update terraform and naming

Signed-off-by: sk593 <[email protected]>

Author: sk593

.github/build/test.mk

@@ -17,6 +17,8 @@
 ##@ Testing
 
 RESOURCE_TYPE_ROOT ?=$(shell pwd)
+ENVIRONMENT ?= default
+RECIPE_TYPE ?= all
 
 .PHONY: build
 build: ## Build all resource types and recipes
@@ -53,8 +55,8 @@ endif
 	@./.github/scripts/register-recipe.sh "$(RECIPE_PATH)"
 
 .PHONY: register
-register: ## Register all built recipes
-	@./.github/scripts/register-all-recipes.sh "$(RESOURCE_TYPE_ROOT)"
+register: ## Register built recipes (set ENVIRONMENT and/or RECIPE_TYPE to override defaults)
+	@./.github/scripts/register-all-recipes.sh "$(RESOURCE_TYPE_ROOT)" "$(ENVIRONMENT)" "$(RECIPE_TYPE)"
 
 .PHONY: test-recipe
 test-recipe: ## Test a single recipe (assumes already registered, requires RECIPE_PATH parameter)
@@ -64,8 +66,8 @@ endif
 	@./.github/scripts/test-recipe.sh "$(RECIPE_PATH)"
 
 .PHONY: test
-test: ## Run all recipe tests (assumes already registered)
-	@./.github/scripts/test-all-recipes.sh "$(RESOURCE_TYPE_ROOT)"
+test: ## Run recipe tests (assumes already registered)
+	@./.github/scripts/test-all-recipes.sh "$(RESOURCE_TYPE_ROOT)" "$(ENVIRONMENT)" "$(RECIPE_TYPE)"
 
 .PHONY: list-resource-types
 list-resource-types: ## List resource type folders under the specified root

.github/scripts/list-recipe-folders.sh

@@ -31,6 +31,8 @@
 set -euo pipefail
 
 ROOT_DIR="${1:-$(pwd)}"
+FILTER_TYPE="${2:-all}"
+FILTER_TYPE="$(echo "$FILTER_TYPE" | tr '[:upper:]' '[:lower:]')"
 
 if [[ ! -d "$ROOT_DIR" ]]; then
     echo "Error: Root directory '$ROOT_DIR' does not exist" >&2
@@ -40,26 +42,36 @@ fi
 # Convert ROOT_DIR to an absolute path
 ROOT_DIR="$(cd "$ROOT_DIR" && pwd)"
 
-declare -A RECIPE_DIRS=()
+# Validate filter type
+case "$FILTER_TYPE" in
+    all|bicep|terraform)
+        ;;
+    *)
+        echo "Error: Unsupported recipe type filter '$FILTER_TYPE'. Expected 'bicep', 'terraform', or 'all'." >&2
+        exit 1
+        ;;
+esac
 
-find_recipe_dirs() {
-    local -a find_expression=("$@")
+# Use a regular array and sort/uniq instead of associative array for bash 3.x compatibility
+RECIPE_DIRS=()
 
+# Find Bicep recipe directories (directories containing .bicep files under recipes/)
+if [[ "$FILTER_TYPE" == "all" || "$FILTER_TYPE" == "bicep" ]]; then
     while IFS= read -r -d '' matched_path; do
-        local dir
-        dir="$(dirname "$matched_path")"
-        RECIPE_DIRS["$dir"]=1
-    done < <(find "$ROOT_DIR" "${find_expression[@]}" -print0 2>/dev/null)
-}
-
-# Collect Bicep recipe directories (directories containing .bicep files under recipes/)
-find_recipe_dirs -type f -path "*/recipes/*/*.bicep"
+        RECIPE_DIRS+=("$(dirname "$matched_path")")
+    done < <(find "$ROOT_DIR" -type f -path "*/recipes/*/*.bicep" -print0 2>/dev/null)
+fi
 
-# Collect Terraform recipe directories (directories containing main.tf under recipes/terraform)
-find_recipe_dirs -type f -path "*/recipes/*/terraform/main.tf"
+# Find Terraform recipe directories (directories containing main.tf under recipes/terraform)
+if [[ "$FILTER_TYPE" == "all" || "$FILTER_TYPE" == "terraform" ]]; then
+    while IFS= read -r -d '' matched_path; do
+        RECIPE_DIRS+=("$(dirname "$matched_path")")
+    done < <(find "$ROOT_DIR" -type f -path "*/recipes/*/terraform/main.tf" -print0 2>/dev/null)
+fi
 
 if [[ ${#RECIPE_DIRS[@]} -eq 0 ]]; then
     exit 0
 fi
 
-printf '%s\n' "${!RECIPE_DIRS[@]}" | sort
+# Remove duplicates and sort
+printf '%s\n' "${RECIPE_DIRS[@]}" | sort -u

.github/scripts/register-all-recipes.sh

@@ -20,27 +20,40 @@
 # Register all Radius recipes in the repository by calling register-recipe.sh
 # for each discovered recipe directory. This should be run after building all
 # recipes but before testing them.
+#
+# Usage: ./register-all-recipes.sh [repo-root] [environment] [recipe-type]
+# Example: ./register-all-recipes.sh . bicep-test bicep
+# Example: ./register-all-recipes.sh . terraform-test terraform
 # =============================================================================
 
 set -euo pipefail
 
 REPO_ROOT="${1:-$(pwd)}"
+ENVIRONMENT="${2:-default}"
+RECIPE_TYPE="${3:-all}"
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 
-echo "==> Finding all recipes in $REPO_ROOT"
+echo "==> Finding $RECIPE_TYPE recipes in $REPO_ROOT for environment $ENVIRONMENT"
 
 # Use while read loop for better compatibility (mapfile requires bash 4+)
 RECIPE_DIRS=()
 while IFS= read -r line; do
-    RECIPE_DIRS+=("$line")
-done < <("$SCRIPT_DIR"/list-recipe-folders.sh "$REPO_ROOT")
+    # Filter by recipe type if specified
+    if [[ "$RECIPE_TYPE" == "all" ]]; then
+        RECIPE_DIRS+=("$line")
+    elif [[ "$RECIPE_TYPE" == "bicep" ]] && [[ "$line" == *"/bicep" ]] && ls "$line"/*.bicep &>/dev/null; then
+        RECIPE_DIRS+=("$line")
+    elif [[ "$RECIPE_TYPE" == "terraform" ]] && [[ "$line" == *"/terraform" ]] && [[ -f "$line/main.tf" ]]; then
+        RECIPE_DIRS+=("$line")
+    fi
+done < <("$SCRIPT_DIR"/list-recipe-folders.sh "$REPO_ROOT" "$RECIPE_TYPE")
 
 if [[ ${#RECIPE_DIRS[@]} -eq 0 ]]; then
-    echo "==> No recipes found"
+    echo "==> No $RECIPE_TYPE recipes found"
     exit 0
 fi
 
-echo "==> Found ${#RECIPE_DIRS[@]} recipe(s) to register"
+echo "==> Found ${#RECIPE_DIRS[@]} $RECIPE_TYPE recipe(s) to register"
 
 FAILED_RECIPES=()
 PASSED_RECIPES=()
@@ -54,7 +67,7 @@ for recipe_dir in "${RECIPE_DIRS[@]}"; do
     echo "Registering: $RELATIVE_PATH"
     echo "================================================"
 
-    if ./.github/scripts/register-recipe.sh "$recipe_dir"; then
+    if ./.github/scripts/register-recipe.sh "$recipe_dir" "$ENVIRONMENT"; then
         PASSED_RECIPES+=("$RELATIVE_PATH")
     else
         FAILED_RECIPES+=("$RELATIVE_PATH")
@@ -86,4 +99,4 @@ echo ""
 echo "================================================"
 echo "Currently Registered Recipes"  
 echo "================================================"
-rad recipe list --environment default || echo "Warning: Could not list registered recipes"
+rad recipe list --environment "$ENVIRONMENT" || echo "Warning: Could not list registered recipes"

.github/scripts/test-all-recipes.sh

@@ -19,23 +19,39 @@
 # =============================================================================
 # Find and test all Radius recipes in the repository by calling test-recipe.sh
 # for each discovered recipe directory.
+#
+# Usage: ./test-all-recipes.sh [repo-root] [environment] [recipe-type]
+# Example: ./test-all-recipes.sh . bicep-env bicep
 # =============================================================================
 
 set -euo pipefail
 
 REPO_ROOT="${1:-$(pwd)}"
+ENVIRONMENT="${2:-default}"
+RECIPE_TYPE="${3:-all}"
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 
 echo "==> Finding all recipes in $REPO_ROOT"
 
-mapfile -t RECIPE_DIRS < <("$SCRIPT_DIR"/list-recipe-folders.sh "$REPO_ROOT")
+# Use while read loop for better compatibility (mapfile requires bash 4+)
+RECIPE_DIRS=()
+while IFS= read -r line; do
+    # Filter by recipe type if specified
+    if [[ "$RECIPE_TYPE" == "all" ]]; then
+        RECIPE_DIRS+=("$line")
+    elif [[ "$RECIPE_TYPE" == "bicep" ]] && [[ "$line" == *"/bicep" ]] && ls "$line"/*.bicep &>/dev/null; then
+        RECIPE_DIRS+=("$line")
+    elif [[ "$RECIPE_TYPE" == "terraform" ]] && [[ "$line" == *"/terraform" ]] && [[ -f "$line/main.tf" ]]; then
+        RECIPE_DIRS+=("$line")
+    fi
+done < <("$SCRIPT_DIR"/list-recipe-folders.sh "$REPO_ROOT" "$RECIPE_TYPE")
 
 if [[ ${#RECIPE_DIRS[@]} -eq 0 ]]; then
-    echo "==> No recipes found"
+    echo "==> No $RECIPE_TYPE recipes found"
     exit 0
 fi
 
-echo "==> Found ${#RECIPE_DIRS[@]} recipe(s) to test"
+echo "==> Found ${#RECIPE_DIRS[@]} $RECIPE_TYPE recipe(s) to test"
 
 FAILED_RECIPES=()
 PASSED_RECIPES=()
@@ -49,7 +65,7 @@ for recipe_dir in "${RECIPE_DIRS[@]}"; do
     echo "Testing: $RELATIVE_PATH"
     echo "================================================"
 
-    if ./.github/scripts/test-recipe.sh "$recipe_dir"; then
+    if ./.github/scripts/test-recipe.sh "$recipe_dir" "$ENVIRONMENT"; then
         PASSED_RECIPES+=("$RELATIVE_PATH")
     else
         FAILED_RECIPES+=("$RELATIVE_PATH")

.github/workflows/validate-resource-types.yaml

@@ -17,7 +17,13 @@ jobs:
   validate-resource-types:
     runs-on: ubuntu-latest
     name: Validate Resource Types and Recipes
-    
+    strategy:
+      fail-fast: false
+      matrix:
+        recipe: [bicep, terraform]
+    env:
+      RAD_ENVIRONMENT_NAME: default
+
     steps:
       - name: Checkout code
         uses: actions/checkout@v5
@@ -37,7 +43,7 @@ jobs:
         run: make create-radius-cluster
       - name: Build
         run: make build
-      - name: Register
-        run: make register
-      - name: Test
-        run: make test
+      - name: Register ${{ matrix.recipe }} recipes
+        run: make register ENVIRONMENT=$RAD_ENVIRONMENT_NAME RECIPE_TYPE=${{ matrix.recipe }}
+      - name: Test ${{ matrix.recipe }} recipes
+        run: make test ENVIRONMENT=$RAD_ENVIRONMENT_NAME RECIPE_TYPE=${{ matrix.recipe }}

Compute/containers/recipes/kubernetes/terraform/main.tf

@@ -23,13 +23,8 @@ locals {
   volumes             = try(local.resource_properties.volumes, {})
   restart_policy      = try(local.resource_properties.restartPolicy, null)
 
-  # Connections - Extract secret connections from Radius.Security/secrets resources
+  # Connections - used for linked resources like persistent volumes
   connections = try(var.context.resource.connections, {})
-  secret_connections = {
-    for name, conn in local.connections : name => conn
-    if try(conn.status.computedValues.secretName, null) != null
-  }
-  secret_names = [for name, conn in local.secret_connections : conn.status.computedValues.secretName]
 
