From 05813ffa556e700d40f24eda61cd0aa5956665fa Mon Sep 17 00:00:00 2001 From: Munem Hashmi Date: Fri, 13 Mar 2026 21:40:32 +0500 Subject: [PATCH] fix(chartutil): enable format assertions in JSON schema validation The jsonschema compiler was not configured to enforce format constraints (e.g. ipv4, ipv6, email) defined in values.schema.json. This caused helm lint to silently accept invalid values that violated format rules. Enable format assertions by calling compiler.AssertFormat() so that format keywords are enforced during schema validation. Closes #31788 Signed-off-by: Munem Hashmi --- pkg/chart/common/util/jsonschema.go | 1 + pkg/chart/common/util/jsonschema_test.go | 38 +++++++++++++++++++ .../testdata/test-values-format-negative.yaml | 3 ++ .../testdata/test-values-format.schema.json | 23 +++++++++++ .../util/testdata/test-values-format.yaml | 3 ++ 5 files changed, 68 insertions(+) create mode 100644 pkg/chart/common/util/testdata/test-values-format-negative.yaml create mode 100644 pkg/chart/common/util/testdata/test-values-format.schema.json create mode 100644 pkg/chart/common/util/testdata/test-values-format.yaml diff --git a/pkg/chart/common/util/jsonschema.go b/pkg/chart/common/util/jsonschema.go index 63ca0c274..91dbbc8e2 100644 --- a/pkg/chart/common/util/jsonschema.go +++ b/pkg/chart/common/util/jsonschema.go @@ -145,6 +145,7 @@ func ValidateAgainstSingleSchema(values common.Values, schemaJSON []byte) (reter } compiler := jsonschema.NewCompiler() + compiler.AssertFormat() compiler.UseLoader(loader) err = compiler.AddResource("file:///values.schema.json", schema) if err != nil { diff --git a/pkg/chart/common/util/jsonschema_test.go b/pkg/chart/common/util/jsonschema_test.go index 838d152a1..e1eeba5db 100644 --- a/pkg/chart/common/util/jsonschema_test.go +++ b/pkg/chart/common/util/jsonschema_test.go @@ -91,6 +91,44 @@ func TestValidateAgainstSingleSchemaNegative(t *testing.T) { } } +func TestValidateAgainstSingleSchemaFormat(t *testing.T) { + values, err := common.ReadValuesFile("./testdata/test-values-format.yaml") + if err != nil { + t.Fatalf("Error reading YAML file: %s", err) + } + schema, err := os.ReadFile("./testdata/test-values-format.schema.json") + if err != nil { + t.Fatalf("Error reading JSON file: %s", err) + } + + if err := ValidateAgainstSingleSchema(values, schema); err != nil { + t.Errorf("Error validating Values against Schema: %s", err) + } +} + +func TestValidateAgainstSingleSchemaFormatNegative(t *testing.T) { + values, err := common.ReadValuesFile("./testdata/test-values-format-negative.yaml") + if err != nil { + t.Fatalf("Error reading YAML file: %s", err) + } + schema, err := os.ReadFile("./testdata/test-values-format.schema.json") + if err != nil { + t.Fatalf("Error reading JSON file: %s", err) + } + + err = ValidateAgainstSingleSchema(values, schema) + if err == nil { + t.Fatal("Expected an error for invalid format values, but got nil") + } + + errString := err.Error() + for _, expected := range []string{"ipv4", "ipv6", "email"} { + if !strings.Contains(errString, expected) { + t.Errorf("Expected error to mention %q, got:\n%s", expected, errString) + } + } +} + const subchartSchema = `{ "$schema": "http://json-schema.org/draft-07/schema#", "title": "Values", diff --git a/pkg/chart/common/util/testdata/test-values-format-negative.yaml b/pkg/chart/common/util/testdata/test-values-format-negative.yaml new file mode 100644 index 000000000..8533a5592 --- /dev/null +++ b/pkg/chart/common/util/testdata/test-values-format-negative.yaml @@ -0,0 +1,3 @@ +ipAddress4: "invalid-ip" +ipAddress6: "2001:0db8:85a3:0000:0000:8a2e:0370:7334:11111111" +email: "invalid-email" diff --git a/pkg/chart/common/util/testdata/test-values-format.schema.json b/pkg/chart/common/util/testdata/test-values-format.schema.json new file mode 100644 index 000000000..99e0c2653 --- /dev/null +++ b/pkg/chart/common/util/testdata/test-values-format.schema.json @@ -0,0 +1,23 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "Values", + "type": "object", + "properties": { + "ipAddress4": { + "description": "IPv4 address", + "type": "string", + "format": "ipv4" + }, + "ipAddress6": { + "description": "IPv6 address", + "type": "string", + "format": "ipv6" + }, + "email": { + "description": "Email address", + "type": "string", + "format": "email" + } + }, + "required": ["email", "ipAddress4", "ipAddress6"] +} diff --git a/pkg/chart/common/util/testdata/test-values-format.yaml b/pkg/chart/common/util/testdata/test-values-format.yaml new file mode 100644 index 000000000..9a08db1fd --- /dev/null +++ b/pkg/chart/common/util/testdata/test-values-format.yaml @@ -0,0 +1,3 @@ +ipAddress4: "192.168.1.1" +ipAddress6: "2001:0db8:85a3:0000:0000:8a2e:0370:7334" +email: "user@example.com"