Packer: Feature Request: Azure - add 'user-assigned managed identity'
Afternoon,
I have a requirement to get files from the Azure Storage Blob via Ansible.
It has the ability to use the user-assigned managed identity to get the file and I can create the identity, but have not figured out how to attach it to the Virtual Machine being packed.
If this can be achieved another way please could you let me know? I have tried with 1.3.3 to not include the necessary subscription and client details, but this just makes a request to a URL that is not navigable. I am assuming it is meant to be run in the Azure VM, but not 100% clear.
there is equivalent functionality in Terraform - https://www.terraform.io/docs/providers/azurerm/r/virtual_machine.html#identity
Regards
Nicholas Irving
nirving-deloitte
All 9 comments
Create a version based on v1.3.2 that includes this support
https://github.com/hashicorp/packer/compare/master...nirving-deloitte:feature/7131?expand=1
However it fails with this
==> azure-arm: Code="DeploymentFailed" Message="At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details." Details=[{"code":"BadRequest","message":"{\r\n \"error\": {\r\n \"code\": \"InvalidParameter\",\r\n \"message\": \"ResourceIdentity Type must be provided and set to \\\"SystemAssigned\\\".\",\r\n \"target\": \"resourceIdentity.type\"\r\n }\r\n}"}]
There are also a couple of caveat,
- you cannot create the Managed Identity in the packer generated resource group before hand as that resource group does not exist. So then you must supply your own resource group via
build_resource_group_name - it supports multiple Identity ID via
"identity_type": "UserAssigned",
"identity_ids": [
"vmmanageduser"
]
Not sure if this is version of the API being used, as it is different to Terraform.
Anyway will see if I can get this to work, as according to https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/qs-configure-cli-windows-vm#user-assigned-managed-identity it should be possible to do this.
i.e.
az vm create --resource-group <RESOURCE GROUP> --name <VM NAME> --image UbuntuLTS --admin-username <USER NAME> --admin-password <PASSWORD> --assign-identity <USER ASSIGNED IDENTITY NAME>
nirving-deloitte
on 21 Dec 2018
Updated the compute api version and this works.
Will work on the test cases to support the future Pull Request.
nirving-deloitte
on 21 Dec 2018
I am also having similar requirement to use the user-assigned managed identity.
@nirving-deloitte are you going to merge the changes in this repo ?
krypto92
on 3 Jan 2019
@krypto92 I have not worked on the test cases for this yet.
Will try and start doing this this week so that I can raise a pull request.
nirving-deloitte
on 6 Jan 2019
@nirving-deloitte any update on your changes?
krypto92
on 28 Jan 2019
Also interested in this.. I thought this was already merged into Packer.. Our build requires to pull images from ACR at build time.
dbilleci-lightstream
on 9 Apr 2019
Is there any update on this?
raidlman
on 23 Sep 2019
is this working yet?
pmozbert
on 17 Dec 2019
I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 29 Jun 2020
Related issues
frezbo
ยท
3Comments
Tensho
ยท
3Comments
znerd
ยท
3Comments
wduncanfraser
ยท
3Comments
PartyImp
ยท
3Comments
Most helpful comment
Also interested in this.. I thought this was already merged into Packer.. Our build requires to pull images from ACR at build time.