Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-12-17 20:04:36 -05:00
Code Issues Packages Projects Releases Wiki Activity

Update codeowners and remove old tools

Browse Source
This commit is contained in:
Thomas Tendyck 2023-08-03 15:07:19 +02:00 committed by Thomas Tendyck
parent 70ce195a5f
commit 122c3c92f8
7 changed files with 36 additions and 592 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
CODEOWNERS
View File

@ -1,41 +1,67 @@
.golangci.yml @katexochen
/3rdparty/gcp-guest-agent @malt3 /3rdparty/gcp-guest-agent @malt3
/bazel @malt3 /bazel @malt3
/bazel/ci @katexochen /bazel/ci @katexochen
/bazel/sh @katexochen
/bazel/container @katexochen /bazel/container @katexochen
/bazel/sh @katexochen
/bootstrapper @3u13r /bootstrapper @3u13r
/cli/internal/cloudcmd @daniel-weisse
/cli/internal/clusterid @malt3
/cli/internal/cmd/upgrade* @derpsteb
/cli/internal/featureset @malt3
/cli/internal/helm @derpsteb /cli/internal/helm @derpsteb
/cli/internal/kubernetes @daniel-weisse
/cli/internal/libvirt @daniel-weisse /cli/internal/libvirt @daniel-weisse
/cli/internal/terraform @daniel-weisse /cli/internal/terraform @elchead
/cli/internal/terraform/terraform @katexochen /cli/internal/upgrade @elchead
/csi @daniel-weisse /csi @daniel-weisse
/debugd @malt3 /debugd @malt3
/disk-mapper @daniel-weisse /disk-mapper @daniel-weisse
/docs @thomasten /docs @thomasten
/hack/azure-jump-host @malt3 /e2e @3u13r
/hack/azure-snp-report-verify @derpsteb /hack/azure-snp-report-verify @derpsteb
/hack/configapi @elchead
/hack/bazel-deps-mirror @malt3 /hack/bazel-deps-mirror @malt3
/hack/check-licenses.sh @thomasten /hack/cli-k8s-compatibility @derpsteb
/hack/clidocgen @thomasten /hack/clidocgen @thomasten
/hack/configapi @elchead
/hack/fetch-broken-e2e @katexochen /hack/fetch-broken-e2e @katexochen
/hack/oci-pin @malt3
/hack/pseudo-version @malt3 /hack/pseudo-version @malt3
/hack/qemu-metadata-api @daniel-weisse /hack/qemu-metadata-api @daniel-weisse
/hack/remove-tf-providers @katexochen /hack/remove-tf-providers @katexochen
/hack/terraform @3u13r /hack/terraform @3u13r
/hack/tools @katexochen
/image @malt3 /image @malt3
/internal/api @derpsteb
/internal/atls @thomasten /internal/atls @thomasten
/internal/attestation @daniel-weisse /internal/attestation @daniel-weisse
/internal/cloud @3u13r
/internal/compatibility @derpsteb
/internal/config @derpsteb /internal/config @derpsteb
/internal/containerimage @malt3
/internal/crypto @thomasten /internal/crypto @thomasten
/internal/cryptsetup @daniel-weisse
/internal/file @daniel-weisse
/internal/grpc @thomasten
/internal/imagefetcher @malt3
/internal/installer @3u13r
/internal/kms @daniel-weisse
/internal/kubernetes @malt3
/internal/license @thomasten /internal/license @thomasten
/internal/logger @daniel-weisse /internal/logger @daniel-weisse
/internal/oid @thomasten /internal/nodestate @daniel-weisse
/internal/sigstore @malt3 /internal/osimage @malt3
/internal/api/versionsapi @katexochen /internal/retry @katexochen
/internal/semver @derpsteb
/internal/sigstore @elchead
/internal/staticupload @malt3
/internal/versions @3u13r
/internal/watcher @daniel-weisse
/joinservice @daniel-weisse /joinservice @daniel-weisse
/keyservice @daniel-weisse /keyservice @daniel-weisse
/measurement-reader @daniel-weisse
/operators @malt3 /operators @malt3
/rpm @malt3
/tools @malt3
/upgrade-agent @3u13r /upgrade-agent @3u13r
/verify @daniel-weisse /verify @daniel-weisse
.golangci.yml @katexochen

