dependabot-terraform 0.154.1 → 0.155.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1175445a66ed8a81ebd30b26afc359f0b17314fe30c6e6f6676819d4cc989493
-  data.tar.gz: aacde4dae44b64e8377c21b3deeadcc6ad7700a6e87c2a93585e0f59b0feddc7
+  metadata.gz: 918d77ffd4e3ac0a5e2257c2e46790900ea7c9a0dd7f163b355c045ae1a3dd66
+  data.tar.gz: 92ded6313a7295d5d72be98d544c2871f897c164030fdd26580d4a8fbfbf2a4c
 SHA512:
-  metadata.gz: 22b8e173927a0ccef5a4e5de4816b00dc63aff2f27c5d6618ba4c3e692070d928190b0fa6d076bc0cd1d62b7d43b31f0e40dad0db4b0f2391b1105938c6ed018
-  data.tar.gz: 356cda654101bfbddd773647ac7427e4aede5767be9666f6f5d3f605d3ea1294f83db7228858bb42df48403822c6bc3f68f9d4f31be626d435ce91728baabe44
+  metadata.gz: 13aa45d3900b954c67c6937e883b8e05d830fe59323807b92156f4c4be67450939a9637b01f5acccc0e357e67ee1a6246deba8657c28695ffc60d9a842edb757
+  data.tar.gz: 673a1a49af009d4920eea42624c0612748abd7e24a274fa1fc80e9b33e0358235d803d0da7cbd1070dbdfaa13b7c0e01d1965c1b4f83d597031b32f8618d41d7

data/helpers/build

@@ -17,6 +17,6 @@ os="$(uname -s | tr '[:upper:]' '[:lower:]')"
 hcl2json_checksum="24068f1e25a34d8f8ca763f34fce11527472891bfa834d1504f665855021d5d4"
 hcl2json_url="https://github.com/tmccombs/hcl2json/releases/download/v0.3.3/hcl2json_${os}_amd64"
 hcl2json_path="$install_dir/bin/hcl2json"
-wget -O "$hcl2json_path" "$hcl2json_url"
+curl -sSLfo "$hcl2json_path" "$hcl2json_url"
 echo "$hcl2json_checksum  $hcl2json_path" | sha256sum -c
 chmod +x "$install_dir/bin/hcl2json"

data/lib/dependabot/terraform/file_parser.rb

@@ -170,13 +170,11 @@ module Dependabot
       end
 
       def provider_source_from(source_address, name)
-        return [DEFAULT_REGISTRY, DEFAULT_NAMESPACE, name] unless source_address
-
-        matches = source_address.match(PROVIDER_SOURCE_ADDRESS)
+        matches = source_address&.match(PROVIDER_SOURCE_ADDRESS)
         [
-          matches[:hostname] || DEFAULT_REGISTRY,
-          matches[:namespace],
-          matches[:name] || name
+          matches.try(:[], :hostname) || DEFAULT_REGISTRY,
+          matches.try(:[], :namespace) || DEFAULT_NAMESPACE,
+          matches.try(:[], :name) || name
         ]
       end
 
@@ -233,20 +231,22 @@ module Dependabot
       # rubocop:disable Metrics/PerceivedComplexity
       # See https://www.terraform.io/docs/modules/sources.html#http-urls for
       # details of how Terraform handle HTTP(S) sources for modules
-      def get_proxied_source(raw_source)
+      def get_proxied_source(raw_source) # rubocop:disable Metrics/AbcSize
         return raw_source unless raw_source.start_with?("http")
 
         uri = URI.parse(raw_source.split(%r{(?<!:)//}).first)
         return raw_source if uri.path.end_with?(*ARCHIVE_EXTENSIONS)
-        return raw_source if URI.parse(raw_source).query.include?("archive=")
+        return raw_source if URI.parse(raw_source).query&.include?("archive=")
 
         url = raw_source.split(%r{(?<!:)//}).first + "?terraform-get=1"
+        host = URI.parse(raw_source).host
 
         response = Excon.get(
           url,
           idempotent: true,
           **SharedHelpers.excon_defaults
         )
+        raise PrivateSourceAuthenticationFailure, host if response.status == 401
 
         return response.headers["X-Terraform-Get"] if response.headers["X-Terraform-Get"]
 
@@ -254,6 +254,10 @@ module Dependabot
         doc.css("meta").find do |tag|
           tag.attributes&.fetch("name", nil)&.value == "terraform-get"
         end&.attributes&.fetch("content", nil)&.value
+      rescue Excon::Error::Socket, Excon::Error::Timeout => e
+        raise PrivateSourceAuthenticationFailure, host if e.message.include?("no address for")
+
+        raw_source
       end
       # rubocop:enable Metrics/PerceivedComplexity
 
@@ -273,7 +277,7 @@ module Dependabot
         path_uri = URI.parse(source_string.split(%r{(?<!:)//}).first)
         query_uri = URI.parse(source_string)
         return :http_archive if path_uri.path.end_with?(*ARCHIVE_EXTENSIONS)
-        return :http_archive if query_uri.query.include?("archive=")
+        return :http_archive if query_uri.query&.include?("archive=")
 
         raise "HTTP source, but not an archive!"
       end

data/lib/dependabot/terraform/file_updater.rb

@@ -90,7 +90,7 @@ module Dependabot
         end
       end
 
-      def update_lockfile_declaration
+      def update_lockfile_declaration # rubocop:disable Metrics/AbcSize
         return if lock_file.nil?
 
         new_req = dependency.requirements.first
@@ -115,6 +115,14 @@ module Dependabot
                  content.scan(declaration_regex).first.scan(/^\s*version\s*=.*/)
             content.sub!(declaration_regex, updated_dependency)
           end
+        rescue SharedHelpers::HelperSubprocessFailed => e
+          raise if @retrying_lock || !e.message.include?("terraform init")
+
+          # NOTE: Modules need to be installed before terraform can update the
+          # lockfile
+          @retrying_lock = true
+          SharedHelpers.run_shell_command("terraform init")
+          retry
         end
 
         content
@@ -157,7 +165,11 @@ module Dependabot
         %r{
           (?<=\{)
           (?:(?!^\}).)*
-          source\s*=\s*["'](#{Regexp.escape(registry_host_for(dependency))}/)?#{Regexp.escape(dependency.name)}["']
+          source\s*=\s*["']
+            (#{Regexp.escape(registry_host_for(dependency))}/)?
+            #{Regexp.escape(dependency.name)}
+            (//modules/\S+)?
+            ["']
           (?:(?!^\}).)*
         }mx
       end

data/lib/dependabot/terraform/registry_client.rb

@@ -58,15 +58,17 @@ module Dependabot
       #
       # @param dependency [Dependabot::Dependency] the dependency who's source
       # we're attempting to find
-      # @return Dependabot::Source
-      # @raise [Dependabot::DependabotError] when the source cannot be retrieved
+      # @return [nil, Dependabot::Source]
       def source(dependency:)
         type = dependency.requirements.first[:source][:type]
         base_url = service_url_for(service_key_for(type))
-        response = http_get!(URI.join(base_url, "#{dependency.name}/#{dependency.version}"))
+        response = http_get(URI.join(base_url, "#{dependency.name}/#{dependency.version}"))
+        return nil unless response.status == 200
 
         source_url = JSON.parse(response.body).fetch("source")
         Source.from_url(source_url) if source_url
+      rescue JSON::ParserError, Excon::Error::Timeout
+        nil
       end
 
       # Perform service discovery and return the absolute URL for
@@ -121,6 +123,7 @@ module Dependabot
       def http_get!(url)
         response = http_get(url)
 
+        raise Dependabot::PrivateSourceAuthenticationFailure, hostname if response.status == 401
         raise error("Response from registry was #{response.status}") unless response.status == 200
 
         response

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-terraform
 version: !ruby/object:Gem::Version
-  version: 0.154.1
+  version: 0.155.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-06-16 00:00:00.000000000 Z
+date: 2021-06-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.154.1
+        version: 0.155.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.154.1
+        version: 0.155.0
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement