Support for patchmode "customer managed schedules"

[allthetrouts]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Description

Please add support for "Customer Managed Schedules" for both azurerm_windows and linux virtual machine resources. With Azure Update Manager now we need to deploy vm's with patchmode set to "Customer Managed Schedules" and no longer "ImageDefault" and "AutomaticByPlatform"

New or Affected Resource(s)/Data Source(s)

azurerm_linux_virtual_machine; azurerm_windows_virtual_machine

Potential Terraform Configuration

patch_mode                        = "Customer Managed Schedules"

References

No response

[harshavmb]

Hi @allthetrouts ,

I don't find support for Customer Managed Schedules neither in hashicorp-2024-07-01 nor azure-2024-07-01.

If it's not part of restapi yet, it can't be supported via azurerm provider. Can you paste link to the docs supporting Customer Managed Schedules?

[emerconn]

Hello @harshavmb

I am also running into this issue. We have a Maintenance Configuration definition to apply patching schedules based on tags. So after Terraform deploys the VM and assigns the correct tag, this Maintenance Configuration takes over for patching.

This is what my AUM looks like.

I took manual action on the first 4 VMs, using the directions in the following screenshot. The VMs with [⚠️Fix] next to them have not been touched since Terraform created them. Here is the instructions from the Fix hyperlink:

This is the click here hyperlink in the screenshot: https://learn.microsoft.com/en-us/azure/update-manager/prerequsite-for-schedule-patching?tabs=new-prereq-portal%2Cauto-portal

[emerconn]

bypassPlatformSafetyChecksOnUserSchedule does exist in azure-2024-07-01, but does not in hashicorp-2024-07-01.

[emerconn]

I ended up creating an Azure policy to set bypassPlatformSafetyChecksOnUserSchedule to true for virtual machines using a specific tag, which is used by our Azure Maintenance Configuration.

I noticed that upon running Terraform again on the created resource after this policy is applied, Terraform wants to set bypassPlatformSafetyChecksOnUserSchedule back to false, even though there is no parameter for this listed in the documentation.

  # azurerm_windows_virtual_machine.sql_server["PROD-<redacted>"] will be updated in-place
  ~ resource "azurerm_windows_virtual_machine" "sql_server" {
      ~ bypass_platform_safety_checks_on_user_schedule_enabled = true -> false

[emerconn]

I'm not sure why this is working, but I added bypass_platform_safety_checks_on_user_schedule_enabled to the lifecycle ignore list which fixed the problem. I took it one step further and added it as a parameter to the azurerm_windows_virtual_machine resource, which also works.

So it looks like this is functional, it's just not documented.