Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

azure-arm builder does not allow subscription_id selection when using managed identity authentication #29

Open
ghost opened this issue Apr 30, 2021 · 0 comments

Comments

@ghost
Copy link

ghost commented Apr 30, 2021

This issue was originally opened by @dougbw as hashicorp/packer#9140. It was migrated here as a result of the Packer plugin split. The original body of the issue is below.


Overview of the Issue

Currently it is impossible to specify a subscription_id when using managed identity authentication, as when only subscription_id is provided packer assumes an interactive login is desired.

In our case we need the base images to be stored in a different subscription to on running our CI/CD pipeline build agents. A single managed identity can have access to many Azure subscriptions.

Reproduction Steps

  • Create a user assigned managed identity
  • Grant the identity Azure RBAC permissions to multiple subscriptions
  • Assign the managed identity to a vm
  • On the vm execute az login --identity and you should see output for multiple subscriptions
  • Provide a subscription_id to the azure-arm builder in packer and you will be stuck on an interactive login
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

0 participants