9
hack/azure-jump-host/README.md
View File

@ -1,9 +0,0 @@
# Creating a Jump Host for Azure
Constellation on Azure does not allow direct access to every node.
For debugging purposes, you can create a jump host that can be used to access the nodes in your cluster.
```shell-session
# execute the following command in your constellation workspace AFTER constellation create
"$(git rev-parse --show-toplevel)/hack/azure-jump-host/jump-host-create"
```

40
hack/azure-jump-host/jump-host-create
View File

@ -1,40 +0,0 @@
#!/usr/bin/env bash
set -euo pipefail
shopt -s inherit_errexit
SCRIPTDIR="$(dirname -- "$(realpath "${BASH_SOURCE[0]}")")"
RG=$(jq -r .azureresourcegroup constellation-state.json)
SUBNET=$(jq -r .azuresubnet constellation-state.json)
VNET=${SUBNET%"/subnets/nodeNetwork"}
PUBKEY=$(cat ~/.ssh/id_rsa.pub)
DEPLOYMENT_NAME=jump-host
VM_NAME=jump-host
az deployment group create \
-o none \
--name "${DEPLOYMENT_NAME}" \
--resource-group "${RG}" \
--template-file "${SCRIPTDIR}/template.json" \
--parameters "@${SCRIPTDIR}/parameters.json" \
--parameters "{ \"virtualNetworkId\": { \"value\": \"${VNET}\" } }" \
--parameters "{ \"subnetRef\": { \"value\": \"${SUBNET}\" } }" \
--parameters "{ \"adminPublicKey\": { \"value\": \"${PUBKEY}\" } }"
az deployment group wait --created --name "${DEPLOYMENT_NAME}" --resource-group "${RG}"
PUBIP=$(
az vm list-ip-addresses \
--resource-group "${RG}" \
--name "${VM_NAME}" \
--query "[].virtualMachine.network.publicIpAddresses[0].ipAddress" \
--output tsv
)
echo "Jump host created. Cleanup by deleteing the resource group."
echo "Connect to the jump host with the following command:"
echo -e "ssh azureuser@${PUBIP}\n"
echo "Expose any nodes's debugd port locally:"
echo -e "NODEIP=<IP OF CONSTELLATION NODE> && \n\
ssh -M -S debugd -fNT -L \"4000:\${NODEIP}:4000\" azureuser@${PUBIP} && \n\
./cdbg deploy --ips localhost && \n\
ssh -S debugd -O exit azureuser@${PUBIP}\n"
echo "Connect to any constellation node using the following command:"
echo "ssh -J azureuser@${PUBIP} <USER>@<IP OF CONSTELLATION NODE>"

83
hack/azure-jump-host/parameters.json
View File

@ -1,83 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "westus"
},
"networkInterfaceName": {
"value": "jump-host814"
},
"networkSecurityGroupName": {
"value": "jump-host-nsg"
},
"networkSecurityGroupRules": {
"value": [
{
"name": "SSH",
"properties": {
"priority": 300,
"protocol": "TCP",
"access": "Allow",
"direction": "Inbound",
"sourceAddressPrefix": "*",
"sourcePortRange": "*",
"destinationAddressPrefix": "*",
"destinationPortRange": "22"
}
}
]
},
"virtualNetworkId": {
"value": null
},
"subnetRef": {
"value": null
},
"publicIpAddressName": {
"value": "jump-host-ip"
},
"publicIpAddressType": {
"value": "Dynamic"
},
"publicIpAddressSku": {
"value": "Basic"
},
"pipDeleteOption": {
"value": "Detach"
},
"virtualMachineName": {
"value": "jump-host"
},
"virtualMachineComputerName": {
"value": "jump-host"
},
"osDiskType": {
"value": "Premium_LRS"
},
"osDiskDeleteOption": {
"value": "Delete"
},
"virtualMachineSize": {
"value": "Standard_DC2ads_v5"
},
"nicDeleteOption": {
"value": "Detach"
},
"adminUsername": {
"value": "azureuser"
},
"adminPublicKey": {
"value": null
},
"securityType": {
"value": "ConfidentialVM"
},
"secureBoot": {
"value": true
},
"vTPM": {
"value": true
}
}
}

