Fix Azure provider scope construction for v20250801preview API

[Copilot]

Description

setupCloudProviders() in the deploy runner constructed the Azure scope incorrectly for v20250801preview, producing /planes/azure/azure/Subscriptions/{id}/ResourceGroups/{rg} instead of /subscriptions/{id}/resourceGroups/{rg}.

Three bugs in one line:

• Spurious /planes/azure/azure/ prefix
• Subscriptions instead of subscriptions
• ResourceGroups instead of resourceGroups

Downstream resources.Parse() + FindScope("subscriptions") failed to match, causing "Subscription is required for azure scope" errors on every deploy with this API version.

// Before
Scope: "/planes/azure/azure/" + "Subscriptions/" + *props.Providers.Azure.SubscriptionID + "/ResourceGroups/" + *props.Providers.Azure.ResourceGroupName,

// After (with optional ResourceGroupName handling)
scope := "/subscriptions/" + *props.Providers.Azure.SubscriptionID
if props.Providers.Azure.ResourceGroupName != nil && *props.Providers.Azure.ResourceGroupName != "" {
    scope += "/resourceGroups/" + *props.Providers.Azure.ResourceGroupName
}

Additionally, ResourceGroupName is optional in v20250801preview (*string). The scope is now built conditionally: subscription-only scope (/subscriptions/{id}) is produced when ResourceGroupName is nil or empty, preventing a nil pointer dereference.

Test expectations updated to match, and a new test case added for the subscription-only scope scenario.

Type of change

• This pull request fixes a bug in Radius and has an approved issue (issue link required).

Contributor checklist

Please verify that the PR meets the following requirements, where applicable:

• An overview of proposed schema changes is included in a linked GitHub issue.
  • Yes
  • Not applicable
• A design document PR is created in the design-notes repository, if new APIs are being introduced.
  • Yes
  • Not applicable
• The design document has been reviewed and approved by Radius maintainers/approvers.
  • Yes
  • Not applicable
• A PR for the samples repository is created, if existing samples are affected by the changes in this PR.
  • Yes
  • Not applicable
• A PR for the documentation repository is created, if the changes in this PR affect the documentation or any user facing updates are made.
  • Yes
  • Not applicable
• A PR for the recipes repository is created, if existing recipes are affected by the changes in this PR.
  • Yes
  • Not applicable

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Environment deployment fails with invalid Azure provider scope due to bug in config loader (API v20250801preview)</issue_title>
<issue_description>### Steps to reproduce

1. Create an environment bicep definition with Radius.Core/environments@2025-08-01-preview, configuring Azure provider with separate subscriptionId and resourceGroupName fields.
2. Deploy this environment resource, i.e. rad deploy env.bicep.
3. Observe deployment error during recipe execution.

Observed behavior

Deployment fails with:

Error: {
  "code": "InvalidDeployment",
  "message": "Invalid deployment template.",
  "target": "/planes/radius/local/resourcegroups/prod-aca/providers/Microsoft.Resources/deployments/rad-deploy-b23fae4b-1c7d-49cc-aa73-df85b0129323",
  "details": [
    {
      "code": "Invalid",
      "message": "Subscription is required for azure scope, scope is: /planes/azure/azure/Subscriptions/85716382-7362-45c3-ae03-2126e459a123/ResourceGroups/willtsai-prod-aca"
    }
  ]
}

TraceId:  f206d51aabd785efb4c77992c6d8d4de

This appears related to issue #11048, which describes the root cause involving invalid scope construction for Azure provider in the environment config loader for API version v20250801preview.

Desired behavior

The Azure provider scope should be constructed as a full Azure resource ID path:

/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}

Successfully deploying environments and recipes should not result in the above error.

Workaround

No reliable workaround found. Previous investigation and fix in issue #11048 does not resolve the problem; error persists when deploying environments with the latest version.

rad Version

> rad version
CLI Version Information:
RELEASE   VERSION   BICEP     COMMIT
0.55.0    v0.55.0   0.41.2    4142176e438a8e81b21f5cd41b85f3ab73ed86b2

Control Plane Information:
STATUS     VERSION
Installed  0.55.0

API version: 2025-08-01-preview

Operating system

macOS Sonoma, Apple Silicon (arm64)

Additional context

Related to closed issue #11048 (#11048).
Error encountered during deployment identifies scope construction issue is not resolved. See reproduction steps and attached error output.</issue_description>

<agent_instructions>please find the root cause and make a fix</agent_instructions>

Comments on the Issue (you are @copilot in this section)

• Fixes Environment deployment fails with invalid Azure provider scope due to bug in config loader (API v20250801preview) #11439

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

[github-actions]

Unit Tests

    2 files  ±0    415 suites  ±0   6m 46s ⏱️ -8s
4 882 tests +1  4 880 ✅ +1  2 💤 ±0  0 ❌ ±0 
5 785 runs  +2  5 783 ✅ +2  2 💤 ±0  0 ❌ ±0 

Results for commit 5e03749. ± Comparison against base commit 0a26e31.

♻️ This comment has been updated with latest results.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 51.24%. Comparing base (0a26e31) to head (5e03749).

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #11440      +/-   ##
==========================================
+ Coverage   51.22%   51.24%   +0.01%     
==========================================
  Files         699      699              
  Lines       44062    44065       +3     
==========================================
+ Hits        22572    22581       +9     
+ Misses      19330    19327       -3     
+ Partials     2160     2157       -3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[radius-functional-tests]

Radius functional test overview

🔍 Go to test action run

Click here to see the test run details

Name	Value
Repository	radius-project/radius
Commit ref	04b493f
Unique ID	func57ed60f88e
Image tag	pr-func57ed60f88e

• gotestsum 1.13.0
• KinD: v0.29.0
• Dapr: 1.14.4
• Azure KeyVault CSI driver: 1.4.2
• Azure Workload identity webhook: 1.3.0
• Bicep recipe location ghcr.io/radius-project/dev/test/testrecipes/test-bicep-recipes/<name>:pr-func57ed60f88e
• Terraform recipe location http://tf-module-server.radius-test-tf-module-server.svc.cluster.local/<name>.zip (in cluster)
• applications-rp test image location: ghcr.io/radius-project/dev/applications-rp:pr-func57ed60f88e
• dynamic-rp test image location: ghcr.io/radius-project/dev/dynamic-rp:pr-func57ed60f88e
• controller test image location: ghcr.io/radius-project/dev/controller:pr-func57ed60f88e
• ucp test image location: ghcr.io/radius-project/dev/ucpd:pr-func57ed60f88e
• deployment-engine test image location: ghcr.io/radius-project/deployment-engine:latest

Test Status

⌛ Building Radius and pushing container images for functional tests...
✅ Container images build succeeded
⌛ Publishing Bicep Recipes for functional tests...
✅ Recipe publishing succeeded
⌛ Starting ucp-cloud functional tests...
⌛ Starting corerp-cloud functional tests...
✅ ucp-cloud functional tests succeeded
✅ corerp-cloud functional tests succeeded

[Copilot]

Pull request overview

Fixes Azure provider scope construction in the CLI deploy runner for Radius.Core/environments@2025-08-01-preview (v20250801preview) so downstream scope parsing (FindScope("subscriptions")) succeeds.

Changes:

• Update setupCloudProviders() to emit ARM-style Azure scopes (/subscriptions/.../resourceGroups/...) for v20250801preview.
• Update deploy command test expectations to match the corrected Azure scope format.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
pkg/cli/cmd/deploy/deploy.go	Adjusts Azure scope string construction for v20250801preview environment properties.
pkg/cli/cmd/deploy/deploy_test.go	Updates test expectations for Azure scope format in deploy provider setup/configure tests.

---

You can also share your feedback on Copilot code review. Take the survey.

[willtsai]

@copilot apply changes based on this feedback

[Copilot]

Added a test case for v20250801preview with only SubscriptionID set (nil ResourceGroupName), verifying the subscription-only scope /subscriptions/test-subscription is produced without panic. See commit 5e03749.

[willtsai]

Ready for review, I've verified that the changes fix the bug in my local build:

> ~/repos/aocto/radius-project/not-forked/radius/dist/darwin_arm64/release/rad  deploy prod-aca.bicep -w prod-aca

Building prod-aca.bicep...
Deploying template 'prod-aca.bicep' into environment '/planes/radius/local/resourcegroups/prod-aca/providers/Radius.Core/environments/prod-aca' from workspace 'prod-aca'...

Deployment In Progress...


Deployment Complete

Resources:
    prod-aca        Radius.Core/environments
    aca-recipe-pack Radius.Core/recipePacks

> ~/repos/aocto/radius-project/not-forked/radius/dist/darwin_arm64/release/rad env show -w prod-aca  -o json --preview 
{
  "id": "/planes/radius/local/resourcegroups/prod-aca/providers/Radius.Core/environments/prod-aca",
  "location": "global",
  "name": "prod-aca",
  "properties": {
    "providers": {
      "azure": {
        "resourceGroupName": "willtsai-prod-aca",
        "subscriptionId": "85716382-7362-45c3-ae03-2126e459a123"
      },
      "kubernetes": {
        "namespace": "prod-aca"
      }
    },
    "provisioningState": "Succeeded",
    "recipePacks": [
      "/planes/radius/local/resourcegroups/prod-aca/providers/Radius.Core/recipePacks/aca-recipe-pack"
    ],
    "recipeParameters": {
      "Radius.Compute/containers": {
        "containerAppsEnvironmentId": "prod-aca"
      }
    }
  },
  "systemData": {
    "createdAt": "0001-01-01T00:00:00Z",
    "createdBy": "",
    "createdByType": "",
    "lastModifiedAt": "0001-01-01T00:00:00Z",
    "lastModifiedBy": "",
    "lastModifiedByType": ""
  },
  "tags": {},
  "type": "Radius.Core/environments"
}

[
  {
    "Provider": "azure",
    "Properties": "subscriptionId: '85716382-7362-45c3-ae03-2126e459a123', resourceGroupName: 'willtsai-prod-aca'"
  },
  {
    "Provider": "kubernetes",
    "Properties": "namespace: 'prod-aca'"
  }
]

[
  {
    "RecipePack": "aca-recipe-pack",
    "ResourceType": "Radius.Compute/containers",
    "RecipeKind": "bicep",
    "RecipeLocation": "ghcr.io/willtsai/recipes/aca-containers:latest"
  }
]