Feat: track Azure VM Galleries

.gitignore

@@ -10,3 +10,4 @@
 .terraform
 backend-config
 terraform-plan-output.txt
+tfplan

locals.tf

@@ -1,3 +1,36 @@
 locals {
   public_pgsql_admin_login = "psqladmin${random_password.pgsql_admin_login.result}"
+
+  shared_galleries = {
+    "dev" = {
+      description = "Shared images built by pull requests in jenkins-infra/packer-images (consider it untrusted)."
+      rg_location = "eastus"
+      images_location = {
+        "ubuntu-20"    = "eastus"
+        "ubuntu-20.04" = "eastus"
+        "windows-2019" = "eastus"
+        "windows-2022" = "eastus"
+      }
+    }
+    "staging" = {
+      description = "Shared images built by the principal code branch in jenkins-infra/packer-images (ready to be tested)."
+      rg_location = "eastus"
+      images_location = {
+        "ubuntu-20"    = "eastus2"
+        "ubuntu-20.04" = "eastus"
+        "windows-2019" = "eastus2"
+        "windows-2022" = "eastus"
+      }
+    }
+    "prod" = {
+      description = "Shared images built by the releases in jenkins-infra/packer-images (⚠️ Used in production.)."
+      rg_location = "eastus2"
+      images_location = {
+        "ubuntu-20"    = "eastus2"
+        "ubuntu-20.04" = "eastus"
+        "windows-2019" = "eastus"
+        "windows-2022" = "eastus"
+      }
+    }
+  }
 }

packer-resources.tf

@@ -0,0 +1,58 @@
+# Azure Resources required or used by the repository jenkins-infra/packer-images
+
+## Dev Resources are used by the pull requests in jenkins-infra/packer-images
+resource "azurerm_resource_group" "packer_images" {
+  for_each = local.shared_galleries
+
+  name     = "${each.key}-packer-images"
+  location = each.value.rg_location
+}
+
+resource "azurerm_shared_image_gallery" "packer_images" {
+  for_each = local.shared_galleries
+
+  name                = "${each.key}_packer_images"
+  resource_group_name = azurerm_resource_group.packer_images[each.key].name
+  location            = "eastus" #azurerm_resource_group.packer_images[each.key].location
+  description         = each.value.description
+
+  tags = {
+    scope = "terraform-managed"
+  }
+}
+
+# Note that Terraform does NOT manage image versions (it's packer-based).
+resource "azurerm_shared_image" "jenkins_agent_images" {
+  # Generate a list of images in the form "<gallery name>_<image_name>"
+  for_each = toset(
+    distinct(
+      flatten([
+        for gallery_key, gallery_value in local.shared_galleries : [
+          for image_key, image_value in gallery_value.images_location : "${gallery_key}_${image_key}"
+        ]
+      ])
+    )
+  )
+
+  name                = format("jenkins-agent-%s", split("_", each.value)[1])
+  gallery_name        = azurerm_shared_image_gallery.packer_images[split("_", each.value)[0]].name
+  resource_group_name = azurerm_resource_group.packer_images[split("_", each.value)[0]].name
+  location            = local.shared_galleries[split("_", each.value)[0]].images_location[split("_", each.value)[1]]
+
+  hyper_v_generation     = "V2"
+  os_type                = length(regexall(".*windows.*", lower(split("_", each.value)[1]))) > 0 ? "Windows" : "Linux"
+  specialized            = false
+  trusted_launch_enabled = false
+
+  identifier {
+    publisher = format("jenkins-agent-%s", split("_", each.value)[1])
+    offer     = format("jenkins-agent-%s", split("_", each.value)[1])
+    sku       = format("jenkins-agent-%s", split("_", each.value)[1])
+  }
+
+  timeouts {}
+
+  tags = {
+    scope = "terraform-managed"
+  }
+}

vnets.tf

@@ -59,6 +59,9 @@ resource "azurerm_subnet" "pgsql_tier" {
     name = "pgsql"
     service_delegation {
       name = "Microsoft.DBforPostgreSQL/flexibleServers"
+      actions = [
+        "Microsoft.Network/virtualNetworks/subnets/join/action",
+      ]
     }
   }
 }