fix execution of create vm component

Signed-off-by: Emil Todorovski <emil.todorovski@brightmarbles.io>

Author: e-todorovski-bm

pkg/core/integration.go

@@ -83,6 +83,15 @@ type Integration interface {
 	HandleRequest(ctx HTTPRequestContext)
 }
 
+// OIDCAwareIntegration is an optional interface for integrations that
+// require an OIDC provider for authentication (e.g. workload identity
+// federation with cloud providers). The registry calls SetOIDCProvider
+// once during startup so the integration can lazily initialize
+// authenticated clients without waiting for a manual Sync.
+type OIDCAwareIntegration interface {
+	SetOIDCProvider(oidc.Provider)
+}
+
 type WebhookHandler interface {
 
 	/*

pkg/integrations/azure/actions.go

@@ -495,3 +495,49 @@ var ImageUbuntu2004LTS = ImageReference{
 	SKU:       "20_04-lts-gen2",
 	Version:   "latest",
 }
+
+var ImageUbuntu2204LTS = ImageReference{
+	Publisher: "Canonical",
+	Offer:     "0001-com-ubuntu-server-jammy",
+	SKU:       "22_04-lts-gen2",
+	Version:   "latest",
+}
+
+var ImageUbuntu2404LTS = ImageReference{
+	Publisher: "Canonical",
+	Offer:     "ubuntu-24_04-lts",
+	SKU:       "server",
+	Version:   "latest",
+}
+
+var ImageDebian12 = ImageReference{
+	Publisher: "Debian",
+	Offer:     "debian-12",
+	SKU:       "12-gen2",
+	Version:   "latest",
+}
+
+var ImageWindowsServer2022 = ImageReference{
+	Publisher: "MicrosoftWindowsServer",
+	Offer:     "WindowsServer",
+	SKU:       "2022-datacenter-g2",
+	Version:   "latest",
+}
+
+// ImagePresets maps preset keys to their image references.
+var ImagePresets = map[string]ImageReference{
+	"ubuntu-24.04": ImageUbuntu2404LTS,
+	"ubuntu-22.04": ImageUbuntu2204LTS,
+	"ubuntu-20.04": ImageUbuntu2004LTS,
+	"debian-12":    ImageDebian12,
+	"windows-2022": ImageWindowsServer2022,
+}
+
+// ResolveImagePreset returns the ImageReference for a preset key,
+// or the Ubuntu 24.04 default if the key is empty or unknown.
+func ResolveImagePreset(preset string) ImageReference {
+	if img, ok := ImagePresets[preset]; ok {
+		return img
+	}
+	return ImageUbuntu2404LTS
+}

pkg/integrations/azure/actions_test.go

@@ -191,6 +191,27 @@ func TestImageReferenceConstants(t *testing.T) {
 	assert.Equal(t, "0001-com-ubuntu-server-focal", ImageUbuntu2004LTS.Offer)
 	assert.Equal(t, "20_04-lts-gen2", ImageUbuntu2004LTS.SKU)
 	assert.Equal(t, "latest", ImageUbuntu2004LTS.Version)
+
+	assert.Equal(t, "Canonical", ImageUbuntu2204LTS.Publisher)
+	assert.Equal(t, "Canonical", ImageUbuntu2404LTS.Publisher)
+	assert.Equal(t, "Debian", ImageDebian12.Publisher)
+	assert.Equal(t, "MicrosoftWindowsServer", ImageWindowsServer2022.Publisher)
+}
+
+func TestResolveImagePreset(t *testing.T) {
+	img := ResolveImagePreset("ubuntu-22.04")
+	assert.Equal(t, ImageUbuntu2204LTS, img)
+
+	img = ResolveImagePreset("windows-2022")
+	assert.Equal(t, ImageWindowsServer2022, img)
+
+	// Unknown preset falls back to Ubuntu 24.04
+	img = ResolveImagePreset("unknown")
+	assert.Equal(t, ImageUbuntu2404LTS, img)
+
+	// Empty preset falls back to Ubuntu 24.04
+	img = ResolveImagePreset("")
+	assert.Equal(t, ImageUbuntu2404LTS, img)
 }
 
 func TestImageReference_StructFields(t *testing.T) {

pkg/integrations/azure/arm_client.go

@@ -14,11 +14,12 @@ import (
 )
 
 const (
-	armBaseURL                 = "https://management.azure.com"
-	armAPIVersionCompute       = "2024-03-01"
-	armAPIVersionNetwork       = "2023-11-01"
-	armAPIVersionResources     = "2024-03-01"
-	armAPIVersionEventGrid     = "2024-06-01-preview"
+	armBaseURL                    = "https://management.azure.com"
+	armAPIVersionCompute          = "2024-03-01"
+	armAPIVersionNetwork          = "2023-11-01"
+	armAPIVersionResources        = "2024-03-01"
+	armAPIVersionEventGrid        = "2024-06-01-preview"
+	armAPIVersionResourceProvider = "2021-04-01"
 
 	lroDefaultPollInterval = 5 * time.Second
 	lroMaxPollDuration     = 30 * time.Minute
@@ -83,6 +84,81 @@ func (c *armClient) get(ctx context.Context, url string, dest any) error {
 	return json.NewDecoder(resp.Body).Decode(dest)
 }
 
+// post performs a POST request and returns the raw response.
+func (c *armClient) post(ctx context.Context, url string, body io.Reader) (*http.Response, error) {
+	resp, err := c.doRequest(ctx, http.MethodPost, url, body)
+	if err != nil {
+		return nil, err
+	}
+
+	if resp.StatusCode >= 400 {
+		defer resp.Body.Close()
+		return nil, readARMError(resp)
+	}
+
+	return resp, nil
+}
+
+// ensureResourceProviderRegistered checks whether an Azure resource provider
+// (e.g. "Microsoft.EventGrid") is registered, and if not, attempts to register
+// it. The method fails fast if the caller lacks permissions or if registration
+// does not complete within a short window.
+func (c *armClient) ensureResourceProviderRegistered(ctx context.Context, providerNamespace string) error {
+	checkURL := fmt.Sprintf("%s/subscriptions/%s/providers/%s?api-version=%s",
+		armBaseURL, c.subscriptionID, providerNamespace, armAPIVersionResourceProvider)
+
+	var provider struct {
+		RegistrationState string `json:"registrationState"`
+	}
+	if err := c.get(ctx, checkURL, &provider); err != nil {
+		return fmt.Errorf("failed to check %s registration state: %w", providerNamespace, err)
+	}
+
+	if provider.RegistrationState == "Registered" {
+		return nil
+	}
+
+	// Attempt to register the provider.
+	registerURL := fmt.Sprintf("%s/subscriptions/%s/providers/%s/register?api-version=%s",
+		armBaseURL, c.subscriptionID, providerNamespace, armAPIVersionResourceProvider)
+
+	resp, err := c.post(ctx, registerURL, nil)
+	if err != nil {
+		return fmt.Errorf(
+			"%s resource provider is not registered and auto-registration failed: %w. "+
+				"Please register it manually: az provider register --namespace %s",
+			providerNamespace, err, providerNamespace,
+		)
+	}
+	resp.Body.Close()
+
+	// Poll with a short timeout — registration typically takes 10-30s.
+	deadline := time.Now().Add(2 * time.Minute)
+	for {
+		if time.Now().After(deadline) {
+			return fmt.Errorf(
+				"timed out waiting for %s to register. "+
+					"Please register it manually and retry: az provider register --namespace %s",
+				providerNamespace, providerNamespace,
+			)
+		}
+
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		case <-time.After(5 * time.Second):
+		}
+
+		if err := c.get(ctx, checkURL, &provider); err != nil {
+			return fmt.Errorf("failed to check registration state: %w", err)
+		}
+
+		if provider.RegistrationState == "Registered" {
+			return nil
+		}
+	}
+}
+
 // put performs a PUT request with a JSON body and returns the raw response.
 func (c *armClient) put(ctx context.Context, url string, body any) (*http.Response, error) {
 	jsonBody, err := json.Marshal(body)

pkg/integrations/azure/azure_test.go

@@ -1,17 +1,66 @@
 package azure
 
 import (
+	"fmt"
 	"net/http"
 	"net/http/httptest"
 	"testing"
+	"time"
 
+	"github.com/google/uuid"
 	"github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"github.com/superplanehq/superplane/pkg/configuration"
 	"github.com/superplanehq/superplane/pkg/core"
+	"github.com/superplanehq/superplane/pkg/oidc"
 )
 
