2e39d629a9
This commit adds and implements org.osbuild.azure.image target. Let's talk about the already implemented org.osbuild.azure target firstly: The purpose of this target is to authenticate using the Azure Storage credentials and upload the image file as a Page Blob. Page Blob is basically an object in storage and it cannot be directly used to launch a VM. To achieve that, you need to define an actual Azure Image with the Page Blob attached. For the cloud API, we would like to create an actual Azure Image that is immediately available for new VMs. The new target accomplishes it. To achieve this, it must use a different authentication method: Azure OAuth. The other important difference is that currently, the credentials are stored on the worker and not in target options. This should lead to better security because we don't send the credentials over network. In the future, we would like to have credential-less setup using workers in Azure with the right IAM policies applied but this requires more investigation and is not implemented in this commit. Signed-off-by: Ondřej Budai <ondrej@budai.cz>
43 lines
1.6 KiB
Go
43 lines
1.6 KiB
Go
package target
|
|
|
|
type AzureImageTargetOptions struct {
|
|
Filename string `json:"filename"`
|
|
TenantID string `json:"tenant_id"`
|
|
Location string `json:"location"`
|
|
SubscriptionID string `json:"subscription_id"`
|
|
ResourceGroup string `json:"resource_group"`
|
|
}
|
|
|
|
func (AzureImageTargetOptions) isTargetOptions() {}
|
|
|
|
// NewAzureImageTarget creates org.osbuild.azure.image target
|
|
//
|
|
// This target uploads and registers an Azure Image. The image can be then
|
|
// immediately used to spin up a virtual machine.
|
|
//
|
|
// The target uses Azure OAuth credentials. In most cases you want to create
|
|
// a service principal for this purpose, see:
|
|
// https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals
|
|
// The credentials are not passed in the target options, instead they are
|
|
// defined in the worker. If the worker doesn't have Azure credentials
|
|
// and gets a job with this target, the job will fail.
|
|
//
|
|
// The Tenant ID for the authorization process is specified in the target
|
|
// options. This means that this target can be used for multi-tenant
|
|
// applications.
|
|
//
|
|
// If you need to just upload a PageBlob into Azure Storage, see the
|
|
// org.osbuild.azure target.
|
|
func NewAzureImageTarget(options *AzureImageTargetOptions) *Target {
|
|
return newTarget("org.osbuild.azure.image", options)
|
|
}
|
|
|
|
type AzureImageTargetResultOptions struct {
|
|
ImageName string `json:"image_name"`
|
|
}
|
|
|
|
func (AzureImageTargetResultOptions) isTargetResultOptions() {}
|
|
|
|
func NewAzureImageTargetResult(options *AzureImageTargetResultOptions) *TargetResult {
|
|
return newTargetResult("org.osbuild.azure.image", options)
|
|
}
|