JSON schemas should be strict validatable

[o-l-a-v]

Describe the bug

All EPAC JSON schemas should be strict validatable, to ensure definitions does not have unwanted properties that might break build and deploy.

I'd like to avoid writing our own linter for this, hopefully this is something that can be implemented in EPAC itself.

I'm no JSON schema expert, maybe adding "additionalProperties": false as a "root" value isn't enough? Seems like that's what Scoop does:

• https://raw.githubusercontent.com/ScoopInstaller/Scoop/master/schema.json

Currently, none of the EPAC schemas have this:

• policyAssignment: https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-assignment-schema.json
• policyDefinition: https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-definition-schema.json
• policySetDefinition: https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-set-definition-schema.json

To Reproduce

See issue comment: https://github.com/Azure/enterprise-azure-policy-as-code/issues/777#issuecomment-2415893832

Expected behavior

Non-valid JSON / JSONC should not go through EPAC.

Screenshots

None.

EPAC Version

Not relevant, JSON schema issue AFAIK.

[o-l-a-v]

Maybe it'd be smart to use a JSON schema version VSCode actually supports? 🤔

• 2022-07-16: https://github.com/microsoft/vscode/issues/155379
• 2023-09-27: https://github.com/microsoft/vscode-json-languageservice/issues/149

PowerShell seems to have problem with 2019 and newer too:

• 2023-11-21: https://github.com/PowerShell/PowerShell/issues/20743

[anwather]

Looks like additionalProperties might work.

[anwather]

Updated schema to use this value - it seems to not like the additional property of id in your example but then doesn't have a problem with type so not sure what it going on there.

[anwather]

See comment in #777 re why the schema is provided - we can still look at adding additionalProperties but I don't believe that we'll be able to use the schema to test things like removed or invalid parameters - can do that with Pester and the module provided.

[o-l-a-v]

Thanks @anwather. We'll take a look at AzPolicyTest. We've linted wanted "root values" for EPAC policyDefinitions with something like this for now:

$AllDefinitions.Where{
    $(
        [string[]](
            Compare-Object -PassThru -CaseSensitive -ReferenceObject (
                (
                     ConvertFrom-Json -InputObject (Get-Content -Raw -Path $_.'Path')
                ).'PSObject'.'Properties'.Where{$_.'MemberType' -eq 'NoteProperty'}.'Name'
            ) -DifferenceObject '$schema','name','properties'
        )
    ).'Count' -gt 0
}

[anwather]

Closing as discussed with dev team - the purpose of the schema is to provide some level of Intellisense, not to support validation of policy files.