From 0e36cb379c1a39268fe044ca57788df847ab0418 Mon Sep 17 00:00:00 2001 From: Melody Sofia Eroshevich Date: Wed, 25 Sep 2024 11:47:36 +0200 Subject: [PATCH 1/5] Add workaround for OS-disk tags Signed-off-by: Melody Sofia Eroshevich --- README.md | 4 ++++ r-vm.tf | 15 +++++++++++++++ variables.tf | 2 ++ 3 files changed, 21 insertions(+) diff --git a/README.md b/README.md index 62ce62a..4089a13 100644 --- a/README.md +++ b/README.md @@ -124,6 +124,7 @@ The following providers are used by this module: The following resources are used by this module: +- [azapi_resource_action.this](https://registry.terraform.io/providers/azure/azapi/latest/docs/resources/resource_action) (resource) - [azurerm_backup_protected_vm.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_protected_vm) (resource) - [azurerm_key_vault_secret.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) (resource) - [azurerm_linux_virtual_machine.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine) (resource) @@ -139,6 +140,7 @@ The following resources are used by this module: - [azapi_client_config.current](https://registry.terraform.io/providers/azure/azapi/latest/docs/data-sources/client_config) (data source) - [azapi_resource.virtual_machine_image](https://registry.terraform.io/providers/azure/azapi/latest/docs/data-sources/resource) (data source) - [azapi_resource_list.virtual_machine_images](https://registry.terraform.io/providers/azure/azapi/latest/docs/data-sources/resource_list) (data source) +- [azurerm_managed_disk.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/managed_disk) (data source) ## Required Inputs @@ -463,6 +465,8 @@ Description: Should the Windows VM be patched without requiring a reboot? [more **NOTE**: Hotpatching can only be enabled if the `patch_mode` is set to `AutomaticByPlatform`, the `provision_vm_agent` is set to `true`, your `source_image_reference` references a hotpatching enabled image, and the VM's `size` is set to a [Azure generation 2 VM](https://learn.microsoft.com/en-gb/azure/virtual-machines/generation-2#generation-2-vm-sizes). +**CAUTION**: The setting `bypass_platform_safety_checks_on_user_schedule_enabled` is set to `true` by default. To enable hotpatching, change it to `false`. + Type: `bool` Default: `false` diff --git a/r-vm.tf b/r-vm.tf index 224afc5..f52705c 100644 --- a/r-vm.tf +++ b/r-vm.tf @@ -209,3 +209,18 @@ resource "azurerm_windows_virtual_machine" "this" { ] } } + +data "azurerm_managed_disk" "this" { + name = local.virtual_machine.os_disk[0].name + resource_group_name = var.resource_group_name +} + +resource "azapi_resource_action" "this" { + type = "Microsoft.Compute/disks@2022-03-02" + resource_id = data.azurerm_managed_disk.this.id + method = "PATCH" + + body = { + tags = var.tags + } +} diff --git a/variables.tf b/variables.tf index 6e61a12..d2f0c5b 100644 --- a/variables.tf +++ b/variables.tf @@ -275,6 +275,8 @@ variable "hotpatching_enabled" { Should the Windows VM be patched without requiring a reboot? [more infos](https://learn.microsoft.com/windows-server/get-started/hotpatch) **NOTE**: Hotpatching can only be enabled if the `patch_mode` is set to `AutomaticByPlatform`, the `provision_vm_agent` is set to `true`, your `source_image_reference` references a hotpatching enabled image, and the VM's `size` is set to a [Azure generation 2 VM](https://learn.microsoft.com/en-gb/azure/virtual-machines/generation-2#generation-2-vm-sizes). + + **CAUTION**: The setting `bypass_platform_safety_checks_on_user_schedule_enabled` is set to `true` by default. To enable hotpatching, change it to `false`. EOT type = bool From daa882e96e9b15529b9d3381def2a70c14b0c721 Mon Sep 17 00:00:00 2001 From: Melody Sofia Eroshevich Date: Wed, 25 Sep 2024 12:15:45 +0200 Subject: [PATCH 