I am unable to find images shared with me via a Shared Image gallery. The issue is present with both the Az cmdlets and the Az CLI, though for consistency I will stick with PowerShell examples here. Note that referencing publicly available images, such as those published by MicrosoftWindowsServer, are able to be resolved as expected.
There are two shared galleries in question, both are within the same tenant, and one is sourced within the same subscription I am running the query in (which in fact I am the creator and maintainer of this gallery, I am in the Contributor role). I am unable to resolve any images from either gallery when trying to search for or apply an image by publisher, offer, and sku... but only when done through the API. Below is an example of how I am setting the source image to be referenced:
$virtualMachine = New-AzVMConfig -VMName MyVmName -VMSize Standard_D2_v2
$virtualMachine = Set-AzVMSourceImage -VM $virtualMachine -Publisher MyCompany -Offer MyOffer -Sku MySku -Version latest
$virtualMachine is later passed to New-AzVM and throws the following error:
ErrorCode: PlatformImageNotFound
ErrorMessage: The platform image 'MyCompany:MyOffer:MySku:latest' is not available. Verify that all fields in the storage profile are correct. For more details about storage profile information, please refer to https://aka.ms/storageprofile
ErrorTarget: imageReference
StatusCode: 404
ReasonPhrase: Not Found
Curiously, I am able to see the images when I go to create a VM in the portal and use the image picker to show Shared Images.
I am able to use commands intended for managing shared images in order to resolve them, but this requires knowing extra information ahead of time, like the gallery name, the resource group the gallery belongs to, and the search has to be performed from within the subscription the gallery exists in. In the end, I am able to request a VM successfully if I use these additional cmdlets to resolve the shared image ID, and then refer to the image by ID instead:
Note: I can also use az sig commands to resolve the image ID as well.
# Have to first connect to the Azure subscription the gallery and image exist in
Connect-AzAccount -Tenant GALLERY_TENANT -Subscription GALLERY_SUBSCRIPTION
# Get the image definition using image name, name of the gallery, and the resource group the gallery belongs to
$sourceImageName = 'my-image-definition-name'
$imageDefinition = Get-AzGalleryImageDefinition -GalleryName MyCompany.ImageGallery -ResourceGroupName galleryResourceGroup -Name $sourceImageName
# Connect back to the tenant and subscription I actually want to build the VM in
Connect-AzAccount -Tenant MY_TENANT -Subscription MY_SUBSCRIPTION
# Reference the source image by ID
$virtualMachine = New-AzVMConfig -VMName MyVmName -VMSize Standard_D2_v2
$virtualMachine = Set-AzVMSourceImage -VM $virtualMachine -Id $imageDefinition.Id
This is a lot more work. It works, but I don't (and shouldn't) expect our users and engineers to have to include our subscription, resource group, and gallery name, let alone have to switch subscriptions, just to resolve the image ID. I don't need to jump through these hoops in the UI for using shared images, I select Shared Images in the image picker and see what is shared with me.
Is there some configuration I am missing to make these searchable by publlisher, offer, and SKU? The users (myself included) who need to be able to see these images are added to the Reader role on the Shared Galleries in question, and again, the information is available in the UI. I cannot understand why I can't reference the same images using the API by publisher, offer, sku, and version.
I have also used the Azure CLI (easier to use interactively) to attempt resolving the shared images with less information, such as only the publisher or omitting the SKU, but am met with no returned results:
az vm image list -p MyCompany -f MyOffer --all -o table
az vm image list -p MyCompany --all -o table
