dependency_checker 0.2.0 → 1.0.0.rc.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0e51ad69dd9620d0bdf8edc59856b9c1ca489eb1cc259c03b7e230ad8e38bdaa
-  data.tar.gz: ca995ece8099855978f71fecb2b80e930528e62ad6790bce650fc75fe8bf2889
+  metadata.gz: a912b3208a333f3f4ab015a010f20792216e86dc0c510138f68eb7a0a0130d7e
+  data.tar.gz: bab5dd61e4b3eecbd0f1b0b5b56e15f2210a9e66c4d9dced5f337417b203281e
 SHA512:
-  metadata.gz: 9d447cba1d6b93e9faff062534241b79df938d9ea520076e1adcaf25cb7d4295e68cc7cc8ce10593a06854a3b7c64073b819380d82bd8b55d85eef290b930518
-  data.tar.gz: f364be7088d1a4ad70895cc13df206d2b5eef11eb6a32582d8d747c23f3c6bc80a92a4f4b39b5d3cf0cbab767e64304f60da86af04246c397097d310ed65aba7
+  metadata.gz: 985c43c4a59ad41082caa48c6bf221b130f33a33ea398669d70ceb9e8b4fd2fc1d61d3f84d8a23be91297d067bb028ea1511862625201181656a76cbfcb4172e
+  data.tar.gz: ac10b8572dfcede807454d7d6a89fcff83f5718f2c150ef5fedc47c7fd56712a12fec72442180ca8d434c7be7725c4ff686bd0bb351d1b1d9a5c86d9fdbeb1fa

data/README.md

@@ -1,52 +1,74 @@
 # dependency-checker
 
-The dependency-checker tool validates dependencies in `metadata.json` files in Puppet modules or YAML files containing arrays of Puppet modules against the latest published versions on the [Puppet Forge](https://forge.puppet.com/).
-
-## Compatibility
-
-dependency-checker is compatible with Ruby versions 2.0.0 and newer.
+The dependency-checker tool validates dependencies in Puppet modules against the
+latest published versions on the [Puppet Forge](https://forge.puppet.com/). This
+means that it will ensure that a module supports the latest version of all the
+dependencies it declares.
 
 ## Installation
 
-via `gem` command:
+Install via RubyGems:
 
-    `gem install metadata_json_deps`
+    $ gem install dependency_checker
 
-via Gemfile:
+Or add it to your `Gemfile`:
 
-    `gem 'metadata_json_deps`
+    gem 'dependency_checker'
 
 ## Usage
 
-Run against a single Puppet module metadata.json file
+Run against a single Puppet module `metadata.json` file to ensure that the module
+supports the current versions of all the dependencies it declares:
 
     $ dependency-checker /path/to/metadata.json
 
-You can use a local/remote YAML file containing an array of modules (using syntax `namespace/module`)
+Run against a whole list of modules to ensure that each module supports the current
+version of the dependencies it declares. You can use a YAML or JSON file containing
+an array of modules (`namespace-module`). The file can be local or remote:
 
     $ dependency-checker managed_modules.yaml
+    $ dependency-checker https://my.webserver.com/path/to/managed_modules.json
+
+Run against many modules on your filesystem with a path wildcard:
+
+    $ dependency-checker modules/*/metadata.json
 
-It can also be run verbosely to show valid dependencies:
+Run against all modules in an author's Forge namespace, optionally filtering to
+only supported/approved/partner endorsements:
 
-    $ dependency-checker -v modules/*/metadata.json
+    $ dependency-checker --namespace puppetlabs
+    $ dependency-checker --namespace puppetlabs --supported
+    $ dependency-checker --namespace puppet --approved
 
-You can also run it inside a module during a pre-release to determine the effect of a version bump in the metadata.json:
+Run it inside a module or group of modules during a pre-release to determine the
+effect of version bumps in the `metadata.json` file(s):
 
+    $ dependency-checker -c
     $ dependency-checker -c ../*/metadata.json
 
-Or you can supply an override value
+Or you can supply an override value directly:
 
