Add env terraform/bicep settings schema

[ytimocin]

Description

• Add Radius.Core terraformSettings/bicepSettings TypeSpec resources, wire new env properties, and generate the preview SDK/OpenAPI/types.
• TerraformSettings matches the terraformrc/backend/env/logging shape in the design doc.
• BicepSettings now supports per-registry auth blocks for Basic (username/password secret), Azure Workload Identity (clientId/tenantId/secret), and AWS IRSA (roleArn/secret), with matching Go datamodels. (Codegen for the new Bicep auth shape still needs to be rerun.)

Examples:

resource corpTerraformSettings 'Radius.Core/terraformSettings@2025-08-01-preview' = {
  name: 'corpTerraformSettings'
  properties: {
    terraformrc: {
      provider_installation: {
        network_mirror: {
          url: 'https://mirror.corp.example.com/terraform/providers'
          include: ['*']
          exclude: ['hashicorp/azurerm']
        }
        direct: {
          exclude: ['hashicorp/azurerm']
        }
      }
      credentials: {
        'app.terraform.io': {
          secret: '/planes/radius/local/providers/Radius.Security/secrets/tfc-token'
        }
      }
    }
    backend: {
      type: 'kubernetes'
      config: {
        secret_suffix: 'prod-terraform-state'
        namespace: 'radius-system'
      }
    }
    env: {
      TF_LOG: 'TRACE'
      TF_REGISTRY_CLIENT_TIMEOUT: '15'
    }
    logging: {
      level: 'TRACE'
    }
  }
}

resource corpBicepSettings 'Radius.Core/bicepSettings@2025-08-01-preview' = {
  name: 'corpBicepSettings'
  properties: {
    authentication: {
      registries: {
        'bicep.azurecr.io': {
          basic: {
            username: 'bicep-user'
            secret: '/planes/radius/local/providers/Radius.Security/secrets/azurecr-creds'
          }
        }
        'modules.aws.corp.example.com': {
          awsIrsa: {
            roleArn: 'arn:aws:iam::123456789012:role/RadiusBicepModules'
            secret: '/planes/radius/local/providers/Radius.Security/secrets/aws-irsa-token'
          }
        }
        'internal.corp.example.com': {
          azureWorkloadIdentity: {
            clientId: '00000000-0000-0000-0000-000000000123'
            tenantId: '11111111-1111-1111-1111-111111111111'
            secret: '/planes/radius/local/providers/Radius.Security/secrets/internal-wi-token'
          }
        }
      }
    }
  }
}

Type of change

• This pull request adds or changes features of Radius and has an approved issue (issue link required).

Fixes: #issue_number

Contributor checklist

Please verify that the PR meets the following requirements, where applicable:

• An overview of proposed schema changes is included in a linked GitHub issue.
  • Yes
  • Not applicable
• A design document PR is created in the design-notes repository, if new APIs are being introduced.
  • Yes
  • Not applicable
• The design document has been reviewed and approved by Radius maintainers/approvers.
  • Yes
  • Not applicable
• A PR for the samples repository is created, if existing samples are affected by the changes in this PR.
  • Yes
  • Not applicable
• A PR for the documentation repository is created, if the changes in this PR affect the documentation or any user facing updates are made.
  • Yes
  • Not applicable
• A PR for the recipes repository is created, if existing recipes are affected by the changes in this PR.
  • Yes
  • Not applicable

[kachawla]

@ytimocin could you share a link to the design doc for this, if we have one? If not, then github issue link where expected user experience is defined would be great!

[ytimocin]

@ytimocin could you share a link to the design doc for this, if we have one? If not, then github issue link where expected user experience is defined would be great!

radius-project/design-notes#117

[codecov]

Codecov Report

❌ Patch coverage is 66.66667% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 50.40%. Comparing base (f8770e9) to head (adf547e).

Files with missing lines	Patch %	Lines
...corerp/datamodel/bicepsettings_v20250801preview.go	0.00%	2 Missing ⚠️
...rp/datamodel/terraformsettings_v20250801preview.go	0.00%	2 Missing ⚠️

Additional details and impacted files

@@                          Coverage Diff                          @@
##           features/terraform-bicep-settings   #10832      +/-   ##
=====================================================================
- Coverage                              50.40%   50.40%   -0.01%     
=====================================================================
  Files                                    664      666       +2     
  Lines                                  41277    41289      +12     
=====================================================================
+ Hits                                   20807    20813       +6     
- Misses                                 18497    18502       +5     
- Partials                                1973     1974       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[radius-functional-tests]

Radius functional test overview

🔍 Go to test action run

Click here to see the test run details

Name	Value
Repository	ytimocin/radius
Commit ref	adf547e
Unique ID	func084425fed0
Image tag	pr-func084425fed0

• gotestsum 1.13.0
• KinD: v0.29.0
• Dapr:
• Azure KeyVault CSI driver: 1.4.2
• Azure Workload identity webhook: 1.3.0
• Bicep recipe location ghcr.io/radius-project/dev/test/testrecipes/test-bicep-recipes/<name>:pr-func084425fed0
• Terraform recipe location http://tf-module-server.radius-test-tf-module-server.svc.cluster.local/<name>.zip (in cluster)
• applications-rp test image location: ghcr.io/radius-project/dev/applications-rp:pr-func084425fed0
• dynamic-rp test image location: ghcr.io/radius-project/dev/dynamic-rp:pr-func084425fed0
• controller test image location: ghcr.io/radius-project/dev/controller:pr-func084425fed0
• ucp test image location: ghcr.io/radius-project/dev/ucpd:pr-func084425fed0
• deployment-engine test image location: ghcr.io/radius-project/deployment-engine:latest

Test Status

⌛ Building Radius and pushing container images for functional tests...
✅ Container images build succeeded
⌛ Publishing Bicep Recipes for functional tests...
✅ Recipe publishing succeeded
⌛ Starting ucp-cloud functional tests...
⌛ Starting corerp-cloud functional tests...
✅ ucp-cloud functional tests succeeded
✅ corerp-cloud functional tests succeeded