fix: bypass_platform_safety_checks=false prevents update management t…

CHANGELOG.md

@@ -6,6 +6,13 @@ and this module adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## [5.0.1] - 2024-10-29
+
+Bugfix to make update management work again by default.
+
+### Changed
+- Set var.virtual_machine_config.bypass_platform_safety_checks_on_user_schedule_enabled to true
+
 ## [5.0.0] - 2024-08-30
 
 Added new features, variable change name and disk name validation.

README.md

@@ -219,13 +219,13 @@ resource "azurerm_network_security_group" "this" {
 | <a name="input_admin_password"></a> [admin\_password](#input\_admin\_password) | Password of the local administrator. | `string` | n/a | yes |
 | <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | Name of the resource group where the resources will be created. | `string` | n/a | yes |
 | <a name="input_severity_group"></a> [severity\_group](#input\_severity\_group) | The severity group of the virtual machine. Added as value of tag `Severity Group Monthly`. | `string` | n/a | yes |
-| <a name="input_subnet"></a> [subnet](#input\_subnet) | The variable takes the subnet as input and takes the id and the address prefix for further configuration. | <pre>object({<br>    id               = string<br>    address_prefixes = list(string)<br>  })</pre> | n/a | yes |
-| <a name="input_virtual_machine_config"></a> [virtual\_machine\_config](#input\_virtual\_machine\_config) | <pre>hostname: Name of the host system.<br>  size: The size of the vm. Possible values can be seen here: https://learn.microsoft.com/en-us/azure/virtual-machines/sizes<br>  location: The location of the virtual machine.<br>  os_sku: The os that will be running on the vm.<br>  os_version: Optionally specify an os version for the chosen sku. Defaults to latest.<br>  os_disk_caching: Optionally change the caching option of the os disk. Defaults to ReadWrite.<br>  os_disk_storage_type: Optionally change the os_disk_storage_type. Defaults to StandardSSD_LRS.<br>  os_disk_size_gb: Optionally change the size of the os disk. Defaults to be specified by image.<br>  admin_username: Optionally choose the admin_username of the vm. Defaults to loc_sysadmin.<br>    The local admin name could be changed by the gpo in the target ad.<br>  os_disk_write_accelerator_enabled: Optionally activate write accelaration for the os disk. Can only<br>    be activated on Premium_LRS disks and caching deactivated. Defaults to false.<br>  timezone: Optionally change the timezone of the VM. Defaults to UTC.<br>    (More timezone names: https://jackstromberg.com/2017/01/list-of-time-zones-consumed-by-azure/).<br>  zone: Optionally specify an availibility zone for the vm.<br>  availability_set_id: Optionally specify an availibilty set for the vm.<br>  proximity_placement_group_id: (Optional) The ID of the Proximity Placement Group which the Virtual Machine should be assigned to.<br>  patch_assessment_mode: Specifies the mode of VM Guest Patching for the Virtual Machine.<br>  patch_mode:  Specifies the mode of in-guest patching to this Windows Virtual Machine.<br>  bypass_platform_safety_checks_on_user_schedule_enabled: This setting ensures that machines are patched by using your configured schedules and not autopatched.<br>     Can only be set to true when patch_mode is set to AutomaticByPlatform.</pre> | <pre>object({<br>    hostname                          = string<br>    size                              = string<br>    location                          = string<br>    os_sku                            = string<br>    os_version                        = optional(string, "latest")<br>    os_disk_caching                   = optional(string, "ReadWrite")<br>    os_disk_storage_type              = optional(string, "StandardSSD_LRS")<br>    os_disk_size_gb                   = optional(number)<br>    os_disk_write_accelerator_enabled = optional(bool, false)<br>    admin_username                    = optional(string, "loc_sysadmin")<br>    timezone                          = optional(string, "UTC")<br>    zone                              = optional(string)<br>    availability_set_id               = optional(string)<br>    proximity_placement_group_id      = optional(string)<br>    patch_assessment_mode             = optional(string, "AutomaticByPlatform")<br>    patch_mode                        = optional(string, "AutomaticByPlatform")<br>    bypass_platform_safety_checks_on_user_schedule_enabled = optional(bool, false)<br>  })</pre> | n/a | yes |
+| <a name="input_subnet"></a> [subnet](#input\_subnet) | The variable takes the subnet as input and takes the id and the address prefix for further configuration. | <pre>object({<br/>    id               = string<br/>    address_prefixes = list(string)<br/>  })</pre> | n/a | yes |