204
hack/azure-jump-host/template.json
View File

@ -1,204 +0,0 @@
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string"
},
"networkInterfaceName": {
"type": "string"
},
"networkSecurityGroupName": {
"type": "string"
},
"networkSecurityGroupRules": {
"type": "array"
},
"virtualNetworkId": {
"type": "string"
},
"subnetRef": {
"type": "string"
},
"publicIpAddressName": {
"type": "string"
},
"publicIpAddressType": {
"type": "string"
},
"publicIpAddressSku": {
"type": "string"
},
"pipDeleteOption": {
"type": "string"
},
"virtualMachineName": {
"type": "string"
},
"virtualMachineComputerName": {
"type": "string"
},
"osDiskType": {
"type": "string"
},
"osDiskDeleteOption": {
"type": "string"
},
"virtualMachineSize": {
"type": "string"
},
"nicDeleteOption": {
"type": "string"
},
"adminUsername": {
"type": "string"
},
"adminPublicKey": {
"type": "secureString"
},
"securityType": {
"type": "string"
},
"secureBoot": {
"type": "bool"
},
"vTPM": {
"type": "bool"
}
},
"variables": {
"nsgId": "[resourceId(resourceGroup().name, 'Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName'))]",
"vnetId": "[parameters('virtualNetworkId')]",
"vnetName": "[last(split(variables('vnetId'), '/'))]"
},
"resources": [
{
"name": "[parameters('networkInterfaceName')]",
"type": "Microsoft.Network/networkInterfaces",
"apiVersion": "2021-03-01",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Network/networkSecurityGroups/', parameters('networkSecurityGroupName'))]",
"[concat('Microsoft.Network/publicIpAddresses/', parameters('publicIpAddressName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"subnet": {
"id": "[parameters('subnetRef')]"
},
"privateIPAllocationMethod": "Dynamic",
"publicIpAddress": {
"id": "[resourceId(resourceGroup().name, 'Microsoft.Network/publicIpAddresses', parameters('publicIpAddressName'))]",
"properties": {
"deleteOption": "[parameters('pipDeleteOption')]"
}
}
}
}
],
"networkSecurityGroup": {
"id": "[variables('nsgId')]"
}
}
},
{
"name": "[parameters('networkSecurityGroupName')]",
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2019-02-01",
"location": "[parameters('location')]",
"properties": {
"securityRules": "[parameters('networkSecurityGroupRules')]"
}
},
{
"name": "[parameters('publicIpAddressName')]",
"type": "Microsoft.Network/publicIpAddresses",
"apiVersion": "2020-08-01",
"location": "[parameters('location')]",
"properties": {
"publicIpAllocationMethod": "[parameters('publicIpAddressType')]"
},
"sku": {
"name": "[parameters('publicIpAddressSku')]"
}
},
{
"name": "[parameters('virtualMachineName')]",
"type": "Microsoft.Compute/virtualMachines",
"apiVersion": "2022-03-01",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Network/networkInterfaces/', parameters('networkInterfaceName'))]"
],
"properties": {
"hardwareProfile": {
"vmSize": "[parameters('virtualMachineSize')]"
},
"storageProfile": {
"osDisk": {
"createOption": "fromImage",
"managedDisk": {
"storageAccountType": "[parameters('osDiskType')]",
"securityProfile": {
"securityEncryptionType": "DiskWithVMGuestState"
}
},
"deleteOption": "[parameters('osDiskDeleteOption')]"
},
"imageReference": {
"publisher": "canonical",
"offer": "0001-com-ubuntu-confidential-vm-focal",
"sku": "20_04-lts-cvm",
"version": "latest"
}
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkInterfaceName'))]",
"properties": {
"deleteOption": "[parameters('nicDeleteOption')]"
}
}
]
},
"osProfile": {
"computerName": "[parameters('virtualMachineComputerName')]",
"adminUsername": "[parameters('adminUsername')]",
"linuxConfiguration": {
"disablePasswordAuthentication": true,
"ssh": {
"publicKeys": [
{
"path": "[concat('/home/', parameters('adminUsername'), '/.ssh/authorized_keys')]",
"keyData": "[parameters('adminPublicKey')]"
}
]
}
}
},
"securityProfile": {
"securityType": "[parameters('securityType')]",
"uefiSettings": {
"secureBootEnabled": "[parameters('secureBoot')]",
"vTpmEnabled": "[parameters('vTPM')]"
}
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": true
}
}
}
}
],
"outputs": {
"adminUsername": {
"type": "string",
"value": "[parameters('adminUsername')]"
}
}
}

