fix(terraform): update less-than/less-than/equals version constraints
#8983
Conversation
bryan-bar
force-pushed
the
max-version
branch
from
8c3126d
to
1f77f08
Compare
|
Hello @caspermeijn @bdragon @sachin-sandhu, If I could get a reviewer set on this PR or comments on how to move forward with this fix please. It is similar to the versioning issue with cargo in #9828 |
bryan-bar
changed the title
less-than/less-than/equals constraintsless-than/less-than/equals version constraints
|
Thanks @bryan-bar , can you please resolve the conflicts and we can get this merged. Thanks for fixing this. |
terraform/spec/dependabot/terraform/requirements_updater_spec.rb
Outdated
Show resolved
Hide resolved
terraform/spec/dependabot/terraform/requirements_updater_spec.rb
Outdated
Show resolved
Hide resolved
| else | ||
| 0 | ||
| end | ||
| version_to_be_permitted.segments[index] |
There was a problem hiding this comment.
I believe the original implementation of update_greatest_version was correct for "<" requirements, but "<=" requirements need to be handles differently.
This is what I did for cargo:
I think you need to focus on update_range for handling "<" and "<=" differently.
There was a problem hiding this comment.
@caspermeijn
The less-than operator should still be incremented. I updated the PR to handle both < and <=.
The issue with the function is that < also returned an inconsistent version so I chose to update it.
For example, < 0.3.0 with a latest version of 0.3.7 would return as < 0.4.0
Change the initial version to < 0.3.2 with a latest version of 0.3.7 and the returned version changed to < 0.3.8
It seems index_to_update is setting the wrong index to be incremented and then anything after is set to 0 or skipped over.
Another issue is that terraform does not have wild cards and it also did not expand the version when it has less than 3 segments like it does for some of cargos operators.
For less-than/equals, that would mean incrementing the version and then restricting it (example assuming current version <= 1.6, new version 1.6.5 -> <=1.7, !=1.7) or expanding the version as is ( <= 1.6.5). Another option would be to set a really high version <= 1.6.9999 or converting it to less than < 1.7.
There was a problem hiding this comment.
@caspermeijn @abdulapopoola
Also note that Terraform treats non-semantic versions as being expanded out internally. 0.2 == 0.2.0 | 1 == 1.0.0
I added this comment in the code as well.
|
@bryan-bar are you working on this PR? |
bryan-bar
force-pushed
the
max-version
branch
from
18d3ec2
to
5c1b922
Compare
Yes, thanks for the reminder. I just updated the PR. |
bryan-bar
force-pushed
the
max-version
branch
6 times, most recently
from
d9d61d0
to
bb6c535
Compare
… than, '<' constraint
…ndle both less than and less-than/equal operators - 'index_to_update' would sometimes pick the middle or first segement instead of the last segment leading to the wrong version segment being incremented - less-than/equals would always get incremented instead of taking the version as-is - minor or patch version would sometimes get set to 0 once the 'index_to_update' was set
bryan-bar
force-pushed
the
max-version
branch
from
bb6c535
to
556aa41
Compare
Issue:
When using the terraform dependency constraints
less-thanorless-than/equalsto set a max version, only the largest semvar version number is updated. This allows the provider version to be set to a non-existent version.example:
Latest provider version:
0.7.0Provider version suggested changed:
0.6.1->0.7.1fixes #8959
Fix:
Update each version index to tighten the constraints:
less-than/equalsallows provider versions up to the latest version or latest requirementless-thanallows for a provider version up the latest minus 1 against the smallest defined semvar number.