Version 2 of the Packer Azure Plugin Is Now Available

rw-book-cover

Full Document

Readwise/Full Document Contents/Version 2 of the Packer Azure Plugin Is Now Available.md

Highlights

Many users want to bring their own authentication provider when connecting to Azure, and some organizations have policies requiring this. Version 2 of the Packer Azure plugin supports using an OIDC provider to authenticate to Azure using the client_jwt field in the builder configuration. You can follow this guide to setting up GitHub as your OIDC Provider and adding its federated credentials to Azure. For example, configuring a GitHub action like this: ([View Highlight] (https://read.readwise.io/read/01hrdp6kf3gcn5z0ajp05s6yj5))

steps: - name: Set OIDC Token run: | echo "ARM_OIDC_TOKEN=$(curl -H "Accept: application/json; api-version=2.0" -H "Authorization: Bearer $A C T I O N S_{I} D_{T} O K E N_{R} E Q U E S T_{T} O K E N " - H " C o n t e n t - T y p e : a p p l i c a t i o n / j s o n " - G - - d a t a - u r l e n c o d e " a u d i e n c e = a p i : / / A z u r e A D T o k e n E x c h a n g e " "$ {ACTIONS_ID_TOKEN_REQUEST_URL}" | jq -r '.value')" >>${GITHUB_ENV} ([View Highlight] (https://read.readwise.io/read/01hrdp79cfpsr984awdf54tvvj))

name: Try to run an AzureARM build with our OIDC token run: packer build -force ./example/oidc-example.pkr.hcl env: ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID}} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID}} ([View Highlight] (https://read.readwise.io/read/01hrdpbkaxxasafk77zmda6ttt))