dependabot-terraform 0.154.0 → 0.154.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 59bb33f8e7f4fae48eb1fe528f09c79fb052edca86b78975571db42edc363a8e
-  data.tar.gz: 03033631a1dd71804a8e74444cba04920eec4d824acddf8995b085bb3be2ab9c
+  metadata.gz: 8c2f99ef0a28f946419c0c91ff73277f5fc38c7fa138cca3798a7417d895cc9f
+  data.tar.gz: fab6fff6a747012e09d87ef387577fbba7279ca46923797e2edbca3bd1ed227f
 SHA512:
-  metadata.gz: a86565bd14aead0ca8f81204ac3e7092dd6f33c83c0ef8773b9d026aa8f4d919d0979d3632e1460f5573011360d452a909c0110feff0f0e209369520dc925c5d
-  data.tar.gz: 3674adf706d1a01f0aca351d8b9677a1ddaea219717cf9ff87abe285132bfb0f4a0017538dde8502f3a6af83ec0087243c146208799f3dbf77bd1f63277a9a5d
+  metadata.gz: 8aaccbbe38e0ccffaba559b7b095d25472d5cbce71381885abdf0a3a5268483ae22f60678b1489590e9009cd2654b2d17844cdb4c6b8bb1cd040d7789e74c82a
+  data.tar.gz: e27dbba4b1d5d78d26afe0c023ddeb73114c86312ec0efe90f177f820525ea787e22b3bbd3966af0113c270108c098677367d2d38de245b0de1dee881f2c796e

data/helpers/build

@@ -17,6 +17,6 @@ os="$(uname -s | tr '[:upper:]' '[:lower:]')"
 hcl2json_checksum="24068f1e25a34d8f8ca763f34fce11527472891bfa834d1504f665855021d5d4"
 hcl2json_url="https://github.com/tmccombs/hcl2json/releases/download/v0.3.3/hcl2json_${os}_amd64"
 hcl2json_path="$install_dir/bin/hcl2json"
-wget -O "$hcl2json_path" "$hcl2json_url"
+curl -sSLfo "$hcl2json_path" "$hcl2json_url"
 echo "$hcl2json_checksum  $hcl2json_path" | sha256sum -c
 chmod +x "$install_dir/bin/hcl2json"

data/lib/dependabot/terraform/file_parser.rb

@@ -170,13 +170,11 @@ module Dependabot
       end
 
       def provider_source_from(source_address, name)
-        return [DEFAULT_REGISTRY, DEFAULT_NAMESPACE, name] unless source_address
-
-        matches = source_address.match(PROVIDER_SOURCE_ADDRESS)
+        matches = source_address&.match(PROVIDER_SOURCE_ADDRESS)
         [
-          matches[:hostname] || DEFAULT_REGISTRY,
-          matches[:namespace],
-          matches[:name] || name
+          matches.try(:[], :hostname) || DEFAULT_REGISTRY,
+          matches.try(:[], :namespace) || DEFAULT_NAMESPACE,
+          matches.try(:[], :name) || name
         ]
       end
 
@@ -233,20 +231,22 @@ module Dependabot
       # rubocop:disable Metrics/PerceivedComplexity
       # See https://www.terraform.io/docs/modules/sources.html#http-urls for
       # details of how Terraform handle HTTP(S) sources for modules
-      def get_proxied_source(raw_source)
+      def get_proxied_source(raw_source) # rubocop:disable Metrics/AbcSize
         return raw_source unless raw_source.start_with?("http")
 
         uri = URI.parse(raw_source.split(%r{(?<!:)//}).first)
         return raw_source if uri.path.end_with?(*ARCHIVE_EXTENSIONS)
-        return raw_source if URI.parse(raw_source).query.include?("archive=")
+        return raw_source if URI.parse(raw_source).query&.include?("archive=")
 
         url = raw_source.split(%r{(?<!:)//}).first + "?terraform-get=1"
+        host = URI.parse(raw_source).host
 
         response = Excon.get(
           url,
           idempotent: true,
           **SharedHelpers.excon_defaults
         )
+        raise PrivateSourceAuthenticationFailure, host if response.status == 401
 
         return response.headers["X-Terraform-Get"] if response.headers["X-Terraform-Get"]
 
@@ -254,6 +254,10 @@ module Dependabot
         doc.css("meta").find do |tag|
           tag.attributes&.fetch("name", nil)&.value == "terraform-get"
         end&.attributes&.fetch("content", nil)&.value
+      rescue Excon::Error::Socket, Excon::Error::Timeout => e
+        raise PrivateSourceAuthenticationFailure, host if e.message.include?("no address for")
+
+        raw_source
       end
       # rubocop:enable Metrics/PerceivedComplexity
 
@@ -273,7 +277,7 @@ module Dependabot
         path_uri = URI.parse(source_string.split(%r{(?<!:)//}).first)
         query_uri = URI.parse(source_string)
         return :http_archive if path_uri.path.end_with?(*ARCHIVE_EXTENSIONS)
-        return :http_archive if query_uri.query.include?("archive=")
+        return :http_archive if query_uri.query&.include?("archive=")
 
         raise "HTTP source, but not an archive!"
       end

data/lib/dependabot/terraform/file_updater.rb

@@ -90,7 +90,7 @@ module Dependabot
         end
       end
 
-      def update_lockfile_declaration
+      def update_lockfile_declaration # rubocop:disable Metrics/AbcSize
         return if lock_file.nil?
 
         new_req = dependency.requirements.first
@@ -115,6 +115,14 @@ module Dependabot
                  content.scan(declaration_regex).first.scan(/^\s*version\s*=.*/)
             content.sub!(declaration_regex, updated_dependency)
           end
+        rescue SharedHelpers::HelperSubprocessFailed => e
+          raise if @retrying_lock || !e.message.include?("terraform init")
+
+          # NOTE: Modules need to be installed before terraform can update the
+          # lockfile
+          @retrying_lock = true
+          SharedHelpers.run_shell_command("terraform init")
+          retry
         end
 
         content
@@ -157,7 +165,11 @@ module Dependabot
         %r{
           (?<=\{)
           (?:(?!^\}).)*
-          source\s*=\s*["'](#{Regexp.escape(registry_host_for(dependency))}/)?#{Regexp.escape(dependency.name)}["']
+          source\s*=\s*["']
+            (#{Regexp.escape(registry_host_for(dependency))}/)?
+            #{Regexp.escape(dependency.name)}
+            (//modules/\S+)?
+            ["']
           (?:(?!^\}).)*
         }mx
       end

data/lib/dependabot/terraform/registry_client.rb

@@ -58,15 +58,17 @@ module Dependabot
       #
       # @param dependency [Dependabot::Dependency] the dependency who's source
       # we're attempting to find
-      # @return Dependabot::Source
-      # @raise [Dependabot::DependabotError] when the source cannot be retrieved
+      # @return [nil, Dependabot::Source]
       def source(dependency:)
         type = dependency.requirements.first[:source][:type]
         base_url = service_url_for(service_key_for(type))
-        response = http_get!(URI.join(base_url, "#{dependency.name}/#{dependency.version}"))
+        response = http_get(URI.join(base_url, "#{dependency.name}/#{dependency.version}"))
+        return nil unless response.status == 200
 
         source_url = JSON.parse(response.body).fetch("source")
         Source.from_url(source_url) if source_url
+      rescue JSON::ParserError, Excon::Error::Timeout
+        nil
       end
 
       # Perform service discovery and return the absolute URL for
@@ -121,6 +123,7 @@ module Dependabot
       def http_get!(url)
         response = http_get(url)
 
+        raise Dependabot::PrivateSourceAuthenticationFailure, hostname if response.status == 401
         raise error("Response from registry was #{response.status}") unless response.status == 200
 
         response

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-terraform
 version: !ruby/object:Gem::Version
-  version: 0.154.0
+  version: 0.154.5
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-06-15 00:00:00.000000000 Z
+date: 2021-06-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.154.0
+        version: 0.154.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.154.0
+        version: 0.154.5
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement