
 {{- define "harbor.database.coreDatabase" -}}
 {{- ternary "registry" .Values.externalDatabase.coreDatabase .Values.postgresql.enabled -}}
 {{- end -}}

bitnami/harbor/templates/core/core-secret-envvars.yaml

@@ -3,7 +3,7 @@ Copyright Broadcom, Inc. All Rights Reserved.
 SPDX-License-Identifier: APACHE-2.0
 */}}
 
-{{- if not .Values.core.existingEnvVarsSecret }}
+{{- $existingEnvVarsSecret := .Values.existingEnvVarsSecret | default dict -}}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -18,11 +18,10 @@ metadata:
   {{- end }}
 type: Opaque
 data:
-  _REDIS_URL_CORE: {{ include "harbor.redisForCore" . | b64enc | quote }}
-  _REDIS_URL_REG: {{ include "harbor.redisForGC" . | b64enc | quote }}
-  REGISTRY_CREDENTIAL_USERNAME: {{ .Values.registry.credentials.username | b64enc | quote }}
-  REGISTRY_CREDENTIAL_PASSWORD: {{ .Values.registry.credentials.password | b64enc | quote }}
-  CSRF_KEY: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-envvars" (include "harbor.core" .)) "key" "CSRF_KEY" "length" 32 "providedValues" (list "core.csrfKey") "context" $) }}
-  HARBOR_ADMIN_PASSWORD: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-envvars" (include "harbor.core" .)) "key" "HARBOR_ADMIN_PASSWORD" "length" 10 "providedValues" (list "adminPassword") "context" $) }}
-  POSTGRESQL_PASSWORD: {{ template "harbor.database.encryptedPassword" . }}
-{{- end }}
+  _REDIS_URL_CORE: {{ $existingEnvVarsSecret._REDIS_URL_CORE | default (include "harbor.redisForCore" .) | b64enc | quote }}
+  _REDIS_URL_REG: {{ $existingEnvVarsSecret._REDIS_URL_REG | default (include "harbor.redisForGC" .) | b64enc | quote }}
+  REGISTRY_CREDENTIAL_USERNAME: {{ $existingEnvVarsSecret.REGISTRY_CREDENTIAL_USERNAME | default .Values.registry.credentials.username | b64enc | quote }}
+  REGISTRY_CREDENTIAL_PASSWORD: {{ $existingEnvVarsSecret.REGISTRY_CREDENTIAL_PASSWORD | default .Values.registry.credentials.password | b64enc | quote }}
+  CSRF_KEY: {{ $existingEnvVarsSecret.CSRF_KEY | default (include "common.secrets.passwords.manage" (dict "secret" (printf "%s-envvars" (include "harbor.core" .)) "key" "CSRF_KEY" "length" 32 "providedValues" (list "core.csrfKey") "context" $)) }}
+  HARBOR_ADMIN_PASSWORD: {{ $existingEnvVarsSecret.HARBOR_ADMIN_PASSWORD | default (include "common.secrets.passwords.manage" (dict "secret" (printf "%s-envvars" (include "harbor.core" .)) "key" "HARBOR_ADMIN_PASSWORD" "length" 22 "providedValues" (list "adminPassword") "context" $)) }}
+  POSTGRESQL_PASSWORD: {{ $existingEnvVarsSecret.POSTGRESQL_PASSWORD | default (include "harbor.database.rawPassword" .) | b64enc | quote }}