search

hashicorp / packer-plugin-azure

Packer plugin for Azure Virtual Machine Image Builders
https://www.packer.io/docs/builders/azure
Mozilla Public License 2.0
47 stars 76 forks source link

Add full managed image gallery ID to HCP Packer data for managed image backed SIG builds #389

Open danbarr opened 3 months ago

danbarr commented 3 months ago

Description

When a managed image is published to a Compute Gallery using the Azure ARM builder, the ManagedImageId output is sent to HCP Packer as the external_id, but the ManagedImageSharedImageGalleryId is not captured.

Various components of the Gallery ID are included in build tags (sig_name, sig_image_name, sig_image_version, and so on), but not the full ID so it's quite a lot of work to piece it together.

Use Case(s)

Users publishing shared images to a Compute Gallery expect to consume the images using the Gallery ID, not the underlying Managed Image ID.

Potential configuration

Given this configuration:

source "azure-arm" "base" {
  os_type                   = "Linux"
  build_resource_group_name = "packer-images"
  vm_size                   = "Standard_B2s"

  # Source image
  image_publisher = "Canonical"
  image_offer     = "0001-com-ubuntu-server-jammy"
  image_sku       = "22_04-lts-gen2"
  image_version   = "latest"

  # Destination image
  managed_image_name                = "ubuntu22-${local.timestamp}"
  managed_image_resource_group_name = "packer-images"

  # Compute gallery
  shared_image_gallery_destination {
    subscription         = var.az_subscription_id
    resource_group       = "packer-images"
    gallery_name         = "packer_images"
    image_name           = "ubuntu22-base"
    image_version        = formatdate("YYYY.MMDD.hhmm", timestamp())
    replication_regions  = ["centralus"]
    storage_account_type = "Standard_LRS"
  }

  ...
}

And outputs:

==> Builds finished. The artifacts of successful builds are:
--> azure-arm.base: Azure.ResourceManagement.VMImage:

OSType: Linux
ManagedImageResourceGroupName: packer-images
ManagedImageName: ubuntu22-20240312145139
ManagedImageId: /subscriptions/<sensitive>/resourceGroups/packer-images/providers/Microsoft.Compute/images/ubuntu22-20240312145139
ManagedImageLocation: centralus
ManagedImageSharedImageGalleryId: /subscriptions/<sensitive>/resourceGroups/packer-images/providers/Microsoft.Compute/galleries/packer_images/images/ubuntu22-base/versions/2024.0312.1451
SharedImageGalleryResourceGroup: packer-images
SharedImageGalleryName: packer_images
SharedImageGalleryImageName: ubuntu22-base
SharedImageGalleryImageVersion: 2024.0312.1451
SharedImageGalleryReplicatedRegions: centralus

Only the ManagedImageId is available in HCP Packer, but the ManagedImageSharedImageGalleryId is desired.

Potential References

JenGoldstrich commented 3 months ago

We talked about this offline but just to post the context here for public knowledge

There are two types of images for Shared Image Gallery Destination builds on the Azure plugin, ones where you first capture it into a managed image, and ones where you direct publish to the SIG, this is the newer way of publishing to SIGs as before managed images were required but Azure released a workaround for this. If you remove the managed_image_name and managed_image_resource_group_name from your build you'll create an HCP Packer artifact that has ManagedImageSharedImageGalleryId sent as the artifact ID instead of the managed image name, while it probably makes sense to send the gallery ID instead of the managed image ID I'd rather avoid changing what we send on that ID to avoid a breaking change, especially since users not concerned with the managed image can direct publish to SIG and get the ID directly.

We should definitely capture this information in an easy to access way though, rather than just sending discrete labels for easy component, we will add ManagedImageSharedImageGalleryId as another label to managed image backed SIG image builds.