Version 2 of the Packer Azure Plugin Is Now Available

Summary

Version 2.0.0 of the Packer Azure plugin has been released, offering users the ability to create Azure virtual hard disks, managed images, and Compute Gallery images. This updated version addresses upcoming Azure SDK deprecations by migrating to the Terraform tested HashiCorp Go Azure SDK, providing new features and stability. Notably, the plugin now supports using an OIDC provider for Azure authentication and only accepts PKCS#12 bundles for client certificate authentication, while also removing the deprecation warning on VHD builds. Additionally, improvements have been made for quicker failure notifications and WinRM expiration time support.

Highlights

Many users want to bring their own authentication provider when connecting to Azure, and some organizations have policies requiring this. Version 2 of the Packer Azure plugin supports using an OIDC provider to authenticate to Azure using the client_jwt field in the builder configuration. You can follow this guide to setting up GitHub as your OIDC Provider and adding its federated credentials to Azure. For example, configuring a GitHub action like this: ([View Highlight] (https://read.readwise.io/read/01hrdp6kf3gcn5z0ajp05s6yj5))

steps: - name: Set OIDC Token run: | echo "ARM_OIDC_TOKEN=$(curl -H "Accept: application/json; api-version=2.0" -H "Authorization: Bearer $ACTION{S}_I{D}_{T}OKE{N}_{R}EQUES{T}_{T}OKEN"-H"Content-Type:application/json"-G--data-urlencode"audience=api://AzureADTokenExchange""${ACTIONS_ID_TOKEN_REQUEST_URL}" | jq -r '.value')" >>${GITHUB_ENV} ([View Highlight] (https://read.readwise.io/read/01hrdp79cfpsr984awdf54tvvj))

• name: Try to run an AzureARM build with our OIDC token run: packer build -force ./example/oidc-example.pkr.hcl env: ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID}} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID}} ([View Highlight] (https://read.readwise.io/read/01hrdpbkaxxasafk77zmda6ttt))