61
hack/docgen-builder/build-and-upload.sh
View File

@ -1,61 +0,0 @@
#!/usr/bin/env bash
# Usage: ./build-and-upload.sh [dryrun]
set -euo pipefail
set -o errtrace
shopt -s inherit_errexit
talosRepo="https://github.com/siderolabs/talos"
talosHash="94c24ca64e70f227da29cd02bd367d3c2701b96c"
s3CASPath="s3://cdn-constellation-backend/constellation/cas/sha256"
publicCASPath="https://cdn.confidential.cloud/constellation/cas/sha256"
function cleanup {
echo "Cleaning up"
rm -rf "${tmpDir}"
}
trap cleanup EXIT
# Set flags to --dryrun if arg 1 is "dryrun"
awsFlags=()
if [[ ${1-} == "dryrun" ]]; then
awsFlags+=("--dryrun")
fi
# Create a temp dir to work in
tmpDir=$(mktemp -d)
pushd "${tmpDir}"
# Get the talos source code
wget -qO- "${talosRepo}/archive/${talosHash}.tar.gz" | tar -xz
cp -r "talos-${talosHash}/hack/docgen" .
pushd "docgen"
# Build and upload the talos-docgen binary
echo
for arch in "amd64" "arm64"; do
for os in "linux" "darwin"; do
echo "Building and uploading talos-docgen-${os}-${arch}"
CGO_ENABLED="0" GOWORK="" GOOS="${os}" GOARCH="${arch}" go build -trimpath -ldflags="-buildid=" -o "talos-docgen-${os}-${arch}" .
sum=$(sha256sum "talos-docgen-${os}-${arch}" | cut -d ' ' -f1) && echo "Binary sha256sum: ${sum}"
file "talos-docgen-${os}-${arch}"
aws s3 "${awsFlags[@]}" cp "./talos-docgen-${os}-${arch}" "${s3CASPath}/${sum}"
echo
cat << EOF >> "bazelout.txt"
http_file(
name = "com_github_siderolabs_talos_hack_docgen_${os}_${arch}",
urls = [
"${publicCASPath}/${sum}",
],
executable = True,
sha256 = "${sum}",
)
EOF
done
done
# Print the bazel output
cat bazelout.txt
echo