     $ dependency-checker ../*/metadata.json -o puppetlabs/stdlib,10.0.0
 
+The tool defaults to validating all modules supported by the Puppet IAC team if
+no module specification arguments are provided.
+
 The following optional parameters are available:
-```
+
+```text
+Usage: dependency-checker [options]
     -o, --override module,version    Forge name of module and semantic version to override
     -c, --current                    Extract override version from metadata.json inside current working directory
+    -n, --namespace namespace        Check all modules in a given namespace (filter with endorsements).
+        --endorsement endorsement    Filter a namespace search by endorsement (supported/approved/partner).
+        --es, --supported            Shorthand for `--endorsement supported`
+        --ea, --approved             Shorthand for `--endorsement approved`
+        --ep, --partner              Shorthand for `--endorsement partner`
     -v, --[no-]verbose               Run verbosely
     -h, --help                       Display help
 ```
 
-If attempting to use both `-o` and `-c`, an error will be thrown as these can only be used exclusively.
+The `-o` and `-c` arguments are exclusive, as are the endorsement filtering options.
 
 ### Testing with dependency-checker as a Rake task
 
@@ -58,6 +80,8 @@ require 'dependency_checker'
 desc 'Run dependency-checker'
 task :metadata_deps do
   files = FileList['modules/*/metadata.json']
-  DependencyChecker::Runner.run(files)
+  runner = DependencyChecker::Runner.new
+  runner.resolve_from_files(files)
+  runner.run
 end
 ```

data/bin/dependency-checker

@@ -1,11 +1,12 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 
 require 'optparse'
 require 'dependency_checker'
 require 'json'
 
 options = {}
-OptionParser.new { |opts|
+OptionParser.new do |opts|
   opts.on('-o module,version', '--override module,version', Array, 'Forge name of module and semantic version to override') do |override|
     options[:override] = override
   end
@@ -14,27 +15,56 @@ OptionParser.new { |opts|
     options[:current_override] = current_override
   end
 
-  opts.on('-v', '--[no-]verbose', 'Run verbosely') do |verbose|
-    options[:verbose] = verbose
+  opts.on('-n', '--namespace namespace', 'Check all modules in a given namespace (filter with endorsements).') do |namespace|
+    options[:namespace] = namespace
+  end
+
+  opts.on('--endorsement endorsement', 'Filter a namespace search by endorsement (supported/approved/partner).') do |endorsement|
+    raise 'You may only filter by one endorsement at a time' if options[:endorsement]
+
+    options[:endorsement] = endorsement
+  end
+
+  opts.on('--es', '--supported', 'Shorthand for `--endorsement supported`') do
+    raise 'You may only filter by one endorsement at a time' if options[:endorsement]
+
+    options[:endorsement] = 'supported'
+  end
+
+  opts.on('--ea', '--approved', 'Shorthand for `--endorsement approved`') do
+    raise 'You may only filter by one endorsement at a time' if options[:endorsement]
+
+    options[:endorsement] = 'approved'
+  end
+
+  opts.on('--ep', '--partner', 'Shorthand for `--endorsement partner`') do
+    raise 'You may only filter by one endorsement at a time' if options[:endorsement]
+
+    options[:endorsement] = 'partner'
+  end
+
+  opts.on('--ft forge_token', '--forge-token forge_token', 'The API token to authenticate the Forge connection with') do |forge_token|
+    options[:forge_token] = forge_token
+  end
+
+  opts.on('--fh forge_hostname', '--forge-hostname forge_hostname', 'Specify a specific Forge hostname to overwrite the default of https://forgeapi.puppet.com') do |forge_hostname|
+    raise 'Forge host must be specified in the format https://your-own-api.url/' unless forge_hostname.start_with? 'http'
+
+    options[:forge_hostname] = forge_hostname
+  end
+
+  opts.on('-v', '--[no-]verbose', 'Run verbosely') do
+    options[:verbose] = true
   end
 
   opts.on('-h', '--help', 'Display help') do
     puts opts
     exit
   end
-}.parse!
-
-# Determine which modules to pass on to runner
-managed_modules = nil
-unless ARGV.empty?
-  # If length == 1, only pass first argument, else pass the array of metadata.json files
-  managed_modules = ((ARGV.length == 1) ? ARGV[0] : ARGV)
-end
+end.parse!
 
 # Raise error if both :override and :current_override are specified
-if options[:override] && options[:current_override]
-  raise OptionParser::InvalidOption, 'You can not select both override and current override options'
-end
+raise OptionParser::InvalidOption, 'You can not select both override and current override options' if options[:override] && options[:current_override]
 
 # If :current_override is specified, retrieve name and version of module in current working directory
 if options[:current_override]
@@ -50,4 +80,23 @@ end
 # Default :verbose to false
 options[:verbose] ||= false
 
-DependencyChecker::Runner.run_with_args(managed_modules, options[:override], options[:verbose])
+runner = DependencyChecker::Runner.new(options[:verbose], options[:forge_hostname], options[:forge_token])
+
+if options[:namespace]
+  runner.resolve_from_namespace(options[:namespace], options[:endorsement])
+
+elsif ARGV.empty?
+  puts "No module criteria specified. Defaulting to IAC supported modules.\n\n"
+  runner.resolve_from_path('https://puppetlabs.github.io/iac/modules.json')
+
+elsif ARGV.map { |arg| File.basename arg } != ['metadata.json']
+  runner.resolve_from_path(ARGV.first)
+
+else
+  runner.resolve_from_files(ARGV)
+end
+
+runner.override = options[:override]
+runner.run
+
+exit(runner.problems.zero? ? 0 : 1)

data/lib/dependency_checker/forge_helper.rb

@@ -1,58 +1,81 @@
+# frozen_string_literal: true
+
 require 'puppet_forge'
 require 'semantic_puppet'
 
 # Helper class for fetching data from the Forge and perform some basic operations
-class DependencyChecker::ForgeHelper
-  def initialize(cache = {})
-    @cache = cache
-  end
+module DependencyChecker
+  class ForgeHelper
+    def initialize(cache = {}, forge_hostname = nil, forge_token = nil)
+      @cache = cache
+      PuppetForge.host = forge_hostname unless forge_hostname.nil?
+      PuppetForge::Connection.authorization = forge_token unless forge_token.nil?
+    end
+
+    # Retrieve current version of module
+    # @return [SemanticPuppet::Version]
+    def get_current_version(module_name)
+      module_name = module_name.sub('/', '-')
+      version = nil
+      version = get_version(@cache[module_name]) if @cache.key?(module_name)
 
-  # Retrieve current version of module
-  # @return [SemanticPuppet::Version]
-  def get_current_version(module_name)
-    module_name = module_name.sub('/', '-')
-    version = nil
-    version = get_version(@cache[module_name]) if @cache.key?(module_name)
+      version = get_version(get_module_data(module_name)) if !version && check_module_exists(module_name)
 
-    unless version
-      version = get_version(get_module_data(module_name)) if check_module_exists(module_name)
+      version
     end
 
-    version
-  end
+    # Retrieve module data from Forge
+    # @return [Hash] Hash containing JSON response from Forge
+    def get_module_data(module_name)
+      module_name = module_name.sub('/', '-')
+      module_data = @cache[module_name]
+      begin
+        @cache[module_name] = module_data = PuppetForge::Module.find(module_name) unless module_data
+      rescue Faraday::ClientError
+        return nil
+      end
 
-  # Retrieve module data from Forge
-  # @return [Hash] Hash containing JSON response from Forge
-  def get_module_data(module_name)
-    module_name = module_name.sub('/', '-')
-    module_data = @cache[module_name]
-    begin
-      @cache[module_name] = module_data = PuppetForge::Module.find(module_name) unless module_data
-    rescue Faraday::ClientError
-      return nil
+      module_data
     end
 
-    module_data
-  end
+    # Retrieve module from Forge
+    # @return [PuppetForge::Module]
+    def check_module_exists(module_name)
+      !get_module_data(module_name).nil?
+    end
 
-  # Retrieve module from Forge
-  # @return [PuppetForge::Module]
-  def check_module_exists(module_name)
-    !get_module_data(module_name).nil?
-  end
+    # Check if a module is deprecated from data fetched from the Forge
+    # @return [Boolean] boolean result stating whether module is deprecated
+    def check_module_deprecated(module_name)
+      module_name = module_name.sub('/', '-')
+      module_data = get_module_data(module_name)
+      version = get_current_version(module_name)
+      version.to_s.eql?('999.999.999') || version.to_s.eql?('99.99.99') || !module_data.attribute('deprecated_at').nil?
+    end
 
-  # Check if a module is deprecated from data fetched from the Forge
-  # @return [Boolean] boolean result stating whether module is deprecated
-  def check_module_deprecated(module_name)
-    module_name = module_name.sub('/', '-')
-    module_data = get_module_data(module_name)
-    version = get_current_version(module_name)
-    version.to_s.eql?('999.999.999') || version.to_s.eql?('99.99.99') || !module_data.attribute('deprecated_at').nil?
-  end
+    # Gets a list of all modules in a namespace, optionally filtered by endorsement.
+    # @param [String] namespace The namespace to search
+    # @param [String] endorsement to filter by (supported/approved/partner)
+    # @return [Array] list of modules
+    def modules_in_namespace(namespace, endorsement = nil)
+      modules = PuppetForge::Module.where(
+                  owner: namespace, # rubocop:disable Layout/FirstArgumentIndentation
+                  hide_deprecated: true,
+                  module_groups: 'base pe_only',
+                  endorsements: endorsement
+                )
 
-  private
+      raise "No modules found for #{namespace}." if modules.total.zero?
+
+      modules.unpaginated.map(&:slug)
+    end
 
-  def get_version(module_data)
-    SemanticPuppet::Version.parse(module_data.current_release.version)
+    private
+
+    def get_version(module_data)
+      return SemanticPuppet::Version.parse('999.999.999') unless module_data.current_release
+
+      SemanticPuppet::Version.parse(module_data.current_release.version)
+    end
   end
 end

data/lib/dependency_checker/metadata_checker.rb

@@ -1,35 +1,39 @@
+# frozen_string_literal: true
+
 require 'semantic_puppet'
 
 # Checks dependencies of passed in metadata and performs checks to verify constraints
-class DependencyChecker::MetadataChecker
-  def initialize(metadata, forge, updated_module, updated_module_version)
-    @metadata = metadata
-    @forge = forge
-    @updated_module = updated_module.sub('-', '/') if updated_module
-    @updated_module_version = updated_module_version if updated_module_version
-  end
+module DependencyChecker
+  class MetadataChecker
+    def initialize(metadata, forge, updated_module, updated_module_version)
+      @metadata = metadata
+      @forge = forge
+      @updated_module = updated_module.sub('-', '/') if updated_module
+      @updated_module_version = updated_module_version if updated_module_version
+    end
 
-  # Perform constraint comparisons of dependencies based on their latest version, and also
-  # override any occurance of @updated_module with @updated_module_version
-  # @return [Map] a map of dependencies along with their constraint, current version and whether they satisfy the constraint
-  def check_dependencies
-    fetch_module_dependencies.map do |dependency, constraint|
-      dependency = dependency.sub('-', '/')
-      current = (dependency == @updated_module) ? SemanticPuppet::Version.parse(@updated_module_version) : @forge.get_current_version(dependency)
-      [dependency, constraint, current, constraint.include?(current)]
+    # Perform constraint comparisons of dependencies based on their latest version, and also
+    # override any occurance of @updated_module with @updated_module_version
+    # @return [Map] a map of dependencies along with their constraint, current version and whether they satisfy the constraint
+    def check_dependencies
+      fetch_module_dependencies.map do |dependency, constraint|
+        dependency = dependency.sub('-', '/')
+        current = dependency == @updated_module ? SemanticPuppet::Version.parse(@updated_module_version) : @forge.get_current_version(dependency)
+        [dependency, constraint, current, constraint.include?(current)]
+      end
     end
-  end
 
-  private
+    private
 
-  # Retrieve dependencies from @metedata
-  # @return [Map] a map with the name of the dependency and its constraint
-  def fetch_module_dependencies
-    return [] unless @metadata[:dependencies]
+    # Retrieve dependencies from @metedata
+    # @return [Map] a map with the name of the dependency and its constraint
+    def fetch_module_dependencies
+      return [] unless @metadata[:dependencies]
 
