v2.0.4

Notes:

When publishing to a Shared Image Gallery without the use of replication_regions the build location is not added as a capture region. Users must specify a target_region block matching the target build location.

  shared_image_gallery_destination {
    subscription         = var.subscription_id
    resource_group       = var.gallery_resource_group
    gallery_name         = var.gallery
    image_name           = var.box_name
    image_version        = var.version
    storage_account_type = "Standard_LRS"
    target_region   {
       name = var.location
    }
  }

What's Changed

Bug fixes🧑‍🔧 🐞

• Fix regression in replicated_regions attribute by @nywilken in #379

Other Changes

• release 2.0.3 by @nywilken in #377

Full Changelog: v2.0.3...v2.0.4

v2.0.3

Notes: 🐞

This release contains a regression that was introduced with shared image galleries target_region block attributes. Please upgrade to version v2.0.4, which has been patched.

What's Changed

Exciting New Features 🎉

• builder: don't log requests/responses by default by @lbajolet-hashicorp in #368
• [HPR-1606] Add support specifying disk encryption set keys across replicated regions by @nywilken in #371

Bug fixes🧑‍🔧 🐞

• log: add mini log library by @lbajolet-hashicorp in #365

Other Changes

• [COMPLIANCE] Add Copyright and License Headers by @hashicorp-copywrite in #374
• builder: remove unused testUi function by @lbajolet-hashicorp in #375
• [COMPLIANCE] Add Copyright and License Headers by @hashicorp-copywrite in #376

Full Changelog: v2.0.2...v2.0.3

v2.0.2

What's Changed

Exciting New Features 🎉

• client: propagate ClientID to MSI auth by @lbajolet-hashicorp in #355

Other Changes

• Acceptance Test Overhaul: Manage resources for tests in Terraform and run them on pushes to main by @JenGoldstrich in #346
• [COMPLIANCE] Add Copyright and License Headers by @hashicorp-copywrite in #349
• Bump github.com/hashicorp/packer-plugin-sdk from 0.5.1 to 0.5.2 by @dependabot in #352

Full Changelog: v2.0.1...v2.0.2

v2.0.1

What's Changed

Exciting New Features 🎉

• Add use_shallow_replication field for Compute Gallery/SIG builds, fix replica count type by @JenGoldstrich in #337

Doc improvements 📚

• Migration plugin docs to integration framework by @nywilken in #328

Bug fixes🧑‍🔧 🐞

• Change type of encryption_at_host to *bool by @KMConner in #338
• fix: Capture Container Name/Prefix not used in Artifact by @JenGoldstrich in #344

Other Changes

• Use latest packer version in setup-packer for OIDC Test by @JenGoldstrich in #334
• Chore: Replace deprecated io/ioutil by @maxilampert in #342
• makefile: remove old docs targets by @lbajolet-hashicorp in #340
• Allow setting key vault secret name & Unify API versions by @maxilampert in #335

New Contributors

• @KMConner made their first contribution in #338

Full Changelog: v2.0.0...v2.0.1

v2.0.0

Version 2.0.0 of the Packer Azure Plugin switches from using the now deprecated version of the Azure SDK for Go, to an SDK maintained by HashiCorp go-azure-sdk

Packer Azure Plugin v2.0.0 breaking change upgrade guide

Certificate Authentication

Azure Packer plugin versions before v2.0.0 supported PEM encoded certificates without passwords, the new SDK used by v2.0.0 only supports PKCS#12 bundles (pfx files), this is the same functionality that the AzureRM Terraform Provider uses.

Steps to Generate a PFX bundle and register it in Azure from a POSIX-compatible shell are listed below. For PowerShell the commands will be different:

1.) Generate the certificate (for example with OpenSSL)
$ openssl req -subj '/CN=myclientcertificate/O=MyCompany, Inc./ST=CA/C=US' -new -newkey rsa:4096 -sha256 -days 730 -nodes -x509 -keyout client.key -out client.crt

2.) Create PKCS#12 bundle from certificate note: the password is intentionally quoted for shell compatibility, the value does not include the quotes $ openssl pkcs12 -export -password pass:"Pa55w0rd123" -out client.pfx -inkey client.key -in client.crt

3.) Create a new application registration and then inside the Certificates & secrets section of that app registration, go to Certificates and then click Upload certificate select the public key of the cerificate (client.crt)

4.) Then on the Azure Subscriptions page, choose the subscription you created the app registry for and open Access Control (IAM) and then using the Add > Add role assignment button grant that registered application the roles required for your build (e.g. Contributor)

5.) Use the generated pfx file client.pfx in the field client_cert_path and set your certificate password in client_cert_password of your Packer Azure build. (in this example we've set that to Pa55w0rd123)

Managed Authentication For Storage Accounts

During VHD builds this plugin previously would use an account key to authorize deleting from storage accounts, this is not recommended by Microsoft due to security risks so we now as requested in #250 use managed authentication to connect to Storage Accounts, for VHD builds this means your user principal will need delete storage account access to the account where VHD builds are occurring, this level of access was previously not required, and without it Packer will fail to cleanup VHD artifacts at the end of a build

Interactive (Device Code) Authentication

In Azure Packer plugin Packer v2.0.0 we have removed support for the authentication option use_interactive_auth aka Device Code login, users can still use device code login through the Azure CLI az login –use-device-code and then using the use_azure_cli_auth authentication option.

SAS URIs

In Azure Packer plugin versions before v2.0.0 we previously displayed a ReadOnly SAS URI in Packer builds for VHDs, and managed images which kept their OS disks. In v2 the plugin no longer generate these SAS URIs, Microsoft recommends not using these keys and sticking to Azure AD authentication, you can read more here about SAS URIs.

OIDC Support

The Packer Azure Plugin now supports OIDC auth using the client_jwt field as your OIDC token, an example is available here

Full Change List

Breaking Changes 🛠

• [V2] Migrate all builders to hashicorp/go-azure-sdk by @JenGoldstrich in #326
• [V2] Use PFX Certificates for Client Auth instead of PEM #327 by @JenGoldstrich in #330

Other Changes

• bump go 1.18 to 1.19 by @lbajolet-hashicorp in #324
• Bump github.com/hashicorp/packer-plugin-sdk from 0.4.0 to 0.5.1 by @dependabot in #325
• [V2] Add OIDC Test, Cut V2.0.0 by @JenGoldstrich in #331

Full Changelog: v1.4.5...v2.0.0

v1.4.5

What's Changed

Bug fixes🧑‍🔧 🐞

• Use the parent's Subscription when checking for Specialized SIG by @JenGoldstrich in #322

Full Changelog: v1.4.4...v1.4.5

v1.4.4

What's Changed

Bug Fixes

• Don't set OSProfile (Username/password) on images that use a Specialized Parent by @JenGoldstrich in #308

New Features

• Add encryption at host flag to the arm template by @kamilpi in #311

Other Changes

• Feature/oliverlabs examples by @oliverlabs in #310
• Parallelize the acceptance tests by @JenGoldstrich in #317
• Fix ARM builder docs and examples by @andreygoran in #314
• Bump github.com/Azure/go-autorest/autorest/adal from 0.9.18 to 0.9.20 by @andreygoran in #320

New Contributors

• @oliverlabs made their first contribution in #310
• @kamilpi made their first contribution in #311
• @andreygoran made their first contribution in #314

Full Changelog: v1.4.3...v1.4.4

v1.4.3

What's Changed

New Features

• Add support for building Specialized Shared Image Gallery (Compute Gallery) images by setting specialized in a shared image gallery destination block by @JenGoldstrich in #295

Bug Fixes

• Deploy template error handling cleanup by @JenGoldstrich in #296
• Fix Shared Image Gallery Sourced builds HCP Packer Ancestry and add SIG Acceptance Tests by @JenGoldstrich in #297

Other Changes

• docs(spot) ensure a block is used by adding example and including missing attributes partial by @dduportal in #293
• cleanup github workflows by @lbajolet-hashicorp in #303

New Contributors

• @dduportal made their first contribution in #293

Full Changelog: v1.4.2...v1.4.3

v1.4.2

What's Changed

• [COMPLIANCE] Add Copyright and License Headers by @hashicorp-copywrite in #272
• Bump github.com/hashicorp/packer-plugin-sdk from 0.3.4 to 0.4.0 by @dependabot in #279

Full Changelog: v1.4.1...v1.4.2

v1.4.1

What's Changed

Other Changes

• Bump github.com/hashicorp/packer-plugin-sdk from 0.3.2 to 0.3.4 by @dependabot in #263
• Enable SecurityProfile (TrustedLaunch) for Virtual Machines by @amccullough84 in #257
• Ensure build.password parameter gets set to generated password for SSH Communicator when no SSH password is set by @matt-richardson in #268

New Contributors

• @amccullough84 made their first contribution in #257

Full Changelog: v1.4.0...v1.4.1