feat: add Terraform/OpenTofu registry remote type (#45)

## Summary

- New `terraform` package type implementing the [Terraform Registry Protocol](https://developer.hashicorp.com/terraform/internals/provider-registry-protocol)
- `construct_url` prepends `/v1/providers/` so paths like `hashicorp/vault/versions` map to `registry.terraform.io/v1/providers/hashicorp/vault/versions`
- `resolve_content` rewrites `download_url`, `shasums_url`, and `shasums_signature_url` in per-version download info JSON to route through a companion `releases_remote` (generic remote proxying `releases.hashicorp.com`)
- Built-in mutable pattern for `{namespace}/{type}/versions` — version lists expire and are re-fetched; per-version download info is immutable
- Client configuration via `.terraformrc` / `.tofurc` host block — no changes to `.tf` provider source addresses needed

## Test plan

- [x] 8 unit tests covering mutable detection, URL rewriting, binary pass-through, `construct_url` correctness, and cache miss behaviour
- [x] End-to-end: OpenTofu 1.10.3 pulling `hashicorp/vault v4.5.0` through docker-compose stack — `tofu init` succeeded, provider installed and signed
- [x] Verified `download_url` / `shasums_url` rewritten to `hashicorp-releases` proxy in cached response
- [x] All 339 tests pass

Reviewed-on: #45
Co-authored-by: Ben Vincent <ben@unkin.net>
Co-committed-by: Ben Vincent <ben@unkin.net>
This commit was merged in pull request #45.
This commit is contained in:
2026-06-06 23:51:52 +10:00
committed by benvin
parent 9287cf7cf2
commit 99cc71f56c
8 changed files with 288 additions and 5 deletions
+31
View File
@@ -466,6 +466,37 @@ remotes:
immutable_ttl: 0 # Module tarballs cached indefinitely
mutable_ttl: 600 # Module metadata refreshed after 10 minutes
terraform-registry:
base_url: "https://registry.terraform.io"
package: "terraform"
description: "Terraform/OpenTofu provider registry (Registry Protocol)"
# Provider version lists are mutable by default.
# Point Terraform at this remote via .terraformrc:
# host "registry.terraform.io" {
# services = {
# "providers.v1" = "http://your-proxy/api/v1/remote/terraform-registry/"
# }
# }
# releases_remote must match the name of the hashicorp-releases remote below,
# so download_url / shasums_url in per-version download info are rewritten.
releases_remote: "hashicorp-releases"
immutable_patterns:
- "[^/]+/[^/]+/[^/]+/download/[^/]+/[^/]+$"
cache:
immutable_ttl: 0 # Per-version download info cached indefinitely
mutable_ttl: 300 # Provider versions list refreshed after 5 minutes
hashicorp-releases:
base_url: "https://releases.hashicorp.com"
package: "generic"
description: "HashiCorp releases CDN — provider zips, SHA256SUMS, and signatures"
immutable_patterns:
- ".*\\.zip$"
- ".*SHA256SUMS(\\.sig)?$"
cache:
immutable_ttl: 0 # Release artifacts cached indefinitely
mutable_ttl: 0
virtuals:
helm-all: