dependabot-terraform 0.202.0 → 0.203.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/terraform/file_parser.rb +3 -36
- data/lib/dependabot/terraform/registry_client.rb +53 -3
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2b669fb83e693d1a970c7150284474769b9d07df0e84e9b6b4173ff3ae925c39
|
|
4
|
+
data.tar.gz: b11df05643df7d12c170a8c7b0016c6c8a5ca6392515dafccae72233bc197037
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8034bdfaeb6a7ccbf34fc758ee5ba2bf40cd0e01004df72e7860de8a01027e8b013728438982722079c20669c3ed0ad52fc466d2889f802acf4936f810121098
|
|
7
|
+
data.tar.gz: cf46b5a10c70b5e2dac7720c86ba008567c926f288ac7ce163f90d73a22d23497b255a662d38e3f799f5e1687da4d02b8240ff4095be8a14f9a0bb9596872dc6
|
|
@@ -12,6 +12,7 @@ require "dependabot/git_commit_checker"
|
|
|
12
12
|
require "dependabot/shared_helpers"
|
|
13
13
|
require "dependabot/errors"
|
|
14
14
|
require "dependabot/terraform/file_selector"
|
|
15
|
+
require "dependabot/terraform/registry_client"
|
|
15
16
|
|
|
16
17
|
module Dependabot
|
|
17
18
|
module Terraform
|
|
@@ -20,7 +21,6 @@ module Dependabot
|
|
|
20
21
|
|
|
21
22
|
include FileSelector
|
|
22
23
|
|
|
23
|
-
ARCHIVE_EXTENSIONS = %w(.zip .tbz2 .tgz .txz).freeze
|
|
24
24
|
DEFAULT_REGISTRY = "registry.terraform.io"
|
|
25
25
|
DEFAULT_NAMESPACE = "hashicorp"
|
|
26
26
|
# https://www.terraform.io/docs/language/providers/requirements.html#source-addresses
|
|
@@ -168,7 +168,7 @@ module Dependabot
|
|
|
168
168
|
# Full docs at https://www.terraform.io/docs/modules/sources.html
|
|
169
169
|
def source_from(details_hash)
|
|
170
170
|
raw_source = details_hash.fetch("source")
|
|
171
|
-
bare_source = get_proxied_source(raw_source)
|
|
171
|
+
bare_source = RegistryClient.get_proxied_source(raw_source)
|
|
172
172
|
|
|
173
173
|
source_details =
|
|
174
174
|
case source_type(bare_source)
|
|
@@ -257,39 +257,6 @@ module Dependabot
|
|
|
257
257
|
ref.match(version_regex).named_captures.fetch("version")
|
|
258
258
|
end
|
|
259
259
|
|
|
260
|
-
# rubocop:disable Metrics/PerceivedComplexity
|
|
261
|
-
# See https://www.terraform.io/docs/modules/sources.html#http-urls for
|
|
262
|
-
# details of how Terraform handle HTTP(S) sources for modules
|
|
263
|
-
def get_proxied_source(raw_source) # rubocop:disable Metrics/AbcSize
|
|
264
|
-
return raw_source unless raw_source.start_with?("http")
|
|
265
|
-
|
|
266
|
-
uri = URI.parse(raw_source.split(%r{(?<!:)//}).first)
|
|
267
|
-
return raw_source if uri.path.end_with?(*ARCHIVE_EXTENSIONS)
|
|
268
|
-
return raw_source if URI.parse(raw_source).query&.include?("archive=")
|
|
269
|
-
|
|
270
|
-
url = raw_source.split(%r{(?<!:)//}).first + "?terraform-get=1"
|
|
271
|
-
host = URI.parse(raw_source).host
|
|
272
|
-
|
|
273
|
-
response = Excon.get(
|
|
274
|
-
url,
|
|
275
|
-
idempotent: true,
|
|
276
|
-
**SharedHelpers.excon_defaults
|
|
277
|
-
)
|
|
278
|
-
raise PrivateSourceAuthenticationFailure, host if response.status == 401
|
|
279
|
-
|
|
280
|
-
return response.headers["X-Terraform-Get"] if response.headers["X-Terraform-Get"]
|
|
281
|
-
|
|
282
|
-
doc = Nokogiri::XML(response.body)
|
|
283
|
-
doc.css("meta").find do |tag|
|
|
284
|
-
tag.attributes&.fetch("name", nil)&.value == "terraform-get"
|
|
285
|
-
end&.attributes&.fetch("content", nil)&.value
|
|
286
|
-
rescue Excon::Error::Socket, Excon::Error::Timeout => e
|
|
287
|
-
raise PrivateSourceAuthenticationFailure, host if e.message.include?("no address for")
|
|
288
|
-
|
|
289
|
-
raw_source
|
|
290
|
-
end
|
|
291
|
-
# rubocop:enable Metrics/PerceivedComplexity
|
|
292
|
-
|
|
293
260
|
# rubocop:disable Metrics/PerceivedComplexity
|
|
294
261
|
def source_type(source_string)
|
|
295
262
|
return :path if source_string.start_with?(".")
|
|
@@ -305,7 +272,7 @@ module Dependabot
|
|
|
305
272
|
|
|
306
273
|
path_uri = URI.parse(source_string.split(%r{(?<!:)//}).first)
|
|
307
274
|
query_uri = URI.parse(source_string)
|
|
308
|
-
return :http_archive if path_uri.path.end_with?(*ARCHIVE_EXTENSIONS)
|
|
275
|
+
return :http_archive if path_uri.path.end_with?(*RegistryClient::ARCHIVE_EXTENSIONS)
|
|
309
276
|
return :http_archive if query_uri.query&.include?("archive=")
|
|
310
277
|
|
|
311
278
|
raise "HTTP source, but not an archive!"
|
|
@@ -10,6 +10,7 @@ module Dependabot
|
|
|
10
10
|
# Terraform::RegistryClient is a basic API client to interact with a
|
|
11
11
|
# terraform registry: https://www.terraform.io/docs/registry/api.html
|
|
12
12
|
class RegistryClient
|
|
13
|
+
ARCHIVE_EXTENSIONS = %w(.zip .tbz2 .tgz .txz).freeze
|
|
13
14
|
PUBLIC_HOSTNAME = "registry.terraform.io"
|
|
14
15
|
|
|
15
16
|
def initialize(hostname: PUBLIC_HOSTNAME, credentials: [])
|
|
@@ -19,6 +20,39 @@ module Dependabot
|
|
|
19
20
|
end
|
|
20
21
|
end
|
|
21
22
|
|
|
23
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
|
24
|
+
# See https://www.terraform.io/docs/modules/sources.html#http-urls for
|
|
25
|
+
# details of how Terraform handle HTTP(S) sources for modules
|
|
26
|
+
def self.get_proxied_source(raw_source) # rubocop:disable Metrics/AbcSize
|
|
27
|
+
return raw_source unless raw_source.start_with?("http")
|
|
28
|
+
|
|
29
|
+
uri = URI.parse(raw_source.split(%r{(?<!:)//}).first)
|
|
30
|
+
return raw_source if uri.path.end_with?(*ARCHIVE_EXTENSIONS)
|
|
31
|
+
return raw_source if URI.parse(raw_source).query&.include?("archive=")
|
|
32
|
+
|
|
33
|
+
url = raw_source.split(%r{(?<!:)//}).first + "?terraform-get=1"
|
|
34
|
+
host = URI.parse(raw_source).host
|
|
35
|
+
|
|
36
|
+
response = Excon.get(
|
|
37
|
+
url,
|
|
38
|
+
idempotent: true,
|
|
39
|
+
**SharedHelpers.excon_defaults
|
|
40
|
+
)
|
|
41
|
+
raise PrivateSourceAuthenticationFailure, host if response.status == 401
|
|
42
|
+
|
|
43
|
+
return response.headers["X-Terraform-Get"] if response.headers["X-Terraform-Get"]
|
|
44
|
+
|
|
45
|
+
doc = Nokogiri::XML(response.body)
|
|
46
|
+
doc.css("meta").find do |tag|
|
|
47
|
+
tag.attributes&.fetch("name", nil)&.value == "terraform-get"
|
|
48
|
+
end&.attributes&.fetch("content", nil)&.value
|
|
49
|
+
rescue Excon::Error::Socket, Excon::Error::Timeout => e
|
|
50
|
+
raise PrivateSourceAuthenticationFailure, host if e.message.include?("no address for")
|
|
51
|
+
|
|
52
|
+
raw_source
|
|
53
|
+
end
|
|
54
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
|
55
|
+
|
|
22
56
|
# Fetch all the versions of a provider, and return a Version
|
|
23
57
|
# representation of them.
|
|
24
58
|
#
|
|
@@ -64,10 +98,26 @@ module Dependabot
|
|
|
64
98
|
def source(dependency:)
|
|
65
99
|
type = dependency.requirements.first[:source][:type]
|
|
66
100
|
base_url = service_url_for(service_key_for(type))
|
|
67
|
-
|
|
68
|
-
|
|
101
|
+
case type
|
|
102
|
+
# https://www.terraform.io/internals/module-registry-protocol#download-source-code-for-a-specific-module-version
|
|
103
|
+
when "module", "modules", "registry"
|
|
104
|
+
download_url = URI.join(base_url, "#{dependency.name}/#{dependency.version}/download")
|
|
105
|
+
response = http_get(download_url)
|
|
106
|
+
return nil unless response.status == 204
|
|
107
|
+
|
|
108
|
+
source_url = response.headers.fetch("X-Terraform-Get")
|
|
109
|
+
source_url = URI.join(download_url, source_url) if
|
|
110
|
+
source_url.start_with?("/") ||
|
|
111
|
+
source_url.start_with?("./") ||
|
|
112
|
+
source_url.start_with?("../")
|
|
113
|
+
source_url = RegistryClient.get_proxied_source(source_url) if source_url
|
|
114
|
+
when "provider", "providers"
|
|
115
|
+
response = http_get(URI.join(base_url, "#{dependency.name}/#{dependency.version}"))
|
|
116
|
+
return nil unless response.status == 200
|
|
117
|
+
|
|
118
|
+
source_url = JSON.parse(response.body).fetch("source")
|
|
119
|
+
end
|
|
69
120
|
|
|
70
|
-
source_url = JSON.parse(response.body).fetch("source")
|
|
71
121
|
Source.from_url(source_url) if source_url
|
|
72
122
|
rescue JSON::ParserError, Excon::Error::Timeout
|
|
73
123
|
nil
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-terraform
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.203.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-08-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.203.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.203.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debase
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|