Feature Branch for Terraform Lifecycle #11042
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ytimocin
requested a deployment
to
functional-tests
GitHub Actions
Waiting
ytimocin
temporarily deployed
to
publish-bicep
GitHub Actions
Inactive
kachawla
previously approved these changes
Jan 21, 2026
ytimocin
force-pushed
the
features/terraform-bicep-settings
branch
from
968531a to
51932d8
Compare
ytimocin
temporarily deployed
to
functional-tests
GitHub Actions
Inactive
ytimocin
temporarily deployed
to
publish-bicep
GitHub Actions
Inactive
ytimocin
changed the title
Contributor
Author
|
Hey @kachawla ! Thanks for the approval but this is the feature branch and there will be a lot of additions to this branch. This branch will only be merged once all of them are complete. |
Contributor
I see. Thanks for letting me know. Should we move this PR to draft for now then? |
ytimocin
force-pushed
the
features/terraform-bicep-settings
branch
from
51932d8 to
133ec36
Compare
ytimocin
requested a deployment
to
functional-tests
GitHub Actions
Waiting
ytimocin
temporarily deployed
to
publish-bicep
GitHub Actions
Inactive
ytimocin
force-pushed
the
features/terraform-bicep-settings
branch
from
133ec36 to
45c1a6a
Compare
ytimocin
temporarily deployed
to
functional-tests
GitHub Actions
Inactive
ytimocin
temporarily deployed
to
publish-bicep
GitHub Actions
Inactive
Radius functional test overviewClick here to see the test run details
Test Status⌛ Building Radius and pushing container images for functional tests... |
# Description This pull request introduces conversion logic and related tests for the new `BicepSettingsResource` type in the `v20250801preview` API version, enabling seamless translation between versioned API models and internal datamodel representations. Additionally, it updates the `EnvironmentResource` conversion to include `BicepSettings` and `TerraformSettings`, and marks several dependencies as peer dependencies in package lock files. **API resource conversion logic:** * Added `bicepsettings_conversion.go` in `pkg/corerp/api/v20250801preview` to implement bidirectional conversion between `BicepSettingsResource` (versioned API type) and its internal datamodel, including detailed mapping for authentication registry settings. * Updated `environment_conversion.go` to support conversion of `BicepSettings` and `TerraformSettings` properties in `EnvironmentResource`. **Testing:** * Added comprehensive unit tests in `bicepsettings_conversion_test.go` to verify conversion logic for `BicepSettingsResource`, including authentication scenarios and error handling for invalid types. **Dependency management:** * Marked several dependencies as peer dependencies in `package-lock.json` for both `autorest.bicep` and `generator` packages to improve dependency resolution and avoid duplication. [[1]](diffhunk://#diff-075b4bbd5a7ae383d7c25934867346d6019accb02b5c5830c2fe6854ce420203R160) [[2]](diffhunk://#diff-075b4bbd5a7ae383d7c25934867346d6019accb02b5c5830c2fe6854ce420203R1661) [[3]](diffhunk://#diff-075b4bbd5a7ae383d7c25934867346d6019accb02b5c5830c2fe6854ce420203R1696) [[4]](diffhunk://#diff-075b4bbd5a7ae383d7c25934867346d6019accb02b5c5830c2fe6854ce420203R1731) [[5]](diffhunk://#diff-075b4bbd5a7ae383d7c25934867346d6019accb02b5c5830c2fe6854ce420203R1888) [[6]](diffhunk://#diff-075b4bbd5a7ae383d7c25934867346d6019accb02b5c5830c2fe6854ce420203R2205) [[7]](diffhunk://#diff-075b4bbd5a7ae383d7c25934867346d6019accb02b5c5830c2fe6854ce420203R2658) [[8]](diffhunk://#diff-075b4bbd5a7ae383d7c25934867346d6019accb02b5c5830c2fe6854ce420203R3612) [[9]](diffhunk://#diff-075b4bbd5a7ae383d7c25934867346d6019accb02b5c5830c2fe6854ce420203R5345) [[10]](diffhunk://#diff-075b4bbd5a7ae383d7c25934867346d6019accb02b5c5830c2fe6854ce420203R5426) [[11]](diffhunk://#diff-2c80cff24f8409b4ace1d93aae9e72fe0245398a137e056279b4fba9a788b99eR672) [[12]](diffhunk://#diff-2c80cff24f8409b4ace1d93aae9e72fe0245398a137e056279b4fba9a788b99eR741) [[13]](diffhunk://#diff-2c80cff24f8409b4ace1d93aae9e72fe0245398a137e056279b4fba9a788b99eR898) [[14]](diffhunk://#diff-2c80cff24f8409b4ace1d93aae9e72fe0245398a137e056279b4fba9a788b99eR1265) [[15]](diffhunk://#diff-2c80cff24f8409b4ace1d93aae9e72fe0245398a137e056279b4fba9a788b99eR2564) ## Type of change - This pull request adds or changes features of Radius and has an approved issue (issue link required). Fixes: #issue_number ## Contributor checklist Please verify that the PR meets the following requirements, where applicable: <!