Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add new AzureCLI authentication options for GenerateResourcesAndImage and Packer templates #10602

Open
wants to merge 30 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
d0018fa
Fixes to enable a flow for use_azure_cli_auth
feliasson Sep 11, 2024
acaab6c
Merge branch 'actions:main' into UseAzureCliAuth-1
feliasson Sep 11, 2024
05e4fe7
Update help section
feliasson Sep 11, 2024
75beb8e
Update comment
feliasson Sep 11, 2024
b9ca2b8
Update text
feliasson Sep 11, 2024
e0a9829
Take parameter explanation from Hashicorp
feliasson Sep 12, 2024
028cc62
Update example
feliasson Sep 12, 2024
3e92693
Add suggestion from #10236
feliasson Sep 12, 2024
400eb03
Merge branch 'actions:main' into UseAzureCliAuth-1
feliasson Sep 12, 2024
2ec93a8
Update text
feliasson Sep 12, 2024
173e25b
Test fix
feliasson Sep 12, 2024
ededc00
Test fix
feliasson Sep 12, 2024
9607d52
Fix for error handling when not logged in
feliasson Sep 12, 2024
8135fa4
Merge branch 'actions:main' into UseAzureCliAuth-1
feliasson Sep 13, 2024
960578e
Merge branch 'actions:main' into UseAzureCliAuth-1
feliasson Sep 19, 2024
58378e0
Merge branch 'actions:main' into UseAzureCliAuth-1
feliasson Sep 23, 2024
fddc067
Merge branch 'actions:main' into UseAzureCliAuth-1
feliasson Sep 27, 2024
9ffd152
Merge branch 'actions:main' into UseAzureCliAuth-1
feliasson Oct 4, 2024
24626e3
Merge branch 'actions:main' into UseAzureCliAuth-1
feliasson Oct 10, 2024
cf8090b
Merge branch 'actions:main' into UseAzureCliAuth-1
feliasson Oct 17, 2024
5c1bc8f
Merge branch 'actions:main' into UseAzureCliAuth-1
feliasson Oct 22, 2024
dbb2467
Merge branch 'actions:main' into UseAzureCliAuth-1
feliasson Oct 29, 2024
74126c1
Merge branch 'actions:main' into UseAzureCliAuth-1
feliasson Nov 1, 2024
cba9b9f
Merge branch 'actions:main' into UseAzureCliAuth-1
feliasson Nov 8, 2024
5e2468d
Merge branch 'actions:main' into UseAzureCliAuth-1
feliasson Nov 20, 2024
8610e9d
Merge branch 'actions:main' into UseAzureCliAuth-1
feliasson Dec 17, 2024
3d50ff4
Merge branch 'actions:main' into UseAzureCliAuth-1
feliasson Dec 23, 2024
67e144e
Merge branch 'actions:main' into UseAzureCliAuth-1
feliasson Jan 7, 2025
8408562
Merge branch 'actions:main' into UseAzureCliAuth-1
feliasson Jan 13, 2025
c160d48
Merge branch 'actions:main' into UseAzureCliAuth-1
feliasson Jan 21, 2025
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 26 additions & 8 deletions helpers/GenerateResourcesAndImage.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -117,10 +117,17 @@ Function GenerateResourcesAndImage {
cleanup - attempt to cleanup and then abort
run-cleanup-provisioner - run the cleanup provisioner and then abort
The default is 'ask'.
.PARAMETER UseAzureCliAuth
If set, switches to use Azure CLI authentication for Packer. Defaults to false.
CLI auth will use the information from an active az login session to connect to Azure and set the subscription id and tenant id associated to the signed in account.
If enabled, it will use the authentication provided by the az CLI.
Azure CLI authentication will use the credential marked as isDefault and can be verified using az account show.
Works with normal authentication (az login) and service principals (az login --service-principal --username APP_ID --password PASSWORD --tenant TENANT_ID).
Ignores all other configurations if enabled.
.PARAMETER Tags
Tags to be applied to the Azure resources created.
.EXAMPLE
GenerateResourcesAndImage -SubscriptionId {YourSubscriptionId} -ResourceGroupName "shsamytest1" -ImageGenerationRepositoryRoot "C:\runner-images" -ImageType Ubuntu2004 -AzureLocation "East US"
GenerateResourcesAndImage -SubscriptionId {YourSubscriptionId} -ResourceGroupName "shsamytest1" -ImageGenerationRepositoryRoot "C:\runner-images" -ImageType Ubuntu2204 -AzureLocation "East US"
#>
param (
[Parameter(Mandatory = $True)]
Expand Down Expand Up @@ -153,6 +160,8 @@ Function GenerateResourcesAndImage {
[ValidateSet("abort", "ask", "cleanup", "run-cleanup-provisioner")]
[string] $OnError = "ask",
[Parameter(Mandatory = $False)]
[switch] $UseAzureCliAuth,
[Parameter(Mandatory = $False)]
[hashtable] $Tags = @{}
)

Expand Down Expand Up @@ -235,6 +244,7 @@ Function GenerateResourcesAndImage {
"-var=managed_image_resource_group_name=$($ResourceGroupName)" `
"-var=install_password=$($InstallPassword)" `
"-var=allowed_inbound_ip_addresses=$($AllowedInboundIpAddresses)" `
"-var=use_azure_cli_auth=$($UseAzureCliAuth.ToString().ToLower())" `
"-var=azure_tags=$($TagsJson)" `
$TemplatePath

Expand All @@ -244,14 +254,21 @@ Function GenerateResourcesAndImage {

try {
# Login to Azure subscription
if ([string]::IsNullOrEmpty($AzureClientId)) {
Write-Verbose "No AzureClientId was provided, will use interactive login."
az login --output none
try {
az account show -o none 2>$null || Write-Error $_
Write-Verbose "Already logged in..."
}
else {
Write-Verbose "AzureClientId was provided, will use service principal login."
az login --service-principal --username $AzureClientId --password=$AzureClientSecret --tenant $AzureTenantId --output none
catch {
if ([string]::IsNullOrEmpty($AzureClientId)) {
Write-Verbose "No AzureClientId was provided, will use interactive login."
az login --output none
}
else {
Write-Verbose "AzureClientId was provided, will use service principal login."
az login --service-principal --username $AzureClientId --password=$AzureClientSecret --tenant $AzureTenantId --output none
}
}

az account set --subscription $SubscriptionId
if ($LastExitCode -ne 0) {
throw "Failed to login to Azure subscription '$SubscriptionId'."
Expand Down Expand Up @@ -332,7 +349,7 @@ Function GenerateResourcesAndImage {
}

# Create service principal
if ([string]::IsNullOrEmpty($AzureClientId)) {
if ([string]::IsNullOrEmpty($AzureClientId) -and $UseAzureCliAuth -ne $True) {
Write-Host "Creating service principal for packer..."
$ADCleanupRequired = $true

Expand Down Expand Up @@ -368,6 +385,7 @@ Function GenerateResourcesAndImage {
-var "managed_image_resource_group_name=$($ResourceGroupName)" `
-var "install_password=$($InstallPassword)" `
-var "allowed_inbound_ip_addresses=$($AllowedInboundIpAddresses)" `
-var "use_azure_cli_auth=$($UseAzureCliAuth.ToString().ToLower())" `
-var "azure_tags=$($TagsJson)" `
$TemplatePath

Expand Down
6 changes: 6 additions & 0 deletions images/ubuntu/templates/ubuntu-20.04.pkr.hcl
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,11 @@ variable "virtual_network_name" {
default = "${env("VNET_NAME")}"
}

variable "use_azure_cli_auth" {
type = bool
default = false
}

variable "virtual_network_resource_group_name" {
type = string
default = "${env("VNET_RESOURCE_GROUP")}"
Expand Down Expand Up @@ -161,6 +166,7 @@ source "azure-arm" "build_image" {
subscription_id = "${var.subscription_id}"
temp_resource_group_name = "${var.temp_resource_group_name}"
tenant_id = "${var.tenant_id}"
use_azure_cli_auth = "${var.use_azure_cli_auth}"
virtual_network_name = "${var.virtual_network_name}"
virtual_network_resource_group_name = "${var.virtual_network_resource_group_name}"
virtual_network_subnet_name = "${var.virtual_network_subnet_name}"
Expand Down
6 changes: 6 additions & 0 deletions images/ubuntu/templates/ubuntu-22.04.pkr.hcl
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,11 @@ variable "tenant_id" {
default = "${env("ARM_TENANT_ID")}"
}

variable "use_azure_cli_auth" {
type = bool
default = false
}

variable "virtual_network_name" {
type = string
default = "${env("VNET_NAME")}"
Expand Down Expand Up @@ -161,6 +166,7 @@ source "azure-arm" "build_image" {
subscription_id = "${var.subscription_id}"
temp_resource_group_name = "${var.temp_resource_group_name}"
tenant_id = "${var.tenant_id}"
use_azure_cli_auth = "${var.use_azure_cli_auth}"
virtual_network_name = "${var.virtual_network_name}"
virtual_network_resource_group_name = "${var.virtual_network_resource_group_name}"
virtual_network_subnet_name = "${var.virtual_network_subnet_name}"
Expand Down
6 changes: 6 additions & 0 deletions images/ubuntu/templates/ubuntu-24.04.pkr.hcl
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,11 @@ variable "tenant_id" {
default = "${env("ARM_TENANT_ID")}"
}

variable "use_azure_cli_auth" {
type = bool
default = false
}

variable "virtual_network_name" {
type = string
default = "${env("VNET_NAME")}"
Expand Down Expand Up @@ -161,6 +166,7 @@ source "azure-arm" "build_image" {
subscription_id = "${var.subscription_id}"
temp_resource_group_name = "${var.temp_resource_group_name}"
tenant_id = "${var.tenant_id}"
use_azure_cli_auth = "${var.use_azure_cli_auth}"
virtual_network_name = "${var.virtual_network_name}"
virtual_network_resource_group_name = "${var.virtual_network_resource_group_name}"
virtual_network_subnet_name = "${var.virtual_network_subnet_name}"
Expand Down
16 changes: 11 additions & 5 deletions images/ubuntu/templates/ubuntu-minimal.pkr.hcl
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,11 @@ variable "tenant_id" {
default = "${env("ARM_TENANT_ID")}"
}

variable "use_azure_cli_auth" {
type = bool
default = false
}

variable "virtual_network_name" {
type = string
default = "${env("VNET_NAME")}"
Expand All @@ -121,11 +126,12 @@ source "azure-arm" "build_image" {
location = "${var.location}"

// Auth
tenant_id = "${var.tenant_id}"
subscription_id = "${var.subscription_id}"
client_id = "${var.client_id}"
client_secret = "${var.client_secret}"
client_cert_path = "${var.client_cert_path}"
tenant_id = "${var.tenant_id}"
subscription_id = "${var.subscription_id}"
client_id = "${var.client_id}"
client_secret = "${var.client_secret}"
client_cert_path = "${var.client_cert_path}"
use_azure_cli_auth = "${var.use_azure_cli_auth}"

// Base image
image_offer = "0001-com-ubuntu-server-jammy"
Expand Down
6 changes: 6 additions & 0 deletions images/windows/templates/windows-2019.pkr.hcl
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,11 @@ variable "tenant_id" {
default = "${env("ARM_TENANT_ID")}"
}

variable "use_azure_cli_auth" {
type = bool
default = false
}

variable "virtual_network_name" {
type = string
default = "${env("VNET_NAME")}"
Expand Down Expand Up @@ -174,6 +179,7 @@ source "azure-arm" "image" {
subscription_id = "${var.subscription_id}"
temp_resource_group_name = "${var.temp_resource_group_name}"
tenant_id = "${var.tenant_id}"
use_azure_cli_auth = "${var.use_azure_cli_auth}"
virtual_network_name = "${var.virtual_network_name}"
virtual_network_resource_group_name = "${var.virtual_network_resource_group_name}"
virtual_network_subnet_name = "${var.virtual_network_subnet_name}"
Expand Down
6 changes: 6 additions & 0 deletions images/windows/templates/windows-2022.pkr.hcl
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,11 @@ variable "tenant_id" {
default = "${env("ARM_TENANT_ID")}"
}

variable "use_azure_cli_auth" {
type = bool
default = false
}

variable "virtual_network_name" {
type = string
default = "${env("VNET_NAME")}"
Expand Down Expand Up @@ -174,6 +179,7 @@ source "azure-arm" "image" {
subscription_id = "${var.subscription_id}"
temp_resource_group_name = "${var.temp_resource_group_name}"
tenant_id = "${var.tenant_id}"
use_azure_cli_auth = "${var.use_azure_cli_auth}"
virtual_network_name = "${var.virtual_network_name}"
virtual_network_resource_group_name = "${var.virtual_network_resource_group_name}"
virtual_network_subnet_name = "${var.virtual_network_subnet_name}"
Expand Down