Cannot set patch_assessment_mode to AutomaticByPlatform

[terrymandin]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.7.5

AzureRM Provider Version

3.97.1

Affected Resource(s)/Data Source(s)

azurerm_orchestrated_virtual_machine_scale_set

Terraform Configuration Files

# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0

provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "main" {
  name     = "${var.prefix}-resources"
  location = var.location
}

resource "azurerm_virtual_network" "main" {
  name                = "${var.prefix}-network"
  address_space       = ["10.0.0.0/16"]
  location            = azurerm_resource_group.main.location
  resource_group_name = azurerm_resource_group.main.name
}

resource "azurerm_subnet" "internal" {
  name                 = "internal"
  resource_group_name  = azurerm_resource_group.main.name
  virtual_network_name = azurerm_virtual_network.main.name
  address_prefixes     = ["10.0.2.0/24"]
}

resource "azurerm_network_interface" "main" {
  name                = "${var.prefix}-nic"
  resource_group_name = azurerm_resource_group.main.name
  location            = azurerm_resource_group.main.location

  ip_configuration {
    name                          = "internal"
    subnet_id                     = azurerm_subnet.internal.id
    private_ip_address_allocation = "Dynamic"
  }
}

resource "azurerm_orchestrated_virtual_machine_scale_set" "main" {
  name                = "${var.prefix}-OVMSS"
  location            = azurerm_resource_group.main.location
  resource_group_name = azurerm_resource_group.main.name

  sku_name  = "Standard_F2s_v2"
  instances = 1

  platform_fault_domain_count = 2

  os_profile {
    windows_configuration {
      computer_name_prefix = var.prefix
      admin_username       = "adminuser"
      admin_password       = "P@$$w0rd1234!"
      patch_mode           = "AutomaticByPlatform"  //TM
      patch_assessment_mode = "AutomaticByPlatform"  //TM
      hotpatching_enabled  = true                   //TM

      winrm_listener {
        protocol = "Http"
      }
    }
  }

  network_interface {
    name    = "${var.prefix}-NetworkProfile"
    primary = true

    ip_configuration {
      name      = "PrimaryIPConfiguration"
      primary   = true
      subnet_id = azurerm_subnet.internal.id

      public_ip_address {
        name                    = "${var.prefix}-PublicIpConfiguration"
        domain_name_label       = "${var.prefix}-domain-label"
        idle_timeout_in_minutes = 4
      }
    }
  }

  os_disk {
    storage_account_type = "Standard_LRS"
    caching              = "ReadWrite"
  }

  source_image_reference {
    publisher = "MicrosoftWindowsServer"
    offer     = "WindowsServer"
    sku       = "2022-datacenter-azure-edition-core"
    version   = "latest"
  }

  extension {
    name                               = "${var.prefix}-HealthExtension"
    publisher                          = "Microsoft.ManagedServices"
    type                               = "ApplicationHealthWindows"
    type_handler_version               = "1.0"
    auto_upgrade_minor_version_enabled = true

    settings = jsonencode({
      "protocol"    = "http"
      "port"        = "80"
      "requestPath" = "/healthEndpoint"
    })
  }
}

Debug Output/Panic Output

Plan: 1 to add, 0 to change, 0 to destroy.
azurerm_orchestrated_virtual_machine_scale_set.main: Creating...
╷
│ Error: creating Orchestrated Virtual Machine Scale Set (Subscription: "1f16fd54-0921-4c3d-81b1-edde291f16df"      
│ Resource Group Name: "tmvss-resources"
│ Virtual Machine Scale Set Name: "tmvss-OVMSS"): compute.VirtualMachineScaleSetsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="InvalidParameter" Message="'patchSettings.assessmentMode' cannot be set to 'AutomaticByPlatform' as its not supported on Virtual Machine Scale Sets." Target="windowsConfiguration.patchSettings.assessmentMode"
│
│   with azurerm_orchestrated_virtual_machine_scale_set.main,
│   on main.tf line 39, in resource "azurerm_orchestrated_virtual_machine_scale_set" "main":
│   39: resource "azurerm_orchestrated_virtual_machine_scale_set" "main" {

Expected Behaviour

The documentation states that AutomaticByPlatform is a valid parameter for the patch_assessment_mode parameter, but when I states that AutomaticByPlatform is not supported by VMSS.

Actual Behaviour

Receive an error stating that 'AutomaticByPlatform' as its not supported on Virtual Machine Scale Sets.

Steps to Reproduce

Deploy the Terraform code above. It is from the example in azurerm with a couple extra lines:

      patch_mode           = "AutomaticByPlatform"  
      patch_assessment_mode = "AutomaticByPlatform"  
      hotpatching_enabled  = true                

Important Factoids

No response

References

No response

[ms-zhenhua]

Hi @terrymandin, thank you for reaching out. This error is returned by Azure Service. I created this issue to track this problem which you may subscribe to.