-- This checklist uses "TaskRadio" comments to make certain options mutually exclusive. See: https://github.com/mheap/require-checklist-action?tab=readme-ov-file#radio-groups For details on how this works and why it's required. --> - An overview of proposed schema changes is included in a linked GitHub issue. - [ ] Yes <!-- TaskRadio schema --> - [x] Not applicable <!-- TaskRadio schema --> - A design document PR is created in the [design-notes repository](https://github.com/radius-project/design-notes/), if new APIs are being introduced. - [ ] Yes <!-- TaskRadio design-pr --> - [x] Not applicable <!-- TaskRadio design-pr --> - The design document has been reviewed and approved by Radius maintainers/approvers. - [ ] Yes <!-- TaskRadio design-review --> - [x] Not applicable <!-- TaskRadio design-review --> - A PR for the [samples repository](https://github.com/radius-project/samples) is created, if existing samples are affected by the changes in this PR. - [ ] Yes <!-- TaskRadio samples-pr --> - [x] Not applicable <!-- TaskRadio samples-pr --> - A PR for the [documentation repository](https://github.com/radius-project/docs) is created, if the changes in this PR affect the documentation or any user facing updates are made. - [ ] Yes <!-- TaskRadio docs-pr --> - [x] Not applicable <!-- TaskRadio docs-pr --> - A PR for the [recipes repository](https://github.com/radius-project/recipes) is created, if existing recipes are affected by the changes in this PR. - [ ] Yes <!-- TaskRadio recipes-pr --> - [x] Not applicable <!-- TaskRadio recipes-pr --> --------- Signed-off-by: ytimocin <ytimocin@microsoft.com>
ytimocin
force-pushed
the
features/terraform-bicep-settings
branch
from
45c1a6a to
f61aa49
Compare
ytimocin
requested a deployment
to
functional-tests
GitHub Actions
Waiting
ytimocin
temporarily deployed
to
publish-bicep
GitHub Actions
Inactive
# Description This pull request introduces a new API and supporting backend for installing, uninstalling, and tracking the status of Terraform binaries in the Universal Control Plane (UCP). It includes new documentation, API endpoints, configuration options, and backend logic for managing Terraform installations, with a focus on supporting mirrored downloads and robust status tracking. The most important changes are: **API and Documentation Enhancements:** * Added a new section to the UCP documentation and created `terraform-installer.md` describing the Terraform Installer API, including endpoints for install, uninstall, and status, as well as usage notes. [[1]](diffhunk://#diff-314cc86e95eed998ca73d6e14e038dd28b57ab90a3e427d5850865329af88325L6-R16) [[2]](diffhunk://#diff-9463bcacbdcc18c9cdff7c3094700cd9756b440dddb69177fc6a04341f0a8867R1-R8) **Installer API Endpoints and Handlers:** * Implemented new HTTP endpoints under `/installer/terraform` for installing, uninstalling, and querying the status of Terraform binaries, with handlers for request validation, queueing, and status response. (`pkg/terraform/installer/routes.go`) * Introduced request/response types, status models, and enums for installer operations, version states, health, and API response formatting. (`pkg/terraform/installer/types.go`) **Installer Backend and Status Management:** * Added a persistent status store for installer metadata, including current/previous versions, per-version status, queue info, and error tracking, with database-backed implementation. (`pkg/terraform/installer/status_store.go`) * Added helper for updating queue information in the installer status (e.g., incrementing pending operations). (`pkg/terraform/installer/queue_status.go`) **Configuration and Constants:** * Added a new configuration option `sourceBaseUrl` in `TerraformOptions` to allow downloading Terraform from a mirror, supporting air-gapped setups. (`pkg/armrpc/hostoptions/providerconfig.go`) * Defined installer queue and status storage constants for consistent resource naming. (`pkg/terraform/installer/constants.go`) **Server Integration:** * Updated API service initialization to support the new handler registration pattern, improving clarity and maintainability. (`pkg/server/apiservice.go`) ## Type of change - This pull request adds or changes features of Radius and has an approved issue (issue link required). Fixes: #issue_number ## Contributor checklist Please verify that the PR meets the following requirements, where applicable: <!-- This checklist uses "TaskRadio" comments to make certain options mutually exclusive. See: https://github.com/mheap/require-checklist-action?tab=readme-ov-file#radio-groups For details on how this works and why it's required. --> - An overview of proposed schema changes is included in a linked GitHub issue. - [ ] Yes <!-- TaskRadio schema --> - [x] Not applicable <!-- TaskRadio schema --> - A design document PR is created in the [design-notes repository](https://github.com/radius-project/design-notes/), if new APIs are being introduced. - [ ] Yes <!-- TaskRadio design-pr --> - [x] Not applicable <!-- TaskRadio design-pr --> - The design document has been reviewed and approved by Radius maintainers/approvers. - [ ] Yes <!-- TaskRadio design-review --> - [x] Not applicable <!-- TaskRadio design-review --> - A PR for the [samples repository](https://github.com/radius-project/samples) is created, if existing samples are affected by the changes in this PR. - [ ] Yes <!-- TaskRadio samples-pr --> - [x] Not applicable <!-- TaskRadio samples-pr --> - A PR for the [documentation repository](https://github.com/radius-project/docs) is created, if the changes in this PR affect the documentation or any user facing updates are made. - [ ] Yes <!-- TaskRadio docs-pr --> - [x] Not applicable <!-- TaskRadio docs-pr --> - A PR for the [recipes repository](https://github.com/radius-project/recipes) is created, if existing recipes are affected by the changes in this PR. - [ ] Yes <!-- TaskRadio recipes-pr --> - [x] Not applicable <!-- TaskRadio recipes-pr --> Signed-off-by: ytimocin <ytimocin@microsoft.com>
ytimocin
requested a deployment
to
functional-tests
GitHub Actions
Waiting
ytimocin
temporarily deployed
to
publish-bicep
GitHub Actions
Inactive
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| } | ||
|
|
||
| targetDir := h.versionDir(job.Version) | ||
| if err := os.MkdirAll(targetDir, 0o755); err != nil { |
Check failure
Code scanning / gosec
Expect directory permissions to be 0750 or less Error
| log.V(1).Info("failed to remove download archive", "path", archivePath, "error", err) | ||
| } | ||
|
|
||
| if err := os.Chmod(binaryPath, 0o755); err != nil { |
Check failure
Code scanning / gosec
Expect file permissions to be 0600 or less Error
| } | ||
|
|
||
| tmp := opts.Dst + ".tmp" | ||
| out, err := os.Create(tmp) |
Check failure
Code scanning / gosec
Potential file inclusion via variable Error
|
|
||
| // isZipArchive checks if a file is a ZIP archive by reading its magic bytes. | ||
| func isZipArchive(path string) (bool, error) { | ||
| f, err := os.Open(path) |
Check failure
Code scanning / gosec
Potential file inclusion via variable Error
| } | ||
|
|
||
| func copyFile(src, dst string) error { | ||
| in, err := os.Open(src) |
Check failure
Code scanning / gosec
Potential file inclusion via variable Error
|
|
||
| func writeFile(r io.Reader, dst string, perm os.FileMode) error { | ||
| tmp := dst + ".tmp" | ||
| out, err := os.Create(tmp) |
Check failure
Code scanning / gosec
Potential file inclusion via variable Error
|
|
||
| func (h *Handler) acquireLock() (*os.File, error) { | ||
| lockPath := filepath.Join(h.rootPath(), ".terraform-installer.lock") | ||
| f, err := os.OpenFile(lockPath, os.O_CREATE|os.O_EXCL|os.O_RDWR, 0o600) |
Check failure
Code scanning / gosec
Potential file inclusion via variable Error
| } | ||
|
|
||
| func (h *Handler) ensureRoot() error { | ||
| return os.MkdirAll(h.rootPath(), 0o755) |
Check failure
Code scanning / gosec
Expect directory permissions to be 0750 or less Error
| } | ||
| // Cleanup temp file on any error; os.Remove will no-op if file was renamed. | ||
| defer func() { | ||
| out.Close() |
Check warning
Code scanning / gosec
Errors unhandled Warning
| // Cleanup temp file on any error; os.Remove will no-op if file was renamed. | ||
| defer func() { | ||
| out.Close() | ||
| os.Remove(tmp) // Safe: will fail silently if file was already renamed |
Check warning
Code scanning / gosec
Errors unhandled Warning
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Feature branch for Radius.Core/terraformSettings, Radius.Core/bicepSettings,
rad terraformcommands, and more:Tasks
Phase 1 - Core Implementation
Radius.Core/terraformSettingsandRadius.Core/bicepSettingswith CRUD operations (Add env terraform/bicep settings schema #11013)MaxOperationConcurrency=1and async handler (feat: Terraform controller for install/uninstall/status #11014)rad terraform install|uninstall|statuswith--waitsemantics (feat: Add rad terraform CLI commands #11049)Radius.Core/environmentscontroller to consume new settings resourcesType of change
Fixes: #10615
Contributor checklist
Please verify that the PR meets the following requirements, where applicable: