dependabot-terraform 0.295.0 → 0.296.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/terraform/registry_client.rb +39 -13
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 30eb2e7c99aefe9caa6a3e7b7fc64372b613ab51146eb17a701cd775116546f8
|
|
4
|
+
data.tar.gz: 6b197e83c13cd6a573524a1ce0cce325a78b5cf744792f95925a83d0dd68946e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ba1b5e22707cb62959165ebf7af175d50d3f7eea7c34f6058d7a91eca56ca50ab750b4fc13380627a34aefbcbcc518b2a184d5b9b197d8ce053d0f0e7a7deade
|
|
7
|
+
data.tar.gz: ab7527bec58714d60df2c9dc71a99906d1175f60a2a1ef85b9e45b1aa8461983d55b70faada0a25cf318cc3007a3500bd198870964f8b572cb4f34665d928b11
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "dependabot/dependency"
|
|
@@ -12,35 +12,42 @@ module Dependabot
|
|
|
12
12
|
# Terraform::RegistryClient is a basic API client to interact with a
|
|
13
13
|
# terraform registry: https://www.terraform.io/docs/registry/api.html
|
|
14
14
|
class RegistryClient
|
|
15
|
-
|
|
15
|
+
extend T::Sig
|
|
16
|
+
|
|
17
|
+
ARCHIVE_EXTENSIONS = T.let(%w(.zip .tbz2 .tgz .txz).freeze, T::Array[String])
|
|
16
18
|
PUBLIC_HOSTNAME = "registry.terraform.io"
|
|
17
19
|
|
|
20
|
+
sig { params(hostname: String, credentials: T::Array[Dependabot::Credential]).void }
|
|
18
21
|
def initialize(hostname: PUBLIC_HOSTNAME, credentials: [])
|
|
19
22
|
@hostname = hostname
|
|
20
|
-
@tokens =
|
|
21
|
-
|
|
22
|
-
|
|
23
|
+
@tokens = T.let(
|
|
24
|
+
credentials.each_with_object({}) do |item, memo|
|
|
25
|
+
memo[item["host"]] = item["token"] if item["type"] == "terraform_registry"
|
|
26
|
+
end,
|
|
27
|
+
T::Hash[String, String]
|
|
28
|
+
)
|
|
23
29
|
end
|
|
24
30
|
|
|
25
31
|
# rubocop:disable Metrics/PerceivedComplexity
|
|
26
|
-
# See https://www.terraform.io/docs/modules/sources.html#http-urls for
|
|
27
|
-
# details of how Terraform handle HTTP(S) sources for modules
|
|
28
32
|
# rubocop:disable Metrics/AbcSize
|
|
29
33
|
# rubocop:disable Metrics/CyclomaticComplexity
|
|
34
|
+
# See https://www.terraform.io/docs/modules/sources.html#http-urls for
|
|
35
|
+
# details of how Terraform handle HTTP(S) sources for modules
|
|
36
|
+
sig { params(raw_source: String).returns(String) }
|
|
30
37
|
def self.get_proxied_source(raw_source)
|
|
31
38
|
return raw_source unless raw_source.start_with?("http")
|
|
32
39
|
|
|
33
|
-
uri = URI.parse(raw_source.split(%r{(?<!:)//}).first)
|
|
40
|
+
uri = URI.parse(T.must(raw_source.split(%r{(?<!:)//}).first))
|
|
34
41
|
return raw_source if ARCHIVE_EXTENSIONS.any? { |ext| uri.path&.end_with?(ext) }
|
|
35
42
|
return raw_source if URI.parse(raw_source).query&.include?("archive=")
|
|
36
43
|
|
|
37
|
-
url = raw_source.split(%r{(?<!:)//}).first + "?terraform-get=1"
|
|
44
|
+
url = T.must(raw_source.split(%r{(?<!:)//}).first) + "?terraform-get=1"
|
|
38
45
|
host = URI.parse(raw_source).host
|
|
39
46
|
|
|
40
47
|
response = Dependabot::RegistryClient.get(url: url)
|
|
41
48
|
raise PrivateSourceAuthenticationFailure, host if response.status == 401
|
|
42
49
|
|
|
43
|
-
return response.headers["X-Terraform-Get"] if response.headers["X-Terraform-Get"]
|
|
50
|
+
return T.must(response.headers["X-Terraform-Get"]) if response.headers["X-Terraform-Get"]
|
|
44
51
|
|
|
45
52
|
doc = Nokogiri::XML(response.body)
|
|
46
53
|
doc.css("meta").find do |tag|
|
|
@@ -62,6 +69,7 @@ module Dependabot
|
|
|
62
69
|
# "hashicorp/aws"
|
|
63
70
|
# @return [Array<Dependabot::Terraform::Version>]
|
|
64
71
|
# @raise [Dependabot::DependabotError] when the versions cannot be retrieved
|
|
72
|
+
sig { params(identifier: String).returns(T::Array[Dependabot::Terraform::Version]) }
|
|
65
73
|
def all_provider_versions(identifier:)
|
|
66
74
|
base_url = service_url_for("providers.v1")
|
|
67
75
|
response = http_get!(URI.join(base_url, "#{identifier}/versions"))
|
|
@@ -80,6 +88,7 @@ module Dependabot
|
|
|
80
88
|
# "hashicorp/consul/aws"
|
|
81
89
|
# @return [Array<Dependabot::Terraform::Version>]
|
|
82
90
|
# @raise [Dependabot::DependabotError] when the versions cannot be retrieved
|
|
91
|
+
sig { params(identifier: String).returns(T::Array[Dependabot::Terraform::Version]) }
|
|
83
92
|
def all_module_versions(identifier:)
|
|
84
93
|
base_url = service_url_for("modules.v1")
|
|
85
94
|
response = http_get!(URI.join(base_url, "#{identifier}/versions"))
|
|
@@ -97,8 +106,9 @@ module Dependabot
|
|
|
97
106
|
