SONAR-24068 Fix SSF-681

SonarSource · Dec 20, 2024 · 947e2e6 · 947e2e6
1 parent 73b9094
commit 947e2e6
Show file tree

Hide file tree

Showing 77 changed files with 178 additions and 158 deletions.
diff --git a/.cirrus/generate_helm_fixtures.sh b/.cirrus/generate_helm_fixtures.sh
@@ -22,7 +22,7 @@ for path in "sonarqube" "sonarqube-dce"; do
         FIXTURE_STATIC_TEST_FOLDER="./tests/unit-compatibility-test/fixtures/${path}/${TEST_CASE_NAME}"
 
         echo "Entering fixture test for ${TEST_CASE_NAME}"
-        helm template --set global.postgresql.postgresqlPostgresPassword='toto' --kube-version "$KUBE_VERSION" --dry-run --debug -f "$file" "${TEST_CASE_NAME}" ${CHART_TEST_FOLDER} > "${FIXTURE_STATIC_TEST_FOLDER}"
+        helm template --set monitoringPasscode='test' --set global.postgresql.postgresqlPostgresPassword='toto' --kube-version "$KUBE_VERSION" --dry-run --debug -f "$file" "${TEST_CASE_NAME}" ${CHART_TEST_FOLDER} > "${FIXTURE_STATIC_TEST_FOLDER}"
         echo "Ending fixture test test for ${TEST_CASE_NAME}"
     done
 

diff --git a/.cirrus/unit_helm_compatibility_test.sh b/.cirrus/unit_helm_compatibility_test.sh
@@ -28,6 +28,7 @@ for file in "${STATIC_TEST_FOLDER}"/*; do
         --kube-version "${KUBE_VERSION}" \
         --dry-run \
         --debug \
+        --set monitoringPasscode='test' \
         -f "${file}" "${TEST_CASE_NAME}" "${CHART_PATH}" \
     | kubeconform \
         --kubernetes-version "${KUBE_VERSION}" \

diff --git a/charts/sonarqube-dce/CHANGELOG.md b/charts/sonarqube-dce/CHANGELOG.md
@@ -5,6 +5,7 @@ All changes to this chart will be documented in this file.
 * Update Chart's version to 2025.1.0
 * Update ingress-nginx subchart to 4.11.3
 * Support Kubernetes v1.32
+* Remove the default passcode provided with `monitoringPasscode`
 
 ## [10.8.1]
 * Update Chart's version to 10.8.1

diff --git a/charts/sonarqube-dce/Chart.yaml b/charts/sonarqube-dce/Chart.yaml
@@ -31,6 +31,8 @@ annotations:
       description: "Update ingress-nginx subchart to 4.11.3"
     - kind: changed
       description: "Support Kubernetes v1.32"
+    - kind: changed
+      description: "Remove the default passcode provided with 'monitoringPasscode'"
   artifacthub.io/links: |
     - name: support
       url: https://community.sonarsource.com/

diff --git a/charts/sonarqube-dce/README.md b/charts/sonarqube-dce/README.md
@@ -535,7 +535,7 @@ The following table lists the configurable parameters of the SonarQube chart and
 | Parameter                      | Description                                                                                                                              | Default          |
 | ------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
 | `sonarqubeFolder`              | (DEPRECATED) Directory name of SonarQube, Due to 1-1 mapping between helm version and docker version, there is no need for configuration | `/opt/sonarqube` |
-| `monitoringPasscode`           | Value for sonar.web.systemPasscode needed for LivenessProbes (encoded to Base64 format)                                                  | `define_it`      |
+| `monitoringPasscode`           | Value for sonar.web.systemPasscode needed for LivenessProbes (encoded to Base64 format).                                                 | `None`           |
 | `monitoringPasscodeSecretName` | Name of the secret where to load `monitoringPasscode`                                                                                    | `None`           |
 | `monitoringPasscodeSecretKey`  | Key of an existing secret containing `monitoringPasscode`                                                                                | `None`           |
 | `extraContainers`              | Array of extra containers to run alongside the `sonarqube` container (aka. Sidecars)                                                     | `[]`             |

