Merge pull request #1679 from zyyw/1.14.0-b64dec

[cherry-pick] fix: avoid decoding plain text password when database secret exists
goharbor · Jan 17, 2024 · 29089b7 · 29089b7
2 parents 7f748f8 + 7b91c25
commit 29089b7
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
@@ -98,7 +98,7 @@ app: "{{ template "harbor.name" . }}"
   {{- if eq .Values.database.type "internal" -}}
     {{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (include "harbor.database" .) -}}
     {{- if and (not (empty $existingSecret)) (hasKey $existingSecret.data "POSTGRES_PASSWORD") -}}
-      {{- .Values.database.internal.password | default (index $existingSecret.data "POSTGRES_PASSWORD") | b64dec -}}
+      {{- .Values.database.internal.password | default (index $existingSecret.data "POSTGRES_PASSWORD" | b64dec) -}}
     {{- else -}}
       {{- .Values.database.internal.password -}}
     {{- end -}}