{"id":22529462,"url":"https://github.com/test-kitchen/kitchen-azurerm","last_synced_at":"2026-01-23T00:50:01.166Z","repository":{"id":2975307,"uuid":"42816525","full_name":"test-kitchen/kitchen-azurerm","owner":"test-kitchen","description":"A driver for Test Kitchen that works with Azure Resource Manager","archived":false,"fork":false,"pushed_at":"2023-12-01T22:02:38.000Z","size":540,"stargazers_count":48,"open_issues_count":16,"forks_count":51,"subscribers_count":20,"default_branch":"main","last_synced_at":"2024-04-14T01:51:31.763Z","etag":null,"topics":["hacktoberfest","managed-by-terraform","ruby","ruby-gem","test-kitchen","testing"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/test-kitchen.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2015-09-20T14:44:07.000Z","updated_at":"2023-11-15T20:40:59.000Z","dependencies_parsed_at":"2023-12-15T02:17:45.097Z","dependency_job_id":"a939fc8a-9fd6-446b-af98-76938c69fa76","html_url":"https://github.com/test-kitchen/kitchen-azurerm","commit_stats":{"total_commits":346,"total_committers":51,"mean_commits":6.784313725490196,"dds":0.8554913294797688,"last_synced_commit":"c25295b71a8433bfc1c46ec97f652a2b71e46242"},"previous_names":[],"tags_count":70,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/test-kitchen%2Fkitchen-azurerm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/test-kitchen%2Fkitchen-azurerm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/test-kitchen%2Fkitchen-azurerm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/test-kitchen%2Fkitchen-azurerm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/test-kitchen","download_url":"https://codeload.github.com/test-kitchen/kitchen-azurerm/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247276189,"owners_count":20912288,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacktoberfest","managed-by-terraform","ruby","ruby-gem","test-kitchen","testing"],"created_at":"2024-12-07T07:14:48.121Z","updated_at":"2026-01-23T00:50:01.159Z","avatar_url":"https://github.com/test-kitchen.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# kitchen-azurerm\n\n[![Gem Version](https://badge.fury.io/rb/kitchen-azurerm.svg)](https://badge.fury.io/rb/kitchen-azurerm)\n[![Lint, Unit \u0026 Integration Tests](https://github.com/test-kitchen/kitchen-azurerm/actions/workflows/lint.yml/badge.svg)](https://github.com/test-kitchen/kitchen-azurerm/actions/workflows/lint.yml)\n\n**kitchen-azurerm** is a driver for the popular test harness [Test Kitchen](http://kitchen.ci) that allows Microsoft Azure resources to be provisioned before testing. This driver uses the new Microsoft Azure Resource Management REST API via the [azure-sdk-for-ruby](https://github.com/azure/azure-sdk-for-ruby).\n\nThis version has been tested on Windows, macOS, and Ubuntu. If you encounter a problem on your platform, please raise an issue.\n\n## Quick-start\n\n### Installation\n\nThis plugin ships in Chef Workstation out of the box so there is no need to install it when using [Chef Workstation](https://downloads.chef.io/products/workstation).\n\nIf you're not using Chef Workstation and need to install the plugin as a gem run:\n\n```shell\ngem install kitchen-azurerm\n```\n\n### Configuration\n\nFor the driver to interact with the Microsoft Azure Resource Management REST API, you need to configure a Service Principal with Contributor rights for a specific subscription. Using an Organizational (AAD) account and related password is no longer supported. To create a Service Principal and apply the correct permissions, see the [create an Azure service principal with the Azure CLI](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest#create-a-service-principal) and the [Azure CLI](https://azure.microsoft.com/en-us/documentation/articles/xplat-cli-install/) documentation. Make sure you stay within the section titled 'Password-based authentication'.\n\nIf the above is TLDR then try this after `az login` using your target subscription ID and the desired SP name:\n\n```bash\n# Create a Service Principal using the desired subscription id from the command above\naz ad sp create-for-rbac --name=\"kitchen-azurerm\" --role=\"Contributor\" --scopes=\"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\"\n\n#Output\n#\n#{\n# \"appId\": \"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\", \u003c- Also known as the Client ID\n# \"displayName\": \"azure-cli-2018-12-12-14-15-39\",\n# \"name\": \"http://azure-cli-2018-12-12-14-15-39\",\n# \"password\": \"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\",\n# \"tenant\": \"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\"\n#}\n```\n\nNOTE: Don't forget to save the values from the output -- most importantly the `password`.\n\nYou will also need to ensure you have an active Azure subscription (you can get started [for free](https://azure.microsoft.com/en-us/free/) or use your [MSDN Subscription](https://azure.microsoft.com/en-us/pricing/member-offers/msdn-benefits/)).\n\nYou are now ready to configure kitchen-azurerm to use the credentials from the service principal you created above. You will use four elements from the output:\n\n1. **Subscription ID**: available from the Azure portal\n2. **Client ID**: the appId value from the output.\n3. **Client Secret/Password**: the password from the output.\n4. **Tenant ID**: the tenant from the output.\n\nUsing a text editor, open or create the file ```~/.azure/credentials``` and add the following section, noting there is one section per Subscription ID. **Make sure you save the file with UTF-8 encoding**\n\n```ruby\n[ADD-YOUR-AZURE-SUBSCRIPTION-ID-HERE-IN-SQUARE-BRACKET]\nclient_id = \"your-azure-client-id-here\"\nclient_secret = \"your-client-secret-here\"\ntenant_id = \"your-azure-tenant-id-here\"\n```\n\nIf preferred, you may also set the following environment variables, however this would be incompatible with supporting multiple Azure subscriptions.\n\n```ruby\nAZURE_CLIENT_ID=\"your-azure-client-id-here\"\nAZURE_CLIENT_SECRET=\"your-client-secret-here\"\nAZURE_TENANT_ID=\"your-azure-tenant-id-here\"\n```\n\nNote that the environment variables, if set, take preference over the values in a configuration file.\n\nAfter adjusting your ```~/.azure/credentials``` file you will need to adjust your ```kitchen.yml``` file to leverage the azurerm driver. Use the following examples to achieve this, then check your configuration with standard kitchen commands. For example,\n\n```bash\n% kitchen list\nInstance Driver Provisioner Verifier Transport Last Action Last Error\nwsus-windows-2019 Azurerm ChefZero Inspec Winrm \u003cNot Created\u003e \u003cNone\u003e\nwsus-windows-2016 Azurerm ChefZero Inspec Winrm \u003cNot Created\u003e \u003cNone\u003e\n```\n\n### Driver Properties\n\nSee the [kitchen.ci kitchen-azurem docs](https://kitchen.ci/docs/drivers/azurerm/) for a complete list of configuration options.\n\n### kitchen.yml example 1 - Linux/Ubuntu\n\nHere's an example ```kitchen.yml``` file that provisions an Ubuntu Server, using Chef Zero as the provisioner and SSH as the transport. Note that if the key does not exist at the specified location, it will be created. Also note that if ```ssh_key``` is supplied, Test Kitchen will use this in preference to any default/configured passwords that are supplied.\n\n```yaml\n---\ndriver:\n name: azurerm\n subscription_id: 'your-azure-subscription-id-here'\n location: 'West Europe'\n machine_size: 'Standard_D1'\n\ntransport:\n ssh_key: ~/.ssh/id_kitchen-azurerm\n\nprovisioner:\n name: chef_zero\n\nplatforms:\n - name: ubuntu-14.04\n driver:\n image_urn: Canonical:UbuntuServer:14.04.4-LTS:latest\n vm_name: trusty-vm\n\nsuites:\n - name: default\n attributes:\n```\n\n### Concurrent execution\n\nConcurrent execution of create/converge/destroy is supported via the --concurrency parameter. Each machine is created in its own Azure Resource Group so it has no shared lifecycle with the other machines in the test run. To take advantage of parallel execution use the following command:\n\n```kitchen test --concurrency \u003cn\u003e```\n\nWhere n is the number of threads to create. Note that any failure (e.g. an AzureOperationError) will cause the whole test to fail, though resources already in creation will continue to be created.\n\n### kitchen.yml example 2 - Windows\n\nHere's a further example ```kitchen.yml``` file that will provision a Windows Server 2019 [smalldisk] instance, using WinRM as the transport. An [ephemeral os disk](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/ephemeral-os-disks) is used. The resource created in Azure will enable itself for remote access at deployment time (it does this by customizing the machine at provisioning time) and tags the Azure Resource Group with metadata using the ```resource_group_tags``` property. Notice that the ```vm_tags``` and ```resource_group_tags``` properties use a simple ```key : value``` structure per line:\n\n```yaml\n---\ndriver:\n name: azurerm\n subscription_id: 'your-subscription-id-here'\n location: 'West Europe'\n machine_size: 'Standard_DS2_v2'\n\nprovisioner:\n name: chef_zero\n\nplatforms:\n - name: windows2019\n driver:\n image_urn: MicrosoftWindowsServer:WindowsServer:2019-Datacenter-smalldisk:latest\n use_ephemeral_osdisk: true\n resource_group_tags:\n project: 'My Cool Project'\n contact: 'me@somewhere.com'\n vm_tags:\n my_tag: its value\n another_tag: its awesome value\n transport:\n name: winrm\nsuites:\n - name: default\n attributes:\n```\n\n### kitchen.yml example 3 - \"pre-deployment\" ARM template\n\nThe following example introduces the ```pre_deployment_template``` and ```pre_deployment_parameters``` properties in the configuration file.\nYou can use this capability to execute an ARM template containing Azure resources to provision before the system under test is created.\n\nIn the example the ARM template in the file ```predeploy.json``` would be executed with the parameters that are specified under ```pre_deployment_parameters```.\nThese resources will be created in the same Azure Resource Group as the VM under test, and therefore will be destroyed when you type ```kitchen destroy```.\n\n```yaml\n---\ndriver:\n name: azurerm\n subscription_id: 'your-azure-subscription-id-here'\n location: 'West Europe'\n machine_size: 'Standard_D1'\n pre_deployment_template: predeploy.json\n pre_deployment_parameters:\n test_parameter: 'This is a test.'\n\ntransport:\n ssh_key: ~/.ssh/id_kitchen-azurerm\n\nprovisioner:\n name: chef_zero\n\nplatforms:\n - name: ubuntu-1404\n driver:\n image_urn: Canonical:UbuntuServer:14.04.4-LTS:latest\n\nsuites:\n - name: default\n run_list:\n - recipe[kitchen-azurerm-demo::default]\n attributes:\n```\n\nExample predeploy.json:\n\n```json\n{\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"test_parameter\": {\n \"type\": \"string\",\n \"defaultValue\": \"\"\n }\n },\n \"variables\": {\n\n },\n \"resources\": [\n {\n \"name\": \"uniqueinstancenamehere01\",\n \"type\": \"Microsoft.Sql/servers\",\n \"location\": \"[resourceGroup().location]\",\n \"apiVersion\": \"2014-04-01-preview\",\n \"properties\": {\n \"version\": \"12.0\",\n \"administratorLogin\": \"azure\",\n \"administratorLoginPassword\": \"P2ssw0rd\"\n }\n }\n ],\n \"outputs\": {\n \"parameter testing\": {\n \"type\": \"string\",\n \"value\": \"[parameters('test_parameter')]\"\n }\n }\n}\n```\n\n### kitchen.yml example 4 - deploy VM to existing virtual network/subnet (use for ExpressRoute/VPN scenarios)\n\nThe following example introduces the ```vnet_id``` and ```subnet_id``` properties under \"driver\" in the configuration file. This can be applied at the top level, or per platform.\nYou can use this capability to create the VM on an existing virtual network and subnet created in a different resource group.\n\nIn this case, the public IP address is not used unless ```public_ip``` is set to ```true```\n\n```yaml\n---\ndriver:\n name: azurerm\n subscription_id: 'your-azure-subscription-id-here'\n location: 'West Europe'\n machine_size: 'Standard_D1'\n\ntransport:\n ssh_key: ~/.ssh/id_kitchen-azurerm\n\nprovisioner:\n name: chef_zero\n\nplatforms:\n - name: ubuntu-1404\n driver:\n image_urn: Canonical:UbuntuServer:14.04.4-LTS:latest\n vnet_id: /subscriptions/b6e7eee9-YOUR-GUID-HERE-03ab624df016/resourceGroups/pendrica-infrastructure/providers/Microsoft.Network/virtualNetworks/pendrica-arm-vnet\n subnet_id: subnet-10.1.0\n\nsuites:\n - name: default\n attributes:\n```\n\n### kitchen.yml example 5 - deploy VM to existing virtual network/subnet with a Standard SKU public IP (use for ExpressRoute/VPN scenarios)\n\nThe following example introduces the ```vnet_id``` and ```subnet_id``` properties under \"driver\" in the configuration file. This can be applied at the top level, or per platform.\nYou can use this capability to create the VM on an existing virtual network and subnet created in a different resource group.\n\nThis enables scenarios that require a Standard SKU public IP resource, for example when a NAT gateway is present on the target subnet.\n\n```yaml\n---\ndriver:\n name: azurerm\n subscription_id: 'your-azure-subscription-id-here'\n location: 'West Europe'\n machine_size: 'Standard_D1'\n\ntransport:\n ssh_key: ~/.ssh/id_kitchen-azurerm\n\nprovisioner:\n name: chef_zero\n\nplatforms:\n - name: ubuntu-1404\n driver:\n image_urn: Canonical:UbuntuServer:14.04.4-LTS:latest\n vnet_id: /subscriptions/b6e7eee9-YOUR-GUID-HERE-03ab624df016/resourceGroups/pendrica-infrastructure/providers/Microsoft.Network/virtualNetworks/pendrica-arm-vnet\n subnet_id: subnet-10.1.0\n public_ip: true\n public_ip_sku: Standard\n\nsuites:\n - name: default\n attributes:\n```\n\n### kitchen.yml example 6 - deploy VM to existing virtual network/subnet (use for ExpressRoute/VPN scenarios) with Private Managed Image\n\nThis example is the same as above, but uses a private managed image to provision the vm.\n\nNote: The image must be available first. On deletion the disk and everything is removed.\n\n```yaml\n---\ndriver:\n name: azurerm\n subscription_id: 'your-azure-subscription-id-here'\n location: 'West Europe'\n machine_size: 'Standard_D1'\n\ntransport:\n ssh_key: ~/.ssh/id_kitchen-azurerm\n\nprovisioner:\n name: chef_zero\n\nplatforms:\n - name: ubuntu-1404\n driver:\n image_id: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/RESGROUP/providers/Microsoft.Compute/images/IMAGENAME\n vnet_id: /subscriptions/b6e7eee9-YOUR-GUID-HERE-03ab624df016/resourceGroups/pendrica-infrastructure/providers/Microsoft.Network/virtualNetworks/pendrica-arm-vnet\n subnet_id: subnet-10.1.0\n use_managed_disk: true\n\nsuites:\n - name: default\n attributes:\n```\n\n### kitchen.yml example 7 - deploy VM to existing virtual network/subnet (use for ExpressRoute/VPN scenarios) with Private Classic OS Image\n\nThis example a classic Custom VM Image (aka a VHD file) is used. As the Image VHD must be in the same storage account then the disk of the instance, the os disk is created in an existing image account.\n\nNote: When the resource group ís deleted, the os disk is left in the existing storage account blob. You must clean up manually.\n\nThis example will:\n\n* use the customized image \u003chttps://yourstorageaccount.blob.core.windows.net/system/Microsoft.Compute/Images/images/Cent7_P4-osDisk.170dd1b7-7dc3-4496-b248-f47c49f63965.vhd\u003e (can be built with packer)\n* set the disk url of the vm to \u003chttps://yourstorageaccount.blob.core.windows.net/vhds/osdisk-kitchen-XXXXX.vhd\u003e\n* set the os type to linux\n\n```yaml\n---\ndriver:\n name: azurerm\n subscription_id: 'your-azure-subscription-id-here'\n location: 'West Europe'\n machine_size: 'Standard_D1'\n\ntransport:\n ssh_key: ~/.ssh/id_kitchen-azurerm\n\nprovisioner:\n name: chef_zero\n\nplatforms:\n - name: ubuntu-1404\n driver:\n image_url: https://yourstorageaccount.blob.core.windows.net/system/Microsoft.Compute/Images/images/Cent7_P4-osDisk.170dd1b7-7dc3-4496-b248-f47c49f63965.vhd\n existing_storage_account_blob_url: https://yourstorageaccount.blob.core.windows.net\n os_type: linux\n use_managed_disk: false\n vnet_id: /subscriptions/b6e7eee9-YOUR-GUID-HERE-03ab624df016/resourceGroups/pendrica-infrastructure/providers/Microsoft.Network/virtualNetworks/pendrica-arm-vnet\n subnet_id: subnet-10.1.0\n\nsuites:\n - name: default\n attributes:\n```\n\n### kitchen.yml example 8 - deploy VM to existing virtual network/subnet (use for ExpressRoute/VPN scenarios) with Private Classic OS Image and providing custom data and extra large os disk\n\nThis is the same as above, but uses custom data to customize the instance.\n\nNote: Custom data can be custom data or a file to custom data. Please also note that if you use winrm communication to non-nano windows servers custom data is not supported, as winrm is enabled via custom data.\n\n```yaml\n---\ndriver:\n name: azurerm\n subscription_id: 'your-azure-subscription-id-here'\n location: 'West Europe'\n machine_size: 'Standard_D1'\n\ntransport:\n ssh_key: ~/.ssh/id_kitchen-azurerm\n\nprovisioner:\n name: chef_zero\n\nplatforms:\n - name: ubuntu-1404\n driver:\n image_url: https://yourstorageaccount.blob.core.windows.net/system/Microsoft.Compute/Images/images/Cent7_P4-osDisk.170dd1b7-7dc3-4496-b248-f47c49f63965.vhd\n existing_storage_account_blob_url: https://yourstorageaccount.blob.core.windows.net\n os_type: linux\n use_managed_disk: false\n vnet_id: /subscriptions/b6e7eee9-YOUR-GUID-HERE-03ab624df016/resourceGroups/pendrica-infrastructure/providers/Microsoft.Network/virtualNetworks/pendrica-arm-vnet\n subnet_id: subnet-10.1.0\n os_disk_size_gb: 100\n #custom_data: /tmp/customdata.txt\n custom_data: |\n #cloud-config\n fqdn: myhostname\n preserve_hostname: false\n runcmd:\n - yum install -y telnet\n\nsuites:\n - name: default\n attributes:\n```\n\n### kitchen.yml example 9 - Windows 2016 VM with additional data disks\n\nThis example demonstrates how to add 3 additional Managed data disks to a Windows Server 2016 VM. Not supported with legacy (pre-managed disk) storage accounts.\n\nNote the availability of a `format_data_disks` option (default: `false`). When set to true, a PowerShell script will execute at first boot to initialize and format the disks with an NTFS filesystem. This option does not affect Linux machines.\n\n```yaml\n---\ndriver:\n name: azurerm\n subscription_id: 'your-azure-subscription-id-here'\n location: 'West Europe'\n machine_size: 'Standard_F2s'\n\nprovisioner:\n name: chef_zero\n\nplatforms:\n- name: windows2016-noformat\n driver:\n image_urn: MicrosoftWindowsServer:WindowsServer:2016-Datacenter:latest\n data_disks:\n - lun: 0\n disk_size_gb: 128\n - lun: 1\n disk_size_gb: 128\n - lun: 2\n disk_size_gb: 128\n # format_data_disks: false\n\nsuites:\n - name: default\n attributes:\n```\n\n### kitchen.yml example 10 - \"post-deployment\" ARM template with MSI authentication\n\nThe following example introduces the ```post_deployment_template``` and ```post_deployment_parameters``` properties in the configuration file.\nYou can use this capability to execute an ARM template containing Azure resources to provision after the system under test is created.\n\nIn the example the ARM template in the file ```postdeploy.json``` would be executed with the parameters that are specified under ```post_deployment_parameters```.\nThese resources will be created in the same Azure Resource Group as the VM under test, and therefore will be destroyed when you type ```kitchen destroy```.\n\n```yaml\n---\ndriver:\n name: azurerm\n subscription_id: 'your-azure-subscription-id-here'\n location: 'West Europe'\n machine_size: 'Standard_D1'\n post_deployment_template: postdeploy.json\n post_deployment_parameters:\n test_parameter: 'This is a test.'\n\ntransport:\n ssh_key: ~/.ssh/id_kitchen-azurerm\n\nprovisioner:\n name: chef_zero\n\nplatforms:\n - name: ubuntu-1404\n driver:\n image_urn: Canonical:UbuntuServer:14.04.4-LTS:latest\n\nsuites:\n - name: default\n attributes:\n```\n\nExample postdeploy.json to enable MSI extention on VM:\n\n```json\n{\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"vmName\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"msiExtensionName\": {\n \"type\": \"String\"\n }\n },\n \"resources\": [\n {\n \"type\": \"Microsoft.Compute/virtualMachines\",\n \"name\": \"[parameters('vmName')]\",\n \"apiVersion\": \"2017-12-01\",\n \"location\": \"[parameters('location')]\",\n \"identity\": {\n \"type\": \"systemAssigned\"\n }\n },\n {\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n \"name\": \"[concat( parameters('vmName'), '/' , parameters('msiExtensionName') )]\",\n \"apiVersion\": \"2017-12-01\",\n \"location\": \"[parameters('location')]\",\n \"properties\": {\n \"publisher\": \"Microsoft.ManagedIdentity\",\n \"type\": \"[parameters('msiExtensionName')]\",\n \"typeHandlerVersion\": \"1.0\",\n \"autoUpgradeMinorVersion\": true,\n \"settings\": {\n \"port\": 50342\n }\n },\n \"dependsOn\": [\n \"[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]\"\n ]\n }\n ]\n}\n```\n\n### kitchen.yml example 11 - Enabling Managed Service Identities\n\nThis example demonstrates how to enable a System Assigned Identity and User Assigned Identities on a Kitchen VM.\nAny combination of System and User assigned identities may be enabled, and multiple User Assigned Identities can be supplied.\n\nSee the [Managed identities for Azure resources](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview) documentation for more information on using Managed Service Identities.\n\n```yaml\n---\ndriver:\n name: azurerm\n subscription_id: 'your-azure-subscription-id-here'\n location: 'West Europe'\n machine_size: 'Standard_D1'\n\ntransport:\n ssh_key: ~/.ssh/id_kitchen-azurerm\n\nprovisioner:\n name: chef_zero\n\nplatforms:\n - name: ubuntu-1404\n driver:\n image_urn: Canonical:UbuntuServer:14.04.4-LTS:latest\n system_assigned_identity: true\n user_assigned_identities:\n - /subscriptions/4801fa9d-YOUR-GUID-HERE-b265ff49ce21/resourcegroups/test-kitchen-user/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-kitchen-user\n\nsuites:\n - name: default\n attributes:\n```\n\n### kitchen.yml example 12 - deploy VM with key vault certificate\n\nThis following example introduces ```secret_url```, ```vault_name```, and ```vault_resource_group``` properties under \"driver\" in the configuration file. You can use this capability to create a VM with a specified key vault certificate.\n\n```yaml\n---\ndriver:\n name: azurerm\n subscription_id: 'your-azure-subscription-id-here'\n location: 'CentralUS'\n machine_size: 'Standard_D2s_v3'\n secret_url: 'https://YOUR-SECRET-PATH'\n vault_name: 'YOUR-VAULT-NAME'\n vault_group_name: 'YOUR-VAULT-GROUP-NAME'\ntransport:\n name: winrm\n elevated: true\nprovisioner:\n name: chef_zero\nplatforms:\n - name: win2012R2-sql2016\n driver:\n image_urn: MicrosoftSQLServer:SQL2016SP2-WS2012R2:SQLDEV:latest\n\nsuites:\n - name: default\n attributes:\n```\n\n## Support for Government and Sovereign Clouds (China and Germany)\n\nStarting with v0.9.0 this driver has support for Azure Government and Sovereign Clouds via the use of the ```azure_environment``` setting. Valid Azure environments are ```Azure```, ```AzureUSGovernment```, ```AzureChina``` and ```AzureGermanCloud```\n\nNote that the ```use_managed_disks``` option should be set to false until supported by AzureUSGovernment.\n\n### Example kitchen.yml for Azure US Government cloud\n\n```yaml\n---\ndriver:\n name: azurerm\n subscription_id: 'your-azure-subscription-id-here'\n azure_environment: 'AzureUSGovernment'\n location: 'US Gov Iowa'\n machine_size: 'Standard_D2_v2_Promo'\n use_managed_disks: false\n\nprovisioner:\n name: chef_zero\n\nverifier:\n name: inspec\n\nplatforms:\n- name: ubuntu1604\n driver:\n image_urn: Canonical:UbuntuServer:16.04-LTS:latest\n transport:\n ssh_key: ~/.ssh/id_kitchen-azurerm\n\nsuites:\n - name: default\n```\n\n### How to retrieve the image_urn\n\nYou can use the azure (azure-cli) command line tools to interrogate for the Urn. All 4 parts of the Urn must be specified, though the last part can be changed to \"latest\" to indicate you always wish to provision the latest operating system and patches.\n\n```$ azure vm image list \"West Europe\" Canonical UbuntuServer```\n\nThis will return a list like the following, from which you can derive the Urn.\n*this list has been shortened for readability*\n\n```bash\ndata: Publisher Offer Sku Version Location Urn\ndata: --------- ------------ ----------------- --------------- ---------- --------------------------------------------------------\ndata: Canonical UbuntuServer 12.04.5-LTS 12.04.201507301 westeurope Canonical:UbuntuServer:12.04.5-LTS:12.04.201507301\ndata: Canonical UbuntuServer 12.04.5-LTS 12.04.201507311 westeurope Canonical:UbuntuServer:12.04.5-LTS:12.04.201507311\ndata: Canonical UbuntuServer 12.04.5-LTS 12.04.201508190 westeurope Canonical:UbuntuServer:12.04.5-LTS:12.04.201508190\ndata: Canonical UbuntuServer 12.04.5-LTS 12.04.201509060 westeurope Canonical:UbuntuServer:12.04.5-LTS:12.04.201509060\ndata: Canonical UbuntuServer 12.04.5-LTS 12.04.201509090 westeurope Canonical:UbuntuServer:12.04.5-LTS:12.04.201509090\ndata: Canonical UbuntuServer 12.10 12.10.201212180 westeurope Canonical:UbuntuServer:12.10:12.10.201212180\ndata: Canonical UbuntuServer 14.04.3-DAILY-LTS 14.04.201509110 westeurope Canonical:UbuntuServer:14.04.3-DAILY-LTS:14.04.201509110\ndata: Canonical UbuntuServer 14.04.3-DAILY-LTS 14.04.201509160 westeurope Canonical:UbuntuServer:14.04.3-DAILY-LTS:14.04.201509160\ndata: Canonical UbuntuServer 14.04.3-DAILY-LTS 14.04.201509220 westeurope Canonical:UbuntuServer:14.04.3-DAILY-LTS:14.04.201509220\ndata: Canonical UbuntuServer 14.04.3-LTS 14.04.201508050 westeurope Canonical:UbuntuServer:14.04.3-LTS:14.04.201508050\ndata: Canonical UbuntuServer 14.04.3-LTS 14.04.201509080 westeurope Canonical:UbuntuServer:14.04.3-LTS:14.04.201509080\ndata: Canonical UbuntuServer 15.04 15.04.201506161 westeurope Canonical:UbuntuServer:15.04:15.04.201506161\ndata: Canonical UbuntuServer 15.04 15.04.201507070 westeurope Canonical:UbuntuServer:15.04:15.04.201507070\ndata: Canonical UbuntuServer 15.04 15.04.201507220 westeurope Canonical:UbuntuServer:15.04:15.04.201507220\ndata: Canonical UbuntuServer 15.04 15.04.201507280 westeurope Canonical:UbuntuServer:15.04:15.04.201507280\ndata: Canonical UbuntuServer 15.10-DAILY 15.10.201509170 westeurope Canonical:UbuntuServer:15.10-DAILY:15.10.201509170\ndata: Canonical UbuntuServer 15.10-DAILY 15.10.201509180 westeurope Canonical:UbuntuServer:15.10-DAILY:15.10.201509180\ndata: Canonical UbuntuServer 15.10-DAILY 15.10.201509190 westeurope Canonical:UbuntuServer:15.10-DAILY:15.10.201509190\ndata: Canonical UbuntuServer 15.10-DAILY 15.10.201509210 westeurope Canonical:UbuntuServer:15.10-DAILY:15.10.201509210\ndata: Canonical UbuntuServer 15.10-DAILY 15.10.201509220 westeurope Canonical:UbuntuServer:15.10-DAILY:15.10.201509220\ninfo: vm image list command OK\n```\n\n## Contributing\n\nContributions to the project are welcome via submitting Pull Requests.\n\n1. Fork it ( \u003chttps://github.com/test-kitchen/kitchen-azurerm/fork\u003e )\n2. Create your feature branch (`git checkout -b my-new-feature`)\n3. Commit your changes (`git commit -am 'Add some feature'`)\n4. Push to the branch (`git push origin my-new-feature`)\n5. Create a new Pull Request\n\n## Author\n\nStuart Preston\n\n## License and Copyright\n\nCopyright 2015-2021, Chef Software, Inc.\n\n```text\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftest-kitchen%2Fkitchen-azurerm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftest-kitchen%2Fkitchen-azurerm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftest-kitchen%2Fkitchen-azurerm/lists"}