-    @metadata[:dependencies].map do |dep|
-      constraint = dep[:version_requirement] || '>= 0'
-      [dep[:name], SemanticPuppet::VersionRange.parse(constraint)]
+      @metadata[:dependencies].map do |dep|
+        constraint = dep[:version_requirement] || '>= 0'
+        [dep[:name], SemanticPuppet::VersionRange.parse(constraint)]
+      end
     end
   end
 end

data/lib/dependency_checker/runner.rb

@@ -1,197 +1,199 @@
+# frozen_string_literal: true
+
 require 'json'
 require 'yaml'
-require 'net/http'
-require 'uri'
+require 'open-uri'
 require 'logger'
 require 'parallel'
 
 # Main runner for DependencyChecker
-class DependencyChecker::Runner
-  def initialize(managed_modules_arg, override, verbose)
-    @managed_modules_arg = managed_modules_arg
-    @override = !override.nil?
-    @updated_module = override[0] if @override
-    @updated_module_version = override[1] if @override
-    @verbose = verbose
-    @forge = DependencyChecker::ForgeHelper.new
-  end
-
-  def run
-    validate_override if @override
+module DependencyChecker
+  class Runner
+    attr_reader :problems
 
-    message = "_*Starting dependency checks...*_\n\n"
+    def initialize(verbose = false, forge_hostname = nil, forge_token = nil)
+      @forge   = DependencyChecker::ForgeHelper.new({}, forge_hostname, forge_token)
+      @verbose = verbose
+    end
 
-    # If override is enabled
-    message += "Overriding *#{@updated_module}* version with *#{@updated_module_version}*\n\n" if @override
+    def resolve_from_namespace(namespace, endorsement)
+      @modules = @forge.modules_in_namespace(namespace, endorsement)
+    end
 
-    # Post warning if @updated_module is deprecated
-    message += "The module you are comparing against *#{@updated_module}* is *deprecated*.\n\n" if @override && @forge.check_module_deprecated(@updated_module)
+    def resolve_from_path(path)
+      @modules = return_modules(path)
+    end
 
-    # Post message if using default managed_modules
-    if @managed_modules_arg.nil?
-      message += "No local path(s) to metadata.json or file argument specified. Defaulting to Puppet supported modules.\n\n"
-      @managed_modules_arg = 'https://gist.githubusercontent.com/eimlav/6df50eda0b1c57c1ab8c33b64c82c336/raw/managed_modules.yaml'
+    def resolve_from_files(metadata_files)
+      @use_local_files = true
+      @modules         = Array(metadata_files) # should already be an array, but just in case
     end
 
-    @use_local_files = @managed_modules_arg.instance_of?(Array) || @managed_modules_arg.end_with?('.json')
+    def override=(override)
+      return unless override.is_a? Array
 
-    @modules = @use_local_files ? Array(@managed_modules_arg) : return_modules(@managed_modules_arg)
+      @updated_module, @updated_module_version = override
 
-    # Post results of dependency checks
-    message += run_dependency_checks
-    message += 'All modules have valid dependencies.' if run_dependency_checks.empty?
+      raise '*Error:* Pass an override in the form `--override module,version`' unless override.size == 2
+      raise "*Error:* Could not find *#{@updated_module}* on Puppet Forge! Ensure updated_module argument is valid." unless check_module_exists(@updated_module)
+      unless SemanticPuppet::Version.valid?(@updated_module_version)
+        raise "*Error:* Verify semantic versioning syntax *#{@updated_module_version}* of updated_module_version argument."
+      end
 
-    post(message)
-  end
+      puts "Overriding *#{@updated_module}* version with *#{@updated_module_version}*\n\n"
+      puts "The module you are comparing against *#{@updated_module}* is *deprecated*.\n\n" if @forge.check_module_deprecated(@updated_module)
+    end
 
-  # Validate override from runner and return an error if any issues are encountered
-  def validate_override
-    raise "*Error:* Could not find *#{@updated_module}* on Puppet Forge! Ensure updated_module argument is valid." unless check_module_exists(@updated_module)
-    raise "*Error:* Verify semantic versioning syntax *#{@updated_module_version}* of updated_module_version argument." unless SemanticPuppet::Version.valid?(@updated_module_version)
-  end
+    def run
+      puts "_*Starting dependency checks...*_\n\n"
 
-  # Check with forge if a specified module exists
-  # @param module_name [String]
-  # @return [Boolean] boolean based on whether the module exists or not
-  def check_module_exists(module_name)
-    @forge.check_module_exists(module_name)
-  end
+      # Post results of dependency checks
+      message = run_dependency_checks
+      @problems = message.size
+      message = 'All modules have valid dependencies.' if message.empty?
 
