dependabot-terraform 0.202.0 → 0.203.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/terraform/file_parser.rb +3 -36
- data/lib/dependabot/terraform/registry_client.rb +53 -3
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2b669fb83e693d1a970c7150284474769b9d07df0e84e9b6b4173ff3ae925c39
|
|
4
|
+
data.tar.gz: b11df05643df7d12c170a8c7b0016c6c8a5ca6392515dafccae72233bc197037
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8034bdfaeb6a7ccbf34fc758ee5ba2bf40cd0e01004df72e7860de8a01027e8b013728438982722079c20669c3ed0ad52fc466d2889f802acf4936f810121098
|
|
7
|
+
data.tar.gz: cf46b5a10c70b5e2dac7720c86ba008567c926f288ac7ce163f90d73a22d23497b255a662d38e3f799f5e1687da4d02b8240ff4095be8a14f9a0bb9596872dc6
|
|
@@ -12,6 +12,7 @@ require "dependabot/git_commit_checker"
|
|
|
12
12
|
require "dependabot/shared_helpers"
|
|
13
13
|
require "dependabot/errors"
|
|
14
14
|
require "dependabot/terraform/file_selector"
|
|
15
|
+
require "dependabot/terraform/registry_client"
|
|
15
16
|
|
|
16
17
|
module Dependabot
|
|
17
18
|
module Terraform
|
|
@@ -20,7 +21,6 @@ module Dependabot
|
|
|
20
21
|
|
|
21
22
|
include FileSelector
|
|
22
23
|
|
|
23
|
-
ARCHIVE_EXTENSIONS = %w(.zip .tbz2 .tgz .txz).freeze
|
|
24
24
|
DEFAULT_REGISTRY = "registry.terraform.io"
|
|
25
25
|
DEFAULT_NAMESPACE = "hashicorp"
|
|
26
26
|
# https://www.terraform.io/docs/language/providers/requirements.html#source-addresses
|
|
@@ -168,7 +168,7 @@ module Dependabot
|
|
|
168
168
|
# Full docs at https://www.terraform.io/docs/modules/sources.html
|
|
169
169
|
def source_from(details_hash)
|
|
170
170
|
raw_source = details_hash.fetch("source")
|
|
171
|
-
bare_source = get_proxied_source(raw_source)
|
|
171
|
+
bare_source = RegistryClient.get_proxied_source(raw_source)
|
|
172
172
|
|
|
173
173
|
source_details =
|
|
174
174
|
case source_type(bare_source)
|
|
@@ -257,39 +257,6 @@ module Dependabot
|
|
|
257
257
|
ref.match(version_regex).named_captures.fetch("version")
|
|
258
258
|
end
|
|
259
259
|
|
|
260
|
-
# rubocop:disable Metrics/PerceivedComplexity
|
|
261
|
-
# See https://www.terraform.io/docs/modules/sources.html#http-urls for
|
|
262
|
-
# details of how Terraform handle HTTP(S) sources for modules
|
|
263
|
-
def get_proxied_source(raw_source) # rubocop:disable Metrics/AbcSize
|
|
264
|
-
return raw_source unless raw_source.start_with?("http")
|
|
265
|
-
|
|
266
|
-
uri = URI.parse(raw_source.split(%r{(?<!:)//}).first)
|
|
267
|
-
return raw_source if uri.path.end_with?(*ARCHIVE_EXTENSIONS)
|
|
268
|
-
return raw_source if URI.parse(raw_source).query&.include?("archive=")
|
|
269
|
-
|
|
270
|
-
url = raw_source.split(%r{(?<!:)//}).first + "?terraform-get=1"
|
|
271
|
-
host = URI.parse(raw_source).host
|
|
272
|
-
|
|
273
|
-
response = Excon.get(
|
|
274
|
-
url,
|
|
275
|
-
idempotent: true,
|
|
276
|
-
**SharedHelpers.excon_defaults
|
|
277
|
-
)
|
|
278
|
-
raise PrivateSourceAuthenticationFailure, host if response.status == 401
|
|
279
|
-
|
|
280
|
-
return response.headers["X-Terraform-Get"] if response.headers["X-Terraform-Get"]
|
|
281
|
-
|
|
282
|
-
doc = Nokogiri::XML(response.body)
|
|
283
|
-
doc.css("meta").find do |tag|
|
|
284
|
-
tag.attributes&.fetch("name", nil)&.value == "terraform-get"
|
|
285
|
-
end&.attributes&.fetch("content", nil)&.value
|
|
286
|
-
rescue Excon::Error::Socket, Excon::Error::Timeout => e
|
|
287
|
-
raise PrivateSourceAuthenticationFailure, host if e.message.include?("no address for")
|
|
288
|
-
|
|
289
|
-
raw_source
|
|
290
|
-
end
|
|
291
|
-
# rubocop:enable Metrics/PerceivedComplexity
|
|
292
|
-
|
|
293
260
|
# rubocop:disable Metrics/PerceivedComplexity
|
|
294
261
|
def source_type(source_string)
|
|
295
262
|
return :path if source_string.start_with?(".")