   # Replica count - use from properties or default to 1
   replica_count = try(local.resource_properties.replicas, 1)
@@ -94,10 +89,17 @@ locals {
 
       # Volume mounts
       volume_mounts = [
-        for vm in try(config.volumeMounts, []) : {
-          name       = vm.volumeName
-          mount_path = vm.mountPath
-        }
+        for vm in try(config.volumeMounts, []) : merge(
+          {
+            name       = vm.volumeName
+            mount_path = vm.mountPath
+          },
+          try(vm.subPath, null) != null ? { sub_path = vm.subPath } : {},
+          try(vm.readOnly, null) != null ? { read_only = vm.readOnly } : {},
+          try(vm.readOnly, null) == null && try(local.volumes[vm.volumeName].persistentVolume.accessMode, "") != "" && lower(local.volumes[vm.volumeName].persistentVolume.accessMode) == "readonlymany" ? {
+            read_only = true
+          } : {}
+        )
       ]
 
       # Resources - Transform memoryInMib to memory format
@@ -150,10 +152,17 @@ locals {
 
       # Volume mounts
       volume_mounts = [
-        for vm in try(config.volumeMounts, []) : {
-          name       = vm.volumeName
-          mount_path = vm.mountPath
-        }
+        for vm in try(config.volumeMounts, []) : merge(
+          {
+            name       = vm.volumeName
+            mount_path = vm.mountPath
+          },
+          try(vm.subPath, null) != null ? { sub_path = vm.subPath } : {},
+          try(vm.readOnly, null) != null ? { read_only = vm.readOnly } : {},
+          try(vm.readOnly, null) == null && try(local.volumes[vm.volumeName].persistentVolume.accessMode, "") != "" && lower(local.volumes[vm.volumeName].persistentVolume.accessMode) == "readonlymany" ? {
+            read_only = true
+          } : {}
+        )
       ]
 
       # Resources - Transform memoryInMib to memory format
@@ -180,9 +189,15 @@ locals {
       name = vol_name
 
       # Persistent Volume Claim
-      persistent_volume_claim = try(vol_config.persistentVolume, null) != null ? {
-        claim_name = vol_config.persistentVolume.claimName
-      } : null
+      persistent_volume_claim = try(vol_config.persistentVolume, null) != null ? (
+        try(vol_config.persistentVolume.claimName, "") != "" ? {
+          claim_name = vol_config.persistentVolume.claimName
+          } : (
+          try(local.connections[vol_name].status.computedValues.claimName, "") != "" ? {
+            claim_name = local.connections[vol_name].status.computedValues.claimName
+          } : null
+        )
+      ) : null
 
       # Secret
       secret = try(vol_config.secret, null) != null ? {
@@ -326,22 +341,14 @@ resource "kubernetes_deployment" "deployment" {
               }
             }
 
-            # Environment variables from connected secrets (Radius.Security/secrets)
-            dynamic "env_from" {
-              for_each = local.secret_names
-              content {
-                secret_ref {
-                  name = env_from.value
-                }
-              }
-            }
-
             # Volume mounts
             dynamic "volume_mount" {
               for_each = init_container.value.volume_mounts
               content {
                 name       = volume_mount.value.name
                 mount_path = volume_mount.value.mount_path
+                sub_path   = try(volume_mount.value.sub_path, null)
+                read_only  = try(volume_mount.value.read_only, null)
               }
             }
 
@@ -407,22 +414,14 @@ resource "kubernetes_deployment" "deployment" {
               }
             }
 
-            # Environment variables from connected secrets (Radius.Security/secrets)
-            dynamic "env_from" {
-              for_each = local.secret_names
-              content {
-                secret_ref {
-                  name = env_from.value
-                }
-              }
-            }
-
             # Volume mounts
             dynamic "volume_mount" {
               for_each = container.value.volume_mounts
               content {
                 name       = volume_mount.value.name
                 mount_path = volume_mount.value.mount_path
+                sub_path   = try(volume_mount.value.sub_path, null)
+                read_only  = try(volume_mount.value.read_only, null)
               }
             }
 

Compute/containers/test/app.bicep

@@ -1,6 +1,6 @@
 extension radius
 extension containers
-extension volumes
+extension persistentVolumes
 
 param environment string