add XSRFkey valication of 32 chars

templates/_helpers.tpl

@@ -61,6 +61,13 @@ app: "{{ template "harbor.name" . }}"
   {{- end -}}
 {{- end -}}
 
+{{/* Helper for validate the length of core.xsrfKey is 32 when it is explicitlt defined in values.yaml*/}}
+{{- define "harbor.verifyValuesXSRFkey" -}}
+  {{- if and .xsrfkeyValue (eq (len .xsrfkeyValue) 32 ) }}
+    {{- printf .xsrfkeyValue -}}
+  {{- end -}}
+{{- end -}}
+
 {{- define "harbor.autoGenCert" -}}
   {{- if and .Values.expose.tls.enabled (eq .Values.expose.tls.certSource "auto") -}}
     {{- printf "true" -}}

templates/core/core-secret.yaml

@@ -29,7 +29,7 @@ data:
   REGISTRY_CREDENTIAL_PASSWORD: {{ .Values.registry.credentials.password | b64enc | quote }}
   {{- end }}
   {{- if not .Values.core.existingXsrfSecret }}
-  CSRF_KEY: {{ .Values.core.xsrfKey | default (include "harbor.secretKeyHelper" (dict "key" "CSRF_KEY" "data" $existingSecret.data)) | default (randAlphaNum 32) | b64enc | quote }}
+  CSRF_KEY: {{ include "harbor.verifyValuesXSRFkey" (dict "xsrfkeyValue" .Values.core.xsrfKey) | default (include "harbor.secretKeyHelper" (dict "key" "CSRF_KEY" "data" $existingSecret.data)) | default (randAlphaNum 32) | b64enc | quote }}
   {{- end }}
 {{- if .Values.core.configureUserSettings }}
   CONFIG_OVERWRITE_JSON: {{ .Values.core.configureUserSettings | b64enc | quote }}

values.yaml

@@ -624,7 +624,7 @@ core:
   tokenKey: |
   # If tokenKey is set, the value of tokenCert must be set as a PEM-encoded certificate signed by tokenKey, and supplied as a multiline string, indented one more than tokenCert on the following line.
   tokenCert: |
-  # The XSRF key. Will be generated automatically if it isn't specified
+  # The XSRF key. Will be generated automatically if it isn't specified or it is not a string of 32 characters
   xsrfKey: ""
   # If using existingSecret, the key is defined by core.existingXsrfSecretKey
   existingXsrfSecret: ""