+// mockOIDCProvider implements oidc.Provider for testing.
+type mockOIDCProvider struct{}
+
+func (m *mockOIDCProvider) Sign(subject string, duration time.Duration, audience string, additionalClaims map[string]any) (string, error) {
+	return "mock-jwt-token", nil
+}
+
+func (m *mockOIDCProvider) PublicJWKs() []oidc.PublicJWK {
+	return nil
+}
+
+// mockIntegrationContext implements core.IntegrationContext for testing.
+type mockIntegrationContext struct {
+	id     string
+	config map[string]string
+}
+
+func (m *mockIntegrationContext) ID() uuid.UUID {
+	id, _ := uuid.Parse(m.id)
+	return id
+}
+
+func (m *mockIntegrationContext) GetConfig(name string) ([]byte, error) {
+	if v, ok := m.config[name]; ok {
+		return []byte(v), nil
+	}
+	return nil, fmt.Errorf("config %s not found", name)
+}
+
+func (m *mockIntegrationContext) GetMetadata() any                                 { return nil }
+func (m *mockIntegrationContext) SetMetadata(any)                                  {}
+func (m *mockIntegrationContext) Ready()                                           {}
+func (m *mockIntegrationContext) Error(string)                                     {}
+func (m *mockIntegrationContext) NewBrowserAction(core.BrowserAction)              {}
+func (m *mockIntegrationContext) RemoveBrowserAction()                             {}
+func (m *mockIntegrationContext) SetSecret(string, []byte) error                   { return nil }
+func (m *mockIntegrationContext) GetSecrets() ([]core.IntegrationSecret, error)    { return nil, nil }
+func (m *mockIntegrationContext) RequestWebhook(any) error                         { return nil }
+func (m *mockIntegrationContext) Subscribe(any) (*uuid.UUID, error)                { return nil, nil }
+func (m *mockIntegrationContext) ScheduleResync(time.Duration) error               { return nil }
+func (m *mockIntegrationContext) ScheduleActionCall(string, any, time.Duration) error { return nil }
+func (m *mockIntegrationContext) ListSubscriptions() ([]core.IntegrationSubscriptionContext, error) {
+	return nil, nil
+}
+
 func TestAzureIntegration_Name(t *testing.T) {
 	integration := &AzureIntegration{}
 	assert.Equal(t, "azure", integration.Name())
@@ -189,18 +238,39 @@ func TestAzureIntegration_HandleRequest_Unknown(t *testing.T) {
 	assert.Equal(t, http.StatusNotFound, rec.Code)
 }
 
-func TestAzureIntegration_GetProvider(t *testing.T) {
+func TestAzureIntegration_SetOIDCProvider(t *testing.T) {
 	integration := &AzureIntegration{}
 
-	// Initially nil
-	assert.Nil(t, integration.GetProvider())
+	assert.Nil(t, integration.oidcProvider)
+
+	mockOIDC := &mockOIDCProvider{}
+	integration.SetOIDCProvider(mockOIDC)
 
-	// Set a mock provider
+	assert.NotNil(t, integration.oidcProvider)
+	assert.Equal(t, mockOIDC, integration.oidcProvider)
+}
+
+func TestAzureIntegration_EnsureProvider_ReturnsCachedProvider(t *testing.T) {
 	provider := &AzureProvider{}
-	integration.provider = provider
+	integration := &AzureIntegration{
+		provider:      provider,
+		integrationID: "test-id",
+	}
 
-	assert.NotNil(t, integration.GetProvider())
-	assert.Equal(t, provider, integration.GetProvider())
+	ctx := &mockIntegrationContext{id: "test-id"}
+	result, err := integration.ensureProvider(ctx)
+	assert.NoError(t, err)
+	assert.Equal(t, provider, result)
+}
+
+func TestAzureIntegration_EnsureProvider_FailsWithoutOIDC(t *testing.T) {
+	integration := &AzureIntegration{}
+
+	ctx := &mockIntegrationContext{id: "test-id"}
+	result, err := integration.ensureProvider(ctx)
+	assert.Error(t, err)
+	assert.Nil(t, result)
+	assert.Contains(t, err.Error(), "OIDC provider not available")
 }
 
 func TestConfiguration_Struct(t *testing.T) {