Merge 8025a397e6 into b606424ea2

8 hours ago · 3387ccca58
parent b606424ea2 8025a397e6
commit 3387ccca58
2 changed files with 44 additions and 0 deletions
--- a/pkg/chart/common/util/jsonschema.go
+++ b/pkg/chart/common/util/jsonschema.go
@ -24,6 +24,7 @@ import (
 	"log/slog"
 	"net/http"
 	"strings"
+	"sync"
 	"time"

 	"github.com/santhosh-tekuri/jsonschema/v6"
@ -127,6 +128,7 @@ func ValidateAgainstSingleSchema(values common.Values, schemaJSON []byte) (reter
 		"file":  jsonschema.FileLoader{},
 		"http":  newHTTPURLLoader(),
 		"https": newHTTPURLLoader(),
+		"urn":   urnLoader{},
 	}

 	compiler := jsonschema.NewCompiler()
@ -149,6 +151,35 @@ func ValidateAgainstSingleSchema(values common.Values, schemaJSON []byte) (reter
 	return nil
 }

+// URNResolverFunc allows SDK to plug a URN resolver. It must return a
+// schema document compatible with the validator (e.g., result of
+// jsonschema.UnmarshalJSON).
+type URNResolverFunc func(urn string) (any, error)
+
+// URNResolver is the default resolver used by the URN loader. By default it
+// returns a clear error.
+var URNResolver URNResolverFunc = func(urn string) (any, error) {
+	return nil, fmt.Errorf("URN not resolved: %s", urn)
+}
+
+// urnLoader implements resolution for the urn: scheme by delegating to
+// URNResolver. If unresolved, it logs a warning and returns a permissive
+// boolean-true schema to avoid hard failures (back-compat behavior).
+type urnLoader struct{}
+
+// warnedURNs ensures we log the unresolved-URN warning only once per URN.
+var warnedURNs sync.Map
+
+func (l urnLoader) Load(urlStr string) (any, error) {
+	if doc, err := URNResolver(urlStr); err == nil && doc != nil {
+		return doc, nil
+	}
+	if _, loaded := warnedURNs.LoadOrStore(urlStr, struct{}{}); !loaded {
+		slog.Warn("unresolved URN reference ignored; using permissive schema", "urn", urlStr)
+	}
+	return jsonschema.UnmarshalJSON(strings.NewReader("true"))
+}
+
 // Note, JSONSchemaValidationError is used to wrap the error from the underlying
 // validation package so that Helm has a clean interface and the validation package
 // could be replaced without changing the Helm SDK API.
--- a/pkg/chart/common/util/jsonschema_test.go
+++ b/pkg/chart/common/util/jsonschema_test.go
@ -286,3 +286,16 @@ func TestHTTPURLLoader_Load(t *testing.T) {
 		}
 	})
 }
+
+// Test that an unresolved URN $ref is soft-ignored and validation succeeds.
+// it mimics the behavior of Helm 3.18.4
+func TestValidateAgainstSingleSchema_UnresolvedURN_Ignored(t *testing.T) {
+	schema := []byte(`{
+        "$schema": "https://json-schema.org/draft-07/schema#",
+        "$ref": "urn:example:helm:schemas:v1:helm-schema-validation-conditions:v1/helmSchemaValidation-true"
+    }`)
+	vals := map[string]interface{}{"any": "value"}
+	if err := ValidateAgainstSingleSchema(vals, schema); err != nil {
+		t.Fatalf("expected no error when URN unresolved is ignored, got: %v", err)
+	}
+}