upstream/helm
1
0
Fork 0
mirror of https://github.com/helm/helm.git synced 2026-02-03 20:39:45 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge pull request #31240 from benoittgt/fix-31170-URN
Some checks failed
build-test / build (push) Has been cancelled
Details
CodeQL / Analyze (push) Has been cancelled
Details
golangci-lint / golangci-lint (push) Has been cancelled
Details
release / release (push) Has been cancelled
Details
release / canary-release (push) Has been cancelled
Details
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Details

Browse source 
jsonschema: warn and ignore unresolved URN $ref to match v3.18.4
This commit is contained in:
George Jenkins 2025-11-07 09:33:47 -08:00 committed by GitHub
commit cdb48b88fb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 44 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
pkg/chart/common/util/jsonschema.go
View file

@ -24,6 +24,7 @@ import (
"log/slog"
"net/http"
"strings"
"sync"
"time"
"github.com/santhosh-tekuri/jsonschema/v6"
@ -142,6 +143,7 @@ func ValidateAgainstSingleSchema(values common.Values, schemaJSON []byte) (reter
"file": jsonschema.FileLoader{},
"http": newHTTPURLLoader(),
"https": newHTTPURLLoader(),
"urn": urnLoader{},
}
compiler := jsonschema.NewCompiler()
@ -164,6 +166,35 @@ func ValidateAgainstSingleSchema(values common.Values, schemaJSON []byte) (reter
return nil
}
// URNResolverFunc allows SDK to plug a URN resolver. It must return a
// schema document compatible with the validator (e.g., result of
// jsonschema.UnmarshalJSON).
type URNResolverFunc func(urn string) (any, error)
// URNResolver is the default resolver used by the URN loader. By default it
// returns a clear error.
var URNResolver URNResolverFunc = func(urn string) (any, error) {
return nil, fmt.Errorf("URN not resolved: %s", urn)
}
// urnLoader implements resolution for the urn: scheme by delegating to
// URNResolver. If unresolved, it logs a warning and returns a permissive
// boolean-true schema to avoid hard failures (back-compat behavior).
type urnLoader struct{}
// warnedURNs ensures we log the unresolved-URN warning only once per URN.
var warnedURNs sync.Map
func (l urnLoader) Load(urlStr string) (any, error) {
if doc, err := URNResolver(urlStr); err == nil && doc != nil {
return doc, nil
}
if _, loaded := warnedURNs.LoadOrStore(urlStr, struct{}{}); !loaded {
slog.Warn("unresolved URN reference ignored; using permissive schema", "urn", urlStr)
}
return jsonschema.UnmarshalJSON(strings.NewReader("true"))
}
// Note, JSONSchemaValidationError is used to wrap the error from the underlying
// validation package so that Helm has a clean interface and the validation package
// could be replaced without changing the Helm SDK API.

13
pkg/chart/common/util/jsonschema_test.go
View file

@ -287,6 +287,19 @@ func TestHTTPURLLoader_Load(t *testing.T) {
})
}
// Test that an unresolved URN $ref is soft-ignored and validation succeeds.
// it mimics the behavior of Helm 3.18.4
func TestValidateAgainstSingleSchema_UnresolvedURN_Ignored(t *testing.T) {
schema := []byte(`{
"$schema": "https://json-schema.org/draft-07/schema#",
"$ref": "urn:example:helm:schemas:v1:helm-schema-validation-conditions:v1/helmSchemaValidation-true"
}`)
vals := map[string]interface{}{"any": "value"}
if err := ValidateAgainstSingleSchema(vals, schema); err != nil {
t.Fatalf("expected no error when URN unresolved is ignored, got: %v", err)
}
}
// Non-regression tests for https://github.com/helm/helm/issues/31202
// Ensure ValidateAgainstSchema does not panic when:
// - subchart key is missing