dependency_checker 0.2.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 0e51ad69dd9620d0bdf8edc59856b9c1ca489eb1cc259c03b7e230ad8e38bdaa
+  data.tar.gz: ca995ece8099855978f71fecb2b80e930528e62ad6790bce650fc75fe8bf2889
+SHA512:
+  metadata.gz: 9d447cba1d6b93e9faff062534241b79df938d9ea520076e1adcaf25cb7d4295e68cc7cc8ce10593a06854a3b7c64073b819380d82bd8b55d85eef290b930518
+  data.tar.gz: f364be7088d1a4ad70895cc13df206d2b5eef11eb6a32582d8d747c23f3c6bc80a92a4f4b39b5d3cf0cbab767e64304f60da86af04246c397097d310ed65aba7

data/README.md

@@ -0,0 +1,63 @@
+# dependency-checker
+
+The dependency-checker tool validates dependencies in `metadata.json` files in Puppet modules or YAML files containing arrays of Puppet modules against the latest published versions on the [Puppet Forge](https://forge.puppet.com/).
+
+## Compatibility
+
+dependency-checker is compatible with Ruby versions 2.0.0 and newer.
+
+## Installation
+
+via `gem` command:
+
+    `gem install metadata_json_deps`
+
+via Gemfile:
+
+    `gem 'metadata_json_deps`
+
+## Usage
+
+Run against a single Puppet module metadata.json file
+
+    $ dependency-checker /path/to/metadata.json
+
+You can use a local/remote YAML file containing an array of modules (using syntax `namespace/module`)
+
+    $ dependency-checker managed_modules.yaml
+
+It can also be run verbosely to show valid dependencies:
+
+    $ dependency-checker -v modules/*/metadata.json
+
+You can also run it inside a module during a pre-release to determine the effect of a version bump in the metadata.json:
+
+    $ dependency-checker -c ../*/metadata.json
+
+Or you can supply an override value
+
+    $ dependency-checker ../*/metadata.json -o puppetlabs/stdlib,10.0.0
+
+The following optional parameters are available:
+```
+    -o, --override module,version    Forge name of module and semantic version to override
+    -c, --current                    Extract override version from metadata.json inside current working directory
+    -v, --[no-]verbose               Run verbosely
+    -h, --help                       Display help
+```
+
+If attempting to use both `-o` and `-c`, an error will be thrown as these can only be used exclusively.
+
+### Testing with dependency-checker as a Rake task
+
+You can also integrate `dependency-checker` checks into your tests using a Rake task:
+
+```ruby
+require 'dependency_checker'
+
+desc 'Run dependency-checker'
+task :metadata_deps do
+  files = FileList['modules/*/metadata.json']
+  DependencyChecker::Runner.run(files)
+end
+```

data/bin/dependency-checker

@@ -0,0 +1,53 @@
+#!/usr/bin/env ruby
+
+require 'optparse'
+require 'dependency_checker'
+require 'json'
+
+options = {}
+OptionParser.new { |opts|
+  opts.on('-o module,version', '--override module,version', Array, 'Forge name of module and semantic version to override') do |override|
+    options[:override] = override
+  end
+
+  opts.on('-c', '--current', 'Extract override version from metadata.json inside current working directory') do |current_override|
+    options[:current_override] = current_override
+  end
+
+  opts.on('-v', '--[no-]verbose', 'Run verbosely') do |verbose|
+    options[:verbose] = verbose
+  end
+
+  opts.on('-h', '--help', 'Display help') do
+    puts opts
+    exit
+  end
+}.parse!
+
+# Determine which modules to pass on to runner
+managed_modules = nil
+unless ARGV.empty?
+  # If length == 1, only pass first argument, else pass the array of metadata.json files
+  managed_modules = ((ARGV.length == 1) ? ARGV[0] : ARGV)
+end
+
+# Raise error if both :override and :current_override are specified
+if options[:override] && options[:current_override]
+  raise OptionParser::InvalidOption, 'You can not select both override and current override options'
+end
+
+# If :current_override is specified, retrieve name and version of module in current working directory
+if options[:current_override]
+  metadata_json = JSON.parse(File.read('metadata.json'))
+  module_name = metadata_json['name'].sub('-', '/')
+  module_version = metadata_json['version']
+
+  override_check = metadata_json.is_a?(Hash) && !metadata_json.empty?
+  options[:override] = [module_name, module_version] if override_check
+  raise OptionParser::InvalidOption, 'Unable to find local metadata.json in current working directory' unless override_check
+end
+
+# Default :verbose to false
+options[:verbose] ||= false
+
+DependencyChecker::Runner.run_with_args(managed_modules, options[:override], options[:verbose])