# @param dependency [Dependabot::Dependency] the dependency who's source
|
|
98
107
|
# we're attempting to find
|
|
99
108
|
# @return [nil, Dependabot::Source]
|
|
109
|
+
sig { params(dependency: Dependabot::Dependency).returns(T.nilable(Dependabot::Source)) }
|
|
100
110
|
def source(dependency:)
|
|
101
|
-
type = dependency.requirements.first[:source][:type]
|
|
111
|
+
type = T.must(dependency.requirements.first)[:source][:type]
|
|
102
112
|
base_url = service_url_for(service_key_for(type))
|
|
103
113
|
case type
|
|
104
114
|
# https://www.terraform.io/internals/module-registry-protocol#download-source-code-for-a-specific-module-version
|
|
@@ -130,6 +140,7 @@ module Dependabot
|
|
|
130
140
|
# @param service_key [String] the service type described in https://www.terraform.io/docs/internals/remote-service-discovery.html#supported-services
|
|
131
141
|
# @param return String
|
|
132
142
|
# @raise [Dependabot::PrivateSourceAuthenticationFailure] when the service is not available
|
|
143
|
+
sig { params(service_key: String).returns(String) }
|
|
133
144
|
def service_url_for(service_key)
|
|
134
145
|
url_for(services.fetch(service_key))
|
|
135
146
|
rescue KeyError
|
|
@@ -138,26 +149,35 @@ module Dependabot
|
|
|
138
149
|
|
|
139
150
|
private
|
|
140
151
|
|
|
152
|
+
sig { returns(String) }
|
|
141
153
|
attr_reader :hostname
|
|
154
|
+
|
|
155
|
+
sig { returns(T::Hash[String, String]) }
|
|
142
156
|
attr_reader :tokens
|
|
143
157
|
|
|
158
|
+
sig { returns(T.class_of(Dependabot::Terraform::Version)) }
|
|
144
159
|
def version_class
|
|
145
160
|
Version
|
|
146
161
|
end
|
|
147
162
|
|
|
163
|
+
sig { params(hostname: String).returns(T::Hash[String, String]) }
|
|
148
164
|
def headers_for(hostname)
|
|
149
165
|
token = tokens[hostname]
|
|
150
166
|
token ? { "Authorization" => "Bearer #{token}" } : {}
|
|
151
167
|
end
|
|
152
168
|
|
|
169
|
+
sig { returns(T::Hash[String, String]) }
|
|
153
170
|
def services
|
|
154
|
-
@services ||=
|
|
171
|
+
@services ||= T.let(
|
|
155
172
|
begin
|
|
156
173
|
response = http_get(url_for("/.well-known/terraform.json"))
|
|
157
174
|
response.status == 200 ? JSON.parse(response.body) : {}
|
|
158
|
-
end
|
|
175
|
+
end,
|
|
176
|
+
T.nilable(T::Hash[String, String])
|
|
177
|
+
)
|
|
159
178
|
end
|
|
160
179
|
|
|
180
|
+
sig { params(type: String).returns(String) }
|
|
161
181
|
def service_key_for(type)
|
|
162
182
|
case type
|
|
163
183
|
when "module", "modules", "registry"
|
|
@@ -169,13 +189,17 @@ module Dependabot
|
|
|
169
189
|
end
|
|
170
190
|
end
|
|
171
191
|
|
|
192
|
+
sig { params(url: T.any(String, URI::Generic)).returns(Excon::Response) }
|
|
172
193
|
def http_get(url)
|
|
173
194
|
Dependabot::RegistryClient.get(
|
|
174
195
|
url: url.to_s,
|
|
175
196
|
headers: headers_for(hostname)
|
|
176
197
|
)
|
|
198
|
+
rescue Excon::Error::Socket, Excon::Error::Timeout
|
|
199
|
+
raise PrivateSourceBadResponse, hostname
|
|
177
200
|
end
|
|
178
201
|
|
|
202
|
+
sig { params(url: URI::Generic).returns(Excon::Response) }
|
|
179
203
|
def http_get!(url)
|
|
180
204
|
response = http_get(url)
|
|
181
205
|
|
|
@@ -185,6 +209,7 @@ module Dependabot
|
|
|
185
209
|
response
|
|
186
210
|
end
|
|
187
211
|
|
|
212
|
+
sig { params(path: String).returns(String) }
|
|
188
213
|
def url_for(path)
|
|
189
214
|
uri = URI.parse(path)
|
|
190
215
|
return uri.to_s if uri.scheme == "https"
|
|
@@ -195,6 +220,7 @@ module Dependabot
|
|
|
195
220
|
uri.to_s
|
|
196
221
|
end
|
|
197
222
|
|
|
223
|
+
sig { params(message: String).returns(Dependabot::DependabotError) }
|
|
198
224
|
def error(message)
|
|
199
225
|
Dependabot::DependabotError.new(message)
|
|
200
226
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-terraform
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.296.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2025-
|
|
11
|
+
date: 2025-02-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.296.1
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.296.1
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -261,7 +261,7 @@ licenses:
|
|
|
261
261
|
- MIT
|
|
262
262
|
metadata:
|
|
263
263
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
264
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
264
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.296.1
|
|
265
265
|
post_install_message:
|
|
266
266
|
rdoc_options: []
|
|
267
267
|
require_paths:
|