ore/azure: add options to create and delete Shared Image Gallery Images

Add a new `create-gallery-image` ore command to Support creating images
within Azure Shared Image Galleries (Gallery Images). The command
creates image definitions and versions in Azure Shared Image Galleries.
Gallery images can be created from either a blob URL or an existing
managed image. A `--azure-publisher` flag is added to assign a publisher
to the gallery image.

`delete-gallery-image` is also added to delete individual gallery images
or an entire Shared Image Gallery.

Author: marmijo

mantle/cmd/ore/azure/azure.go

@@ -35,6 +35,7 @@ var (
 	azureCredentials string
 	azureLocation    string
 	azureHyperVGen   string
+	azurePublisher   string
 
 	api *azure.API
 )
@@ -46,6 +47,7 @@ func init() {
 	sv(&azureCredentials, "azure-credentials", "", "Azure credentials file location (default \"~/"+auth.AzureCredentialsPath+"\")")
 	sv(&azureLocation, "azure-location", "westus", "Azure location (default \"westus\")")
 	sv(&azureHyperVGen, "azure-hyper-v-generation", "V1", "Azure Hypervisor Generation")
+	sv(&azurePublisher, "azure-publisher", "CoreOS", "Azure image publisher")
 }
 
 func preauth(cmd *cobra.Command, args []string) error {
@@ -55,6 +57,7 @@ func preauth(cmd *cobra.Command, args []string) error {
 		AzureCredentials: azureCredentials,
 		Location:         azureLocation,
 		HyperVGeneration: azureHyperVGen,
+		Publisher:        azurePublisher,
 	})
 	if err != nil {
 		plog.Fatalf("Failed to create Azure API: %v", err)

mantle/cmd/ore/azure/create-gallery-image.go

@@ -0,0 +1,95 @@
+// Copyright 2025 Red Hat
+// Copyright 2018 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package azure
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+
+	"github.com/spf13/cobra"
+)
+
+var (
+	cmdCreateGalleryImage = &cobra.Command{
+		Use:     "create-gallery-image",
+		Short:   "Create Azure Gallery image",
+		Long:    "Create Azure Gallery image from a blob url",
+		RunE:    runCreateGalleryImage,
+		Aliases: []string{"create-gallery-image-arm"},
+
+		SilenceUsage: true,
+	}
+
+	galleryImageName string
+	galleryName      string
+)
+
+func init() {
+	sv := cmdCreateGalleryImage.Flags().StringVar
+
+	sv(&galleryImageName, "gallery-image-name", "", "gallery image name")
+	sv(&galleryName, "gallery-name", "kola", "gallery name")
+	sv(&blobUrl, "image-blob", "", "source blob url")
+	sv(&resourceGroup, "resource-group", "kola", "resource group name")
+
+	Azure.AddCommand(cmdCreateGalleryImage)
+}
+
+func runCreateGalleryImage(cmd *cobra.Command, args []string) error {
+	if blobUrl == "" {
+		fmt.Fprintf(os.Stderr, "must supply --image-blob\n")
+		os.Exit(1)
+	}
+
+	if err := api.SetupClients(); err != nil {
+		fmt.Fprintf(os.Stderr, "setting up clients: %v\n", err)
+		os.Exit(1)
+	}
+
+	img, err := api.CreateImage(galleryImageName, resourceGroup, blobUrl)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Couldn't create Azure image: %v\n", err)
+		os.Exit(1)
+	}
+	if img.ID == nil {
+		fmt.Fprintf(os.Stderr, "received nil image\n")
+		os.Exit(1)
+	}
+	sourceImageId := *img.ID
+
+	galleryImage, err := api.CreateGalleryImage(galleryImageName, galleryName, resourceGroup, sourceImageId)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Couldn't create Azure Shared Image Gallery image: %v\n", err)
+		os.Exit(1)
+	}
+	if galleryImage.ID == nil {
+		fmt.Fprintf(os.Stderr, "received nil gallery image\n")
+		os.Exit(1)
+	}
+	err = json.NewEncoder(os.Stdout).Encode(&struct {
+		ID       *string
+		Location *string
+	}{
+		ID:       galleryImage.ID,
+		Location: galleryImage.Location,
+	})
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Couldn't encode result: %v\n", err)
+		os.Exit(1)
+	}
+	return nil
+}

mantle/cmd/ore/azure/delete-gallery-image.go

@@ -0,0 +1,77 @@
+// Copyright 2025 Red Hat
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package azure
+
+import (
+	"fmt"
+
+	"github.com/spf13/cobra"
+)
+
+var (
+	cmdDeleteGalleryImage = &cobra.Command{
+		Use:     "delete-gallery-image",
+		Short:   "Delete Azure Gallery image",
+		Long:    "Remove a Shared Image Gallery image from Azure.",
+		RunE:    runDeleteGalleryImage,
+		Aliases: []string{"delete-gallery-image-arm"},
+
+		SilenceUsage: true,
+	}
+
+	deleteGallery bool
+)
+
+func init() {
+	sv := cmdDeleteGalleryImage.Flags().StringVar
+	bv := cmdDeleteGalleryImage.Flags().BoolVar
+
+	sv(&imageName, "gallery-image-name", "", "gallery image name")
+	sv(&resourceGroup, "resource-group", "kola", "resource group name")
+	sv(&galleryName, "gallery-name", "kola", "gallery name")
+	bv(&deleteGallery, "delete-entire-gallery", false, "delete entire gallery")
+
+	Azure.AddCommand(cmdDeleteGalleryImage)
+}
+
+func runDeleteGalleryImage(cmd *cobra.Command, args []string) error {
+	if err := api.SetupClients(); err != nil {
+		return fmt.Errorf("setting up clients: %v\n", err)
+	}
+
+	if deleteGallery {
+		err := api.DeleteGallery(galleryName, resourceGroup)
+		if err != nil {
+			return fmt.Errorf("Couldn't delete gallery: %v\n", err)
+		}
+		plog.Printf("Gallery %q in resource group %q removed", galleryName, resourceGroup)
+		return nil
+	}
+
+	err := api.DeleteGalleryImage(imageName, resourceGroup, galleryName)
+	if err != nil {
+		return fmt.Errorf("Couldn't delete gallery image: %v\n", err)
+	}
+
+	// Gallery image versions are backed by managed images with the same name,
+	// so we can easily identify and delete them together.
+	err = api.DeleteImage(imageName, resourceGroup)
+	if err != nil {
+		return fmt.Errorf("Couldn't delete image: %v\n", err)
+	}
+
+	plog.Printf("Image %q in gallery %q in resource group %q removed", imageName, galleryName, resourceGroup)
+	return nil
+}

mantle/platform/api/azure/api.go

@@ -31,16 +31,21 @@ import (
 )
 
 type API struct {
-	azIdCred   *azidentity.DefaultAzureCredential
-	rgClient   *armresources.ResourceGroupsClient
-	imgClient  *armcompute.ImagesClient
-	compClient *armcompute.VirtualMachinesClient
-	netClient  *armnetwork.VirtualNetworksClient
-	subClient  *armnetwork.SubnetsClient
-	ipClient   *armnetwork.PublicIPAddressesClient
-	intClient  *armnetwork.InterfacesClient
-	accClient  *armstorage.AccountsClient
-	opts       *Options
+	azIdCred        *azidentity.DefaultAzureCredential
+	rgClient        *armresources.ResourceGroupsClient
+	imgClient       *armcompute.ImagesClient
+	compClient      *armcompute.VirtualMachinesClient
+	galClient       *armcompute.GalleriesClient
+	galImgClient    *armcompute.GalleryImagesClient
+	galImgVerClient *armcompute.GalleryImageVersionsClient
+	diskClient      *armcompute.DisksClient
+	netClient       *armnetwork.VirtualNetworksClient
+	subClient       *armnetwork.SubnetsClient
+	ipClient        *armnetwork.PublicIPAddressesClient
+	intClient       *armnetwork.InterfacesClient
+	nsgClient       *armnetwork.SecurityGroupsClient
+	accClient       *armstorage.AccountsClient
+	opts            *Options
 }
 
 // New creates a new Azure client. If no publish settings file is provided or
@@ -89,6 +94,26 @@ func (a *API) SetupClients() error {
 		return err
 	}
 
+	a.galClient, err = armcompute.NewGalleriesClient(a.opts.SubscriptionID, a.azIdCred, nil)
+	if err != nil {
+		return err
+	}
+
+	a.galImgClient, err = armcompute.NewGalleryImagesClient(a.opts.SubscriptionID, a.azIdCred, nil)
+	if err != nil {
+		return err
+	}
+
+	a.galImgVerClient, err = armcompute.NewGalleryImageVersionsClient(a.opts.SubscriptionID, a.azIdCred, nil)
+	if err != nil {
+		return err
+	}
+
+	a.diskClient, err = armcompute.NewDisksClient(a.opts.SubscriptionID, a.azIdCred, nil)
+	if err != nil {
+		return err
+	}
+
 	a.netClient, err = armnetwork.NewVirtualNetworksClient(a.opts.SubscriptionID, a.azIdCred, nil)
 	if err != nil {
 		return err
@@ -109,6 +134,11 @@ func (a *API) SetupClients() error {
 		return err
 	}
 
+	a.nsgClient, err = armnetwork.NewSecurityGroupsClient(a.opts.SubscriptionID, a.azIdCred, nil)
+	if err != nil {
+		return err
+	}
+
 	a.accClient, err = armstorage.NewAccountsClient(a.opts.SubscriptionID, a.azIdCred, nil)
 	return err
 }