-  # Perform dependency checks on modules supplied by @modules
-  def run_dependency_checks
-    # Cross reference dependencies from managed_modules file with @updated_module and @updated_module_version
-    messages = Parallel.map(@modules) do |module_path|
-      module_name = @use_local_files ? get_name_from_metadata(module_path) : module_path
-      mod_message = "Checking *#{module_path}* dependencies.\n"
-      exists_on_forge = true
-
-      # Check module_path is valid
-      unless check_module_exists(module_name)
-        if @use_local_files
-          exists_on_forge = false
-        else
-          mod_message += "\t*Error:* Could not find *#{module_name}* on Puppet Forge! Ensure the module exists.\n\n"
-          next mod_message
-        end
-      end
+      post(message)
+    end
 
-      # Fetch module dependencies
+    # Check with forge if a specified module exists
+    # @param module_name [String]
+    # @return [Boolean] boolean based on whether the module exists or not
+    def check_module_exists(module_name)
+      @forge.check_module_exists(module_name)
+    end
 
-      dependencies = @use_local_files ? get_dependencies_from_metadata(module_path) : get_dependencies(module_name)
+    # Perform dependency checks on modules supplied by @modules
+    def run_dependency_checks
+      # Cross reference dependencies from managed_modules file with @updated_module and @updated_module_version
+      messages = Parallel.map(@modules) do |module_path|
+        module_name = @use_local_files ? get_name_from_metadata(module_path) : module_path
+        mod_message = "Checking *#{module_path}* dependencies.\n"
+        exists_on_forge = true
+
+        # Check module_path is valid
+        unless check_module_exists(module_name)
+          if @use_local_files
+            exists_on_forge = false
+          else
+            mod_message += "\t*Error:* Could not find *#{module_name}* on Puppet Forge! Ensure the module exists.\n\n"
+            next mod_message
+          end
+        end
 
-      # Post warning if module_path is deprecated
-      mod_deprecated = exists_on_forge ? @forge.check_module_deprecated(module_name) : false
-      mod_message += "\t*Warning:* *#{module_name}* is *deprecated*.\n" if mod_deprecated
+        # Fetch module dependencies
 
-      if dependencies.empty?
-        mod_message += "\tNo dependencies listed\n\n"
-        next mod_message if @verbose && !mod_deprecated
-      end
+        dependencies = @use_local_files ? get_dependencies_from_path(module_path) : get_dependencies(module_name)
 
-      # Check each dependency to see if the latest version matchs the current modules' dependency constraints
-      all_match = true
-      dependencies.each do |dependency, constraint, current, satisfied|
-        if satisfied && @verbose
-          mod_message += "\t#{dependency} (#{constraint}) *matches* #{current}\n"
-        elsif !satisfied
-          all_match = false
-          mod_message += "\t#{dependency} (#{constraint}) *doesn't match* #{current}\n"
+        # Post warning if module_path is deprecated
+        mod_deprecated = exists_on_forge ? @forge.check_module_deprecated(module_name) : false
+        mod_message += "\t*Warning:* *#{module_name}* is *deprecated*.\n" if mod_deprecated
+
+        if dependencies.empty?
+          mod_message += "\tNo dependencies listed\n\n"
+          next mod_message if @verbose && !mod_deprecated
         end
 
-        if @forge.check_module_deprecated(dependency)
-          all_match = false
-          mod_message += "\t\t*Warning:* *#{dependency}* is *deprecated*.\n"
+        # Check each dependency to see if the latest version matchs the current modules' dependency constraints
+        all_match = true
+        dependencies.each do |dependency, constraint, current, satisfied|
+          if satisfied && @verbose
+            mod_message += "\t#{dependency} (#{constraint}) *matches* #{current}\n"
+          elsif !satisfied
+            all_match = false
+            mod_message += "\t#{dependency} (#{constraint}) *doesn't match* #{current}\n"
+          end
+
+          if @forge.check_module_deprecated(dependency)
+            all_match = false
+            mod_message += "\t\t*Warning:* *#{dependency}* is *deprecated*.\n"
+          end
+
+          found_deprecation = true if @forge.check_module_deprecated(dependency)
+
+          # Post warning if dependency is deprecated
+          mod_message += "\tThe dependency module *#{dependency}* is *deprecated*.\n" if found_deprecation
         end
 
-        found_deprecation = true if @forge.check_module_deprecated(dependency)
+        mod_message += "\tAll dependencies match\n" if all_match
+        mod_message += "\n"
 
-        # Post warning if dependency is deprecated
-        mod_message += "\tThe dependency module *#{dependency}* is *deprecated*.\n" if found_deprecation
+        # If @verbose is true, always post message
+        # If @verbose is false, only post if all dependencies don't match and/or if a dependency is deprecated
+        all_match && !@verbose ? '' : mod_message
       end
 
-      mod_message += "\tAll dependencies match\n" if all_match
-      mod_message += "\n"
+      message = ''
+      messages.each do |result|
+        message += result
+      end
 
-      # If @verbose is true, always post message
-      # If @verbose is false, only post if all dependencies don't match and/or if a dependency is deprecated
-      (all_match && !@verbose) ? '' : mod_message
+      message
     end
 
-    message = ''
-    messages.each do |result|
-      message += result
+    # Get dependencies of a supplied module name to verify if the depedencies are satisfied
+    # @param module_name [String] name of module
+    # @return [Map] a map of dependencies along with their constraint, current version and whether they satisfy the constraint
+    def get_dependencies(module_name)
+      module_data = @forge.get_module_data(module_name)
+      metadata = module_data.current_release.metadata
+      get_dependencies_from_metadata(metadata)
     end
 
-    message
-  end
-
-  # Get dependencies of a supplied module and use the override values from @updated_module and @updated_module_version
-  # to verify if the depedencies are satisfied
-  # @param module_name [String]
-  # @return [Map] a map of dependencies along with their constraint, current version and whether they satisfy the constraint
-  def get_dependencies(module_name)
-    module_data = @forge.get_module_data(module_name)
-
-    metadata = module_data.current_release.metadata
-    checker = DependencyChecker::MetadataChecker.new(metadata, @forge, @updated_module, @updated_module_version)
-    checker.check_dependencies
-  end
-
-  # Get dependencies of a supplied module from a metadata.json file to verify if the depedencies are satisfied
-  # @param module_name [String]
-  # @return [Map] a map of dependencies along with their constraint, current version and whether they satisfy the constraint
-  def get_dependencies_from_metadata(metadata_path)
-    metadata = JSON.parse(File.read(metadata_path), symbolize_names: true)
-    checker = DependencyChecker::MetadataChecker.new(metadata, @forge, @updated_module, @updated_module_version)
-    checker.check_dependencies
-  end
-
-  # Get dependencies of a supplied module from a metadata.json file to verify if the depedencies are satisfied
-  # @param module_name [String]
-  # @return [Map] a map of dependencies along with their constraint, current version and whether they satisfy the constraint
-  def get_name_from_metadata(metadata_path)
-    metadata = JSON.parse(File.read(metadata_path), symbolize_names: true)
-    metadata[:name]
-  end
+    # Get dependencies of a supplied module from a metadata.json file to verify if the depedencies are satisfied
+    # @param metadata_path [String] path to metadata.json
+    # @return [Map] a map of dependencies along with their constraint, current version and whether they satisfy the constraint
+    def get_dependencies_from_path(metadata_path)
+      metadata = JSON.parse(File.read(metadata_path), symbolize_names: true)
+      get_dependencies_from_metadata(metadata)
+    end
 
-  # Retrieve the array of module names from the supplied filename/URL
-  # @return [Array] an array of module names
-  def return_modules(managed_modules_path)
-    managed_modules = {}
-    managed_modules_yaml = {}
-
-    begin
-      if managed_modules_path =~ URI::DEFAULT_PARSER.make_regexp
-        managed_modules = Net::HTTP.get(URI.parse(managed_modules_path))
-      elsif File.file?(managed_modules_path)
-        managed_modules = File.read(managed_modules_path)
-      else
-        raise 'Error'
-      end
-    rescue StandardError
-      raise "*Error:* Ensure *#{managed_modules_path}* is a valid file path or URL"
+    # Get dependencies of supplied module metadata. Takes module ovveride into account.
+    # @param metadata [Hash] module metadata
+    # @return [Map] a map of dependencies along with their constraint, current version and whether they satisfy the constraint
+    def get_dependencies_from_metadata(metadata)
+      checker = DependencyChecker::MetadataChecker.new(metadata, @forge, @updated_module, @updated_module_version)
+      checker.check_dependencies
     end
 
