Creating a new Shared Image Gallery Image from a Shared Image Gallery in another subscription

One of my colleagues has created a Shared Image Gallery in their Subscription, and has provided me with:

  • Client ID ($t1ClientId)
  • Client Secret ($t1ClientSecret)
  • Tenant ID ($t1TenantId)
  • Subscription ID ($t1SubscriptionId)
  • Resource Group Name ($t1SigResourceGroup)
  • Gallery Name ($t1GalleryName)

I have:

  • Tenant ID ($t2TenantId)
  • Subscription ID ($t2SubscriptionId)
  • Resource Group Name ($t2SigResourceGroup) [Created]
  • Gallery Name ($t2GalleryName) [Created]

I have followed the steps (after “Give Tenant 2 access”) in https://docs.microsoft.com/en-us/azure/virtual-machines/linux/share-images-across-tenants#give-tenant-2-access, and my colleague has done the steps before “Give Tenant 2 access”.

Initally, I just want to import their image into my Azure Subscription, into a Shared Image Gallery.

I’ve created a Packer json file, as follows:

{
  "variables": {
    "t1ClientId": "",
    "t1ClientSecret": "",
    "t2TenantId": "",
    "t1SubscriptionId": "",
    "t2SubscriptionId": "",
    "t1SigResourceGroup": "",
    "t2SigResourceGroup": "",
    "t1GalleryName": "",
    "t2GalleryName": "",
    "commonImageName": ""
  },
  "sensitive-variables": [
    "t1SubscriptionId",
    "t1ClientSecret",
    "t2SubscriptionId"
  ],
  "builders": [
    {
      "type": "azure-arm",
      "client_id": "{{user `t1ClientId`}}",
      "client_secret": "{{user `t1ClientSecret`}}",
      "tenant_id": "{{user `t2TenantId`}}",
      "subscription_id": "{{user `t2SubscriptionId`}}",
      "managed_image_resource_group_name": "{{user `t2SigResourceGroup`}}",
      "managed_image_name": "{{user `commonImageName`}}",
      "os_type": "Linux",
      "shared_image_gallery": {
        "subscription": "{{user `t1SubscriptionId`}}",
        "resource_group": "{{user `t1SigResourceGroup`}}",
        "gallery_name": "{{user `t1GalleryName`}}",
        "image_name": "{{user `commonImageName`}}"
      },
      "location": "westeurope",
      "vm_size": "Standard_DS2_v2",
      "shared_image_gallery_destination": {
        "resource_group": "{{user `t2SigResourceGroup`}}",
        "gallery_name": "{{user `t2GalleryName`}}",
        "image_name": "{{user `commonImageName`}}",
        "image_version": "1.0.0",
        "replication_regions": [
          "westeurope"
        ]
      }
    }
  ],
  "provisioners": [
    {
      "execute_command": "chmod +x {{ .Path }}; {{ .Vars }} sudo -E sh '{{ .Path }}'",
      "inline": [
        "/usr/sbin/waagent -force -deprovision+user && export HISTSIZE=0 && sync"
      ],
      "inline_shebang": "/bin/sh -x",
      "type": "shell"
    }
  ]
}

If I do this with the tenant details for T1Client, I get:

azure-arm: output will be in this color.

==> azure-arm: Running builder ...
==> azure-arm: Getting tokens using client secret
==> azure-arm: Getting tokens using client secret
    azure-arm: Creating Azure Resource Manager (ARM) client ...
Build 'azure-arm' errored: Cannot locate the managed image resource group $t2SigResourceGroup

==> Some builds didn't complete successfully and had errors:
--> azure-arm: Cannot locate the managed image resource group $t2SigResourceGroup.

==> Builds finished but no artifacts were created.

If I do this with the App Registration details I created in T2 (ClientId and ClientSecret), I get:

azure-arm: output will be in this color.

==> azure-arm: Running builder ...
==> azure-arm: Getting tokens using client secret
==> azure-arm: Getting tokens using client secret
    azure-arm: Creating Azure Resource Manager (ARM) client ...
Build 'azure-arm' errored: the Shared Gallery Image to which to publish the managed image version to does not exist in the resource group $t2SigResourceGroup

==> Some builds didn't complete successfully and had errors:
--> azure-arm: the Shared Gallery Image to which to publish the managed image version to does not exist in the resource group $t2SigResourceGroup

==> Builds finished but no artifacts were created.

The Shared Gallery Image and Resource Group both exist. Can anyone give me any pointers?