Improve missing Terraform config errors#12070
Conversation
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
This PR tightens Terraform module inspection by detecting missing Terraform configuration files up front and improving test coverage for missing/invalid module scenarios.
Changes:
- Added a pre-check for presence of
.tf/.tf.jsonfiles before callingtfconfig.LoadModule. - Introduced a standardized error message for missing module configuration.
- Expanded unit tests to cover missing submodules, missing config, and invalid config cases with optional exact error matching.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| pkg/recipes/terraform/module.go | Adds hasTerraformConfigFiles and returns a clearer “config not found” error before attempting module load. |
| pkg/recipes/terraform/module_test.go | Extends table-driven tests with setup hooks and exact error assertions for new failure modes. |
Signed-off-by: preko-p <[email protected]>
6d225dc to
03c5165
Compare
|
Thanks, addressed both review comments in a follow-up push. What changed:
Verification run locally through the Go 1.26.4 Docker image:
|
Signed-off-by: preko-p <[email protected]>
1b8c09b to
89ad95a
Compare
DariuszPorowski
left a comment
There was a problem hiding this comment.
good, targeted fix! thank you
@willtsai @zachcasper @nicolejms The hardcoded .terraform/modules breaks if TF_DATA_DIR is set (tfexec inherits the pod env). Pre-existing, out of scope here, but flagging as latent tech debt.
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #12070 +/- ##
=======================================
Coverage 52.88% 52.88%
=======================================
Files 751 751
Lines 48353 48387 +34
=======================================
+ Hits 25572 25591 +19
- Misses 20384 20392 +8
- Partials 2397 2404 +7 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
Signed-off-by: preko-p <[email protected]>
|
Pushed a follow-up for the new CodeQL findings and refreshed the branch with current What changed:
Verification run with Go 1.26.4:
Post-push checks have started; DCO and Check Trust are passing, Approval Gate is still pending. |
# Description This pull request updates several GitHub Actions workflow files to add the `allow-unsafe-pr-checkout: true` option to various `actions/checkout` steps. This change ensures that workflows can check out pull request code even when GitHub's default protections would block it, which can be necessary for certain workflows or testing scenarios - PR checkout from forks. Discovered in radius-project#12070 after radius-project#12246 `Error: Refusing to check out fork pull request code from a 'pull_request_target' workflow. This workflow runs with the base repository's GITHUB_TOKEN, secrets, default-branch cache scope, and runner access. Fetching and executing a fork's code in that trusted context commonly leads to "pwn request" vulnerabilities. To opt in, review the risks at https://gh.io/securely-using-pull_request_target and set 'allow-unsafe-pr-checkout: true' on the actions/checkout step.` ## Type of change - This pull request is a minor refactor, code cleanup, test improvement, or other maintenance task and doesn't change the functionality of Radius (issue link optional). ## Contributor checklist Please verify that the PR meets the following requirements, where applicable: - An overview of proposed schema changes is included in a linked GitHub issue. - [ ] Yes - [x] Not applicable - A design document is added or updated under `eng/design-notes/` in this repository, if new APIs are being introduced. - [ ] Yes - [x] Not applicable - The design document has been reviewed and approved by Radius maintainers/approvers. - [ ] Yes - [x] Not applicable - A PR for [resource-types-contrib](https://github.com/radius-project/resource-types-contrib/) is created, if resource types or recipes are affected by the changes in this PR. - [ ] Yes - [x] Not applicable - A PR for [dashboard](https://github.com/radius-project/dashboard/) is created, if the Radius Dashboard is affected by the changes in this PR. - [ ] Yes - [x] Not applicable - A PR for the [documentation repository](https://github.com/radius-project/docs) is created, if the changes in this PR affect the documentation or any user facing updates are made. - [ ] Yes - [x] Not applicable
Radius functional test overviewClick here to see the test run details
Test Status⌛ Building Radius and pushing container images for functional tests... |
|
@preko-p overall looks good, approved. Thank you! We require verified commits, see Without it the PR will be blocked to merge.
|

Description
This improves Terraform recipe inspection so a missing downloaded module directory, missing subdirectory, or module directory without Terraform configuration files returns an actionable error:
The Terraform configuration in location <templatePath> is not found.Malformed Terraform configuration still flows through the existing
tfconfig.LoadModulediagnostics aserror loading the module: ....Type of change
Fixes: #9477
Contributor checklist
Please verify that the PR meets the following requirements, where applicable:
eng/design-notes/in this repository, if new APIs are being introduced.Verification
git diff --checkdocker run --rm golang:1.26.4 go versiondocker run --rm --user "$(id -u):$(id -g)" -v "$PWD":/repo -w /repo golang:1.26.4 gofmt -w pkg/recipes/terraform/module.go pkg/recipes/terraform/module_test.godocker run --rm --user "$(id -u):$(id -g)" -v "$PWD":/repo -w /repo -e HOME=/tmp -e GOCACHE=/tmp/gocache -e GOMODCACHE=/tmp/gomodcache golang:1.26.4 go test ./pkg/recipes/terraform -run Test_InspectTFModuleConfigdocker run --rm --user "$(id -u):$(id -g)" -v "$PWD":/repo -w /repo -e HOME=/tmp -e GOCACHE=/tmp/gocache -e GOMODCACHE=/tmp/gomodcache golang:1.26.4 go test ./pkg/recipes/terraform ./pkg/recipes/driver/terraformAI assistance disclosure
This PR was prepared with AI assistance and reviewed locally before submission.