Fred-sun
commented
4 years ago @eberkut Thank you for submitting this question! We will investigate this issue.
Open eberkut opened 4 years ago
Fred-sun
commented
4 years ago @eberkut Thank you for submitting this question! We will investigate this issue.
dsavov
commented
3 years ago I have the same problem. I would like to deploy a VM in a tenant that's different than the one shared image gallery is using.
SUMMARY
Support logging into an auxiliary tenant when deploying an ARM template to be able to use external resources.
ISSUE TYPE
COMPONENT NAME
azure_rm_deployment
ADDITIONAL INFORMATION
Some features, in particular Azure Shared Image Gallery (https://docs.microsoft.com/en-us/azure/virtual-machines/windows/shared-image-galleries), allows for resources to be shared across Azure tenants (https://docs.microsoft.com/en-us/azure/virtual-machines/linux/share-images-across-tenants). However, this requires to log into two different tenants when deploying a template using resources in different tenants.
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/authenticate-multi-tenant
There is no mechanism for this double authentication directly in ARM.
https://docs.microsoft.com/en-us/answers/questions/52987/using-a-shared-image-gallery-from-another-tenant-w.html
So it requires to be implemented in the tools running the ARM deployment. This is implemented in az cli when using the az cli deployment group command (https://github.com/Azure/azure-cli/issues/11151) and it was also implemented in Terraform (https://github.com/terraform-providers/terraform-provider-azurerm/pull/4290).
This could be implemented in ansible azure_rm_deployment by adding a aux_tenant parameter.