Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Packer Builds for Multiple Azure Tenants #436

Closed
straubt1 opened this issue Aug 22, 2024 · 0 comments · Fixed by #439
Closed

Packer Builds for Multiple Azure Tenants #436

straubt1 opened this issue Aug 22, 2024 · 0 comments · Fixed by #439
Labels
enhancement

Comments

@straubt1
Copy link
Contributor

straubt1 commented Aug 22, 2024
edited
Loading

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request.
If you are interested in working on this issue or have submitted a pull request, please leave a comment.

Description

Situation: Building multiple images in different Azure Tenants and publishing to a single HCP Packer Bucket. In order to do this, we must create a single .pkr.hcl file and execute a single packer build .. After a successful build, we have a need to tag the underlying images after a successful Wiz scan.

High Level Order:

  • packer build . for several concurrent image builds, each isolated in their own Azure Tenant.
  • Images are successfully built, image id's are present in the manifest.json file.
  • Security scan on each image.
  • Image scan on each image is successful.
  • Tag the underling images, which requires the Tenant Id and Subscription Id for authentication.

Current: The Azure Packer plugin (https://github.com/hashicorp/packer-plugin-azure) currently exposing a single Build variable -> https://developer.hashicorp.com/packer/integrations/hashicorp/azure/latest/components/builder/arm#build-shared-information-variables called "SourceImageName".

Proposal: The Azure Packer plugin should expose tenant (and optionally subscription) id to allow custom_data to contain this information for post build tasks.

Ideal Syntax:

post-processor "manifest" {
    output     = "manifest.json"
    strip_path = true
    custom_data = {
      tenant_id       = build.TenantID
      subscription_id = build.SubsriptionID # optional, could be parsed from "artifact_id" but very help here
    }
  }

Would result in:

{
  "builds": [
    {
      "name": "tenant01",
      "builder_type": "azure-arm",
      "build_time": 1724179638,
      "files": null,
      "artifact_id": "/subscriptions/{AZ_SUBSCRIPTION_ID}/resourceGroups/packer-build-images/providers/Microsoft.Compute/images/azure_ubuntu-2204_sigtenant1_0.0.26",
      "packer_run_uuid": "5950db35-f75c-e09c-de7d-9e307b89bdc1",
      "custom_data": {
        "tenant_id": "{AZ_TENANT_ID_tenant01}",
        "subscription_id": "{AZ_SUBSCRIPTION_ID_tenant01}"
      }
    },
    {
      "name": "tenant02",
      "builder_type": "azure-arm",
      "build_time": 1724179775,
      "files": null,
      "artifact_id": "/subscriptions/{AZ_SUBSCRIPTION_ID}/resourceGroups/packer-build-images/providers/Microsoft.Compute/images/azure_ubuntu-2204_sigtenant22_0.0.26",
      "packer_run_uuid": "5950db35-f75c-e09c-de7d-9e307b89bdc1",
      "custom_data": {
        "tenant_id": "{AZ_TENANT_ID_tenant02}",
        "subscription_id": "{AZ_SUBSCRIPTION_ID_tenant02}"
      }
    }
  ],
  "last_run_uuid": "5950db35-f75c-e09c-de7d-9e307b89bdc1"
}

Potential References

An existing build property is exposed called "SourceImageName" -> https://developer.hashicorp.com/packer/integrations/hashicorp/azure/latest/components/builder/arm#build-shared-information-variables
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add Subscription ID and Tenant ID to build variables hashicorp/packer-plugin-azure
1 participant
@straubt1