-    begin
-      managed_modules_yaml = YAML.safe_load(managed_modules)
-    rescue StandardError
-      raise '*Error:* Ensure syntax of managed_modules file is a valid YAML array'
+    # Get dependencies of a supplied module from a metadata.json file to verify if the depedencies are satisfied
+    # @param metadata_path [String] path to metadata.json
+    # @return [Map] a map of dependencies along with their constraint, current version and whether they satisfy the constraint
+    def get_name_from_metadata(metadata_path)
+      metadata = JSON.parse(File.read(metadata_path), symbolize_names: true)
+      metadata[:name]
     end
 
-    managed_modules_yaml
-  end
+    # Retrieve the array of module names from the supplied filename/URL
+    # @return [Array] an array of module names
+    def return_modules(path)
+      begin
+        # We use URI#open because it can handle file or URI paths.
+        # This usage does not expose a security risk
+        contents = URI.open(path).read # rubocop:disable Security/Open
+      rescue Errno::ENOENT, SocketError
+        raise "*Error:* Ensure *#{path}* is a valid file path or URL"
+      end
 
-  # Post message to terminal
-  # @param message [String]
-  def post(message)
-    puts message
-  end
+      begin
+        modules = if path.end_with? '.json'
+                    JSON.parse(contents)
+                  else
+                    YAML.safe_load(contents)
+                  end
+      rescue StandardError
+        raise "*Error:* Ensure syntax of #{path} file is valid YAML or JSON"
+      end
 
-  def self.run_with_args(managed_modules_path, override, verbose)
-    new(managed_modules_path, override, verbose).run
-  end
+      # transform from IAC supported module hash to simple list
+      modules = modules.filter_map { |_key, val| val['puppet_module'] } if modules.is_a? Hash
+
+      modules
+    end
 
-  def self.run(managed_modules_path)
-    new(managed_modules_path, nil, false, nil).run
+    # Post message to terminal
+    # @param message [String]
+    def post(message)
+      puts message
+    end
   end
 end

data/lib/dependency_checker/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module DependencyChecker
+  VERSION = '1.0.0.rc.1'
+end

data/lib/dependency_checker.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Module for checking the dependencies of Puppet Module using data retrieved from the Puppet Forge.
 module DependencyChecker
   autoload :ForgeHelper, 'dependency_checker/forge_helper'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependency_checker
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 1.0.0.rc.1
 platform: ruby
 authors:
 - Ewoud Kohl van Wijngaarden
@@ -9,94 +9,73 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-03-22 00:00:00.000000000 Z
+date: 2023-04-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: puppet_forge
+  name: parallel
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '2.2'
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '2.2'
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: puppet_forge
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.2'
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.2'
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '4.0'
 - !ruby/object:Gem::Dependency
-  name: semantic_puppet
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '13.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
-  name: parallel
+  name: semantic_puppet
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rspec
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rubocop
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
-description: "    Verify all your dependencies allow the latest versions on Puppet
-  Forge. \n    Based on https://github.com/ekohl/metadata_json_deps\n"
+        version: '1.0'
+description: |2
+      Verify all your dependencies allow the latest versions on Puppet Forge.
+      Based on https://github.com/ekohl/metadata_json_deps
 email:
 - info@puppet.com
 executables:
@@ -111,6 +90,7 @@ files:
 - lib/dependency_checker/forge_helper.rb
 - lib/dependency_checker/metadata_checker.rb
 - lib/dependency_checker/runner.rb
+- lib/dependency_checker/version.rb
 homepage: https://github.com/puppetlabs/dependency_checker
 licenses:
 - MIT
@@ -124,15 +104,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.0.0
+      version: 2.7.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.7
+rubygems_version: 3.1.6
 signing_key: 
 specification_version: 4
 summary: Check your Puppet metadata dependencies