lint and validate dependency metadata to reference dependencies with …

[dastrobu]

…a unique key (name or alias)

Report charts with the following bad dependency specifications as bad charts:

dependencies:
- name: foo
  alias: baz # ← baz used twice
  version: 1.0.0
- name: bar
  alias: baz # ← baz used twice
  version: 1.0.0

dependencies:
- name: foo
  alias: bar # ← shadows chart below
  version: 1.0.0
- name: bar
  version: 1.0.0

dependencies:
- name: foo
  version: 1.0.0
- name: foo # ← chart with same name as above (although version or repo will be different, this will not work currently)
  version: 1.2.3

Closes #9169

Signed-off-by: Daniel Strobusch 1847260+dastrobu@users.noreply.github.com

What this PR does / why we need it:

Special notes for your reviewer:

If applicable:

• this PR contains documentation
• this PR contains unit tests
• this PR has been tested for backwards compatibility

[sbose78]

LGTM

[dastrobu]

Rebased onto current main.

[jburnitz]

why isn't this merged

[dastrobu]

Rebased onto current main.

[Maxine-van-der-Smissen]

Note: I am not a maintainer.

Thanks for making the PR

[joejulian]

I tried being creative but I can't break this. Nice work!

[sabre1041]

LGTM

[dbluxo]

Hey @dastrobu 👋 , I'm now (v3.14.0) getting error messages, is this a non valid use case?:

dependencies:
  - name: kube-rbac-proxy
    version: "0.9.1"
    repository: "<...>"
    alias: loki-query-proxy
    condition: loki-query-proxy.enabled
  - name: kube-rbac-proxy
    version: "0.9.1"
    repository: "<...>"
    alias: loki-ingestion-proxy
    condition: loki-ingestion-proxy.enabled

index.go:366: skipping loading invalid entry for chart "<...>" "1.3.0" from <...>: validation: more than one dependency with name or alias "kube-rbac-proxy"

Or am I missing something?

[bt909]

According to the documentation for the Chart.yaml using name twice with separate aliases seems to be okay.

Quote: alias: (optional) Alias to be used for the chart. Useful when you have to add the same chart multiple times

But now this seemed to be treated as error!

[dastrobu]

index.go:366: skipping loading invalid entry for chart "<...>" "1.3.0" from <...>: validation: more than one dependency with name or alias "kube-rbac-proxy"

Or am I missing something?

@dbluxo I guess your case should work as long as the repo and version is identical for both dependencies. Otherwise you will hit the case described in #9169 (undefined behaviour).
As this PR is closed, I'd suggest to create a new issue for this.
I can try to create a fix for this. Note that I am not a maintainer, though.

[dbluxo]

@dastrobu Thank you for your response. I have created an issue, would be great if our use case (same repository and version) would work again.

[ziqianggeoffreychen]

index.go:366: skipping loading invalid entry for chart "<...>" "1.3.0" from <...>: validation: more than one dependency with name or alias "kube-rbac-proxy"
Or am I missing something?

@dbluxo I guess your case should work as long as the repo and version is identical for both dependencies. Otherwise you will hit the case described in #9169 (undefined behaviour). As this PR is closed, I'd suggest to create a new issue for this. I can try to create a fix for this. Note that I am not a maintainer, though.

Hi @dastrobu , I opened an issue related to this change. In my case, the two dependencies are exactly the same with different aliases. But the alias is removed by JFrog in its index.yaml metadata. If all versions of the helm charts are with the same kind (aliases duplicate), it seems they will show up in search result. But that's not reliable. Refer to my issue for more details. Thanks.
#12744