If overridden file exists, then process it and find the missing key v…

…alues from base file. (#11137)

* If overridden file exists, then process it and find the missing key values from parent.

* Updated as per review comments, Sorbet fixes.

* lint error fixes

* Lint error fixes

---------

Co-authored-by: “Thavachelvam <“[email protected]”>

terraform/lib/dependabot/terraform/file_parser.rb

@@ -58,6 +58,14 @@ def ecosystem
       def parse_terraform_files(dependency_set)
         terraform_files.each do |file|
           modules = parsed_file(file).fetch("module", {})
+          # If override.tf files are present, we need to merge the modules
+          if override_terraform_files.any?
+            override_terraform_files.each do |override_file|
+              override_modules = parsed_file(override_file).fetch("module", {})
+              modules = merge_modules(override_modules, modules)
+            end
+          end
+
           modules.each do |name, details|
             details = details.first
 

terraform/lib/dependabot/terraform/file_selector.rb

@@ -11,6 +11,9 @@ module FileSelector
       extend T::Sig
       extend T::Helpers
 
+      TF_EXTENSION = ".tf"
+      OVERRIDE_TF_EXTENSION = "override.tf"
+
       abstract!
 
       sig { abstract.returns(T::Array[Dependabot::DependencyFile]) }
@@ -22,7 +25,12 @@ def dependency_files; end
 
       sig { returns(T::Array[Dependabot::DependencyFile]) }
       def terraform_files
-        dependency_files.select { |f| f.name.end_with?(".tf") }
+        dependency_files.select { |f| f.name.end_with?(TF_EXTENSION) && !f.name.end_with?(OVERRIDE_TF_EXTENSION) }
+      end
+
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
+      def override_terraform_files
+        dependency_files.select { |f| f.name.end_with?(OVERRIDE_TF_EXTENSION) }
       end
 
       sig { returns(T::Array[Dependabot::DependencyFile]) }
@@ -34,6 +42,32 @@ def terragrunt_files
       def lockfile
         dependency_files.find { |f| lockfile?(f.name) }
       end
+
+      sig do
+        params(modules: T::Hash[String, T::Array[T::Hash[String, T.untyped]]],
+               base_modules: T::Hash[String,
+                                     T::Array[T::Hash[String,
+                                                      T.untyped]]])
+          .returns(T::Hash[String,
+                           T::Array[T::Hash[String,
+                                            T.untyped]]])
+      end
+      def merge_modules(modules, base_modules)
+        merged_modules = base_modules.dup
+
+        modules.each do |key, value|
+          merged_modules[key] =
+            if merged_modules.key?(key)
+              T.must(merged_modules[key]).map do |base_value|
+                base_value.merge(T.must(value.first))
+              end
+            else
+              value
+            end
+        end
+
+        merged_modules
+      end
     end
   end
 end

terraform/spec/dependabot/terraform/file_parser_spec.rb

@@ -870,6 +870,18 @@
       end
     end
 
+    context "when the overridden module does not include source" do
+      let(:files) { project_dependency_files("child_module_with_no_source") }
+
+      it "has the module with no source" do
+        module_dependency = dependencies.find { |d| d.name == "babbel/cloudfront-bucket/aws" }
+
+        expect(module_dependency).not_to be_nil
+        expect(module_dependency.version).to eq("2.2.0")
+        expect(module_dependency.requirements.first[:source][:module_identifier]).to eq("babbel/cloudfront-bucket/aws")
+      end
+    end
+
     context "with a toplevel provider" do
       let(:files) { project_dependency_files("provider") }
 

terraform/spec/fixtures/projects/child_module_with_no_source/main.tf

@@ -0,0 +1,4 @@
+module "aws" {
+  source  = "babbel/cloudfront-bucket/aws"
+  version = "2.0.0"
+}

terraform/spec/fixtures/projects/child_module_with_no_source/override.tf

@@ -0,0 +1,3 @@
+module "aws" {
+  version = "2.2.0"
+}