Bump Terra-reg to 3.4.2

commit b93a084
Author: semantic-release-bot <[email protected]>
Date:   Sun May 26 12:06:19 2024 +0000

    chore(release): 3.4.2

    ## [3.4.2](https://gitlab.dockstudios.co.uk/pub/terrareg/compare/v3.4.1...v3.4.2) (2024-05-26)

    ### Bug Fixes

    * Ensure user-agent matches expected Terraform or OpenTofu user agents ([83ee182](https://gitlab.dockstudios.co.uk/pub/terrareg/commit/83ee18215c818cf59151b7aabf35803f3bc96b21)), closes [#519](https://gitlab.dockstudios.co.uk/pub/terrareg/issues/519)

commit 7b3cc0a
Merge: 42859a5 7eea51d
Author: Matt <[email protected]>
Date:   Sun May 26 11:06:07 2024 +0000

    Merge branch '519-ignore-terraform-version-from-tfsec-in-analytics' into 'main'

    fix: Ensure user-agent matches expected Terraform or OpenTofu user agents

    Closes #519

    See merge request pub/terrareg!404

commit 7eea51d
Merge: ef177bb 42859a5
Author: Matthew John <[email protected]>
Date:   Fri May 24 07:09:28 2024 +0100

    Merge branch 'main' into 519-ignore-terraform-version-from-tfsec-in-analytics

commit 42859a5
Merge: 329a683 4923e3d
Author: Matt <[email protected]>
Date:   Fri May 24 05:04:27 2024 +0000

    Merge branch '518-terraform-switch-installation-fails' into 'main'

    Resolve "terraform-switch installation fails"

    Closes #518

    See merge request pub/terrareg!398

commit 4923e3d
Author: Matthew John <[email protected]>
Date:   Thu May 23 20:18:07 2024 +0100

    build: Use master branch for tfswitch installer, which contains fix for installing legacy version

    See warrensbox/terraform-switcher#432

    Issue #518

commit 0c993df
Author: Matthew John <[email protected]>
Date:   Thu May 23 20:17:26 2024 +0100

    Revert "fix: Upgrade terraform-switcher to v1.1.1 to fix installation in Dockerfile"

    This reverts commit c044578.

    Issue #518

commit ef177bb
Author: Matthew John <[email protected]>
Date:   Wed May 22 06:24:02 2024 +0100

    chore: Add typing to parameter for get_environment_from_token to mark as being None-able

    Issue #519

commit 83ee182
Author: Matthew John <[email protected]>
Date:   Wed May 22 06:21:22 2024 +0100

    fix: Ensure user-agent matches expected Terraform or OpenTofu user agents

    This stops other applications, such as tfsec, from downloading modules and recording analytics with arbitrary version numbers.
    Update tests to set user agent accordingly and create test to ensure record_module_version_download checks user agent correctly.

    Issue #519

commit c044578
Author: Matthew John <[email protected]>
Date:   Tue May 21 07:40:12 2024 +0100

    fix: Upgrade terraform-switcher to v1.1.1 to fix installation in Dockerfile

    The install script now expects v prefix in name of artifacts, which is not present in older versions.

    Issue #518

CHANGELOG.md

@@ -1,5 +1,12 @@
 # Changelog
 
+## [3.4.2](https://gitlab.dockstudios.co.uk/pub/terrareg/compare/v3.4.1...v3.4.2) (2024-05-26)
+
+
+### Bug Fixes
+
+* Ensure user-agent matches expected Terraform or OpenTofu user agents ([83ee182](https://gitlab.dockstudios.co.uk/pub/terrareg/commit/83ee18215c818cf59151b7aabf35803f3bc96b21)), closes [#519](https://gitlab.dockstudios.co.uk/pub/terrareg/issues/519)
+
 ## [3.4.1](https://gitlab.dockstudios.co.uk/pub/terrareg/compare/v3.4.0...v3.4.1) (2024-04-01)
 
 

Dockerfile

@@ -40,7 +40,7 @@ RUN bash -c 'if [ "$(uname -m)" == "aarch64" ]; \
     rm /tmp/infracost.tar.gz'
 
 # Download tfswitch
-RUN bash -c 'curl -L https://raw.githubusercontent.com/warrensbox/terraform-switcher/release/install.sh | bash /dev/stdin 0.13.1308'
+RUN bash -c 'curl -L https://raw.githubusercontent.com/warrensbox/terraform-switcher/master/install.sh | bash /dev/stdin 0.13.1308'
 
 # Install go
 RUN bash -c 'if [ "$(uname -m)" == "aarch64" ]; \

Dockerfile.tests

@@ -42,7 +42,7 @@ RUN bash -c 'if [ "$(uname -m)" == "aarch64" ]; \
     rm /tmp/infracost.tar.gz'
 
 # Download tfswitch
-RUN bash -c 'curl -L https://raw.githubusercontent.com/warrensbox/terraform-switcher/release/install.sh | bash /dev/stdin 0.13.1308'
+RUN bash -c 'curl -L https://raw.githubusercontent.com/warrensbox/terraform-switcher/master/install.sh | bash /dev/stdin 0.13.1308'
 
 # Install go
 RUN bash -c 'if [ "$(uname -m)" == "aarch64" ]; \

terrareg/analytics.py

@@ -1,7 +1,7 @@
 
 import re
 import datetime
-from typing import Union, List
+from typing import Union, List, Optional
 
 import sqlalchemy
 
@@ -70,7 +70,7 @@ def _join_filter_analytics_table_by_module_provider(db, query, module_provider):
         )
 
     @staticmethod
-    def get_environment_from_token(auth_token):
+    def get_environment_from_token(auth_token: Optional[str]):
         """Check if auth token matches required environment analytics tokens."""
         # If no analytics tokens have been defined, return default environment
         if not AnalyticsEngine.are_tokens_enabled():
@@ -98,18 +98,18 @@ def record_module_version_download(
         module_name: str,
         provider_name: str,
         module_version,
-        analytics_token: str,
-        terraform_version: str,
-        user_agent: str,
-        auth_token: str):
+        analytics_token: Optional[str],
+        terraform_version: Optional[str],
+        user_agent: Optional[str],
+        auth_token: Optional[str]):
         """Store information about module version download in database."""
 
