From 5ae01efd5077804d84e3ae8e00cfb4b0de02ff67 Mon Sep 17 00:00:00 2001 From: QBY-MauriceBaerisch Date: Tue, 29 Oct 2024 08:13:40 +0100 Subject: [PATCH 1/3] fix: bypass_platform_safety_checks=false prevents update management to work --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index deab150..2d9c352 100644 --- a/variables.tf +++ b/variables.tf @@ -74,7 +74,7 @@ variable "virtual_machine_config" { proximity_placement_group_id = optional(string) patch_assessment_mode = optional(string, "AutomaticByPlatform") patch_mode = optional(string, "AutomaticByPlatform") - bypass_platform_safety_checks_on_user_schedule_enabled = optional(bool, false) + bypass_platform_safety_checks_on_user_schedule_enabled = optional(bool, true) }) validation { condition = contains(["None", "ReadOnly", "ReadWrite"], var.virtual_machine_config.os_disk_caching) From c77b8ae8764fcb65e73f14d51bb52f0c46d881a0 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 29 Oct 2024 07:14:44 +0000 Subject: [PATCH 2/3] terraform-docs: automated action --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index e7efca1..64fea00 100644 --- a/README.md +++ b/README.md @@ -219,13 +219,13 @@ resource "azurerm_network_security_group" "this" { | [admin\_password](#input\_admin\_password) | Password of the local administrator. | `string` | n/a | yes | | [resource\_group\_name](#input\_resource\_group\_name) | Name of the resource group where the resources will be created. | `string` | n/a | yes | | [severity\_group](#input\_severity\_group) | The severity group of the virtual machine. Added as value of tag `Severity Group Monthly`. | `string` | n/a | yes | -| [subnet](#input\_subnet) | The variable takes the subnet as input and takes the id and the address prefix for further configuration. | 
object({
    id               = string
    address_prefixes = list(string)
  })
| n/a | yes | -| [virtual\_machine\_config](#input\_virtual\_machine\_config) | 
hostname: Name of the host system.
  size: The size of the vm. Possible values can be seen here: https://learn.microsoft.com/en-us/azure/virtual-machines/sizes
  location: The location of the virtual machine.
  os_sku: The os that will be running on the vm.
  os_version: Optionally specify an os version for the chosen sku. Defaults to latest.
  os_disk_caching: Optionally change the caching option of the os disk. Defaults to ReadWrite.
  os_disk_storage_type: Optionally change the os_disk_storage_type. Defaults to StandardSSD_LRS.
  os_disk_size_gb: Optionally change the size of the os disk. Defaults to be specified by image.
  admin_username: Optionally choose the admin_username of the vm. Defaults to loc_sysadmin.
    The local admin name could be changed by the gpo in the target ad.
  os_disk_write_accelerator_enabled: Optionally activate write accelaration for the os disk. Can only
    be activated on Premium_LRS disks and caching deactivated. Defaults to false.
  timezone: Optionally change the timezone of the VM. Defaults to UTC.
    (More timezone names: https://jackstromberg.com/2017/01/list-of-time-zones-consumed-by-azure/).
  zone: Optionally specify an availibility zone for the vm.
  availability_set_id: Optionally specify an availibilty set for the vm.
  proximity_placement_group_id: (Optional) The ID of the Proximity Placement Group which the Virtual Machine should be assigned to.
  patch_assessment_mode: Specifies the mode of VM Guest Patching for the Virtual Machine.
  patch_mode:  Specifies the mode of in-guest patching to this Windows Virtual Machine.
  bypass_platform_safety_checks_on_user_schedule_enabled: This setting ensures that machines are patched by using your configured schedules and not autopatched.
     Can only be set to true when patch_mode is set to AutomaticByPlatform.
| 
object({
    hostname                          = string
    size                              = string
    location                          = string
    os_sku                            = string
    os_version                        = optional(string, "latest")
    os_disk_caching                   = optional(string, "ReadWrite")
    os_disk_storage_type              = optional(string, "StandardSSD_LRS")
    os_disk_size_gb                   = optional(number)
    os_disk_write_accelerator_enabled = optional(bool, false)
    admin_username                    = optional(string, "loc_sysadmin")
    timezone                          = optional(string, "UTC")
    zone                              = optional(string)
    availability_set_id               = optional(string)
    proximity_placement_group_id      = optional(string)
    patch_assessment_mode             = optional(string, "AutomaticByPlatform")
    patch_mode                        = optional(string, "AutomaticByPlatform")
    bypass_platform_safety_checks_on_user_schedule_enabled = optional(bool, false)
  })
| n/a | yes | +| [subnet](#input\_subnet) | The variable takes the subnet as input and takes the id and the address prefix for further configuration. | 
object({
    id               = string
    address_prefixes = list(string)
  })
| n/a | yes | +| [virtual\_machine\_config](#input\_virtual\_machine\_config) | 
hostname: Name of the host system.
