Schema validation with $ref cross-file references only works when charts
are available as directories on the filesystem. The install, template, and
upgrade commands may work with archived charts (.tgz) that are loaded
directly into memory without filesystem extraction.
This change limits ChartDir setting to the lint command only. The lint
command already extracts archived charts to temporary directories before
validation, so $ref resolution works for both directory and archived charts
when linting.
For install/template/upgrade commands:
- Main schema validation continues to work
- Charts without $ref validate successfully
- Charts with $ref will fail .. maybe we could add a warning about $ref not being supported in these commands?
Changes:
- Remove ChartDir assignment from install and upgrade commands
- Update schema validation to use synthetic path when chartDir is empty
- Add test for linting archived chart with $ref
- Remove install/template/upgrade tests for $ref (not supported)
Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>
The error message trimming logic was hardcoded to remove the prefix
"jsonschema validation failed with 'file:///values.schema.json#'",
which broke when we switched to using absolute paths for $ref resolution.
Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>
Extends JSON schema validation to support relative $ref imports
across helm lint, install, template, and upgrade commands.
Addresses George's review comments:
- Pass chartDir directly instead of deriving from valuesPath
- Create new functions instead of changing public API signatures
- Use absolute file paths for proper URL-based $ref resolution
Implementation:
- Added ValidateAgainstSchemaWithPath to resolve $ref using
absolute file paths instead of root-relative URLs
- Thread chartDir through Install/Upgrade structs and all
validation functions
- Updated both v2 (public) and v3 (internal) lint rules
Fixes relative $ref resolution when running commands like:
helm lint ../sample-chart
helm install release ../sample-chart
Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>
Previously, the error trimming was hardcoded to remove only:
'jsonschema validation failed with 'file:///values.schema.json#''
After the fix for relative schema references (issue #31260), schema URLs
now include the full absolute path, making error messages look like:
'jsonschema validation failed with 'file:///full/absolute/path/values.schema.json#''
Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>
When validating values against JSON schemas, relative file references
in the schema (like "$ref": "./other-schema.json") were failing because
in some cases. The JSON schema validator couldn't resolve the correct
base directory.
This change passes the absolute base directory to the schema validator,
allowing it to properly resolve relative JSON schema references by
constructing the correct file:// URLs with the proper path context.
Tested with:
- `helm lint .`
- `helm lint subfolder`
Fixes#31260
Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>
Add test
Only delete nil user values when overriding a non-nil chart default.
When chart has empty map or no default for a key, preserve user's nil.
| Scenario | Result |
|----------|--------|
| User sets `baz: ~`, chart has `baz: "value"` | Key deleted |
| User sets `baz: ~`, chart has empty map `{}` | Nil preserved |
| User sets `baz: ~`, chart has `baz: ~` | Nil preserved |
Fixes#31643
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
Adds chart name to dependency logs, namespace to resource waiting logs,
and confirmation message when all resources are ready.
Addresses #31520
Signed-off-by: shuv0id <110290476+shuv0id@users.noreply.github.com>
Helm 3.19.0 introduced a regression where vendor-specific suffixes
(e.g., -gke.1245000, -eks-4096722, +) are stripped from
.Capabilities.KubeVersion.GitVersion, breaking charts that detect
managed Kubernetes platforms.
The root cause was using k8sversion.ParseGeneric().String() which
intentionally discards vendor suffixes. The fix stores both the full
version (with vendor suffix) and a normalized version. String() returns
the normalized version for constraint checking (e.g., ">= 1.21.0"),
while Version/GitVersion preserve the full string for template access.
Fixes#31423
Related to #31063, #31078
Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>
Building the same chart into an archive multiple times will have
the same sha256 hash.
Perviously, the time in the headers for a file was time.Now() which
changed each time. The time is now collected from the operating
system when the file is loaded and this time is used.
Fixes: #3612
Signed-off-by: Matt Farina <matt.farina@suse.com>
- v3.18.5 switched jsonschema and began resolving external $ref
at compile-time, exposing missing urn handling
(“no URLLoader registered for urn:…”).
- Add urn scheme loader and pluggable URNResolver. If unresolved, log
a warning and return a permissive true schema (back-compat).
- Apply to pkg/chart/v2 and internal/chart/v3 validators. Not sure about
that
Note: external URNs need AddResource/Resolver (the CLI uses --map for
this). Warning may appear twice since both validators run.
Another strategy could be to add the option to import more "external
schema" explicitly but it is another PR. Something similar to `--map`
from jsonschema package
(santhosh-tekuri/jsonschema@ed65924).
Close: #31170
Signed-off-by: Benoit Tigeot <benoit.tigeot@lifen.fr>
Linting is specific to the chart versions. A v2 and v3 chart will
lint differently.
To accomplish this, packages like engine need to be able to handle
different chart versions. This was accomplished by some changes:
1. The introduction of a Charter interface for charts
2. The ChartAccessor which is able to accept a chart and then
provide access to its data via an interface. There is an
interface, factory, and implementation for each version of
chart.
3. Common packages were moved to a common and util packages.
Due to some package loops, there are 2 packages which may
get some consolidation in the future.
The new interfaces provide the foundation to move the actions
and cmd packages to be able to handle multiple apiVersions of
charts.
Signed-off-by: Matt Farina <matt.farina@suse.com>
Benoit Tigeot
George Jenkins
Evans Mungai
Joe Julian
Matthieu MOREL
Branch Vincent
Matt Farina
shuv0id
Scott Rigby
Benoit Tigeot
Terry Howe