-        # If Terraform version not present from header,
-        # attempt to determine from user agent
-        if not terraform_version:
-            user_agent_match = re.match(r'^Terraform/(\d+\.\d+\.\d+)$', user_agent)
-            if user_agent_match:
-                terraform_version = user_agent_match.group(1)
+        # Use the X-Terraform-Version header, if the user agent matches an allowed
+        # list of user agents.
+        # If the user agent does not match any of the expected prefixes, do not
+        # record the terraform version.
+        if (not user_agent) or (not any([user_agent.startswith(prefix) for prefix in ['Terraform/', 'OpenTofu/']])):
+            terraform_version = None
 
         # Obtain environment from auth token.
         # If auth token is not provided, 

test/integration/terrareg/analytics_engine/__init__.py

@@ -129,4 +129,5 @@ def _import_test_analytics(self, download_data):
                 AnalyticsEngine.record_module_version_download(
                     namespace_name=namespace, module_name=module, provider_name=provider,
                     module_version=module_version, terraform_version=terraform_version,
-                    analytics_token=analytics_token, user_agent=None, auth_token=auth_token)
+                    analytics_token=analytics_token, user_agent="Terraform/{}".format(terraform_version),
+                    auth_token=auth_token)

test/integration/terrareg/analytics_engine/test_check_module_provider_redirect_usage.py

@@ -27,7 +27,7 @@ def _create_analytics(self, namespace, module, provider, version, token, timesta
                 module_version=version,
                 analytics_token=token,
                 terraform_version='1.1.1',
-                user_agent='',
+                user_agent='Terraform/1.1.1',
                 auth_token=None
             )
 

test/integration/terrareg/analytics_engine/test_record_module_version_download.py

@@ -0,0 +1,91 @@
+
+import pytest
+
+import terrareg.models
+from terrareg.analytics import AnalyticsEngine
+from . import AnalyticsIntegrationTest
+
+
+class TestRecordModuleVersionDownload(AnalyticsIntegrationTest):
+    """Test record_module_version_download function."""
+
+    _TEST_ANALYTICS_DATA = {}
+
+    @pytest.mark.parametrize("user_agent, terraform_version", [
+        # No user agent
+        (None, "1.5.3"),
+
+        # No version
+        ("Terraform/1.5.2", None),
+
+        # Invalid user-agent
+        ("Go-http-client/1.1", "1.5.3"),
+    ])
+    def test_ignore_terraform_version(self, user_agent, terraform_version):
+        """Test function with ignoring terraform version headers."""
+        namespace = "testnamespace"
+        module = "publishedmodule"
+        provider = "testprovider"
+        analytics_token = "test-invalid-version-headers"
+
+        namespace_obj = terrareg.models.Namespace.get(namespace)
+        module_obj = terrareg.models.Module(namespace_obj, module)
+        provider_obj = terrareg.models.ModuleProvider.get(module_obj, provider)
+        version_obj = terrareg.models.ModuleVersion.get(provider_obj, "1.4.0")
+
+        # Clean up any analytics
+        AnalyticsEngine.delete_analytics_for_module_version(version_obj)
+
+        AnalyticsEngine.record_module_version_download(
+            namespace_name=namespace, module_name=module, provider_name=provider,
+            module_version=version_obj, terraform_version=terraform_version,
+            analytics_token=analytics_token, user_agent=user_agent,
+            auth_token=None
+        )
+
+        results = AnalyticsEngine.get_module_provider_token_versions(provider_obj)
+        assert results == {
+            'test-invalid-version-headers': {
+                'environment': 'Default',
+                'module_version': '1.4.0',
+                'terraform_version': '0.0.0'
+            }
+        }
+
+    @pytest.mark.parametrize("user_agent, terraform_version", [
+        # Terraform
+        ("Terraform/1.5.0", "1.5.3"),
+
+        # OpenTofu
+        ("OpenTofu/1.5.2", "1.5.3"),
+    ])
+    def test_valid_terraform_version(self, user_agent, terraform_version):
+        """Test function with ignoring terraform version headers."""
+        namespace = "testnamespace"
+        module = "publishedmodule"
+        provider = "testprovider"
+        analytics_token = "test-with-version"
+
+        namespace_obj = terrareg.models.Namespace.get(namespace)
+        module_obj = terrareg.models.Module(namespace_obj, module)
+        provider_obj = terrareg.models.ModuleProvider.get(module_obj, provider)
+        version_obj = terrareg.models.ModuleVersion.get(provider_obj, "1.4.0")
+
+        # Clean up any analytics
+        AnalyticsEngine.delete_analytics_for_module_version(version_obj)
+
+        AnalyticsEngine.record_module_version_download(
+            namespace_name=namespace, module_name=module, provider_name=provider,
+            module_version=version_obj, terraform_version=terraform_version,
+            analytics_token=analytics_token, user_agent=user_agent,
+            auth_token=None
+        )
+
+        results = AnalyticsEngine.get_module_provider_token_versions(provider_obj)
+        assert results == {
+            'test-with-version': {
+                'environment': 'Default',
+                'module_version': '1.4.0',
+                'terraform_version': '1.5.3'
+            }
+        }