radius-project · lakshmimsft · Apr 2, 2024 · Mar 11, 2024 · Mar 12, 2024 · Mar 20, 2024
@@ -22,17 +22,19 @@ import (
 	"github.com/radius-project/radius/pkg/ucp/resources"
 )
 
+var _ SecretsLoader = (*secretsLoader)(nil)
+
 // NewSecretStoreLoader creates a new SecretsLoader instance with the given ARM Client Options.
 func NewSecretStoreLoader(armOptions *arm.ClientOptions) SecretsLoader {
-	return SecretsLoader{ArmClientOptions: armOptions}
+	return &secretsLoader{ArmClientOptions: armOptions}
 }
 
 // SecretsLoader struct provides functionality to get secret information from Application.Core/SecretStore resource.
-type SecretsLoader struct {
+type secretsLoader struct {
 	ArmClientOptions *arm.ClientOptions
 }
 
-func (e *SecretsLoader) LoadSecrets(ctx context.Context, secretStore string) (v20231001preview.SecretStoresClientListSecretsResponse, error) {
+func (e *secretsLoader) LoadSecrets(ctx context.Context, secretStore string) (v20231001preview.SecretStoresClientListSecretsResponse, error) {
 	secretStoreID, err := resources.ParseResource(secretStore)
 	if err != nil {
 		return v20231001preview.SecretStoresClientListSecretsResponse{}, err

@@ -19,6 +19,7 @@ package configloader
 import (
 	"context"
 
+	"github.com/radius-project/radius/pkg/corerp/api/v20231001preview"
 	"github.com/radius-project/radius/pkg/recipes"
 )
 
@@ -28,3 +29,8 @@ type ConfigurationLoader interface {
 	// LoadRecipe fetches the recipe information from the environment.
 	LoadRecipe(ctx context.Context, recipe *recipes.ResourceMetadata) (*recipes.EnvironmentDefinition, error)
 }
+
+//go:generate mockgen -destination=./mock_secret_loader.go -package=configloader -self_package github.com/radius-project/radius/pkg/recipes/configloader github.com/radius-project/radius/pkg/recipes/configloader SecretsLoader
+type SecretsLoader interface {
+	LoadSecrets(ctx context.Context, secretStore string) (v20231001preview.SecretStoresClientListSecretsResponse, error)
+}
@@ -45,7 +45,6 @@ import (
 	"github.com/radius-project/radius/pkg/ucp/ucplog"
 )
 
-//go:generate mockgen -destination=./mock_driver.go -package=driver -self_package github.com/radius-project/radius/pkg/recipes/driver github.com/radius-project/radius/pkg/recipes/driver Driver
 const (
 	deploymentPrefix = "recipe"
 	pollFrequency    = time.Second * 5

@@ -249,6 +249,17 @@ func (d *terraformDriver) GetRecipeMetadata(ctx context.Context, opts BaseOption
 	return recipeData, nil
 }
 
+// FindSecretIDs is used to retrieve the secret reference associated with private terraform module source.
+// As of today, it only supports retrieving secret references associated with private git repositories.
+func (d *terraformDriver) FindSecretIDs(ctx context.Context, envConfig recipes.Configuration, definition recipes.EnvironmentDefinition) (string, error) {
+
+	// We can move the GetSecretStoreID() implementation here when we have containerization.
+	// Today we use this function in config.go to check for secretstore to add prefix to the template path.
+	// GetSecretStoreID is added outside of driver package because it created cyclic dependency between driver and config packages.
+
+	return recipes.GetSecretStoreID(envConfig, definition.TemplatePath)
+}
+
 // getDeployedOutputResources is used to the get the resource IDs by parsing the terraform state for resource information and using it to create UCP qualified IDs.
 // Currently only Azure, AWS and Kubernetes providers are supported by output resources.
 func (d *terraformDriver) getDeployedOutputResources(ctx context.Context, module *tfjson.StateModule) ([]string, error) {

@@ -31,6 +31,8 @@ const (
 )
 
 // Driver is an interface to implement recipe deployment and recipe resources deletion.
+//
+//go:generate mockgen -destination=./mock_driver.go -package=driver -self_package github.com/radius-project/radius/pkg/recipes/driver github.com/radius-project/radius/pkg/recipes/driver Driver
 type Driver interface {
 	// Execute fetches the recipe contents and deploys the recipe and returns deployed resources, secrets and values.
 	Execute(ctx context.Context, opts ExecuteOptions) (*recipes.RecipeOutput, error)
@@ -42,6 +44,18 @@ type Driver interface {
 	GetRecipeMetadata(ctx context.Context, opts BaseOptions) (map[string]any, error)
 }
 
+// DriverWithSecrets is an optional interface and used when the driver needs to load secrets for recipe deployment.
+//
+//go:generate mockgen -destination=./mock_driver_with_secrets.go -package=driver -self_package github.com/radius-project/radius/pkg/recipes/driver github.com/radius-project/radius/pkg/recipes/driver DriverWithSecrets
+type DriverWithSecrets interface {
+	// Driver is an interface to implement recipe deployment and recipe resources deletion.
+	Driver
+
+	// FindSecretIDs gets the secret ID references associated with git private terraform repository source.
+	// In the future it will be extended to get secret references for provider secrets.
+	FindSecretIDs(ctx context.Context, config recipes.Configuration, definition recipes.EnvironmentDefinition) (string, error)
+}
+
 // BaseOptions is the base options for the driver operations.
 type BaseOptions struct {
 	// Configuration is the configuration for the recipe.

@@ -92,19 +92,20 @@ func (e *engine) executeCore(ctx context.Context, recipe recipes.ResourceMetadat
 		return nil, nil, err
 	}
 
-	// Retrieves the secret store id from the recipes configuration for the terraform module source of type git.
-	// secretStoreID returned will be an empty string for other types.
-	secretStore, err := recipes.GetSecretStoreID(*configuration, definition.TemplatePath)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	// Retrieves the secret values from the secret store ID provided.
 	secrets := v20231001preview.SecretStoresClientListSecretsResponse{}
-	if secretStore != "" {
-		secrets, err = e.options.SecretsLoader.LoadSecrets(ctx, secretStore)
+	driverWithSecrets, ok := driver.(recipedriver.DriverWithSecrets)
+	if ok {
+		secretStore, err := driverWithSecrets.FindSecretIDs(ctx, *configuration, *definition)
 		if err != nil {
-			return nil, nil, fmt.Errorf("failed to fetch secrets from the secret store resource id %s for Terraform recipe %s deployment: %w", secretStore, definition.TemplatePath, err)
+			return nil, nil, err
+		}
+
+		// Retrieves the secret values from the secret store ID provided.
+		if secretStore != "" {
+			secrets, err = e.options.SecretsLoader.LoadSecrets(ctx, secretStore)
+			if err != nil {
+				return nil, nil, recipes.NewRecipeError(recipes.LoadSecretsFailed, fmt.Sprintf("failed to fetch secrets from the secret store resource id %s for Terraform recipe %s deployment: %s", secretStore, definition.TemplatePath, err.Error()), util.RecipeSetupError, recipes.GetErrorDetails(err))
+			}
 		}
 	}