data/lib/dependency_checker.rb

@@ -0,0 +1,6 @@
+# Module for checking the dependencies of Puppet Module using data retrieved from the Puppet Forge.
+module DependencyChecker
+  autoload :ForgeHelper, 'dependency_checker/forge_helper'
+  autoload :MetadataChecker, 'dependency_checker/metadata_checker'
+  autoload :Runner, 'dependency_checker/runner'
+end

data/lib/dependency_checker/forge_helper.rb

@@ -0,0 +1,58 @@
+require 'puppet_forge'
+require 'semantic_puppet'
+
+# Helper class for fetching data from the Forge and perform some basic operations
+class DependencyChecker::ForgeHelper
+  def initialize(cache = {})
+    @cache = cache
+  end
+
+  # Retrieve current version of module
+  # @return [SemanticPuppet::Version]
+  def get_current_version(module_name)
+    module_name = module_name.sub('/', '-')
+    version = nil
+    version = get_version(@cache[module_name]) if @cache.key?(module_name)
+
+    unless version
+      version = get_version(get_module_data(module_name)) if check_module_exists(module_name)
+    end
+
+    version
+  end
+
+  # Retrieve module data from Forge
+  # @return [Hash] Hash containing JSON response from Forge
+  def get_module_data(module_name)
+    module_name = module_name.sub('/', '-')
+    module_data = @cache[module_name]
+    begin
+      @cache[module_name] = module_data = PuppetForge::Module.find(module_name) unless module_data
+    rescue Faraday::ClientError
+      return nil
+    end
+
+    module_data
+  end
+
+  # Retrieve module from Forge
+  # @return [PuppetForge::Module]
+  def check_module_exists(module_name)
+    !get_module_data(module_name).nil?
+  end
+
+  # Check if a module is deprecated from data fetched from the Forge
+  # @return [Boolean] boolean result stating whether module is deprecated
+  def check_module_deprecated(module_name)
+    module_name = module_name.sub('/', '-')
+    module_data = get_module_data(module_name)
+    version = get_current_version(module_name)
+    version.to_s.eql?('999.999.999') || version.to_s.eql?('99.99.99') || !module_data.attribute('deprecated_at').nil?
+  end
+
+  private
+
+  def get_version(module_data)
+    SemanticPuppet::Version.parse(module_data.current_release.version)
+  end
+end

data/lib/dependency_checker/metadata_checker.rb

@@ -0,0 +1,35 @@
+require 'semantic_puppet'
+
+# Checks dependencies of passed in metadata and performs checks to verify constraints
+class DependencyChecker::MetadataChecker
+  def initialize(metadata, forge, updated_module, updated_module_version)
+    @metadata = metadata
+    @forge = forge
+    @updated_module = updated_module.sub('-', '/') if updated_module
+    @updated_module_version = updated_module_version if updated_module_version
+  end
+
+  # Perform constraint comparisons of dependencies based on their latest version, and also
+  # override any occurance of @updated_module with @updated_module_version
+  # @return [Map] a map of dependencies along with their constraint, current version and whether they satisfy the constraint
+  def check_dependencies
+    fetch_module_dependencies.map do |dependency, constraint|
+      dependency = dependency.sub('-', '/')
+      current = (dependency == @updated_module) ? SemanticPuppet::Version.parse(@updated_module_version) : @forge.get_current_version(dependency)
+      [dependency, constraint, current, constraint.include?(current)]
+    end
+  end
+
+  private
+
+  # Retrieve dependencies from @metedata
+  # @return [Map] a map with the name of the dependency and its constraint
+  def fetch_module_dependencies
+    return [] unless @metadata[:dependencies]
+
+    @metadata[:dependencies].map do |dep|
+      constraint = dep[:version_requirement] || '>= 0'
+      [dep[:name], SemanticPuppet::VersionRange.parse(constraint)]
+    end
+  end
+end

