dependabot-terraform 0.295.0 → 0.296.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/terraform/registry_client.rb +37 -13
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6926077ccaf82c06c0c12e8876ddfe4dafc30caf2f616fb5b1e19beaa5e7beb8
|
|
4
|
+
data.tar.gz: 59c0f4585f1d44d9ec5fb00d7d1c10ac469f855b42bd234108dd9501cfe00831
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 39034ac2008596be3cdb1ac269d0f4844c4f364133864b10db51b288278bc55952be06a6edb8863b97eab6c165a011404e5b5c738689c6858b930f46b1dc58ed
|
|
7
|
+
data.tar.gz: da43ebe909fb54c7ffb36f19aeb04e0ab284abf8b9a9340f83f7f9ca174697bbc37af36d332e8d11f2a1bd5a5afd43dc5059401cf596fa333f76c5e24df8974f
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "dependabot/dependency"
|
|
@@ -12,35 +12,42 @@ module Dependabot
|
|
|
12
12
|
# Terraform::RegistryClient is a basic API client to interact with a
|
|
13
13
|
# terraform registry: https://www.terraform.io/docs/registry/api.html
|
|
14
14
|
class RegistryClient
|
|
15
|
-
|
|
15
|
+
extend T::Sig
|
|
16
|
+
|
|
17
|
+
ARCHIVE_EXTENSIONS = T.let(%w(.zip .tbz2 .tgz .txz).freeze, T::Array[String])
|
|
16
18
|
PUBLIC_HOSTNAME = "registry.terraform.io"
|
|
17
19
|
|
|
20
|
+
sig { params(hostname: String, credentials: T::Array[Dependabot::Credential]).void }
|
|
18
21
|
def initialize(hostname: PUBLIC_HOSTNAME, credentials: [])
|
|
19
22
|
@hostname = hostname
|
|
20
|
-
@tokens =
|
|
21
|
-
|
|
22
|
-
|
|
23
|
+
@tokens = T.let(
|
|
24
|
+
credentials.each_with_object({}) do |item, memo|
|
|
25
|
+
memo[item["host"]] = item["token"] if item["type"] == "terraform_registry"
|
|
26
|
+
end,
|
|
27
|
+
T::Hash[String, String]
|
|
28
|
+
)
|
|
23
29
|
end
|
|
24
30
|
|
|
25
31
|
# rubocop:disable Metrics/PerceivedComplexity
|
|
26
|
-
# See https://www.terraform.io/docs/modules/sources.html#http-urls for
|
|
27
|
-
# details of how Terraform handle HTTP(S) sources for modules
|
|
28
32
|
# rubocop:disable Metrics/AbcSize
|
|
29
33
|
# rubocop:disable Metrics/CyclomaticComplexity
|
|
34
|
+
# See https://www.terraform.io/docs/modules/sources.html#http-urls for
|
|
35
|
+
# details of how Terraform handle HTTP(S) sources for modules
|
|
36
|
+
sig { params(raw_source: String).returns(String) }
|
|
30
37
|
def self.get_proxied_source(raw_source)
|
|
31
38
|
return raw_source unless raw_source.start_with?("http")
|
|
32
39
|
|
|
33
|
-
uri = URI.parse(raw_source.split(%r{(?<!:)//}).first)
|
|
40
|
+
uri = URI.parse(T.must(raw_source.split(%r{(?<!:)//}).first))
|
|
34
41
|
return raw_source if ARCHIVE_EXTENSIONS.any? { |ext| uri.path&.end_with?(ext) }
|
|
35
42
|
return raw_source if URI.parse(raw_source).query&.include?("archive=")
|
|
36
43
|
|
|
37
|
-
url = raw_source.split(%r{(?<!:)//}).first + "?terraform-get=1"
|
|
44
|
+
url = T.must(raw_source.split(%r{(?<!:)//}).first) + "?terraform-get=1"
|
|
38
45
|
host = URI.parse(raw_source).host
|
|
39
46
|
|
|
40
47
|
response = Dependabot::RegistryClient.get(url: url)
|
|
41
48
|
raise PrivateSourceAuthenticationFailure, host if response.status == 401
|
|
42
49
|
|
|
43
|
-
return response.headers["X-Terraform-Get"] if response.headers["X-Terraform-Get"]
|
|
50
|
+
return T.must(response.headers["X-Terraform-Get"]) if response.headers["X-Terraform-Get"]
|
|
44
51
|
|
|
45
52
|
doc = Nokogiri::XML(response.body)
|
|
46
53
|
doc.css("meta").find do |tag|
|
|
@@ -62,6 +69,7 @@ module Dependabot
|
|
|
62
69
|
# "hashicorp/aws"
|
|
63
70
|
# @return [Array<Dependabot::Terraform::Version>]
|
|
64
71
|
# @raise [Dependabot::DependabotError] when the versions cannot be retrieved
|
|
72
|
+
sig { params(identifier: String).returns(T::Array[Dependabot::Terraform::Version]) }
|
|
65
73
|
def all_provider_versions(identifier:)
|
|
66
74
|
base_url = service_url_for("providers.v1")
|
|
67
75
|
response = http_get!(URI.join(base_url, "#{identifier}/versions"))
|
|
@@ -80,6 +88,7 @@ module Dependabot
|
|
|
80
88
|
# "hashicorp/consul/aws"
|
|
81
89
|
# @return [Array<Dependabot::Terraform::Version>]
|
|
82
90
|
# @raise [Dependabot::DependabotError] when the versions cannot be retrieved
|
|
91
|
+
sig { params(identifier: String).returns(T::Array[Dependabot::Terraform::Version]) }
|
|
83
92
|
def all_module_versions(identifier:)
|
|
84
93
|
base_url = service_url_for("modules.v1")
|
|
85
94
|
response = http_get!(URI.join(base_url, "#{identifier}/versions"))
|
