dependabot-terraform 0.148.4 → 0.148.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c8ca1ec08f424bc547f1dbc61dbec39cf74fe5f02c76b5a378e621d0d4d1c13f
-  data.tar.gz: c2a120087174b7bfff10fae4923df97b6893b96fa47b140b8953e9a504b70651
+  metadata.gz: d7ec549a6b6283f3ab90166318138d130e95ee433a8b17ec48157c376b322bfe
+  data.tar.gz: fe1e3b9b7e348e614c5da531da53ef226b4be07db71a0744e382a5d863cbbad5
 SHA512:
-  metadata.gz: 17cc904c667b03e8a59119279bbd6d6e773240eb5975ca468fa2c0de46912ae45ba7012decde4cea36f3b0c238ba64f9600d50ea12ca6a28b26936d099e2de35
-  data.tar.gz: 7a2dc3715196dc4056ef3b8fbff389e4be26a993031ca0af993cb4c1c0e0b2ad2f13f5927e8f4b8c9a3b325954e034c40745c1923b811766e225c2283d6c345b
+  metadata.gz: 11878a5dff8b23bf22568e1dc44734578175012b41eff9b5d0d7e8e774e1040d1720150d135e570f0814234d3c663bd04ed79c0339a5188ab8cc19729167e8f9
+  data.tar.gz: ac36440f83d0e54ee77e7aab101790bd58cce625dd8bbe4bbad4a2a90f599cc9356a452b63ecc6784c938619afc87f7c97ec33a3e07a3d136ea6c0dd59703634

data/lib/dependabot/terraform/file_parser.rb

@@ -20,6 +20,10 @@ module Dependabot
       include FileSelector
 
       ARCHIVE_EXTENSIONS = %w(.zip .tbz2 .tgz .txz).freeze
+      DEFAULT_REGISTRY = "registry.terraform.io"
+      DEFAULT_NAMESPACE = "hashicorp"
+      # https://www.terraform.io/docs/language/providers/requirements.html#source-addresses
+      PROVIDER_SOURCE_ADDRESS = %r{\A((?<hostname>.+)/)?(?<namespace>.+)/(?<name>.+)\z}.freeze
 
       def parse
         dependency_set = DependencySet.new
@@ -27,14 +31,14 @@ module Dependabot
         terraform_files.each do |file|
           modules = parsed_file(file).fetch("module", {})
           modules.each do |name, details|
-            dependency_set << build_terraform_dependency(file, name, details, false)
+            dependency_set << build_terraform_dependency(file, name, details)
           end
 
           parsed_file(file).fetch("terraform", []).each do |terraform|
             required_providers = terraform.fetch("required_providers", {})
             required_providers.each do |provider|
               provider.each do |name, details|
-                dependency_set << build_terraform_dependency(file, name, details, true)
+                dependency_set << build_provider_dependency(file, name, details)
               end
             end
           end
@@ -54,10 +58,10 @@ module Dependabot
 
       private
 
-      def build_terraform_dependency(file, name, details, provider)
-        details = details.is_a?(Array) ? details.first : details
+      def build_terraform_dependency(file, name, details)
+        details = details.first
 
-        source = source_from(details, provider)
+        source = source_from(details)
         dep_name = case source[:type]
                    when "registry" then source[:module_identifier]
                    when "provider" then details["source"]
@@ -82,8 +86,31 @@ module Dependabot
         )
       end
 
+      def build_provider_dependency(file, name, details = {})
+        source_address = details.fetch("source", nil)
+        version_req = details["version"]&.strip
+        hostname, namespace, name = provider_source_from(source_address, name)
+        dependency_name = source_address ? "#{namespace}/#{name}" : name
+
+        Dependency.new(
+          name: dependency_name,
+          version: determine_version_for(hostname, namespace, name, version_req),
+          package_manager: "terraform",
+          requirements: [
+            requirement: version_req,
+            groups: [],
+            file: file.name,
+            source: {
+              type: "provider",
+              registry_hostname: hostname,
+              module_identifier: "#{namespace}/#{name}"
+            }
+          ]
+        )
+      end
+
       def build_terragrunt_dependency(file, details)
-        source = source_from(details, false)
+        source = source_from(details)
         dep_name =
           if Source.from_url(source[:url])
             Source.from_url(source[:url]).repo
@@ -107,7 +134,7 @@ module Dependabot
       end
 
       # Full docs at https://www.terraform.io/docs/modules/sources.html
-      def source_from(details_hash, provider)
+      def source_from(details_hash)
         raw_source = details_hash.fetch("source")
         bare_source = get_proxied_source(raw_source)
 
@@ -118,23 +145,28 @@ module Dependabot
           when :github, :bitbucket, :git
             git_source_details_from(bare_source)
           when :registry
-            registry_source_details_from(bare_source, provider)
+            registry_source_details_from(bare_source)
           end
 
         source_details[:proxy_url] = raw_source if raw_source != bare_source
         source_details
       end
 
-      def registry_source_details_from(source_string, provider)
+      def provider_source_from(source_address, name)
+        return [DEFAULT_REGISTRY, DEFAULT_NAMESPACE, name] unless source_address
+
+        matches = source_address.match(PROVIDER_SOURCE_ADDRESS)
+        [
+          matches[:hostname] || DEFAULT_REGISTRY,
+          matches[:namespace],
+          matches[:name] || name
+        ]
+      end
+
+      def registry_source_details_from(source_string)
         parts = source_string.split("//").first.split("/")
 
-        if provider && parts.count == 2
-          {
-            "type": "provider",
-            "registry_hostname": "registry.terraform.io",
-            "module_identifier": source_string
-          }
-        elsif parts.count == 3
+        if parts.count == 3
           {
             type: "registry",
             registry_hostname: "registry.terraform.io",
@@ -300,6 +332,23 @@ module Dependabot
 
         raise "No Terraform configuration file!"
       end
+
+      def determine_version_for(hostname, namespace, name, constraint)
+        return constraint if constraint&.match?(/\A\d/)
+
+        lock_file_content.
+          dig("provider", "#{hostname}/#{namespace}/#{name}", 0, "version")
+      end
+
+      def lock_file_content
+        @lock_file_content ||=
+          begin
+            lock_file = dependency_files.find do |file|
+              file.name == ".terraform.lock.hcl"
+            end
+            lock_file ? parsed_file(lock_file) : {}
+          end
+      end
     end
   end
 end

data/lib/dependabot/terraform/file_updater.rb

@@ -73,7 +73,8 @@ module Dependabot
       end
 
       def update_registry_declaration(new_req, old_req, updated_content)
-        updated_content.sub!(registry_declaration_regex) do |regex_match|
+        regex = new_req[:source][:type] == "provider" ? provider_declaration_regex : registry_declaration_regex
+        updated_content.sub!(regex) do |regex_match|
           regex_match.sub(/^\s*version\s*=.*/) do |req_line_match|
             req_line_match.sub(old_req[:requirement], new_req[:requirement])
           end
@@ -96,6 +97,14 @@ module Dependabot
         raise "No Terraform configuration file!"
       end
 
+      def provider_declaration_regex
+        name = Regexp.escape(dependency.name)
+        /
+          ((source\s*=\s*["']#{name}["']|\s*#{name}\s*=\s*\{.*)
+          (?:(?!^\}).)+)
+        /mx
+      end
+
       def registry_declaration_regex
         /
           (?<=\{)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-terraform
 version: !ruby/object:Gem::Version
-  version: 0.148.4
+  version: 0.148.9
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-05-21 00:00:00.000000000 Z
+date: 2021-05-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.148.4
+        version: 0.148.9
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.148.4
+        version: 0.148.9
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement