diff --git a/helpers/GenerateResourcesAndImage.ps1 b/helpers/GenerateResourcesAndImage.ps1 index 58e9698f8d26..6561752badf5 100644 --- a/helpers/GenerateResourcesAndImage.ps1 +++ b/helpers/GenerateResourcesAndImage.ps1 @@ -113,10 +113,17 @@ Function GenerateResourcesAndImage { cleanup - attempt to cleanup and then abort run-cleanup-provisioner - run the cleanup provisioner and then abort The default is 'ask'. + .PARAMETER UseAzureCliAuth + If set, switches to use Azure CLI authentication for Packer. Defaults to false. + CLI auth will use the information from an active az login session to connect to Azure and set the subscription id and tenant id associated to the signed in account. + If enabled, it will use the authentication provided by the az CLI. + Azure CLI authentication will use the credential marked as isDefault and can be verified using az account show. + Works with normal authentication (az login) and service principals (az login --service-principal --username APP_ID --password PASSWORD --tenant TENANT_ID). + Ignores all other configurations if enabled. .PARAMETER Tags Tags to be applied to the Azure resources created. .EXAMPLE - GenerateResourcesAndImage -SubscriptionId {YourSubscriptionId} -ResourceGroupName "shsamytest1" -ImageGenerationRepositoryRoot "C:\runner-images" -ImageType Ubuntu2004 -AzureLocation "East US" + GenerateResourcesAndImage -SubscriptionId {YourSubscriptionId} -ResourceGroupName "shsamytest1" -ImageGenerationRepositoryRoot "C:\runner-images" -ImageType Ubuntu2204 -AzureLocation "East US" #> param ( [Parameter(Mandatory = $True)] @@ -149,6 +156,8 @@ Function GenerateResourcesAndImage { [ValidateSet("abort", "ask", "cleanup", "run-cleanup-provisioner")] [string] $OnError = "ask", [Parameter(Mandatory = $False)] + [switch] $UseAzureCliAuth, + [Parameter(Mandatory = $False)] [hashtable] $Tags = @{} ) @@ -231,6 +240,7 @@ Function GenerateResourcesAndImage { "-var=managed_image_resource_group_name=$($ResourceGroupName)" ` "-var=install_password=$($InstallPassword)" ` "-var=allowed_inbound_ip_addresses=$($AllowedInboundIpAddresses)" ` + "-var=use_azure_cli_auth=$($UseAzureCliAuth.ToString().ToLower())" ` "-var=azure_tags=$($TagsJson)" ` $TemplatePath @@ -240,14 +250,21 @@ Function GenerateResourcesAndImage { try { # Login to Azure subscription - if ([string]::IsNullOrEmpty($AzureClientId)) { - Write-Verbose "No AzureClientId was provided, will use interactive login." - az login --output none + try { + az account show -o none 2>$null || Write-Error $_ + Write-Verbose "Already logged in..." } - else { - Write-Verbose "AzureClientId was provided, will use service principal login." - az login --service-principal --username $AzureClientId --password=$AzureClientSecret --tenant $AzureTenantId --output none + catch { + if ([string]::IsNullOrEmpty($AzureClientId)) { + Write-Verbose "No AzureClientId was provided, will use interactive login." + az login --output none + } + else { + Write-Verbose "AzureClientId was provided, will use service principal login." + az login --service-principal --username $AzureClientId --password=$AzureClientSecret --tenant $AzureTenantId --output none + } } + az account set --subscription $SubscriptionId if ($LastExitCode -ne 0) { throw "Failed to login to Azure subscription '$SubscriptionId'." @@ -328,7 +345,7 @@ Function GenerateResourcesAndImage { } # Create service principal - if ([string]::IsNullOrEmpty($AzureClientId)) { + if ([string]::IsNullOrEmpty($AzureClientId) -and $UseAzureCliAuth -ne $True) { Write-Host "Creating service principal for packer..." $ADCleanupRequired = $true @@ -364,6 +381,7 @@ Function GenerateResourcesAndImage { -var "managed_image_resource_group_name=$($ResourceGroupName)" ` -var "install_password=$($InstallPassword)" ` -var "allowed_inbound_ip_addresses=$($AllowedInboundIpAddresses)" ` + -var "use_azure_cli_auth=$($UseAzureCliAuth.ToString().ToLower())" ` -var "azure_tags=$($TagsJson)" ` $TemplatePath diff --git a/images/ubuntu/templates/ubuntu-20.04.pkr.hcl b/images/ubuntu/templates/ubuntu-20.04.pkr.hcl index d8d821bcd562..0d25bb9dda7b 100644 --- a/images/ubuntu/templates/ubuntu-20.04.pkr.hcl +++ b/images/ubuntu/templates/ubuntu-20.04.pkr.hcl @@ -128,6 +128,11 @@ variable "virtual_network_name" { default = "${env("VNET_NAME")}" } +variable "use_azure_cli_auth" { + type = bool + default = false +} + variable "virtual_network_resource_group_name" { type = string default = "${env("VNET_RESOURCE_GROUP")}" @@ -161,6 +166,7 @@ source "azure-arm" "build_image" { subscription_id = "${var.subscription_id}" temp_resource_group_name = "${var.temp_resource_group_name}" tenant_id = "${var.tenant_id}" + use_azure_cli_auth = "${var.use_azure_cli_auth}" virtual_network_name = "${var.virtual_network_name}" virtual_network_resource_group_name = "${var.virtual_network_resource_group_name}" virtual_network_subnet_name = "${var.virtual_network_subnet_name}" diff --git a/images/ubuntu/templates/ubuntu-22.04.pkr.hcl b/images/ubuntu/templates/ubuntu-22.04.pkr.hcl index 6dd0abf17069..5e9c8528e46a 100644 --- a/images/ubuntu/templates/ubuntu-22.04.pkr.hcl +++ b/images/ubuntu/templates/ubuntu-22.04.pkr.hcl @@ -123,6 +123,11 @@ variable "tenant_id" { default = "${env("ARM_TENANT_ID")}" } +variable "use_azure_cli_auth" { + type = bool + default = false +} + variable "virtual_network_name" { type = string default = "${env("VNET_NAME")}" @@ -161,6 +166,7 @@ source "azure-arm" "build_image" { subscription_id = "${var.subscription_id}" temp_resource_group_name = "${var.temp_resource_group_name}" tenant_id = "${var.tenant_id}" + use_azure_cli_auth = "${var.use_azure_cli_auth}" virtual_network_name = "${var.virtual_network_name}" virtual_network_resource_group_name = "${var.virtual_network_resource_group_name}" virtual_network_subnet_name = "${var.virtual_network_subnet_name}" diff --git a/images/ubuntu/templates/ubuntu-24.04.pkr.hcl b/images/ubuntu/templates/ubuntu-24.04.pkr.hcl index 7f02ff162321..41a132807c81 100644 --- a/images/ubuntu/templates/ubuntu-24.04.pkr.hcl +++ b/images/ubuntu/templates/ubuntu-24.04.pkr.hcl @@ -123,6 +123,11 @@ variable "tenant_id" { default = "${env("ARM_TENANT_ID")}" } +variable "use_azure_cli_auth" { + type = bool + default = false +} + variable "virtual_network_name" { type = string default = "${env("VNET_NAME")}" @@ -161,6 +166,7 @@ source "azure-arm" "build_image" { subscription_id = "${var.subscription_id}" temp_resource_group_name = "${var.temp_resource_group_name}" tenant_id = "${var.tenant_id}" + use_azure_cli_auth = "${var.use_azure_cli_auth}" virtual_network_name = "${var.virtual_network_name}" virtual_network_resource_group_name = "${var.virtual_network_resource_group_name}" virtual_network_subnet_name = "${var.virtual_network_subnet_name}" diff --git a/images/ubuntu/templates/ubuntu-minimal.pkr.hcl b/images/ubuntu/templates/ubuntu-minimal.pkr.hcl index 634e76d310ed..ecdb87091e4c 100644 --- a/images/ubuntu/templates/ubuntu-minimal.pkr.hcl +++ b/images/ubuntu/templates/ubuntu-minimal.pkr.hcl @@ -97,6 +97,11 @@ variable "tenant_id" { default = "${env("ARM_TENANT_ID")}" } +variable "use_azure_cli_auth" { + type = bool + default = false +} + variable "virtual_network_name" { type = string default = "${env("VNET_NAME")}" @@ -121,11 +126,12 @@ source "azure-arm" "build_image" { location = "${var.location}" // Auth - tenant_id = "${var.tenant_id}" - subscription_id = "${var.subscription_id}" - client_id = "${var.client_id}" - client_secret = "${var.client_secret}" - client_cert_path = "${var.client_cert_path}" + tenant_id = "${var.tenant_id}" + subscription_id = "${var.subscription_id}" + client_id = "${var.client_id}" + client_secret = "${var.client_secret}" + client_cert_path = "${var.client_cert_path}" + use_azure_cli_auth = "${var.use_azure_cli_auth}" // Base image image_offer = "0001-com-ubuntu-server-jammy" diff --git a/images/windows/templates/windows-2019.pkr.hcl b/images/windows/templates/windows-2019.pkr.hcl index 1ec030585c4a..abf42ac7000a 100644 --- a/images/windows/templates/windows-2019.pkr.hcl +++ b/images/windows/templates/windows-2019.pkr.hcl @@ -133,6 +133,11 @@ variable "tenant_id" { default = "${env("ARM_TENANT_ID")}" } +variable "use_azure_cli_auth" { + type = bool + default = false +} + variable "virtual_network_name" { type = string default = "${env("VNET_NAME")}" @@ -174,6 +179,7 @@ source "azure-arm" "image" { subscription_id = "${var.subscription_id}" temp_resource_group_name = "${var.temp_resource_group_name}" tenant_id = "${var.tenant_id}" + use_azure_cli_auth = "${var.use_azure_cli_auth}" virtual_network_name = "${var.virtual_network_name}" virtual_network_resource_group_name = "${var.virtual_network_resource_group_name}" virtual_network_subnet_name = "${var.virtual_network_subnet_name}" diff --git a/images/windows/templates/windows-2022.pkr.hcl b/images/windows/templates/windows-2022.pkr.hcl index 0c66a7dbfa1f..c024874d171e 100644 --- a/images/windows/templates/windows-2022.pkr.hcl +++ b/images/windows/templates/windows-2022.pkr.hcl @@ -133,6 +133,11 @@ variable "tenant_id" { default = "${env("ARM_TENANT_ID")}" } +variable "use_azure_cli_auth" { + type = bool + default = false +} + variable "virtual_network_name" { type = string default = "${env("VNET_NAME")}" @@ -174,6 +179,7 @@ source "azure-arm" "image" { subscription_id = "${var.subscription_id}" temp_resource_group_name = "${var.temp_resource_group_name}" tenant_id = "${var.tenant_id}" + use_azure_cli_auth = "${var.use_azure_cli_auth}" virtual_network_name = "${var.virtual_network_name}" virtual_network_resource_group_name = "${var.virtual_network_resource_group_name}" virtual_network_subnet_name = "${var.virtual_network_subnet_name}"