Creating an optional interface to get secret id references for driver…

… with secrets. (radius-project#7306)

# Description

Refactoring module secret workflow.
- Adding FindSecretIds function to get module secret references for
driver with secrets.

## Type of change

- Creating an optional interface to get secret id references for driver
with secrets.
<!--

Please select **one** of the following options that describes your
change and delete the others. Clearly identifying the type of change you
are making will help us review your PR faster, and is used in authoring
release notes.

If you are making a bug fix or functionality change to Radius and do not
have an associated issue link please create one now.

-->
- This pull request is a minor refactor, code cleanup, test improvement,
or other maintenance task and doesn't change the functionality of Radius
(issue link optional).

<!--

Please update the following to link the associated issue. This is
required for some kinds of changes (see above).

-->

Fixes: #issue_number

---------

Signed-off-by: Vishwanath Hiremath <[email protected]>
Signed-off-by: Karishma Chawla <[email protected]>
Co-authored-by: Karishma Chawla <[email protected]>

pkg/recipes/configloader/secrets.go

@@ -22,17 +22,19 @@ import (
 	"github.com/radius-project/radius/pkg/ucp/resources"
 )
 
+var _ SecretsLoader = (*secretsLoader)(nil)
+
 // NewSecretStoreLoader creates a new SecretsLoader instance with the given ARM Client Options.
 func NewSecretStoreLoader(armOptions *arm.ClientOptions) SecretsLoader {
-	return SecretsLoader{ArmClientOptions: armOptions}
+	return &secretsLoader{ArmClientOptions: armOptions}
 }
 
 // SecretsLoader struct provides functionality to get secret information from Application.Core/SecretStore resource.
-type SecretsLoader struct {
+type secretsLoader struct {
 	ArmClientOptions *arm.ClientOptions
 }
 
-func (e *SecretsLoader) LoadSecrets(ctx context.Context, secretStore string) (v20231001preview.SecretStoresClientListSecretsResponse, error) {
+func (e *secretsLoader) LoadSecrets(ctx context.Context, secretStore string) (v20231001preview.SecretStoresClientListSecretsResponse, error) {
 	secretStoreID, err := resources.ParseResource(secretStore)
 	if err != nil {
 		return v20231001preview.SecretStoresClientListSecretsResponse{}, err

pkg/recipes/configloader/types.go

@@ -19,6 +19,7 @@ package configloader
 import (
 	"context"
 
+	"github.com/radius-project/radius/pkg/corerp/api/v20231001preview"
 	"github.com/radius-project/radius/pkg/recipes"
 )
 
@@ -28,3 +29,8 @@ type ConfigurationLoader interface {
 	// LoadRecipe fetches the recipe information from the environment.
 	LoadRecipe(ctx context.Context, recipe *recipes.ResourceMetadata) (*recipes.EnvironmentDefinition, error)
 }
+
+//go:generate mockgen -destination=./mock_secret_loader.go -package=configloader -self_package github.com/radius-project/radius/pkg/recipes/configloader github.com/radius-project/radius/pkg/recipes/configloader SecretsLoader
+type SecretsLoader interface {
+	LoadSecrets(ctx context.Context, secretStore string) (v20231001preview.SecretStoresClientListSecretsResponse, error)
+}

pkg/recipes/driver/bicep.go

@@ -45,7 +45,6 @@ import (
 	"github.com/radius-project/radius/pkg/ucp/ucplog"
 )
 
-//go:generate mockgen -destination=./mock_driver.go -package=driver -self_package github.com/radius-project/radius/pkg/recipes/driver github.com/radius-project/radius/pkg/recipes/driver Driver
 const (
 	deploymentPrefix = "recipe"
 	pollFrequency    = time.Second * 5

pkg/recipes/driver/terraform.go

@@ -249,6 +249,17 @@ func (d *terraformDriver) GetRecipeMetadata(ctx context.Context, opts BaseOption
 	return recipeData, nil
 }
 