data/lib/dependency_checker/runner.rb

@@ -0,0 +1,197 @@
+require 'json'
+require 'yaml'
+require 'net/http'
+require 'uri'
+require 'logger'
+require 'parallel'
+
+# Main runner for DependencyChecker
+class DependencyChecker::Runner
+  def initialize(managed_modules_arg, override, verbose)
+    @managed_modules_arg = managed_modules_arg
+    @override = !override.nil?
+    @updated_module = override[0] if @override
+    @updated_module_version = override[1] if @override
+    @verbose = verbose
+    @forge = DependencyChecker::ForgeHelper.new
+  end
+
+  def run
+    validate_override if @override
+
+    message = "_*Starting dependency checks...*_\n\n"
+
+    # If override is enabled
+    message += "Overriding *#{@updated_module}* version with *#{@updated_module_version}*\n\n" if @override
+
+    # Post warning if @updated_module is deprecated
+    message += "The module you are comparing against *#{@updated_module}* is *deprecated*.\n\n" if @override && @forge.check_module_deprecated(@updated_module)
+
+    # Post message if using default managed_modules
+    if @managed_modules_arg.nil?
+      message += "No local path(s) to metadata.json or file argument specified. Defaulting to Puppet supported modules.\n\n"
+      @managed_modules_arg = 'https://gist.githubusercontent.com/eimlav/6df50eda0b1c57c1ab8c33b64c82c336/raw/managed_modules.yaml'
+    end
+
+    @use_local_files = @managed_modules_arg.instance_of?(Array) || @managed_modules_arg.end_with?('.json')
+
+    @modules = @use_local_files ? Array(@managed_modules_arg) : return_modules(@managed_modules_arg)
+
+    # Post results of dependency checks
+    message += run_dependency_checks
+    message += 'All modules have valid dependencies.' if run_dependency_checks.empty?
+
+    post(message)
+  end
+
+  # Validate override from runner and return an error if any issues are encountered
+  def validate_override
+    raise "*Error:* Could not find *#{@updated_module}* on Puppet Forge! Ensure updated_module argument is valid." unless check_module_exists(@updated_module)
+    raise "*Error:* Verify semantic versioning syntax *#{@updated_module_version}* of updated_module_version argument." unless SemanticPuppet::Version.valid?(@updated_module_version)
+  end
+
+  # Check with forge if a specified module exists
+  # @param module_name [String]
+  # @return [Boolean] boolean based on whether the module exists or not
+  def check_module_exists(module_name)
+    @forge.check_module_exists(module_name)
+  end
+
+  # Perform dependency checks on modules supplied by @modules
+  def run_dependency_checks
+    # Cross reference dependencies from managed_modules file with @updated_module and @updated_module_version
+    messages = Parallel.map(@modules) do |module_path|
+      module_name = @use_local_files ? get_name_from_metadata(module_path) : module_path
+      mod_message = "Checking *#{module_path}* dependencies.\n"
+      exists_on_forge = true
+
+      # Check module_path is valid
+      unless check_module_exists(module_name)
+        if @use_local_files
+          exists_on_forge = false
+        else
+          mod_message += "\t*Error:* Could not find *#{module_name}* on Puppet Forge! Ensure the module exists.\n\n"
+          next mod_message
+        end
+      end
+
+      # Fetch module dependencies
+
+      dependencies = @use_local_files ? get_dependencies_from_metadata(module_path) : get_dependencies(module_name)
+
+      # Post warning if module_path is deprecated
+      mod_deprecated = exists_on_forge ? @forge.check_module_deprecated(module_name) : false
+      mod_message += "\t*Warning:* *#{module_name}* is *deprecated*.\n" if mod_deprecated
+
+      if dependencies.empty?
+        mod_message += "\tNo dependencies listed\n\n"
+        next mod_message if @verbose && !mod_deprecated
+      end
+
+      # Check each dependency to see if the latest version matchs the current modules' dependency constraints
+      all_match = true
+      dependencies.each do |dependency, constraint, current, satisfied|
+        if satisfied && @verbose
+          mod_message += "\t#{dependency} (#{constraint}) *matches* #{current}\n"
+        elsif !satisfied
+          all_match = false
+          mod_message += "\t#{dependency} (#{constraint}) *doesn't match* #{current}\n"
+        end
+
+        if @forge.check_module_deprecated(dependency)
+          all_match = false
+          mod_message += "\t\t*Warning:* *#{dependency}* is *deprecated*.\n"
+        end
+
+        found_deprecation = true if @forge.check_module_deprecated(dependency)
+
+        # Post warning if dependency is deprecated
+        mod_message += "\tThe dependency module *#{dependency}* is *deprecated*.\n" if found_deprecation