185
hack/importAzure.sh
View File

@ -1,185 +0,0 @@
#!/usr/bin/env bash
# importAzure imports a downloaded Azure VM image into Azure cloud.
# Parameters are provided via environment variables.
#
# Usage:
# $ AZURE_IMAGE_VERSION=0.1.0 AZURE_RESOURCE_GROUP_NAME=constellation-images ./importAzure.sh
# Required values.
# * AZURE_RESOURCE_GROUP_NAME: (required) resource group in Azure to use. Needs to exist!
# * AZURE_IMAGE_VERSION: (required) version number used for uploaded image. <major>.<minor>.<patch>
# Optional values.
# * AZURE_IMAGE_FILE: (optional, default: ./abcd) Path to image file to be uploaded.
# * AZURE_REGION: (optional, default: westus) Region used in Azure.
# * AZURE_GALLERY_NAME: (optional, default: constellation_import) Name for Azure shared image gallery. Will be created as part of this script.
# * AZURE_IMAGE_NAME: (optional, default: upload-target) Temporary image used for upload, must not exist.
set -euo pipefail
shopt -s inherit_errexit
# Required tools
if ! command -v az &> /dev/null; then
echo "az CLI could not be found"
echo "Please instal it from: https://docs.microsoft.com/en-us/cli/azure/install-azure-cli"
exit
fi
if ! command -v azcopy &> /dev/null; then
echo "azcopy could not be found"
echo "Please instal it from: https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10"
exit
fi
if ! command -v jq &> /dev/null; then
echo "jq could not be found"
echo "Please instal it from: https://github.com/stedolan/jq"
exit
fi
AZURE_IMAGE_FILE="${AZURE_IMAGE_FILE:-$(pwd)/abcd}"
AZURE_REGION="${AZURE_REGION:-westus}"
AZURE_GALLERY_NAME="${AZURE_GALLERY_NAME:-constellation_import}"
AZURE_PUBLISHER="${AZURE_PUBLISHER:-edgelesssys}"
AZURE_IMAGE_NAME="${AZURE_IMAGE_NAME:-upload-target}"
AZURE_IMAGE_OFFER="${AZURE_IMAGE_OFFER:-constellation}"
AZURE_IMAGE_DEFINITION="${AZURE_IMAGE_DEFINITION:-constellation}"
AZURE_SKU="${AZURE_SKU:-constellation}"
AZURE_SECURITY_TYPE="${AZURE_SECURITY_TYPE:-TrustedLaunch}"
if [[ -z ${AZURE_RESOURCE_GROUP_NAME} ]]; then
echo "Please provide a value for AZURE_RESOURCE_GROUP_NAME."
exit 1
fi
if [[ -z ${AZURE_IMAGE_VERSION} ]]; then
echo "Please provide a value for AZURE_IMAGE_VERSION of pattern <major>.<minor>.<patch>"
exit 1
fi
echo "Using following settings:"
echo "AZURE_REGION=${AZURE_REGION}"
echo "AZURE_RESOURCE_GROUP_NAME=${AZURE_RESOURCE_GROUP_NAME}"
echo "AZURE_GALLERY_NAME=${AZURE_GALLERY_NAME}"
echo "AZURE_IMAGE_FILE=${AZURE_IMAGE_FILE}"
echo "AZURE_IMAGE_NAME=${AZURE_IMAGE_NAME}"
echo "AZURE_IMAGE_OFFER=${AZURE_IMAGE_OFFER}"
echo "AZURE_IMAGE_DEFINITION=${AZURE_IMAGE_DEFINITION}"
echo "AZURE_IMAGE_VERSION=${AZURE_IMAGE_VERSION}"
echo "AZURE_PUBLISHER=${AZURE_PUBLISHER}"
echo "AZURE_SKU=${AZURE_SKU}"
echo "AZURE_SECURITY_TYPE=${AZURE_SECURITY_TYPE}"
echo ""
read -r -p "Continue (y/n)?" choice
case "${choice}" in
y | Y) echo "Starting import..." ;;
n | N)
echo "Abort!"
exit 1
;;
*)
echo "invalid"
exit 1
;;
esac
echo "Preparing to upload '${AZURE_IMAGE_FILE} to Azure."
SIZE=$(wc -c "${AZURE_IMAGE_FILE}" | cut -d " " -f1)
echo "Size is ${SIZE} bytes."
echo "Creating disk (${AZURE_IMAGE_NAME}) as import target."
az disk create \
-n "${AZURE_IMAGE_NAME}" \
-g "${AZURE_RESOURCE_GROUP_NAME}" \
-l "${AZURE_REGION}" \
