diff --git a/modules/maintenance/maintenance-configuration/.test/common/main.test.bicep b/modules/maintenance/maintenance-configuration/.test/common/main.test.bicep index 28cb45ab39..5206cb44e2 100644 --- a/modules/maintenance/maintenance-configuration/.test/common/main.test.bicep +++ b/modules/maintenance/maintenance-configuration/.test/common/main.test.bicep @@ -49,7 +49,9 @@ module testDeployment '../../main.bicep' = { params: { enableDefaultTelemetry: enableDefaultTelemetry name: '${namePrefix}${serviceShort}001' - extensionProperties: {} + extensionProperties: { + InGuestPatchMode: 'User' + } lock: 'CanNotDelete' tags: { 'hidden-title': 'This is visible in the resource name' @@ -65,9 +67,9 @@ module testDeployment '../../main.bicep' = { principalType: 'ServicePrincipal' } ] - maintenanceScope: 'OSImage' + maintenanceScope: 'InGuestPatch' maintenanceWindow: { - duration: '05:00' + duration: '03:00' expirationDateTime: '9999-12-31 23:59:59' recurEvery: 'Day' startDateTime: '2022-12-31 13:00' @@ -75,5 +77,21 @@ module testDeployment '../../main.bicep' = { } namespace: '${serviceShort}ns' visibility: 'Custom' + installPatches: { + linuxParameters: { + classificationsToInclude: null + packageNameMasksToExclude: null + packageNameMasksToInclude: null + } + rebootSetting: 'IfRequired' + windowsParameters: { + classificationsToInclude: [ + 'Critical' + 'Security' + ] + kbNumbersToExclude: null + kbNumbersToInclude: null + } + } } } diff --git a/modules/maintenance/maintenance-configuration/README.md b/modules/maintenance/maintenance-configuration/README.md index 6f3d3e29ef..0b52632072 100644 --- a/modules/maintenance/maintenance-configuration/README.md +++ b/modules/maintenance/maintenance-configuration/README.md @@ -16,7 +16,7 @@ This module deploys a Maintenance Configuration. | :-- | :-- | | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -| `Microsoft.Maintenance/maintenanceConfigurations` | [2021-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Maintenance/2021-05-01/maintenanceConfigurations) | +| `Microsoft.Maintenance/maintenanceConfigurations` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Maintenance/2023-04-01/maintenanceConfigurations) | ## Parameters @@ -32,6 +32,7 @@ This module deploys a Maintenance Configuration. | :-- | :-- | :-- | :-- | :-- | | `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | | `extensionProperties` | object | `{object}` | | Gets or sets extensionProperties of the maintenanceConfiguration. | +| `installPatches` | object | `{object}` | | Configuration settings for VM guest patching with Azure Update Manager. | | `location` | string | `[resourceGroup().location]` | | Location for all Resources. | | `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | | `maintenanceScope` | string | `'Host'` | `[Extension, Host, InGuestPatch, OSImage, SQLDB, SQLManagedInstance]` | Gets or sets maintenanceScope of the configuration. | @@ -212,10 +213,28 @@ module maintenanceConfiguration './maintenance/maintenance-configuration/main.bi name: 'mmccom001' // Non-required parameters enableDefaultTelemetry: '' - extensionProperties: {} + extensionProperties: { + InGuestPatchMode: 'User' + } + installPatches: { + linuxParameters: { + classificationsToInclude: '' + packageNameMasksToExclude: '' + packageNameMasksToInclude: '' + } + rebootSetting: 'IfRequired' + windowsParameters: { + classificationsToInclude: [ + 'Critical' + 'Security' + ] + kbNumbersToExclude: '' + kbNumbersToInclude: '' + } + } lock: 'CanNotDelete' maintenanceWindow: { - duration: '05:00' + duration: '03:00' expirationDateTime: '9999-12-31 23:59:59' recurEvery: 'Day' startDateTime: '2022-12-31 13:00' @@ -262,14 +281,34 @@ module maintenanceConfiguration './maintenance/maintenance-configuration/main.bi "value": "" }, "extensionProperties": { - "value": {} + "value": { + "InGuestPatchMode": "User" + } + }, + "installPatches": { + "value": { + "linuxParameters": { + "classificationsToInclude": "", + "packageNameMasksToExclude": "", + "packageNameMasksToInclude": "" + }, + "rebootSetting": "IfRequired", + "windowsParameters": { + "classificationsToInclude": [ + "Critical", + "Security" + ], + "kbNumbersToExclude": "", + "kbNumbersToInclude": "" + } + } }, "lock": { "value": "CanNotDelete" }, "maintenanceWindow": { "value": { - "duration": "05:00", + "duration": "03:00", "expirationDateTime": "9999-12-31 23:59:59", "recurEvery": "Day", "startDateTime": "2022-12-31 13:00", diff --git a/modules/maintenance/maintenance-configuration/main.bicep b/modules/maintenance/maintenance-configuration/main.bicep index eec62af31c..cb6d711d8c 100644 --- a/modules/maintenance/maintenance-configuration/main.bicep +++ b/modules/maintenance/maintenance-configuration/main.bicep @@ -57,6 +57,9 @@ param tags object = {} ]) param visibility string = '' +@description('Optional. Configuration settings for VM guest patching with Azure Update Manager.') +param installPatches object = {} + // =============== // // Deployments // // =============== // @@ -73,7 +76,7 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena } } -resource maintenanceConfiguration 'Microsoft.Maintenance/maintenanceConfigurations@2021-05-01' = { +resource maintenanceConfiguration 'Microsoft.Maintenance/maintenanceConfigurations@2023-04-01' = { location: location name: name tags: tags @@ -83,6 +86,7 @@ resource maintenanceConfiguration 'Microsoft.Maintenance/maintenanceConfiguratio maintenanceWindow: maintenanceWindow namespace: namespace visibility: visibility + installPatches: (maintenanceScope == 'InGuestPatch') ? installPatches : null } } diff --git a/modules/maintenance/maintenance-configuration/main.json b/modules/maintenance/maintenance-configuration/main.json index b03447786a..32e3c1e639 100644 --- a/modules/maintenance/maintenance-configuration/main.json +++ b/modules/maintenance/maintenance-configuration/main.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.20.4.51522", - "templateHash": "16739611821824144982" + "templateHash": "10129717833290964188" }, "name": "Maintenance Configurations", "description": "This module deploys a Maintenance Configuration.", @@ -105,6 +105,13 @@ "metadata": { "description": "Optional. Gets or sets the visibility of the configuration. The default value is 'Custom'." } + }, + "installPatches": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Configuration settings for VM guest patching with Azure Update Manager." + } } }, "resources": [ @@ -124,7 +131,7 @@ }, { "type": "Microsoft.Maintenance/maintenanceConfigurations", - "apiVersion": "2021-05-01", + "apiVersion": "2023-04-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -133,7 +140,8 @@ "maintenanceScope": "[parameters('maintenanceScope')]", "maintenanceWindow": "[parameters('maintenanceWindow')]", "namespace": "[parameters('namespace')]", - "visibility": "[parameters('visibility')]" + "visibility": "[parameters('visibility')]", + "installPatches": "[if(equals(parameters('maintenanceScope'), 'InGuestPatch'), parameters('installPatches'), null())]" } }, { @@ -327,7 +335,7 @@ "metadata": { "description": "The location the Maintenance Configuration was created in." }, - "value": "[reference(resourceId('Microsoft.Maintenance/maintenanceConfigurations', parameters('name')), '2021-05-01', 'full').location]" + "value": "[reference(resourceId('Microsoft.Maintenance/maintenanceConfigurations', parameters('name')), '2023-04-01', 'full').location]" } } } \ No newline at end of file