+| <a name="input_virtual_machine_config"></a> [virtual\_machine\_config](#input\_virtual\_machine\_config) | <pre>hostname: Name of the host system.<br/>  size: The size of the vm. Possible values can be seen here: https://learn.microsoft.com/en-us/azure/virtual-machines/sizes<br/>  location: The location of the virtual machine.<br/>  os_sku: The os that will be running on the vm.<br/>  os_version: Optionally specify an os version for the chosen sku. Defaults to latest.<br/>  os_disk_caching: Optionally change the caching option of the os disk. Defaults to ReadWrite.<br/>  os_disk_storage_type: Optionally change the os_disk_storage_type. Defaults to StandardSSD_LRS.<br/>  os_disk_size_gb: Optionally change the size of the os disk. Defaults to be specified by image.<br/>  admin_username: Optionally choose the admin_username of the vm. Defaults to loc_sysadmin.<br/>    The local admin name could be changed by the gpo in the target ad.<br/>  os_disk_write_accelerator_enabled: Optionally activate write accelaration for the os disk. Can only<br/>    be activated on Premium_LRS disks and caching deactivated. Defaults to false.<br/>  timezone: Optionally change the timezone of the VM. Defaults to UTC.<br/>    (More timezone names: https://jackstromberg.com/2017/01/list-of-time-zones-consumed-by-azure/).<br/>  zone: Optionally specify an availibility zone for the vm.<br/>  availability_set_id: Optionally specify an availibilty set for the vm.<br/>  proximity_placement_group_id: (Optional) The ID of the Proximity Placement Group which the Virtual Machine should be assigned to.<br/>  patch_assessment_mode: Specifies the mode of VM Guest Patching for the Virtual Machine.<br/>  patch_mode:  Specifies the mode of in-guest patching to this Windows Virtual Machine.<br/>  bypass_platform_safety_checks_on_user_schedule_enabled: This setting ensures that machines are patched by using your configured schedules and not autopatched.<br/>     Can only be set to true when patch_mode is set to AutomaticByPlatform.</pre> | <pre>object({<br/>    hostname                          = string<br/>    size                              = string<br/>    location                          = string<br/>    os_sku                            = string<br/>    os_version                        = optional(string, "latest")<br/>    os_disk_caching                   = optional(string, "ReadWrite")<br/>    os_disk_storage_type              = optional(string, "StandardSSD_LRS")<br/>    os_disk_size_gb                   = optional(number)<br/>    os_disk_write_accelerator_enabled = optional(bool, false)<br/>    admin_username                    = optional(string, "loc_sysadmin")<br/>    timezone                          = optional(string, "UTC")<br/>    zone                              = optional(string)<br/>    availability_set_id               = optional(string)<br/>    proximity_placement_group_id      = optional(string)<br/>    patch_assessment_mode             = optional(string, "AutomaticByPlatform")<br/>    patch_mode                        = optional(string, "AutomaticByPlatform")<br/>    bypass_platform_safety_checks_on_user_schedule_enabled = optional(bool, true)<br/>  })</pre> | n/a | yes |
 | <a name="input_additional_network_interface_ids"></a> [additional\_network\_interface\_ids](#input\_additional\_network\_interface\_ids) | List of ids for additional azurerm\_network\_interface. | `list(string)` | `[]` | no |
-| <a name="input_data_disks"></a> [data\_disks](#input\_data\_disks) | <pre><logical name of the data disk> = {<br>  lun: Number of the lun.<br>  disk_size_gb: The size of the data disk.<br>  storage_account_type: Optionally change the storage_account_type. Defaults to StandardSSD_LRS.<br>  caching: Optionally activate disk caching. Defaults to None.<br>  create_option: Optionally change the create option. Defaults to Empty disk.<br>  source_resource_id: (Optional) The ID of an existing Managed Disk or Snapshot to copy when create_option is Copy or<br>    the recovery point to restore when create_option is Restore. Changing this forces a new resource to be created.<br>  write_accelerator_enabled: Optionally activate write accelaration for the data disk. Can only<br>    be activated on Premium disks and caching deactivated. Defaults to false.<br>  on_demand_bursting_enabled: Optionally activate disk bursting. Only for Premium disk with size to 512 Gb up. Default false.<br> }</pre> | <pre>map(object({<br>    lun                        = number<br>    disk_size_gb               = number<br>    caching                    = optional(string, "ReadWrite")<br>    create_option              = optional(string, "Empty")<br>    source_resource_id         = optional(string)<br>    storage_account_type       = optional(string, "StandardSSD_LRS")<br>    write_accelerator_enabled  = optional(bool, false)<br>    on_demand_bursting_enabled = optional(bool, false)<br>  }))</pre> | `{}` | no |
-| <a name="input_name_overrides"></a> [name\_overrides](#input\_name\_overrides) | Possibility to override names that will be generated according to q.beyond naming convention. | <pre>object({<br>    nic             = optional(string)<br>    nic_ip_config   = optional(string)<br>    public_ip       = optional(string)<br>    virtual_machine = optional(string)<br>    os_disk         = optional(string)<br>    data_disks      = optional(map(string), {})<br>  })</pre> | `{}` | no |
