Merge pull request #3683 from boumenot/pr-private-ip

azure: Support for a user defined VNET.

.gitignore

@@ -9,6 +9,7 @@
 .idea
 test/.env
 *~
+*.received.*
 
 website/.bundle
 website/vendor

builder/azure/arm/TestVirtualMachineDeployment05.approved.txt

@@ -0,0 +1,120 @@
+{
+  "$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "adminPassword": {
+      "type": "string"
+    },
+    "adminUsername": {
+      "type": "string"
+    },
+    "dnsNameForPublicIP": {
+      "type": "string"
+    },
+    "osDiskName": {
+      "type": "string"
+    },
+    "storageAccountBlobEndpoint": {
+      "type": "string"
+    },
+    "vmName": {
+      "type": "string"
+    },
+    "vmSize": {
+      "type": "string"
+    }
+  },
+  "resources": [
+    {
+      "apiVersion": "[variables('apiVersion')]",
+      "dependsOn": [],
+      "location": "[variables('location')]",
+      "name": "[variables('nicName')]",
+      "properties": {
+        "ipConfigurations": [
+          {
+            "name": "ipconfig",
+            "properties": {
+              "privateIPAllocationMethod": "Dynamic",
+              "subnet": {
+                "id": "[variables('subnetRef')]"
+              }
+            }
+          }
+        ]
+      },
+      "type": "Microsoft.Network/networkInterfaces"
+    },
+    {
+      "apiVersion": "[variables('apiVersion')]",
+      "dependsOn": [
+        "[concat('Microsoft.Network/networkInterfaces/', variables('nicName'))]"
+      ],
+      "location": "[variables('location')]",
+      "name": "[parameters('vmName')]",
+      "properties": {
+        "diagnosticsProfile": {
+          "bootDiagnostics": {
+            "enabled": false
+          }
+        },
+        "hardwareProfile": {
+          "vmSize": "[parameters('vmSize')]"
+        },
+        "networkProfile": {
+          "networkInterfaces": [
+            {
+              "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]"
+            }
+          ]
+        },
+        "osProfile": {
+          "adminPassword": "[parameters('adminPassword')]",
+          "adminUsername": "[parameters('adminUsername')]",
+          "computerName": "[parameters('vmName')]",
+          "linuxConfiguration": {
+            "ssh": {
+              "publicKeys": [
+                {
+                  "keyData": "",
+                  "path": "[variables('sshKeyPath')]"
+                }
+              ]
+            }
+          }
+        },
+        "storageProfile": {
+          "osDisk": {
+            "caching": "ReadWrite",
+            "createOption": "FromImage",
+            "image": {
+              "uri": "https://localhost/custom.vhd"
+            },
+            "name": "osdisk",
+            "osType": "Linux",
+            "vhd": {
+              "uri": "[concat(parameters('storageAccountBlobEndpoint'),variables('vmStorageAccountContainerName'),'/', parameters('osDiskName'),'.vhd')]"
+            }
+          }
+        }
+      },
+      "type": "Microsoft.Compute/virtualMachines"
+    }
+  ],
+  "variables": {
+    "addressPrefix": "10.0.0.0/16",
+    "apiVersion": "2015-06-15",
+    "location": "[resourceGroup().location]",
+    "nicName": "packerNic",
+    "publicIPAddressName": "packerPublicIP",
+    "publicIPAddressType": "Dynamic",
+    "sshKeyPath": "[concat('/home/',parameters('adminUsername'),'/.ssh/authorized_keys')]",
+    "subnetAddressPrefix": "10.0.0.0/24",
+    "subnetName": "ignore",
+    "subnetRef": "[concat(variables('vnetID'),'/subnets/',variables('subnetName'))]",
+    "virtualNetworkName": "ignore",
+    "virtualNetworkResourceGroup": "ignore",
+    "vmStorageAccountContainerName": "images",
+    "vnetID": "[resourceId(variables('virtualNetworkResourceGroup'), 'Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]"
+  }
+}

builder/azure/arm/azure_client.go

@@ -36,6 +36,9 @@ type AzureClient struct {
 	resources.DeploymentsClient
 	resources.GroupsClient
 	network.PublicIPAddressesClient
+	network.InterfacesClient
+	network.SubnetsClient
+	network.VirtualNetworksClient
 	compute.VirtualMachinesClient
 	common.VaultClient
 	armStorage.AccountsClient
@@ -122,6 +125,24 @@ func NewAzureClient(subscriptionID, resourceGroupName, storageAccountName string
 	azureClient.GroupsClient.ResponseInspector = byInspecting(maxlen)
 	azureClient.GroupsClient.UserAgent += packerUserAgent
 
+	azureClient.InterfacesClient = network.NewInterfacesClientWithBaseURI(cloud.ResourceManagerEndpoint, subscriptionID)
+	azureClient.InterfacesClient.Authorizer = servicePrincipalToken
+	azureClient.InterfacesClient.RequestInspector = withInspection(maxlen)
+	azureClient.InterfacesClient.ResponseInspector = byInspecting(maxlen)
+	azureClient.InterfacesClient.UserAgent += packerUserAgent
+
+	azureClient.SubnetsClient = network.NewSubnetsClientWithBaseURI(cloud.ResourceManagerEndpoint, subscriptionID)
+	azureClient.SubnetsClient.Authorizer = servicePrincipalToken
+	azureClient.SubnetsClient.RequestInspector = withInspection(maxlen)
+	azureClient.SubnetsClient.ResponseInspector = byInspecting(maxlen)
+	azureClient.SubnetsClient.UserAgent += packerUserAgent
+
+	azureClient.VirtualNetworksClient = network.NewVirtualNetworksClientWithBaseURI(cloud.ResourceManagerEndpoint, subscriptionID)
+	azureClient.VirtualNetworksClient.Authorizer = servicePrincipalToken
+	azureClient.VirtualNetworksClient.RequestInspector = withInspection(maxlen)
+	azureClient.VirtualNetworksClient.ResponseInspector = byInspecting(maxlen)
+	azureClient.VirtualNetworksClient.UserAgent += packerUserAgent
+
 	azureClient.PublicIPAddressesClient = network.NewPublicIPAddressesClientWithBaseURI(cloud.ResourceManagerEndpoint, subscriptionID)
 	azureClient.PublicIPAddressesClient.Authorizer = servicePrincipalToken
 	azureClient.PublicIPAddressesClient.RequestInspector = withInspection(maxlen)

builder/azure/arm/builder.go

@@ -7,6 +7,7 @@ import (
 	"errors"
 	"fmt"
 	"log"
+	"strings"
 	"time"
 
 	packerAzureCommon "github.com/mitchellh/packer/builder/azure/common"
@@ -20,7 +21,6 @@ import (
 	packerCommon "github.com/mitchellh/packer/common"
 	"github.com/mitchellh/packer/helper/communicator"
 	"github.com/mitchellh/packer/packer"
-	"strings"
 )
 
 type Builder struct {
@@ -30,6 +30,7 @@ type Builder struct {
 }
 
 const (
+	DefaultNicName             = "packerNic"
 	DefaultPublicIPAddressName = "packerPublicIP"
 	DefaultSasBlobContainer    = "system/Microsoft.Compute"
 	DefaultSasBlobPermission   = "r"
@@ -82,11 +83,21 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
 		return nil, err
 	}
 
+	resolver := newResourceResolver(azureClient)
+	if err := resolver.Resolve(b.config); err != nil {
+		return nil, err
+	}
+
 	b.config.storageAccountBlobEndpoint, err = b.getBlobEndpoint(azureClient, b.config.ResourceGroupName, b.config.StorageAccount)
 	if err != nil {
 		return nil, err
 	}
 
+	endpointConnectType := PublicEndpoint
+	if b.isPrivateNetworkCommunication() {
+		endpointConnectType = PrivateEndpoint
+	}
+
 	b.setTemplateParameters(b.stateBag)
 	var steps []multistep.Step
 
@@ -95,7 +106,7 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
 			NewStepCreateResourceGroup(azureClient, ui),
 			NewStepValidateTemplate(azureClient, ui, b.config, GetVirtualMachineDeployment),
 			NewStepDeployTemplate(azureClient, ui, b.config, GetVirtualMachineDeployment),
-			NewStepGetIPAddress(azureClient, ui),
+			NewStepGetIPAddress(azureClient, ui, endpointConnectType),
 			&communicator.StepConnectSSH{
 				Config:    &b.config.Comm,
 				Host:      lin.SSHHost,
@@ -117,7 +128,7 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
 			NewStepSetCertificate(b.config, ui),
 			NewStepValidateTemplate(azureClient, ui, b.config, GetVirtualMachineDeployment),
 			NewStepDeployTemplate(azureClient, ui, b.config, GetVirtualMachineDeployment),
-			NewStepGetIPAddress(azureClient, ui),
+			NewStepGetIPAddress(azureClient, ui, endpointConnectType),
 			&communicator.StepConnectWinRM{
 				Config: &b.config.Comm,
 				Host: func(stateBag multistep.StateBag) (string, error) {
@@ -176,6 +187,10 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
 	return &Artifact{}, nil
 }
 
+func (b *Builder) isPrivateNetworkCommunication() bool {
+	return b.config.VirtualNetworkName != ""
+}
+
 func (b *Builder) Cancel() {
 	if b.runner != nil {
 		log.Println("Cancelling the step runner...")
@@ -213,6 +228,7 @@ func (b *Builder) configureStateBag(stateBag multistep.StateBag) {
 	stateBag.Put(constants.ArmDeploymentName, b.config.tmpDeploymentName)
 	stateBag.Put(constants.ArmKeyVaultName, b.config.tmpKeyVaultName)
 	stateBag.Put(constants.ArmLocation, b.config.Location)
+	stateBag.Put(constants.ArmNicName, DefaultNicName)
 	stateBag.Put(constants.ArmPublicIPAddressName, DefaultPublicIPAddressName)
 	stateBag.Put(constants.ArmResourceGroupName, b.config.tmpResourceGroupName)
 	stateBag.Put(constants.ArmStorageAccountName, b.config.StorageAccount)

builder/azure/arm/builder_test.go

@@ -22,6 +22,7 @@ func TestStateBagShouldBePopulatedExpectedValues(t *testing.T) {
 		constants.ArmComputeName,
 		constants.ArmDeploymentName,
 		constants.ArmLocation,
+		constants.ArmNicName,
 		constants.ArmResourceGroupName,
 		constants.ArmStorageAccountName,
 		constants.ArmVirtualMachineCaptureParameters,

builder/azure/arm/config.go

@@ -70,11 +70,14 @@ type Config struct {
 	VMSize         string `mapstructure:"vm_size"`
 
 	// Deployment
-	ResourceGroupName          string `mapstructure:"resource_group_name"`
-	StorageAccount             string `mapstructure:"storage_account"`
-	storageAccountBlobEndpoint string
-	CloudEnvironmentName       string `mapstructure:"cloud_environment_name"`
-	cloudEnvironment           *azure.Environment
+	ResourceGroupName               string `mapstructure:"resource_group_name"`
+	StorageAccount                  string `mapstructure:"storage_account"`
+	storageAccountBlobEndpoint      string
+	CloudEnvironmentName            string `mapstructure:"cloud_environment_name"`
+	cloudEnvironment                *azure.Environment
+	VirtualNetworkName              string `mapstructure:"virtual_network_name"`
+	VirtualNetworkSubnetName        string `mapstructure:"virtual_network_subnet_name"`
+	VirtualNetworkResourceGroupName string `mapstructure:"virtual_network_resource_group_name"`
 
 	// OS
 	OSType string `mapstructure:"os_type"`
@@ -447,6 +450,12 @@ func assertRequiredParametersSet(c *Config, errs *packer.MultiError) {
 	if c.ResourceGroupName == "" {
 		errs = packer.MultiErrorAppend(errs, fmt.Errorf("A resource_group_name must be specified"))
 	}
+	if c.VirtualNetworkName == "" && c.VirtualNetworkResourceGroupName != "" {
+		errs = packer.MultiErrorAppend(errs, fmt.Errorf("If virtual_network_resource_group_name is specified, so must virtual_network_name"))
+	}
+	if c.VirtualNetworkName == "" && c.VirtualNetworkSubnetName != "" {
+		errs = packer.MultiErrorAppend(errs, fmt.Errorf("If virtual_network_subnet_name is specified, so must virtual_network_name"))
+	}
 
 	/////////////////////////////////////////////
 	// OS

builder/azure/arm/config_retriever.go

@@ -1,5 +1,12 @@
 package arm
 
+// Method to resolve information about the user so that a client can be
+// constructed to communicated with Azure.
+//
+// The following data are resolved.
+//
+// 1. TenantID
+
 import (
 	"github.com/Azure/go-autorest/autorest/azure"
 	"github.com/mitchellh/packer/builder/azure/common"
@@ -11,7 +18,9 @@ type configRetriever struct {
 }
 
 func newConfigRetriever() configRetriever {
-	return configRetriever{common.FindTenantID}
+	return configRetriever{
+		common.FindTenantID,
+	}
 }
 
 func (cr configRetriever) FillParameters(c *Config) error {
@@ -22,5 +31,6 @@ func (cr configRetriever) FillParameters(c *Config) error {
 		}
 		c.TenantID = tenantID
 	}
+
 	return nil
 }

builder/azure/arm/config_test.go

@@ -142,6 +142,78 @@ func TestConfigShouldRejectCustomImageAndMarketPlace(t *testing.T) {
 	}
 }
 
+func TestConfigVirtualNetworkNameIsOptional(t *testing.T) {
+	config := map[string]string{
+		"capture_name_prefix":    "ignore",
+		"capture_container_name": "ignore",
+		"location":               "ignore",
+		"image_url":              "ignore",
+		"storage_account":        "ignore",
+		"resource_group_name":    "ignore",
+		"subscription_id":        "ignore",
+		"os_type":                constants.Target_Linux,
+		"communicator":           "none",
+		"virtual_network_name":   "MyVirtualNetwork",
+	}
+
+	c, _, _ := newConfig(config, getPackerConfiguration())
+	if c.VirtualNetworkName != "MyVirtualNetwork" {
+		t.Errorf("Expected Config to set virtual_network_name to MyVirtualNetwork, but got %q", c.VirtualNetworkName)
+	}
+	if c.VirtualNetworkResourceGroupName != "" {
+		t.Errorf("Expected Config to leave virtual_network_resource_group_name to '', but got %q", c.VirtualNetworkResourceGroupName)
+	}
+	if c.VirtualNetworkSubnetName != "" {
+		t.Errorf("Expected Config to leave virtual_network_subnet_name to '', but got %q", c.VirtualNetworkSubnetName)
+	}
+}
+
+// The user can pass the value virtual_network_resource_group_name to avoid the lookup of
+// a virtual network's resource group, or to help with disambiguation.  The value should
+// only be set if virtual_network_name was set.
+func TestConfigVirtualNetworkResourceGroupNameMustBeSetWithVirtualNetworkName(t *testing.T) {
+	config := map[string]string{
+		"capture_name_prefix":                 "ignore",
+		"capture_container_name":              "ignore",
+		"location":                            "ignore",
+		"image_url":                           "ignore",
+		"storage_account":                     "ignore",
+		"resource_group_name":                 "ignore",
+		"subscription_id":                     "ignore",
+		"os_type":                             constants.Target_Linux,
+		"communicator":                        "none",
+		"virtual_network_resource_group_name": "MyVirtualNetworkRG",
+	}
+
+	_, _, err := newConfig(config, getPackerConfiguration())
+	if err == nil {
+		t.Error("Expected Config to reject virtual_network_resource_group_name, if virtual_network_name is not set.")
+	}
+}
+
+// The user can pass the value virtual_network_subnet_name to avoid the lookup of
+// a virtual network subnet's name, or to help with disambiguation.  The value should
+// only be set if virtual_network_name was set.
+func TestConfigVirtualNetworkSubnetNameMustBeSetWithVirtualNetworkName(t *testing.T) {
+	config := map[string]string{
+		"capture_name_prefix":         "ignore",
+		"capture_container_name":      "ignore",
+		"location":                    "ignore",
+		"image_url":                   "ignore",
+		"storage_account":             "ignore",
+		"resource_group_name":         "ignore",
+		"subscription_id":             "ignore",
+		"os_type":                     constants.Target_Linux,
+		"communicator":                "none",
+		"virtual_network_subnet_name": "MyVirtualNetworkRG",
+	}
+
+	_, _, err := newConfig(config, getPackerConfiguration())
+	if err == nil {
+		t.Error("Expected Config to reject virtual_network_subnet_name, if virtual_network_name is not set.")
+	}
+}
+
 func TestConfigShouldDefaultToPublicCloud(t *testing.T) {
 	c, _, _ := newConfig(getArmBuilderConfiguration(), getPackerConfiguration())