From 756f9ee777d330ad114fb7a06f482fb8a8cb7e7d Mon Sep 17 00:00:00 2001
From: Melo <se@cloudeteer.de>
Date: Wed, 25 Sep 2024 14:12:44 +0200
Subject: [PATCH] Add `var.tags` to OS-disk (#32)

* Add workaround for OS-disk tags

Signed-off-by: Melody Sofia Eroshevich <se@cloudeteer.de>

* Add workaround for OS-disk tags

Signed-off-by: Melody Sofia Eroshevich <se@cloudeteer.de>

* Add workaround for OS-disk tags

Signed-off-by: Melody Sofia Eroshevich <se@cloudeteer.de>

* Add workaround for OS-disk tags

Signed-off-by: Melody Sofia Eroshevich <se@cloudeteer.de>

* Add validation for hotpatching_enabled

Signed-off-by: Melody Sofia Eroshevich <se@cloudeteer.de>

---------

Signed-off-by: Melody Sofia Eroshevich <se@cloudeteer.de>
---
 README.md                                         |  4 ++++
 r-vm.tf                                           | 15 +++++++++++++++
 .../mocks/azurerm_managed_disk.tfmock.hcl         |  5 +++++
 tests/local/mocks/azurerm_managed_disk.tfmock.hcl |  5 +++++
 variables.tf                                      |  2 ++
 5 files changed, 31 insertions(+)
 create mode 100644 tests/examples/mocks/azurerm_managed_disk.tfmock.hcl
 create mode 100644 tests/local/mocks/azurerm_managed_disk.tfmock.hcl

diff --git a/README.md b/README.md
index 62ce62a..4089a13 100644
--- a/README.md
+++ b/README.md
@@ -124,6 +124,7 @@ The following providers are used by this module:
 
 The following resources are used by this module:
 
+- [azapi_resource_action.this](https://registry.terraform.io/providers/azure/azapi/latest/docs/resources/resource_action) (resource)
 - [azurerm_backup_protected_vm.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_protected_vm) (resource)
 - [azurerm_key_vault_secret.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) (resource)
 - [azurerm_linux_virtual_machine.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine) (resource)
@@ -139,6 +140,7 @@ The following resources are used by this module:
 - [azapi_client_config.current](https://registry.terraform.io/providers/azure/azapi/latest/docs/data-sources/client_config) (data source)
 - [azapi_resource.virtual_machine_image](https://registry.terraform.io/providers/azure/azapi/latest/docs/data-sources/resource) (data source)
 - [azapi_resource_list.virtual_machine_images](https://registry.terraform.io/providers/azure/azapi/latest/docs/data-sources/resource_list) (data source)
+- [azurerm_managed_disk.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/managed_disk) (data source)
 
 ## Required Inputs
 
@@ -463,6 +465,8 @@ Description: Should the Windows VM be patched without requiring a reboot? [more
 
 **NOTE**: Hotpatching can only be enabled if the `patch_mode` is set to `AutomaticByPlatform`, the `provision_vm_agent` is set to `true`, your `source_image_reference` references a hotpatching enabled image, and the VM's `size` is set to a [Azure generation 2 VM](https://learn.microsoft.com/en-gb/azure/virtual-machines/generation-2#generation-2-vm-sizes).
 
+**CAUTION**: The setting `bypass_platform_safety_checks_on_user_schedule_enabled` is set to `true` by default. To enable hotpatching, change it to `false`.
+
 Type: `bool`
 
 Default: `false`
diff --git a/r-vm.tf b/r-vm.tf
index 224afc5..94691d3 100644
--- a/r-vm.tf
+++ b/r-vm.tf
@@ -209,3 +209,18 @@ resource "azurerm_windows_virtual_machine" "this" {
     ]
   }
 }
+
+data "azurerm_managed_disk" "this" {
+  name                = local.virtual_machine.os_disk[0].name
+  resource_group_name = var.resource_group_name
+}
+
+resource "azapi_resource_action" "this" {
+  type        = "Microsoft.Compute/disks@2024-03-02"
+  resource_id = data.azurerm_managed_disk.this.id
+  method      = "PATCH"
+
+  body = {
+    tags = var.tags
+  }
+}
diff --git a/tests/examples/mocks/azurerm_managed_disk.tfmock.hcl b/tests/examples/mocks/azurerm_managed_disk.tfmock.hcl
new file mode 100644
index 0000000..ae8b5b6
--- /dev/null
+++ b/tests/examples/mocks/azurerm_managed_disk.tfmock.hcl
@@ -0,0 +1,5 @@
+mock_data "azurerm_managed_disk" {
+  defaults = {
+    id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/RG-MOCK/providers/Microsoft.Compute/disks/DISK-MOCK"
+  }
+}
diff --git a/tests/local/mocks/azurerm_managed_disk.tfmock.hcl b/tests/local/mocks/azurerm_managed_disk.tfmock.hcl
new file mode 100644
index 0000000..ae8b5b6
--- /dev/null
+++ b/tests/local/mocks/azurerm_managed_disk.tfmock.hcl
@@ -0,0 +1,5 @@
+mock_data "azurerm_managed_disk" {
+  defaults = {
+    id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/RG-MOCK/providers/Microsoft.Compute/disks/DISK-MOCK"
+  }
+}
diff --git a/variables.tf b/variables.tf
index f87d4ea..9e7e183 100644
--- a/variables.tf
+++ b/variables.tf
@@ -275,6 +275,8 @@ variable "hotpatching_enabled" {
     Should the Windows VM be patched without requiring a reboot? [more infos](https://learn.microsoft.com/windows-server/get-started/hotpatch)
 
     **NOTE**: Hotpatching can only be enabled if the `patch_mode` is set to `AutomaticByPlatform`, the `provision_vm_agent` is set to `true`, your `source_image_reference` references a hotpatching enabled image, and the VM's `size` is set to a [Azure generation 2 VM](https://learn.microsoft.com/en-gb/azure/virtual-machines/generation-2#generation-2-vm-sizes).
+
+    **CAUTION**: The setting `bypass_platform_safety_checks_on_user_schedule_enabled` is set to `true` by default. To enable hotpatching, change it to `false`.
   EOT
 
   type = bool