-| <a name="input_nic_config"></a> [nic\_config](#input\_nic\_config) | <pre>private_ip: Optioanlly specify a private ip to use. Otherwise it will  be allocated dynamically.<br>  dns_servers: Optionally specify a list of dns servers for the nic.<br>  enable_accelerated_networking: Enabled Accelerated networking (SR-IOV) on the NIC. The machine SKU must support this feature.<br>  nsg: Although it is discouraged you can optionally assign an NSG to the NIC. Optionally specify a NSG object.</pre> | <pre>object({<br>    private_ip                    = optional(string)<br>    dns_servers                   = optional(list(string))<br>    enable_accelerated_networking = optional(bool, false)<br>    nsg = optional(object({<br>      id = string<br>    }))<br>  })</pre> | `{}` | no |
-| <a name="input_public_ip_config"></a> [public\_ip\_config](#input\_public\_ip\_config) | <pre>enabled: Optionally select true if a public ip should be created. Defaults to false.<br>  allocation_method: The allocation method of the public ip that will be created. Defaults to static.</pre> | <pre>object({<br>    enabled           = bool<br>    allocation_method = optional(string, "Static")<br>  })</pre> | <pre>{<br>  "enabled": false<br>}</pre> | no |
+| <a name="input_data_disks"></a> [data\_disks](#input\_data\_disks) | <pre><logical name of the data disk> = {<br/>  lun: Number of the lun.<br/>  disk_size_gb: The size of the data disk.<br/>  storage_account_type: Optionally change the storage_account_type. Defaults to StandardSSD_LRS.<br/>  caching: Optionally activate disk caching. Defaults to None.<br/>  create_option: Optionally change the create option. Defaults to Empty disk.<br/>  source_resource_id: (Optional) The ID of an existing Managed Disk or Snapshot to copy when create_option is Copy or<br/>    the recovery point to restore when create_option is Restore. Changing this forces a new resource to be created.<br/>  write_accelerator_enabled: Optionally activate write accelaration for the data disk. Can only<br/>    be activated on Premium disks and caching deactivated. Defaults to false.<br/>  on_demand_bursting_enabled: Optionally activate disk bursting. Only for Premium disk with size to 512 Gb up. Default false.<br/> }</pre> | <pre>map(object({<br/>    lun                        = number<br/>    disk_size_gb               = number<br/>    caching                    = optional(string, "ReadWrite")<br/>    create_option              = optional(string, "Empty")<br/>    source_resource_id         = optional(string)<br/>    storage_account_type       = optional(string, "StandardSSD_LRS")<br/>    write_accelerator_enabled  = optional(bool, false)<br/>    on_demand_bursting_enabled = optional(bool, false)<br/>  }))</pre> | `{}` | no |
+| <a name="input_name_overrides"></a> [name\_overrides](#input\_name\_overrides) | Possibility to override names that will be generated according to q.beyond naming convention. | <pre>object({<br/>    nic             = optional(string)<br/>    nic_ip_config   = optional(string)<br/>    public_ip       = optional(string)<br/>    virtual_machine = optional(string)<br/>    os_disk         = optional(string)<br/>    data_disks      = optional(map(string), {})<br/>  })</pre> | `{}` | no |
+| <a name="input_nic_config"></a> [nic\_config](#input\_nic\_config) | <pre>private_ip: Optioanlly specify a private ip to use. Otherwise it will  be allocated dynamically.<br/>  dns_servers: Optionally specify a list of dns servers for the nic.<br/>  enable_accelerated_networking: Enabled Accelerated networking (SR-IOV) on the NIC. The machine SKU must support this feature.<br/>  nsg: Although it is discouraged you can optionally assign an NSG to the NIC. Optionally specify a NSG object.</pre> | <pre>object({<br/>    private_ip                    = optional(string)<br/>    dns_servers                   = optional(list(string))<br/>    enable_accelerated_networking = optional(bool, false)<br/>    nsg = optional(object({<br/>      id = string<br/>    }))<br/>  })</pre> | `{}` | no |
+| <a name="input_public_ip_config"></a> [public\_ip\_config](#input\_public\_ip\_config) | <pre>enabled: Optionally select true if a public ip should be created. Defaults to false.<br/>  allocation_method: The allocation method of the public ip that will be created. Defaults to static.</pre> | <pre>object({<br/>    enabled           = bool<br/>    allocation_method = optional(string, "Static")<br/>  })</pre> | <pre>{<br/>  "enabled": false<br/>}</pre> | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to add to the resources created in this module | `map(string)` | `{}` | no |
 | <a name="input_update_allowed"></a> [update\_allowed](#input\_update\_allowed) | Set the tag `Update allowed`. `True` will set `yes`, `false` to `no`. | `bool` | `true` | no |
 ## Outputs

variables.tf

@@ -74,7 +74,7 @@ variable "virtual_machine_config" {
     proximity_placement_group_id      = optional(string)
     patch_assessment_mode             = optional(string, "AutomaticByPlatform")
     patch_mode                        = optional(string, "AutomaticByPlatform")
-    bypass_platform_safety_checks_on_user_schedule_enabled = optional(bool, false)
+    bypass_platform_safety_checks_on_user_schedule_enabled = optional(bool, true)
   })
   validation {
     condition     = contains(["None", "ReadOnly", "ReadWrite"], var.virtual_machine_config.os_disk_caching)