+// FindSecretIDs is used to retrieve the secret reference associated with private terraform module source.
+// As of today, it only supports retrieving secret references associated with private git repositories.
+func (d *terraformDriver) FindSecretIDs(ctx context.Context, envConfig recipes.Configuration, definition recipes.EnvironmentDefinition) (string, error) {
+
+	// We can move the GetSecretStoreID() implementation here when we have containerization.
+	// Today we use this function in config.go to check for secretstore to add prefix to the template path.
+	// GetSecretStoreID is added outside of driver package because it created cyclic dependency between driver and config packages.
+
+	return recipes.GetSecretStoreID(envConfig, definition.TemplatePath)
+}
+
 // getDeployedOutputResources is used to the get the resource IDs by parsing the terraform state for resource information and using it to create UCP qualified IDs.
 // Currently only Azure, AWS and Kubernetes providers are supported by output resources.
 func (d *terraformDriver) getDeployedOutputResources(ctx context.Context, module *tfjson.StateModule) ([]string, error) {

pkg/recipes/driver/types.go

@@ -31,6 +31,8 @@ const (
 )
 
 // Driver is an interface to implement recipe deployment and recipe resources deletion.
+//
+//go:generate mockgen -destination=./mock_driver.go -package=driver -self_package github.com/radius-project/radius/pkg/recipes/driver github.com/radius-project/radius/pkg/recipes/driver Driver
 type Driver interface {
 	// Execute fetches the recipe contents and deploys the recipe and returns deployed resources, secrets and values.
 	Execute(ctx context.Context, opts ExecuteOptions) (*recipes.RecipeOutput, error)
@@ -42,6 +44,18 @@ type Driver interface {
 	GetRecipeMetadata(ctx context.Context, opts BaseOptions) (map[string]any, error)
 }
 
+// DriverWithSecrets is an optional interface and used when the driver needs to load secrets for recipe deployment.
+//
+//go:generate mockgen -destination=./mock_driver_with_secrets.go -package=driver -self_package github.com/radius-project/radius/pkg/recipes/driver github.com/radius-project/radius/pkg/recipes/driver DriverWithSecrets
+type DriverWithSecrets interface {
+	// Driver is an interface to implement recipe deployment and recipe resources deletion.
+	Driver
+
+	// FindSecretIDs gets the secret store resource ID references associated with git private terraform repository source.
+	// In the future it will be extended to get secret references for provider secrets.
+	FindSecretIDs(ctx context.Context, config recipes.Configuration, definition recipes.EnvironmentDefinition) (string, error)
+}
+
 // BaseOptions is the base options for the driver operations.
 type BaseOptions struct {
 	// Configuration is the configuration for the recipe.

pkg/recipes/engine/engine.go

@@ -92,19 +92,20 @@ func (e *engine) executeCore(ctx context.Context, recipe recipes.ResourceMetadat
 		return nil, nil, err
 	}
 
-	// Retrieves the secret store id from the recipes configuration for the terraform module source of type git.
-	// secretStoreID returned will be an empty string for other types.
-	secretStore, err := recipes.GetSecretStoreID(*configuration, definition.TemplatePath)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	// Retrieves the secret values from the secret store ID provided.
 	secrets := v20231001preview.SecretStoresClientListSecretsResponse{}
-	if secretStore != "" {
-		secrets, err = e.options.SecretsLoader.LoadSecrets(ctx, secretStore)
+	driverWithSecrets, ok := driver.(recipedriver.DriverWithSecrets)
+	if ok {
+		secretStore, err := driverWithSecrets.FindSecretIDs(ctx, *configuration, *definition)
 		if err != nil {
-			return nil, nil, fmt.Errorf("failed to fetch secrets from the secret store resource id %s for Terraform recipe %s deployment: %w", secretStore, definition.TemplatePath, err)
+			return nil, nil, err
+		}
+
+		// Retrieves the secret values from the secret store ID provided.
+		if secretStore != "" {
+			secrets, err = e.options.SecretsLoader.LoadSecrets(ctx, secretStore)
+			if err != nil {
+				return nil, nil, recipes.NewRecipeError(recipes.LoadSecretsFailed, fmt.Sprintf("failed to fetch secrets from the secret store resource id %s for Terraform recipe %s deployment: %s", secretStore, definition.TemplatePath, err.Error()), util.RecipeSetupError, recipes.GetErrorDetails(err))
+			}
 		}
 	}