--hyper-v-generation V2 \
--os-type Linux \
--for-upload \
-upload-size-bytes "${SIZE}" \
--sku standard_lrs
echo "Waiting for disk to be created."
az disk wait --created -n "${AZURE_IMAGE_NAME}" -g "${AZURE_RESOURCE_GROUP_NAME}"
echo "Retrieving disk ID."
AZURE_DISK_ID=$(
az disk list \
--query "[?name == '${AZURE_IMAGE_NAME}' && resourceGroup == '${AZURE_RESOURCE_GROUP_NAME^^}'] | [0].id" \
--output json |
jq -r
)
echo "Disk ID is ${AZURE_DISK_ID}"
echo "Generating SAS URL for authorized upload."
AZURE_SAS_URL=$(
az disk grant-access \
-n "${AZURE_IMAGE_NAME}" \
-g "${AZURE_RESOURCE_GROUP_NAME}" \
--access-level Write \
--duration-in-seconds 86400 |
jq -r .accessSas
)
echo "Uploading image file to Azure disk."
azcopy copy "${AZURE_IMAGE_FILE}" "${AZURE_SAS_URL}" --blob-type PageBlob
echo "Finalizing upload."
az disk revoke-access -n "${AZURE_IMAGE_NAME}" -g "${AZURE_RESOURCE_GROUP_NAME}"
echo "Creating Azure image."
az image create \
-g "${AZURE_RESOURCE_GROUP_NAME}" \
-l "${AZURE_REGION}" \
-n "${AZURE_IMAGE_NAME}" \
--hyper-v-generation V2 \
--os-type Linux \
--source "${AZURE_DISK_ID}"
echo "Creating Azure Shared Image Gallery."
az sig create \
-l "${AZURE_REGION}" \
--gallery-name "${AZURE_GALLERY_NAME}" \
--resource-group "${AZURE_RESOURCE_GROUP_NAME}"
echo "Creating Image Definition."
az sig image-definition create \
--resource-group "${AZURE_RESOURCE_GROUP_NAME}" \
-l "${AZURE_REGION}" \
--gallery-name "${AZURE_GALLERY_NAME}" \
--gallery-image-definition "${AZURE_IMAGE_DEFINITION}" \
--publisher "${AZURE_PUBLISHER}" \
--offer "${AZURE_IMAGE_OFFER}" --sku "${AZURE_SKU}" \
--os-type Linux \
--os-state generalized \
--hyper-v-generation V2 \
--features SecurityType="${AZURE_SECURITY_TYPE}"
echo "Retrieving temporary image ID."
AZURE_IMAGE_ID=$(
az image list \
--query "[?name == '${AZURE_IMAGE_NAME}' && resourceGroup == '${AZURE_RESOURCE_GROUP_NAME^^}'] | [0].id" \
--output json | jq -r
)
echo "Creating final image version."
az sig image-version create \
--resource-group "${AZURE_RESOURCE_GROUP_NAME}" \
-l "${AZURE_REGION}" \
--gallery-name "${AZURE_GALLERY_NAME}" \
--gallery-image-definition "${AZURE_IMAGE_DEFINITION}" \
--gallery-image-version "${AZURE_IMAGE_VERSION}" \
--target-regions "${AZURE_REGION}" \
--replica-count 1 \
--managed-image "${AZURE_IMAGE_ID}"
echo "Cleaning up ephemeral resources."
az image delete --ids "${AZURE_IMAGE_ID}"
az disk delete -y --ids "${AZURE_DISK_ID}"
IMAGE_VERSION=$(
az sig image-version show \
--resource-group "${AZURE_RESOURCE_GROUP_NAME}" \
--gallery-name "${AZURE_GALLERY_NAME}" \
--gallery-image-definition "${AZURE_IMAGE_DEFINITION}" \
--gallery-image-version "${AZURE_IMAGE_VERSION}" \
-o tsv \
--query id
)
echo "Image ID is ${IMAGE_VERSION}"
# # Cleanup all
# az sig image-version delete --resource-group ${AZURE_RESOURCE_GROUP_NAME} --gallery-image-definition ${AZURE_IMAGE_DEFINITION} --gallery-image-version ${AZURE_IMAGE_VERSION} --gallery-name ${AZURE_GALLERY_NAME}
# az sig image-definition delete --resource-group ${AZURE_RESOURCE_GROUP_NAME} --gallery-name ${AZURE_GALLERY_NAME} --gallery-image-definition ${AZURE_IMAGE_DEFINITION}
# az sig delete --resource-group ${AZURE_RESOURCE_GROUP_NAME} --gallery-name ${AZURE_GALLERY_NAME}