|
@@ -97,8 +106,9 @@ module Dependabot
|
|
|
97
106
|
# @param dependency [Dependabot::Dependency] the dependency who's source
|
|
98
107
|
# we're attempting to find
|
|
99
108
|
# @return [nil, Dependabot::Source]
|
|
109
|
+
sig { params(dependency: Dependabot::Dependency).returns(T.nilable(Dependabot::Source)) }
|
|
100
110
|
def source(dependency:)
|
|
101
|
-
type = dependency.requirements.first[:source][:type]
|
|
111
|
+
type = T.must(dependency.requirements.first)[:source][:type]
|
|
102
112
|
base_url = service_url_for(service_key_for(type))
|
|
103
113
|
case type
|
|
104
114
|
# https://www.terraform.io/internals/module-registry-protocol#download-source-code-for-a-specific-module-version
|
|
@@ -130,6 +140,7 @@ module Dependabot
|
|
|
130
140
|
# @param service_key [String] the service type described in https://www.terraform.io/docs/internals/remote-service-discovery.html#supported-services
|
|
131
141
|
# @param return String
|
|
132
142
|
# @raise [Dependabot::PrivateSourceAuthenticationFailure] when the service is not available
|
|
143
|
+
sig { params(service_key: String).returns(String) }
|
|
133
144
|
def service_url_for(service_key)
|
|
134
145
|
url_for(services.fetch(service_key))
|
|
135
146
|
rescue KeyError
|
|
@@ -138,26 +149,35 @@ module Dependabot
|
|
|
138
149
|
|
|
139
150
|
private
|
|
140
151
|
|
|
152
|
+
sig { returns(String) }
|
|
141
153
|
attr_reader :hostname
|
|
154
|
+
|
|
155
|
+
sig { returns(T::Hash[String, String]) }
|
|
142
156
|
attr_reader :tokens
|
|
143
157
|
|
|
158
|
+
sig { returns(T.class_of(Dependabot::Terraform::Version)) }
|
|
144
159
|
def version_class
|
|
145
160
|
Version
|
|
146
161
|
end
|
|
147
162
|
|
|
163
|
+
sig { params(hostname: String).returns(T::Hash[String, String]) }
|
|
148
164
|
def headers_for(hostname)
|
|
149
165
|
token = tokens[hostname]
|
|
150
166
|
token ? { "Authorization" => "Bearer #{token}" } : {}
|
|
151
167
|
end
|
|
152
168
|
|
|
169
|
+
sig { returns(T::Hash[String, String]) }
|
|
153
170
|
def services
|
|
154
|
-
@services ||=
|
|
171
|
+
@services ||= T.let(
|
|
155
172
|
begin
|
|
156
173
|
response = http_get(url_for("/.well-known/terraform.json"))
|
|
157
174
|
response.status == 200 ? JSON.parse(response.body) : {}
|
|
158
|
-
end
|
|
175
|
+
end,
|
|
176
|
+
T.nilable(T::Hash[String, String])
|
|
177
|
+
)
|
|
159
178
|
end
|
|
160
179
|
|
|
180
|
+
sig { params(type: String).returns(String) }
|
|
161
181
|
def service_key_for(type)
|
|
162
182
|
case type
|
|
163
183
|
when "module", "modules", "registry"
|
|
@@ -169,6 +189,7 @@ module Dependabot
|
|
|
169
189
|
end
|
|
170
190
|
end
|
|
171
191
|
|
|
192
|
+
sig { params(url: T.any(String, URI::Generic)).returns(Excon::Response) }
|
|
172
193
|
def http_get(url)
|
|
173
194
|
Dependabot::RegistryClient.get(
|
|
174
195
|
url: url.to_s,
|
|
@@ -176,6 +197,7 @@ module Dependabot
|
|
|
176
197
|
)
|
|
177
198
|
end
|
|
178
199
|
|
|
200
|
+
sig { params(url: URI::Generic).returns(Excon::Response) }
|
|
179
201
|
def http_get!(url)
|
|
180
202
|
response = http_get(url)
|
|
181
203
|
|
|
@@ -185,6 +207,7 @@ module Dependabot
|
|
|
185
207
|
response
|
|
186
208
|
end
|
|
187
209
|
|
|
210
|
+
sig { params(path: String).returns(String) }
|
|
188
211
|
def url_for(path)
|
|
189
212
|
uri = URI.parse(path)
|
|
190
213
|
return uri.to_s if uri.scheme == "https"
|
|
@@ -195,6 +218,7 @@ module Dependabot
|
|
|
195
218
|
uri.to_s
|
|
196
219
|
end
|
|
197
220
|
|
|
221
|
+
sig { params(message: String).returns(Dependabot::DependabotError) }
|
|
198
222
|
def error(message)
|
|
199
223
|
Dependabot::DependabotError.new(message)
|
|
200
224
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-terraform
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.296.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2025-
|
|
11
|
+
date: 2025-02-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.296.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.296.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -261,7 +261,7 @@ licenses:
|
|
|
261
261
|
- MIT
|
|
262
262
|
metadata:
|
|
263
263
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
264
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
264
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.296.0
|
|
265
265
|
post_install_message:
|
|
266
266
|
rdoc_options: []
|
|
267
267
|
require_paths:
|