diff --git a/charts/sonarqube-dce/ci/cirrus-values.yaml b/charts/sonarqube-dce/ci/cirrus-values.yaml
@@ -25,3 +25,5 @@ postgresql:
     # fsGroup and runAsUser specifications below are not applied if enabled=false. enabled=false is the required setting for OpenShift "restricted SCC" to work successfully.
     # postgresql dockerfile sets user as 1001
     fsGroup: 1001
+
+monitoringPasscode: "test"
diff --git a/charts/sonarqube-dce/openshift-verifier/values.yaml b/charts/sonarqube-dce/openshift-verifier/values.yaml
@@ -25,3 +25,5 @@ ApplicationNodes:
     tag: "10.8.1-datacenter-app"
     pullSecrets:
       - name: pullsecret
+
+monitoringPasscode: "test"
diff --git a/charts/sonarqube-dce/templates/validation.yaml b/charts/sonarqube-dce/templates/validation.yaml
@@ -0,0 +1,3 @@
+{{- if or (and (not .Values.monitoringPasscode) (not .Values.monitoringPasscodeSecretName) (not .Values.monitoringPasscodeSecretKey)) (and (not .Values.monitoringPasscodeSecretName) .Values.monitoringPasscodeSecretKey) (and .Values.monitoringPasscodeSecretName (not .Values.monitoringPasscodeSecretKey)) -}}
+{{- fail "\n ** The values.yaml file is not valid. ** \n Please provide a passcode either setting \"monitoringPasscode\" or \"monitoringPasscodeSecretName\" and \"monitoringPasscodeSecretKey\"" -}}
+{{- end -}}
diff --git a/charts/sonarqube-dce/values.yaml b/charts/sonarqube-dce/values.yaml
@@ -643,7 +643,7 @@ initFs:
 
 # a monitoring passcode needs to be defined in order to get reasonable probe results
 # not setting the monitoring passcode will result in a deployment that will never be ready
-monitoringPasscode: "define_it"
+# monitoringPasscode: "define_it"
 # Alternatively, you can define the passcode loading it from an existing secret specifying the right key
 # monitoringPasscodeSecretName: "pass-secret-name"
 # monitoringPasscodeSecretKey: "pass-key"

diff --git a/charts/sonarqube/CHANGELOG.md b/charts/sonarqube/CHANGELOG.md
@@ -5,6 +5,7 @@ All changes to this chart will be documented in this file.
 * Update Chart's version to 2025.1.0
 * Update ingress-nginx subchart to 4.11.3
 * Support Kubernetes v1.32
+* Remove the default passcode provided with `monitoringPasscode`
 
 ## [10.8.1]
 * Update Chart's version to 10.8.1

diff --git a/charts/sonarqube/Chart.yaml b/charts/sonarqube/Chart.yaml
@@ -36,6 +36,8 @@ annotations:
       description: "Update ingress-nginx subchart to 4.11.3"
     - kind: changed
       description: "Support Kubernetes v1.32"
+    - kind: changed
+      description: "Remove the default passcode provided with 'monitoringPasscode'"
   artifacthub.io/containsSecurityUpdates: "false"
   artifacthub.io/images: |
     - name: sonarqube

diff --git a/charts/sonarqube/README.md b/charts/sonarqube/README.md
@@ -450,7 +450,7 @@ The following table lists the configurable parameters of the SonarQube chart and
 | `sonarProperties`              | Custom `sonar.properties` key-value pairs (e.g., "sonarProperties.sonar.forceAuthentication=true")                                       | `None`           |
 | `sonarSecretProperties`        | Additional `sonar.properties` key-value pairs to load from a secret                                                                      | `None`           |
 | `sonarSecretKey`               | Name of existing secret used for settings encryption                                                                                     | `None`           |
-| `monitoringPasscode`           | Value for sonar.web.systemPasscode needed for LivenessProbes (encoded to Base64 format)                                                  | `define_it`      |
+| `monitoringPasscode`           | Value for sonar.web.systemPasscode needed for LivenessProbes (encoded to Base64 format)                                                  | `None`           |
 | `monitoringPasscodeSecretName` | Name of the secret where to load `monitoringPasscode`                                                                                    | `None`           |
 | `monitoringPasscodeSecretKey`  | Key of an existing secret containing `monitoringPasscode`                                                                                | `None`           |
 | `extraContainers`              | Array of extra containers to run alongside the `sonarqube` container (aka. Sidecars)                                                     | `[]`             |

diff --git a/charts/sonarqube/ci/cirrus-values.yaml b/charts/sonarqube/ci/cirrus-values.yaml
@@ -3,6 +3,7 @@ image:
     - name: pullsecret
   repository: "sonarsource/sonarqube"
   tag: "24.12.0.100206-community"
+monitoringPasscode: "test"
 postgresql:
   securityContext:
     # On Cirrus, we have permissions issue if the fsGroup is not set to 1001 explicitly

diff --git a/charts/sonarqube/openshift-verifier/values.yaml b/charts/sonarqube/openshift-verifier/values.yaml
@@ -14,3 +14,5 @@ image:
     - name: pullsecret
   repository: "sonarsource/sonarqube"
   tag: "24.12.0.100206-community"
+
+monitoringPasscode: "test"
diff --git a/charts/sonarqube/templates/validation.yaml b/charts/sonarqube/templates/validation.yaml
@@ -0,0 +1,3 @@
+{{- if or (and (not .Values.monitoringPasscode) (not .Values.monitoringPasscodeSecretName) (not .Values.monitoringPasscodeSecretKey)) (and (not .Values.monitoringPasscodeSecretName) .Values.monitoringPasscodeSecretKey) (and .Values.monitoringPasscodeSecretName (not .Values.monitoringPasscodeSecretKey)) -}}
+{{- fail "\n ** The values.yaml file is not valid. ** \n Please provide a passcode either setting \"monitoringPasscode\" or \"monitoringPasscodeSecretName\" and \"monitoringPasscodeSecretKey\"" -}}
+{{- end -}}
diff --git a/charts/sonarqube/values.yaml b/charts/sonarqube/values.yaml
@@ -432,7 +432,7 @@ jvmCeOpts: ""
 
 ## a monitoring passcode needs to be defined in order to get reasonable probe results
 # not setting the monitoring passcode will result in a deployment that will never be ready
-monitoringPasscode: "define_it"
+# monitoringPasscode: "define_it"
 # Alternatively, you can define the passcode loading it from an existing secret specifying the right key
 # monitoringPasscodeSecretName: "pass-secret-name"
 # monitoringPasscodeSecretKey: "pass-key"

diff --git a/tests/unit-compatibility-test/fixtures/sonarqube-dce/application-values.yaml b/tests/unit-compatibility-test/fixtures/sonarqube-dce/application-values.yaml
@@ -61,7 +61,7 @@ metadata:
     heritage: Helm
 type: Opaque
 data:
-  SONAR_WEB_SYSTEMPASSCODE: "ZGVmaW5lX2l0"
+  SONAR_WEB_SYSTEMPASSCODE: "dGVzdA=="
 ---
 # Source: sonarqube-dce/templates/secret.yaml
 ---
@@ -402,7 +402,7 @@ spec:
       annotations:
         checksum/plugins: 7f24a3d6482b2129f679c9757bf21e5da233e385391bbfcffe5893a751ce4ca1
         checksum/config: aadbd5c551e813bde98349cfe8225b31aa87a22e55efbc5dfc753658896c23c0
-        checksum/secret: 29f0ff250b7e8a884fa8bb6e0bfd49d6662d7f05a352286bc2c91f1f4b905bf8
+        checksum/secret: bb6654cbd753cb460f503882d182b55ae4fd897a8243b6b02fb075cf01b8d58b
     spec:
       automountServiceAccountToken: false
       initContainers:
@@ -771,7 +771,7 @@ spec:
         checksum/init-sysctl: 513773d04154d0b575b6f8502de57363170897931a592a4c5b5f1d12bb6e91d0
         checksum/init-fs: 4ad4bbe3474b82b398009f1ca94d98cf18f910c3f18364a3550342ebc9debd02
         checksum/config: aadbd5c551e813bde98349cfe8225b31aa87a22e55efbc5dfc753658896c23c0
-        checksum/secret: 29f0ff250b7e8a884fa8bb6e0bfd49d6662d7f05a352286bc2c91f1f4b905bf8
+        checksum/secret: bb6654cbd753cb460f503882d182b55ae4fd897a8243b6b02fb075cf01b8d58b
     spec:
       automountServiceAccountToken: false
       initContainers:

diff --git a/tests/unit-compatibility-test/fixtures/sonarqube-dce/ca-certificates-configmap.yaml b/tests/unit-compatibility-test/fixtures/sonarqube-dce/ca-certificates-configmap.yaml
@@ -61,7 +61,7 @@ metadata:
     heritage: Helm
 type: Opaque
 data:
-  SONAR_WEB_SYSTEMPASSCODE: "ZGVmaW5lX2l0"
+  SONAR_WEB_SYSTEMPASSCODE: "dGVzdA=="
 ---
 # Source: sonarqube-dce/templates/secret.yaml
 ---
@@ -419,7 +419,7 @@ spec:
       annotations:
         checksum/plugins: 788d16db26576a42e4e0393f30937f76a83f62b64bb1d9433e17437aa2b50006
         checksum/config: ef821c78d46bf30db2108dce12feaeef5ce0429e099aa5752dbcdba6ad33af33
-        checksum/secret: 6d955991042dcd726b459657eb13a4dfe9f1024aac59bb7103977d0710dca50e
+        checksum/secret: 0379d3815507aec52a48c57cf5ade46a14100e6dae4221f74777b20a982402c7
     spec:
       automountServiceAccountToken: false
       initContainers:
@@ -860,7 +860,7 @@ spec:
         checksum/init-sysctl: ecc353de0ab68bfb55d894a9e5933457073b2ea295c6046c327d11d0fd258a74
         checksum/init-fs: 9542c7eb6279226c100e0f4f48b7f36fe54ec94d1b35f0ab1bce3e8f912faf85
         checksum/config: ef821c78d46bf30db2108dce12feaeef5ce0429e099aa5752dbcdba6ad33af33
-        checksum/secret: 6d955991042dcd726b459657eb13a4dfe9f1024aac59bb7103977d0710dca50e
+        checksum/secret: 0379d3815507aec52a48c57cf5ade46a14100e6dae4221f74777b20a982402c7
     spec:
       automountServiceAccountToken: false
       initContainers:

diff --git a/tests/unit-compatibility-test/fixtures/sonarqube-dce/ca-certificates-secret.yaml b/tests/unit-compatibility-test/fixtures/sonarqube-dce/ca-certificates-secret.yaml
@@ -61,7 +61,7 @@ metadata:
     heritage: Helm
 type: Opaque
 data:
-  SONAR_WEB_SYSTEMPASSCODE: "ZGVmaW5lX2l0"
+  SONAR_WEB_SYSTEMPASSCODE: "dGVzdA=="
 ---
 # Source: sonarqube-dce/templates/secret.yaml
 ---
@@ -403,7 +403,7 @@ spec:
       annotations:
         checksum/plugins: 6163a219fc94d0a36056eb767cce18cdad505b1f91fd930b53279eb2ee88ba2a
         checksum/config: 8492eaaf4806a907bf3c77f261b607d909b7cda8ccef8324600ec58b56a713cb
-        checksum/secret: bfad3a3590f8d693746be76b4818cf67fdccf55ad4f3bf6f5081504b6b9168b3
+        checksum/secret: 7145c73125de227362067f169e237fff38420f3e4303c535bbb761202f631979
     spec:
       automountServiceAccountToken: false
       initContainers:
@@ -799,7 +799,7 @@ spec:
         checksum/init-sysctl: 150fce13c73b3eb1d1b6918e3a93ce046166ad4e53c410c7c11880546fd97bc0
         checksum/init-fs: 131dbc636fb13658d9de983c65b8e961f5dc09dd6779c770a51b2011bafc95eb
         checksum/config: 8492eaaf4806a907bf3c77f261b607d909b7cda8ccef8324600ec58b56a713cb
-        checksum/secret: bfad3a3590f8d693746be76b4818cf67fdccf55ad4f3bf6f5081504b6b9168b3
+        checksum/secret: 7145c73125de227362067f169e237fff38420f3e4303c535bbb761202f631979
     spec:
       automountServiceAccountToken: false
       initContainers:

diff --git a/tests/unit-compatibility-test/fixtures/sonarqube-dce/change-admin-password-hook-values.yaml b/tests/unit-compatibility-test/fixtures/sonarqube-dce/change-admin-password-hook-values.yaml
@@ -61,7 +61,7 @@ metadata:
     heritage: Helm
 type: Opaque
 data:
-  SONAR_WEB_SYSTEMPASSCODE: "ZGVmaW5lX2l0"
+  SONAR_WEB_SYSTEMPASSCODE: "dGVzdA=="
 ---
 # Source: sonarqube-dce/templates/secret.yaml
 ---
@@ -416,7 +416,7 @@ spec:
       annotations:
         checksum/plugins: b8ceb5d7039b4bb906d910efc08325c1808e978575cf1f0b095982966d859ccf
         checksum/config: e7feecb4992d4983a533441a170758cf7af839d6b76537bac10293e29f0a6f8b
-        checksum/secret: d2cb97231ae4b7a52e06ea2257da5faa8da0f081d02ab49e31635e995923d5b5
+        checksum/secret: 49e1e59c7e21c53ee7c20e894378cfc591a92cc9f10c9ee9a9d06aad2f43b307
     spec:
       automountServiceAccountToken: false
       initContainers:
@@ -785,7 +785,7 @@ spec:
         checksum/init-sysctl: 87af1072afa3071a7a37eb0cd68ce5e37cefdb3b8a764f796c04d5384661c032
         checksum/init-fs: bd93d9dba2f3ac016d5a65f5c3dbc3db5e337dd29cb822ecbbf87b5f600ad95e
         checksum/config: e7feecb4992d4983a533441a170758cf7af839d6b76537bac10293e29f0a6f8b
-        checksum/secret: d2cb97231ae4b7a52e06ea2257da5faa8da0f081d02ab49e31635e995923d5b5
+        checksum/secret: 49e1e59c7e21c53ee7c20e894378cfc591a92cc9f10c9ee9a9d06aad2f43b307
     spec:
       automountServiceAccountToken: false
       initContainers:

diff --git a/tests/unit-compatibility-test/fixtures/sonarqube-dce/config-values.yaml b/tests/unit-compatibility-test/fixtures/sonarqube-dce/config-values.yaml
@@ -61,7 +61,7 @@ metadata:
     heritage: Helm
 type: Opaque
 data:
-  SONAR_WEB_SYSTEMPASSCODE: "ZGVmaW5lX2l0"
+  SONAR_WEB_SYSTEMPASSCODE: "dGVzdA=="
 ---
 # Source: sonarqube-dce/templates/secret.yaml
 ---
@@ -408,7 +408,7 @@ spec:
       annotations:
         checksum/plugins: be0da520c4e1f3dd5a4e245b539c61da0ad0701b3fd4a18836cbbb35c6170788
         checksum/config: a91320756172987b1697509d75e6a5889c888e9421185b1c9e93c9cdbde80756
-        checksum/secret: 4277f6e2527d6cf2f618a07efcf9f312fb3bf9721ba33e4cb5fc3250a0fb5e7e
+        checksum/secret: 76ca5d4713aa10c2d7a3d46fa5b26bebb1a9a76264f0ead86350c48ae56cddeb
     spec:
       automountServiceAccountToken: false
       initContainers:
@@ -838,7 +838,7 @@ spec:
         checksum/init-sysctl: ce8eb3b0b47b8d18c8760fcf1f9fa9e5b8ac21c74416f479fbcf88c97bf3045e
         checksum/init-fs: 890348148f632557b4a3fdeb3d8def00595a153439c6bc12ea65b5e4ace657f4
         checksum/config: a91320756172987b1697509d75e6a5889c888e9421185b1c9e93c9cdbde80756
-        checksum/secret: 4277f6e2527d6cf2f618a07efcf9f312fb3bf9721ba33e4cb5fc3250a0fb5e7e
+        checksum/secret: 76ca5d4713aa10c2d7a3d46fa5b26bebb1a9a76264f0ead86350c48ae56cddeb
     spec:
       automountServiceAccountToken: false
       initContainers:

diff --git a/tests/unit-compatibility-test/fixtures/sonarqube-dce/custom-image-values.yaml b/tests/unit-compatibility-test/fixtures/sonarqube-dce/custom-image-values.yaml
@@ -61,7 +61,7 @@ metadata:
     heritage: Helm
 type: Opaque
 data:
-  SONAR_WEB_SYSTEMPASSCODE: "ZGVmaW5lX2l0"
+  SONAR_WEB_SYSTEMPASSCODE: "dGVzdA=="
 ---
 # Source: sonarqube-dce/templates/secret.yaml
 ---
@@ -402,7 +402,7 @@ spec:
       annotations:
         checksum/plugins: e9ae4b3c34e8060e27773a9ba8c8acbe37064fea76217b5260784aa80fc06e39
         checksum/config: 2b7dfd03332ddf543bbb21e74a5798bd411422087d5698ed45fec388c20c6dab
-        checksum/secret: bcd9722b04e4fd608ab09134fd4eeee69a0f4b45e0d8df5d3c921bacd43c9dae
+        checksum/secret: c953abbc65dd935f1e5118b3efb1e082374ad203eba24a98829fead12e401630
     spec:
       automountServiceAccountToken: false
       initContainers:
@@ -771,7 +771,7 @@ spec:
         checksum/init-sysctl: 98bc4547635be63a9181cc7bf43f6bc197e352feb07c16b330e317a427cace71
         checksum/init-fs: e82d18354a07bfc0a15f75c3feb2c09dfdbf0f85e191fc06d6af0408890dbe5f
         checksum/config: 2b7dfd03332ddf543bbb21e74a5798bd411422087d5698ed45fec388c20c6dab
-        checksum/secret: bcd9722b04e4fd608ab09134fd4eeee69a0f4b45e0d8df5d3c921bacd43c9dae
+        checksum/secret: c953abbc65dd935f1e5118b3efb1e082374ad203eba24a98829fead12e401630
     spec:
       automountServiceAccountToken: false
       initContainers:

diff --git a/tests/unit-compatibility-test/fixtures/sonarqube-dce/default-values.yaml b/tests/unit-compatibility-test/fixtures/sonarqube-dce/default-values.yaml
@@ -61,7 +61,7 @@ metadata:
     heritage: Helm
 type: Opaque
 data:
-  SONAR_WEB_SYSTEMPASSCODE: "ZGVmaW5lX2l0"
+  SONAR_WEB_SYSTEMPASSCODE: "dGVzdA=="
 ---
 # Source: sonarqube-dce/templates/secret.yaml
 ---
@@ -402,7 +402,7 @@ spec:
       annotations:
         checksum/plugins: 17fc1846d70347f81a01450ba55be9772d8ff9f384e4addd4bfdc8ba241a3f6e
         checksum/config: 089ef8f6016c838cc1fbb9e7ec333714fd9e24558fa9ed8b6566d5bd78785aa1
-        checksum/secret: a2554ccc5748288fe5242706c0dea1a331fabebc9fa1c28dce127e415a0994b0
+        checksum/secret: a67ffba29999ef0ee05bedddf517637f8983bd2f5d787bc48eac1d04ad1d4cac
     spec:
       automountServiceAccountToken: false
       initContainers:
@@ -771,7 +771,7 @@ spec:
         checksum/init-sysctl: afb1ee3c0bd3f45f074b2aa9dcd411e579a6bef6742ce7e9fcd0902da1da8ee0
         checksum/init-fs: 0d5d2911499a844f459510520eccccfe54a30732055e00fecbd157be19eabde8
         checksum/config: 089ef8f6016c838cc1fbb9e7ec333714fd9e24558fa9ed8b6566d5bd78785aa1
-        checksum/secret: a2554ccc5748288fe5242706c0dea1a331fabebc9fa1c28dce127e415a0994b0
+        checksum/secret: a67ffba29999ef0ee05bedddf517637f8983bd2f5d787bc48eac1d04ad1d4cac
     spec:
       automountServiceAccountToken: false
       initContainers:

diff --git a/tests/unit-compatibility-test/fixtures/sonarqube-dce/deprecation-values.yaml b/tests/unit-compatibility-test/fixtures/sonarqube-dce/deprecation-values.yaml
@@ -61,7 +61,7 @@ metadata:
     heritage: Helm
 type: Opaque
 data:
-  SONAR_WEB_SYSTEMPASSCODE: "ZGVmaW5lX2l0"
+  SONAR_WEB_SYSTEMPASSCODE: "dGVzdA=="
 ---
 # Source: sonarqube-dce/templates/secret.yaml
 ---
@@ -402,7 +402,7 @@ spec:
       annotations:
         checksum/plugins: fd931c31a213f31239316f10aaf890bdb4487175254fc8022cef761b84251d07
         checksum/config: c7eac0b257b0b39fce9eb76e80c7fff4de4c87cc70791a3b3be229160edfda55
-        checksum/secret: 68fb4519d328bae43f955902aaf31e21be2b877a309c339ce053f4bb8157c14b
+        checksum/secret: f188f40e2c44ce10654c517f981d5c4e4b5e84b315b4a841769815c6ea1a1325
     spec:
       automountServiceAccountToken: false
       initContainers:
@@ -771,7 +771,7 @@ spec:
         checksum/init-sysctl: 8e6b0d43012012657f5d43f2aea5ecff4b8b77ce64b1344ab50b6a56186a35ec
         checksum/init-fs: 89d4edf2ebc6ca4b003938764a918fd5670c1e633e4ebb5b44cfb0c7f8b4dd32
         checksum/config: c7eac0b257b0b39fce9eb76e80c7fff4de4c87cc70791a3b3be229160edfda55
-        checksum/secret: 68fb4519d328bae43f955902aaf31e21be2b877a309c339ce053f4bb8157c14b
+        checksum/secret: f188f40e2c44ce10654c517f981d5c4e4b5e84b315b4a841769815c6ea1a1325
     spec:
       automountServiceAccountToken: false
       initContainers:

diff --git a/tests/unit-compatibility-test/fixtures/sonarqube-dce/duplicated-env-values.yaml b/tests/unit-compatibility-test/fixtures/sonarqube-dce/duplicated-env-values.yaml
@@ -61,7 +61,7 @@ metadata:
     heritage: Helm
 type: Opaque
 data:
-  SONAR_WEB_SYSTEMPASSCODE: "ZGVmaW5lX2l0"
+  SONAR_WEB_SYSTEMPASSCODE: "dGVzdA=="
 ---
 # Source: sonarqube-dce/templates/secret.yaml
 ---
@@ -402,7 +402,7 @@ spec:
       annotations:
         checksum/plugins: 4a453233dfcc84314d6b68e29eb2f065a94cfdc24d0bd220e53dd271c368e5e7
         checksum/config: 5a44ea24d82827ee6e5a9d8d17b629dda12f26e7c7929855670797feed0d3bce
-        checksum/secret: b8c22fa687d7182ff6ce450de744d0e697d7d300eff05d48ab2b4f3d02a5de72
+        checksum/secret: 5992e0c2cfaeaa96c34a951515a278c973cf4bf7f818fcb5cacc905c8fd16754
     spec:
       automountServiceAccountToken: false
       initContainers:
@@ -776,7 +776,7 @@ spec:
         checksum/init-sysctl: 22ac9bc276364fda0c41754d0a0490446029c30e5480ee6af8ae245008f45c33
         checksum/init-fs: 048f240c4214b9cfeede959d9e0d458169fc92d0828af642accb6ba788a24905
         checksum/config: 5a44ea24d82827ee6e5a9d8d17b629dda12f26e7c7929855670797feed0d3bce
-        checksum/secret: b8c22fa687d7182ff6ce450de744d0e697d7d300eff05d48ab2b4f3d02a5de72
+        checksum/secret: 5992e0c2cfaeaa96c34a951515a278c973cf4bf7f818fcb5cacc905c8fd16754
     spec:
       automountServiceAccountToken: false
       initContainers: