[V2] Add OIDC Test, Cut V2.0.0

.github/workflows/oidc-test.yaml

@@ -0,0 +1,66 @@
+# taken and modified from https://github.com/hashicorp/go-azure-sdk/blob/main/.github/workflows/pr-acceptance-tests.yml
+# This test requires creating a GitHub OIDC app registration
+# First create an Azure Application Registration
+# Then in `Certificates & secrets` add Federated Credentials
+# select GitHub Actions deploying Azure Resources
+# And add the repository and branch
+# Then set the relevant subscription/client IDs in GitHub Action secrets and you're good to go
+# More detailed instrucitons for configuring GHA Azure OIDC Authentication are available here https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-azure
+name: OIDC Example - Testing OIDC integration in the SDK branch
+on:
+  push:
+    branches:
+    - main
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  secrets-check:
+    runs-on: ubuntu-latest
+    outputs:
+      available: "${{ steps.check-secrets.outputs.available }}"
+    steps:
+      # we check for the ACTIONS_ID_TOKEN_REQUEST_URL variable as a proxy for other secrets
+      # it will be unset when running for a PR from a fork
+      - id: check-secrets
+        run: |
+          if [[ "${ACTIONS_ID_TOKEN_REQUEST_URL}" == "" ]]; then
+            echo "available=false" | tee ${GITHUB_OUTPUT}
+          else
+            echo "available=true" | tee ${GITHUB_OUTPUT}
+          fi
+
+  test-oidc:
+    runs-on: ubuntu-latest
+    needs: [secrets-check]
+    if: needs.secrets-check.outputs.available == 'true'
+    steps:
+      - name: Set OIDC Token
+        run: |
+          echo "ARM_OIDC_TOKEN=$(curl -H "Accept: application/json; api-version=2.0" -H "Authorization: Bearer ${ACTIONS_ID_TOKEN_REQUEST_TOKEN}" -H "Content-Type: application/json" -G --data-urlencode "audience=api://AzureADTokenExchange" "${ACTIONS_ID_TOKEN_REQUEST_URL}" | jq -r '.value')"  >>${GITHUB_ENV}
+
+      - name: Install Go
+        uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
+        with:
+          go-version: '1.19.5'
+
+      - name: Checkout
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+
+      - name: Setup `packer`
+        uses: hashicorp/setup-packer@main
+        id: setup
+        with: 
+          # TODO Update this to latest after v1.9.3 is released
+          version: '1.9.1'
+
+      - name: Build the plugin
+        run:  make
+
+      - name: Try to run an AzureARM build with our OIDC token
+        run:  packer build -force ./example/oidc-example.pkr.hcl
+        env: 
+          ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID}}
+          ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID}}

README.md

@@ -19,7 +19,7 @@ Then, run [`packer init`](https://www.packer.io/docs/commands/init).
 packer {
   required_plugins {
     azure = {
-      version = ">= 1.4.5"
+      version = ">= 2.0.0"
       source  = "github.com/hashicorp/azure"
     }
   }

version/version.go

@@ -9,7 +9,7 @@ import (
 
 var (
 	// Version is the main version number that is being run at the moment.
-	Version = "1.4.5"
+	Version = "2.0.0"
 
 	// VersionPrerelease is A pre-release marker for the Version. If this is ""
 	// (empty string) then it means that it is a final release. Otherwise, this