+      end
+
+      mod_message += "\tAll dependencies match\n" if all_match
+      mod_message += "\n"
+
+      # If @verbose is true, always post message
+      # If @verbose is false, only post if all dependencies don't match and/or if a dependency is deprecated
+      (all_match && !@verbose) ? '' : mod_message
+    end
+
+    message = ''
+    messages.each do |result|
+      message += result
+    end
+
+    message
+  end
+
+  # Get dependencies of a supplied module and use the override values from @updated_module and @updated_module_version
+  # to verify if the depedencies are satisfied
+  # @param module_name [String]
+  # @return [Map] a map of dependencies along with their constraint, current version and whether they satisfy the constraint
+  def get_dependencies(module_name)
+    module_data = @forge.get_module_data(module_name)
+
+    metadata = module_data.current_release.metadata
+    checker = DependencyChecker::MetadataChecker.new(metadata, @forge, @updated_module, @updated_module_version)
+    checker.check_dependencies
+  end
+
+  # Get dependencies of a supplied module from a metadata.json file to verify if the depedencies are satisfied
+  # @param module_name [String]
+  # @return [Map] a map of dependencies along with their constraint, current version and whether they satisfy the constraint
+  def get_dependencies_from_metadata(metadata_path)
+    metadata = JSON.parse(File.read(metadata_path), symbolize_names: true)
+    checker = DependencyChecker::MetadataChecker.new(metadata, @forge, @updated_module, @updated_module_version)
+    checker.check_dependencies
+  end
+
+  # Get dependencies of a supplied module from a metadata.json file to verify if the depedencies are satisfied
+  # @param module_name [String]
+  # @return [Map] a map of dependencies along with their constraint, current version and whether they satisfy the constraint
+  def get_name_from_metadata(metadata_path)
+    metadata = JSON.parse(File.read(metadata_path), symbolize_names: true)
+    metadata[:name]
+  end
+
+  # Retrieve the array of module names from the supplied filename/URL
+  # @return [Array] an array of module names
+  def return_modules(managed_modules_path)
+    managed_modules = {}
+    managed_modules_yaml = {}
+
+    begin
+      if managed_modules_path =~ URI::DEFAULT_PARSER.make_regexp
+        managed_modules = Net::HTTP.get(URI.parse(managed_modules_path))
+      elsif File.file?(managed_modules_path)
+        managed_modules = File.read(managed_modules_path)
+      else
+        raise 'Error'
+      end
+    rescue StandardError
+      raise "*Error:* Ensure *#{managed_modules_path}* is a valid file path or URL"
+    end
+
+    begin
+      managed_modules_yaml = YAML.safe_load(managed_modules)
+    rescue StandardError
+      raise '*Error:* Ensure syntax of managed_modules file is a valid YAML array'
+    end
+
+    managed_modules_yaml
+  end
+
+  # Post message to terminal
+  # @param message [String]
+  def post(message)
+    puts message
+  end
+
+  def self.run_with_args(managed_modules_path, override, verbose)
+    new(managed_modules_path, override, verbose).run
+  end
+
+  def self.run(managed_modules_path)
+    new(managed_modules_path, nil, false, nil).run
+  end
+end

metadata

@@ -0,0 +1,139 @@
+--- !ruby/object:Gem::Specification
+name: dependency_checker
+version: !ruby/object:Gem::Version
+  version: 0.2.0
+platform: ruby
+authors:
+- Ewoud Kohl van Wijngaarden
+- Puppet
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-03-22 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: puppet_forge
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.3'
+- !ruby/object:Gem::Dependency
+  name: semantic_puppet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: parallel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: "    Verify all your dependencies allow the latest versions on Puppet
+  Forge. \n    Based on https://github.com/ekohl/metadata_json_deps\n"
+email:
+- info@puppet.com
+executables:
+- dependency-checker
+extensions: []
+extra_rdoc_files:
+- README.md
+files:
+- README.md
+- bin/dependency-checker
+- lib/dependency_checker.rb
+- lib/dependency_checker/forge_helper.rb
+- lib/dependency_checker/metadata_checker.rb
+- lib/dependency_checker/runner.rb
+homepage: https://github.com/puppetlabs/dependency_checker
+licenses:
+- MIT
+metadata:
+  source_code_uri: https://github.com/puppetlabs/dependency_checker
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.0.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.7
+signing_key: 
+specification_version: 4
+summary: Check your Puppet metadata dependencies
+test_files: []