  size: The size of the vm. Possible values can be seen here: https://learn.microsoft.com/en-us/azure/virtual-machines/sizes
  location: The location of the virtual machine.
  os_sku: The os that will be running on the vm.
  os_version: Optionally specify an os version for the chosen sku. Defaults to latest.
  os_disk_caching: Optionally change the caching option of the os disk. Defaults to ReadWrite.
  os_disk_storage_type: Optionally change the os_disk_storage_type. Defaults to StandardSSD_LRS.
  os_disk_size_gb: Optionally change the size of the os disk. Defaults to be specified by image.
  admin_username: Optionally choose the admin_username of the vm. Defaults to loc_sysadmin.
    The local admin name could be changed by the gpo in the target ad.
  os_disk_write_accelerator_enabled: Optionally activate write accelaration for the os disk. Can only
    be activated on Premium_LRS disks and caching deactivated. Defaults to false.
  timezone: Optionally change the timezone of the VM. Defaults to UTC.
    (More timezone names: https://jackstromberg.com/2017/01/list-of-time-zones-consumed-by-azure/).
  zone: Optionally specify an availibility zone for the vm.
  availability_set_id: Optionally specify an availibilty set for the vm.
  proximity_placement_group_id: (Optional) The ID of the Proximity Placement Group which the Virtual Machine should be assigned to.
  patch_assessment_mode: Specifies the mode of VM Guest Patching for the Virtual Machine.
  patch_mode:  Specifies the mode of in-guest patching to this Windows Virtual Machine.
  bypass_platform_safety_checks_on_user_schedule_enabled: This setting ensures that machines are patched by using your configured schedules and not autopatched.
     Can only be set to true when patch_mode is set to AutomaticByPlatform.
| 
object({
    hostname                          = string
    size                              = string
    location                          = string
    os_sku                            = string
    os_version                        = optional(string, "latest")
    os_disk_caching                   = optional(string, "ReadWrite")
    os_disk_storage_type              = optional(string, "StandardSSD_LRS")
    os_disk_size_gb                   = optional(number)
    os_disk_write_accelerator_enabled = optional(bool, false)
    admin_username                    = optional(string, "loc_sysadmin")
    timezone                          = optional(string, "UTC")
    zone                              = optional(string)
    availability_set_id               = optional(string)
    proximity_placement_group_id      = optional(string)
    patch_assessment_mode             = optional(string, "AutomaticByPlatform")
    patch_mode                        = optional(string, "AutomaticByPlatform")
    bypass_platform_safety_checks_on_user_schedule_enabled = optional(bool, true)
  })
| n/a | yes | | [additional\_network\_interface\_ids](#input\_additional\_network\_interface\_ids) | List of ids for additional azurerm\_network\_interface. | `list(string)` | `[]` | no | -| [data\_disks](#input\_data\_disks) | 
 = {
  lun: Number of the lun.
  disk_size_gb: The size of the data disk.
  storage_account_type: Optionally change the storage_account_type. Defaults to StandardSSD_LRS.
  caching: Optionally activate disk caching. Defaults to None.
  create_option: Optionally change the create option. Defaults to Empty disk.
  source_resource_id: (Optional) The ID of an existing Managed Disk or Snapshot to copy when create_option is Copy or
    the recovery point to restore when create_option is Restore. Changing this forces a new resource to be created.
  write_accelerator_enabled: Optionally activate write accelaration for the data disk. Can only
    be activated on Premium disks and caching deactivated. Defaults to false.
  on_demand_bursting_enabled: Optionally activate disk bursting. Only for Premium disk with size to 512 Gb up. Default false.
 }
| 
map(object({
    lun                        = number
    disk_size_gb               = number
    caching                    = optional(string, "ReadWrite")
    create_option              = optional(string, "Empty")
    source_resource_id         = optional(string)
    storage_account_type       = optional(string, "StandardSSD_LRS")
    write_accelerator_enabled  = optional(bool, false)
    on_demand_bursting_enabled = optional(bool, false)
  }))
| `{}` | no | -| [name\_overrides](#input\_name\_overrides) | Possibility to override names that will be generated according to q.beyond naming convention. | 
object({
    nic             = optional(string)
    nic_ip_config   = optional(string)
    public_ip       = optional(string)
    virtual_machine = optional(string)
    os_disk         = optional(string)
    data_disks      = optional(map(string), {})
  })
| `{}` | no | -| [nic\_config](#input\_nic\_config) | 
private_ip: Optioanlly specify a private ip to use. Otherwise it will  be allocated dynamically.
  dns_servers: Optionally specify a list of dns servers for the nic.
  enable_accelerated_networking: Enabled Accelerated networking (SR-IOV) on the NIC. The machine SKU must support this feature.
  nsg: Although it is discouraged you can optionally assign an NSG to the NIC. Optionally specify a NSG object.
| 
object({
    private_ip                    = optional(string)
    dns_servers                   = optional(list(string))
    enable_accelerated_networking = optional(bool, false)
    nsg = optional(object({
      id = string
    }))
  })
| `{}` | no | -| [public\_ip\_config](#input\_public\_ip\_config) | 
enabled: Optionally select true if a public ip should be created. Defaults to false.
  allocation_method: The allocation method of the public ip that will be created. Defaults to static.
| 
object({
    enabled           = bool
    allocation_method = optional(string, "Static")
  })
| 
{
  "enabled": false
}
| no | +| [data\_disks](#input\_data\_disks) | 
 = {
  lun: Number of the lun.
  disk_size_gb: The size of the data disk.
  storage_account_type: Optionally change the storage_account_type. Defaults to StandardSSD_LRS.
  caching: Optionally activate disk caching. Defaults to None.
  create_option: Optionally change the create option. Defaults to Empty disk.
  source_resource_id: (Optional) The ID of an existing Managed Disk or Snapshot to copy when create_option is Copy or
    the recovery point to restore when create_option is Restore. Changing this forces a new resource to be created.
  write_accelerator_enabled: Optionally activate write accelaration for the data disk. Can only
    be activated on Premium disks and caching deactivated. Defaults to false.
  on_demand_bursting_enabled: Optionally activate disk bursting. Only for Premium disk with size to 512 Gb up. Default false.
 }
| 
map(object({
    lun                        = number
    disk_size_gb               = number
    caching                    = optional(string, "ReadWrite")
    create_option              = optional(string, "Empty")
    source_resource_id         = optional(string)
    storage_account_type       = optional(string, "StandardSSD_LRS")
    write_accelerator_enabled  = optional(bool, false)
    on_demand_bursting_enabled = optional(bool, false)
  }))
| `{}` | no | +| [name\_overrides](#input\_name\_overrides) | Possibility to override names that will be generated according to q.beyond naming convention. | 
object({
    nic             = optional(string)
    nic_ip_config   = optional(string)
    public_ip       = optional(string)
    virtual_machine = optional(string)
    os_disk         = optional(string)
    data_disks      = optional(map(string), {})
  })
| `{}` | no | +| [nic\_config](#input\_nic\_config) | 
private_ip: Optioanlly specify a private ip to use. Otherwise it will  be allocated dynamically.
  dns_servers: Optionally specify a list of dns servers for the nic.
  enable_accelerated_networking: Enabled Accelerated networking (SR-IOV) on the NIC. The machine SKU must support this feature.
  nsg: Although it is discouraged you can optionally assign an NSG to the NIC. Optionally specify a NSG object.
| 
object({
    private_ip                    = optional(string)
    dns_servers                   = optional(list(string))
    enable_accelerated_networking = optional(bool, false)
    nsg = optional(object({
      id = string
    }))
  })
| `{}` | no | +| [public\_ip\_config](#input\_public\_ip\_config) | 
enabled: Optionally select true if a public ip should be created. Defaults to false.
  allocation_method: The allocation method of the public ip that will be created. Defaults to static.
| 
object({
    enabled           = bool
    allocation_method = optional(string, "Static")
  })
| 
{
  "enabled": false
}
| no | | [tags](#input\_tags) | A mapping of tags to add to the resources created in this module | `map(string)` | `{}` | no | | [update\_allowed](#input\_update\_allowed) | Set the tag `Update allowed`. `True` will set `yes`, `false` to `no`. | `bool` | `true` | no | ## Outputs From 37506d63ae2f6eca3ef31efdc1c0306683c58e6b Mon Sep 17 00:00:00 2001 From: QBY-MauriceBaerisch Date: Tue, 29 Oct 2024 08:17:48 +0100 Subject: [PATCH 3/3] Update CHANGELOG.md --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6f923e6..283509d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,13 @@ and this module adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0. ## [Unreleased] +## [5.0.1] - 2024-10-29 + +Bugfix to make update management work again by default. + +### Changed +- Set var.virtual_machine_config.bypass_platform_safety_checks_on_user_schedule_enabled to true + ## [5.0.0] - 2024-08-30 Added new features, variable change name and disk name validation.