2/5] Add workaround for OS-disk tags Signed-off-by: Melody Sofia Eroshevich --- tests/examples/mocks/azurerm_managed_disk.tfmock.hcl | 5 +++++ tests/local/mocks/azurerm_managed_disk.tfmock.hcl | 5 +++++ 2 files changed, 10 insertions(+) create mode 100644 tests/examples/mocks/azurerm_managed_disk.tfmock.hcl create mode 100644 tests/local/mocks/azurerm_managed_disk.tfmock.hcl diff --git a/tests/examples/mocks/azurerm_managed_disk.tfmock.hcl b/tests/examples/mocks/azurerm_managed_disk.tfmock.hcl new file mode 100644 index 0000000..ae8b5b6 --- /dev/null +++ b/tests/examples/mocks/azurerm_managed_disk.tfmock.hcl @@ -0,0 +1,5 @@ +mock_data "azurerm_managed_disk" { + defaults = { + id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/RG-MOCK/providers/Microsoft.Compute/disks/DISK-MOCK" + } +} diff --git a/tests/local/mocks/azurerm_managed_disk.tfmock.hcl b/tests/local/mocks/azurerm_managed_disk.tfmock.hcl new file mode 100644 index 0000000..ae8b5b6 --- /dev/null +++ b/tests/local/mocks/azurerm_managed_disk.tfmock.hcl @@ -0,0 +1,5 @@ +mock_data "azurerm_managed_disk" { + defaults = { + id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/RG-MOCK/providers/Microsoft.Compute/disks/DISK-MOCK" + } +} From 14d99555555c7fd0f4ec9967fcaef97e070aa4e0 Mon Sep 17 00:00:00 2001 From: Melody Sofia Eroshevich Date: Wed, 25 Sep 2024 12:16:35 +0200 Subject: [PATCH 3/5] Add workaround for OS-disk tags Signed-off-by: Melody Sofia Eroshevich --- r-vm.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/r-vm.tf b/r-vm.tf index f52705c..f84716d 100644 --- a/r-vm.tf +++ b/r-vm.tf @@ -211,7 +211,7 @@ resource "azurerm_windows_virtual_machine" "this" { } data "azurerm_managed_disk" "this" { - name = local.virtual_machine.os_disk[0].name + name = local.virtual_machine.os_disk[0].name resource_group_name = var.resource_group_name } From 504e7119ca7a07dc5a0a2c228b6ec481fa5f2dde Mon Sep 17 00:00:00 2001 From: Melody Sofia Eroshevich Date: Wed, 25 Sep 2024 12:21:57 +0200 Subject: [PATCH 4/5] Add workaround for OS-disk tags Signed-off-by: Melody Sofia Eroshevich --- .github/workflows/module-ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/module-ci.yaml b/.github/workflows/module-ci.yaml index ec15a50..c548699 100644 --- a/.github/workflows/module-ci.yaml +++ b/.github/workflows/module-ci.yaml @@ -15,7 +15,7 @@ on: jobs: module-ci: - uses: cloudeteer/terraform-governance/.github/workflows/module-ci.yaml@main + uses: cloudeteer/terraform-governance/.github/workflows/module-ci.yaml@44-terraforms-azureapi-provider-seems-to-not-use-the-az-login-session permissions: contents: write id-token: write From eea360a8a1a62a7c016e2bd37a6b3f5dcadc7249 Mon Sep 17 00:00:00 2001 From: Melody Sofia Eroshevich Date: Wed, 25 Sep 2024 13:09:14 +0200 Subject: [PATCH 5/5] Add validation for hotpatching_enabled Signed-off-by: Melody Sofia Eroshevich --- .github/workflows/module-ci.yaml | 2 +- r-vm.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/module-ci.yaml b/.github/workflows/module-ci.yaml index c548699..ec15a50 100644 --- a/.github/workflows/module-ci.yaml +++ b/.github/workflows/module-ci.yaml @@ -15,7 +15,7 @@ on: jobs: module-ci: - uses: cloudeteer/terraform-governance/.github/workflows/module-ci.yaml@44-terraforms-azureapi-provider-seems-to-not-use-the-az-login-session + uses: cloudeteer/terraform-governance/.github/workflows/module-ci.yaml@main permissions: contents: write id-token: write diff --git a/r-vm.tf b/r-vm.tf index f84716d..94691d3 100644 --- a/r-vm.tf +++ b/r-vm.tf @@ -216,7 +216,7 @@ data "azurerm_managed_disk" "this" { } resource "azapi_resource_action" "this" { - type = "Microsoft.Compute/disks@2022-03-02" + type = "Microsoft.Compute/disks@2024-03-02" resource_id = data.azurerm_managed_disk.this.id method = "PATCH"