Packer plugin for Azure Virtual Machine Image Builders
Full Changelog: https://github.com/hashicorp/packer-plugin-azure/compare/v2.1.2...v2.1.3
Full Changelog: https://github.com/hashicorp/packer-plugin-azure/compare/v2.1.1...v2.1.2
This release contains a fix for a regression released in v2.1.0, when using a custom_managed_image_name to use a pre-existing managed image for a source the plugin would incorrectly make a call to our Azure SDK with a context without a deadline, causing the build to immediately fail.
custom_managed_image_name source by @JenGoldstrich in https://github.com/hashicorp/packer-plugin-azure/pull/402
Full Changelog: https://github.com/hashicorp/packer-plugin-azure/compare/v2.1.0...v2.1.1
shared_image_gallery_replica_count is not allowed when the gallery destination contains target_region block, instead set replicas inside each target region block that a need a replica count that is not 1Full Changelog: https://github.com/hashicorp/packer-plugin-azure/compare/v2.0.5...v2.1.0
Full Changelog: https://github.com/hashicorp/packer-plugin-azure/compare/v2.0.4...v2.0.5
When publishing to a Shared Image Gallery without the use of replication_regions the build location is not added as a capture region. Users must specify a target_region block matching the target build location.
shared_image_gallery_destination {
subscription = var.subscription_id
resource_group = var.gallery_resource_group
gallery_name = var.gallery
image_name = var.box_name
image_version = var.version
storage_account_type = "Standard_LRS"
target_region {
name = var.location
}
}
Full Changelog: https://github.com/hashicorp/packer-plugin-azure/compare/v2.0.3...v2.0.4
This release contains a regression that was introduced with shared image galleries target_region block attributes. Please upgrade to version v2.0.4, which has been patched.
Full Changelog: https://github.com/hashicorp/packer-plugin-azure/compare/v2.0.2...v2.0.3
Full Changelog: https://github.com/hashicorp/packer-plugin-azure/compare/v2.0.1...v2.0.2
use_shallow_replication field for Compute Gallery/SIG builds, fix replica count type by @JenGoldstrich in https://github.com/hashicorp/packer-plugin-azure/pull/337
encryption_at_host to *bool by @KMConner in https://github.com/hashicorp/packer-plugin-azure/pull/338
Full Changelog: https://github.com/hashicorp/packer-plugin-azure/compare/v2.0.0...v2.0.1
Azure Packer plugin versions before v2.0.0 supported PEM encoded certificates without passwords, the new SDK used by v2.0.0 only supports PKCS#12 bundles (pfx files), this is the same functionality that the AzureRM Terraform Provider uses.
Steps to Generate a PFX bundle and register it in Azure from a POSIX-compatible shell are listed below. For PowerShell the commands will be different:
1.) Generate the certificate (for example with OpenSSL)
$ openssl req -subj '/CN=myclientcertificate/O=MyCompany, Inc./ST=CA/C=US' -new -newkey rsa:4096 -sha256 -days 730 -nodes -x509 -keyout client.key -out client.crt
2.) Create PKCS#12 bundle from certificate note: the password is intentionally quoted for shell compatibility, the value does not include the quotes $ openssl pkcs12 -export -password pass:"Pa55w0rd123" -out client.pfx -inkey client.key -in client.crt
3.) Create a new application registration and then inside the Certificates & secrets section of that app registration, go to Certificates and then click Upload certificate select the public key of the cerificate (client.crt)
4.) Then on the Azure Subscriptions page, choose the subscription you created the app registry for and open Access Control (IAM) and then using the Add > Add role assignment button grant that registered application the roles required for your build (e.g. Contributor)
5.) Use the generated pfx file client.pfx in the field client_cert_path and set your certificate password in client_cert_password of your Packer Azure build. (in this example we've set that to Pa55w0rd123)
During VHD builds this plugin previously would use an account key to authorize deleting from storage accounts, this is not recommended by Microsoft due to security risks so we now as requested in https://github.com/hashicorp/packer-plugin-azure/issues/250 use managed authentication to connect to Storage Accounts, for VHD builds this means your user principal will need delete storage account access to the account where VHD builds are occurring, this level of access was previously not required, and without it Packer will fail to cleanup VHD artifacts at the end of a build
In Azure Packer plugin Packer v2.0.0 we have removed support for the authentication option use_interactive_auth aka Device Code login, users can still use device code login through the Azure CLI az login βuse-device-code and then using the use_azure_cli_auth authentication option.
In Azure Packer plugin versions before v2.0.0 we previously displayed a ReadOnly SAS URI in Packer builds for VHDs, and managed images which kept their OS disks. In v2 the plugin no longer generate these SAS URIs, Microsoft recommends not using these keys and sticking to Azure AD authentication, you can read more here about SAS URIs.
The Packer Azure Plugin now supports OIDC auth using the client_jwt field as your OIDC token, an example is available here
Full Changelog: https://github.com/hashicorp/packer-plugin-azure/compare/v1.4.5...v2.0.0