|
|
@@ -305,7 +272,7 @@ module Dependabot
|
|
|
305
272
|
|
|
306
273
|
path_uri = URI.parse(source_string.split(%r{(?<!:)//}).first)
|
|
307
274
|
query_uri = URI.parse(source_string)
|
|
308
|
-
return :http_archive if path_uri.path.end_with?(*ARCHIVE_EXTENSIONS)
|
|
275
|
+
return :http_archive if path_uri.path.end_with?(*RegistryClient::ARCHIVE_EXTENSIONS)
|
|
309
276
|
return :http_archive if query_uri.query&.include?("archive=")
|
|
310
277
|
|
|
311
278
|
raise "HTTP source, but not an archive!"
|
|
@@ -10,6 +10,7 @@ module Dependabot
|
|
|
10
10
|
# Terraform::RegistryClient is a basic API client to interact with a
|
|
11
11
|
# terraform registry: https://www.terraform.io/docs/registry/api.html
|
|
12
12
|
class RegistryClient
|
|
13
|
+
ARCHIVE_EXTENSIONS = %w(.zip .tbz2 .tgz .txz).freeze
|
|
13
14
|
PUBLIC_HOSTNAME = "registry.terraform.io"
|
|
14
15
|
|
|
15
16
|
def initialize(hostname: PUBLIC_HOSTNAME, credentials: [])
|
|
@@ -19,6 +20,39 @@ module Dependabot
|
|
|
19
20
|
end
|
|
20
21
|
end
|
|
21
22
|
|
|
23
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
|
24
|
+
# See https://www.terraform.io/docs/modules/sources.html#http-urls for
|
|
25
|
+
# details of how Terraform handle HTTP(S) sources for modules
|
|
26
|
+
def self.get_proxied_source(raw_source) # rubocop:disable Metrics/AbcSize
|
|
27
|
+
return raw_source unless raw_source.start_with?("http")
|
|
28
|
+
|
|
29
|
+
uri = URI.parse(raw_source.split(%r{(?<!:)//}).first)
|
|
30
|
+
return raw_source if uri.path.end_with?(*ARCHIVE_EXTENSIONS)
|
|
31
|
+
return raw_source if URI.parse(raw_source).query&.include?("archive=")
|
|
32
|
+
|
|
33
|
+
url = raw_source.split(%r{(?<!:)//}).first + "?terraform-get=1"
|
|
34
|
+
host = URI.parse(raw_source).host
|
|
35
|
+
|
|
36
|
+
response = Excon.get(
|
|
37
|
+
url,
|
|
38
|
+
idempotent: true,
|
|
39
|
+
**SharedHelpers.excon_defaults
|
|
40
|
+
)
|
|
41
|
+
raise PrivateSourceAuthenticationFailure, host if response.status == 401
|
|
42
|
+
|
|
43
|
+
return response.headers["X-Terraform-Get"] if response.headers["X-Terraform-Get"]
|
|
44
|
+
|
|
45
|
+
doc = Nokogiri::XML(response.body)
|
|
46
|
+
doc.css("meta").find do |tag|
|
|
47
|
+
tag.attributes&.fetch("name", nil)&.value == "terraform-get"
|
|
48
|
+
end&.attributes&.fetch("content", nil)&.value
|
|
49
|
+
rescue Excon::Error::Socket, Excon::Error::Timeout => e
|
|
50
|
+
raise PrivateSourceAuthenticationFailure, host if e.message.include?("no address for")
|
|
51
|
+
|
|
52
|
+
raw_source
|
|
53
|
+
end
|
|
54
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
|
55
|
+
|
|
22
56
|
# Fetch all the versions of a provider, and return a Version
|
|
23
57
|
# representation of them.
|
|
24
58
|
#
|
|
@@ -64,10 +98,26 @@ module Dependabot
|
|
|
64
98
|
def source(dependency:)
|
|
65
99
|
type = dependency.requirements.first[:source][:type]
|
|
66
100
|
base_url = service_url_for(service_key_for(type))
|
|
67
|
-
|
|
68
|
-
|
|
101
|
+
case type
|
|
102
|
+
# https://www.terraform.io/internals/module-registry-protocol#download-source-code-for-a-specific-module-version
|
|
103
|
+
when "module", "modules", "registry"
|
|
104
|
+
download_url = URI.join(base_url, "#{dependency.name}/#{dependency.version}/download")
|
|
105
|
+
response = http_get(download_url)
|
|
106
|
+
return nil unless response.status == 204
|
|
107
|
+
|
|
108
|
+
source_url = response.headers.fetch("X-Terraform-Get")
|
|
109
|
+
source_url = URI.join(download_url, source_url) if
|
|
110
|
+
source_url.start_with?("/") ||
|
|
111
|
+
source_url.start_with?("./") ||
|
|
112
|
+
source_url.start_with?("../")
|
|
113
|
+
source_url = RegistryClient.get_proxied_source(source_url) if source_url
|
|
114
|
+
when "provider", "providers"
|
|
115
|
+
response = http_get(URI.join(base_url, "#{dependency.name}/#{dependency.version}"))
|
|
116
|
+
return nil unless response.status == 200
|
|
117
|
+
|
|
118
|
+
source_url = JSON.parse(response.body).fetch("source")
|
|
119
|
+
end
|
|
69
120
|
|
|
70
|
-
source_url = JSON.parse(response.body).fetch("source")
|
|
71
121
|
Source.from_url(source_url) if source_url
|
|
72
122
|
rescue JSON::ParserError, Excon::Error::Timeout
|
|
73
123
|
nil
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-terraform
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.203.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-08-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.203.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.203.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debase
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|