Skip to content

Commit

Permalink
Merge branch 'feature/new-update-management' of https://github.com/qb…
Browse files Browse the repository at this point in the history 
…eyond/terraform-azurerm-update-management into feature/new-update-management
  • Loading branch information
@QBY-ChristianHartmann
QBY-ChristianHartmann committed Oct 17, 2023
2 parents 21848b9 + 8f000e6 commit a400a12
Showing 1 changed file with 76 additions and 53 deletions.
129 changes: 76 additions & 53 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,75 +15,98 @@ This Module creates an azure runbook that automatically creates and updates upda
- Automation contributor on the specified automation account

<!-- BEGIN_TF_DOCS -->
## Usage

It's very easy to use!
```hcl
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_automation_account" "example" {
name = "example-account"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
sku_name = "Basic"
}
resource "azurerm_automation_module" "az_accounts" {
name = "Az.Accounts"
resource_group_name = azurerm_resource_group.example.name
automation_account_name = azurerm_automation_account.example.name
module_link {
uri = "https://devopsgallerystorage.blob.core.windows.net:443/packages/az.accounts.2.12.1.nupkg"
}
}
resource "azurerm_automation_module" "az_resourcegraph" {
name = "Az.Resourcegraph"
resource_group_name = azurerm_resource_group.example.name
automation_account_name = azurerm_automation_account.example.name
module_link {
uri = "https://devopsgallerystorage.blob.core.windows.net:443/packages/az.resourcegraph.0.13.0.nupkg"
}
depends_on = [azurerm_automation_module.az_accounts]
}
module "update_management" {
source = "../.."
automation_account = azurerm_automation_account.example
management_subscription_id = "abcdef01-2345-6789-0abc-def012345678"
management_group_id = "sandbox"
az_resourcegraph_module = azurerm_automation_module.az_resourcegraph
}
```

## Requirements

| Name | Version |
|------|---------|
| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | >= 3.7.0 |

## Providers
## Inputs

| Name | Version |
|------|---------|
| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | >= 3.7.0 |
| <a name="provider_time"></a> [time](#provider\_time) | n/a |
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_automation_account"></a> [automation\_account](#input\_automation\_account) | Automation account where the update management will be deployed. | <pre>object({<br> name = string<br> id = string<br> resource_group_name = string<br> location = string<br> })</pre> | n/a | yes |
| <a name="input_az_resourcegraph_module"></a> [az\_resourcegraph\_module](#input\_az\_resourcegraph\_module) | Required module Az.resourcegraph that is needed to run queries in the runbook. | <pre>object({<br> name = string<br> module_link = list(object({<br> uri = string<br> }))<br> })</pre> | n/a | yes |
| <a name="input_management_subscription_id"></a> [management\_subscription\_id](#input\_management\_subscription\_id) | Id of the management subscription. | `string` | n/a | yes |
| <a name="input_management_group_id"></a> [management\_group\_id](#input\_management\_group\_id) | ID of the management group that scopes the update management. | `string` | `"alz"` | no |
## Outputs

## Modules
No outputs.

No modules.
## Resource types

## Resources
| Type | Used |
|------|-------|
| [azurerm_automation_job_schedule](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/automation_job_schedule) | 1 |
| [azurerm_automation_runbook](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/automation_runbook) | 1 |
| [azurerm_automation_schedule](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/automation_schedule) | 1 |
| [time_static](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/static) | 1 |

| Name | Type |
|------|------|
| [azurerm_resource_group_template_deployment.severity_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group_template_deployment) | resource |
| [azurerm_resource_group_template_deployment.severity_group_linux](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group_template_deployment) | resource |
| [time_offset.tomorrow](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/offset) | resource |
**`Used` only includes resource blocks.** `for_each` and `count` meta arguments, as well as resource blocks of modules are not considered.

## Inputs
## Modules

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_automation_account_name"></a> [automation\_account\_name](#input\_automation\_account\_name) | The name of the automation account. | `string` | n/a | yes |
| <a name="input_error_code"></a> [error\_code](#input\_error\_code) | Custom Error code | `string` | `""` | no |
| <a name="input_error_message"></a> [error\_message](#input\_error\_message) | Error message indicating why the operation failed. | `string` | `""` | no |
| <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | The resource group of automation account, where update management is enabled | `string` | n/a | yes |
| <a name="input_scheduleInfo_advancedSchedule_monthDays"></a> [scheduleInfo\_advancedSchedule\_monthDays](#input\_scheduleInfo\_advancedSchedule\_monthDays) | (Optional) A list of every day in a month to run the severity group, available 1-31 | `list(string)` | `[]` | no |
| <a name="input_scheduleInfo_advancedSchedule_monthlyOccurrences_day"></a> [scheduleInfo\_advancedSchedule\_monthlyOccurrences\_day](#input\_scheduleInfo\_advancedSchedule\_monthlyOccurrences\_day) | (Optional) Day of the occurrence. Must be one of monday, tuesday, wednesday, thursday, friday, saturday, sunday. | `string` | `""` | no |
| <a name="input_scheduleInfo_advancedSchedule_monthlyOccurrences_occurrence"></a> [scheduleInfo\_advancedSchedule\_monthlyOccurrences\_occurrence](#input\_scheduleInfo\_advancedSchedule\_monthlyOccurrences\_occurrence) | (Optional) Occurrence of the week within the month. Must be between 1 and 5. | `number` | `0` | no |
| <a name="input_scheduleInfo_advancedSchedule_weekDays"></a> [scheduleInfo\_advancedSchedule\_weekDays](#input\_scheduleInfo\_advancedSchedule\_weekDays) | (Optional) Days of the week that the job should execute on. | `list(string)` | `[]` | no |
| <a name="input_scheduleInfo_description"></a> [scheduleInfo\_description](#input\_scheduleInfo\_description) | A description for the Severity Group | `string` | `""` | no |
| <a name="input_scheduleInfo_frequency"></a> [scheduleInfo\_frequency](#input\_scheduleInfo\_frequency) | Day,Hour,Minute,Month,OneTime,Week | `string` | n/a | yes |
| <a name="input_scheduleInfo_interval"></a> [scheduleInfo\_interval](#input\_scheduleInfo\_interval) | Set the interval of the schedule | `number` | n/a | yes |
| <a name="input_scheduleInfo_isEnabled"></a> [scheduleInfo\_isEnabled](#input\_scheduleInfo\_isEnabled) | Enable the Severity Group? | `bool` | `true` | no |
| <a name="input_scheduleInfo_startTime_hour"></a> [scheduleInfo\_startTime\_hour](#input\_scheduleInfo\_startTime\_hour) | Set the hour when to start, in format 05:00 | `string` | n/a | yes |
| <a name="input_scheduleInfo_timeZone"></a> [scheduleInfo\_timeZone](#input\_scheduleInfo\_timeZone) | Set the time zone | `string` | `"Europe/Berlin"` | no |
| <a name="input_severity_group_name"></a> [severity\_group\_name](#input\_severity\_group\_name) | The name of the Severity Group to create | `string` | n/a | yes |
| <a name="input_tasks_postTask_parameters"></a> [tasks\_postTask\_parameters](#input\_tasks\_postTask\_parameters) | (Optional) Days of the week that the job should execute on. | `string` | `""` | no |
| <a name="input_tasks_postTask_source"></a> [tasks\_postTask\_source](#input\_tasks\_postTask\_source) | (Optional) Sets the name of the runbook. | `string` | `""` | no |
| <a name="input_tasks_preTask_parameters"></a> [tasks\_preTask\_parameters](#input\_tasks\_preTask\_parameters) | (Optional) Days of the week that the job should execute on. | `string` | `""` | no |
| <a name="input_tasks_preTask_source"></a> [tasks\_preTask\_source](#input\_tasks\_preTask\_source) | (Optional) Sets the name of the runbook. | `string` | `""` | no |
| <a name="input_updateConfiguration_azureQueries_scope"></a> [updateConfiguration\_azureQueries\_scope](#input\_updateConfiguration\_azureQueries\_scope) | (Optional) List of names of non-azure machines targeted by the software update configuration. | `list(string)` | `[]` | no |
| <a name="input_updateConfiguration_azureQueries_tags_severitygrouptagname"></a> [updateConfiguration\_azureQueries\_tags\_severitygrouptagname](#input\_updateConfiguration\_azureQueries\_tags\_severitygrouptagname) | The name of the TAG this Severity Group will apply to. Its most likely Severity Group Daily or Secerity Group Monthly | `string` | n/a | yes |
| <a name="input_updateConfiguration_azureQueries_tags_value_severitygroupname"></a> [updateConfiguration\_azureQueries\_tags\_value\_severitygroupname](#input\_updateConfiguration\_azureQueries\_tags\_value\_severitygroupname) | If the Severity Group Name does not equals the severity group Tag value, you can set a customized value here, otherwise leave it blank. | `string` | `""` | no |
| <a name="input_updateConfiguration_azureVirtualMachines"></a> [updateConfiguration\_azureVirtualMachines](#input\_updateConfiguration\_azureVirtualMachines) | (Optional) List of azure resource Ids for azure virtual machines targeted by the software update configuration. | `list(string)` | `[]` | no |
| <a name="input_updateConfiguration_linux_excludedPackageNameMasks"></a> [updateConfiguration\_linux\_excludedPackageNameMasks](#input\_updateConfiguration\_linux\_excludedPackageNameMasks) | (Optional) packages excluded from the software update configuration. | `list(string)` | `[]` | no |
| <a name="input_updateConfiguration_linux_includedPackageClassifications"></a> [updateConfiguration\_linux\_includedPackageClassifications](#input\_updateConfiguration\_linux\_includedPackageClassifications) | Update classifications included in the software update configuration. Critical,Other,Security,Unclassified | `string` | `""` | no |
| <a name="input_updateConfiguration_linux_includedPackageNameMasks"></a> [updateConfiguration\_linux\_includedPackageNameMasks](#input\_updateConfiguration\_linux\_includedPackageNameMasks) | (Optional) packages included from the software update configuration. | `list(string)` | `[]` | no |
| <a name="input_updateConfiguration_nonAzureComputerNames"></a> [updateConfiguration\_nonAzureComputerNames](#input\_updateConfiguration\_nonAzureComputerNames) | (Optional) List of names of non-azure machines targeted by the software update configuration. | `list(string)` | `[]` | no |
| <a name="input_updateConfiguration_nonazureQueries_functionAlias"></a> [updateConfiguration\_nonazureQueries\_functionAlias](#input\_updateConfiguration\_nonazureQueries\_functionAlias) | Log Analytics Saved Search name. | `string` | `""` | no |
| <a name="input_updateConfiguration_nonazureQueries_workspaceId"></a> [updateConfiguration\_nonazureQueries\_workspaceId](#input\_updateConfiguration\_nonazureQueries\_workspaceId) | Workspace Id for Log Analytics in which the saved Search is resided. | `string` | `""` | no |
| <a name="input_updateConfiguration_operatingsystem"></a> [updateConfiguration\_operatingsystem](#input\_updateConfiguration\_operatingsystem) | Target operating system for the software update configuration. Linux or Windows | `string` | n/a | yes |
| <a name="input_updateConfiguration_rebootSetting"></a> [updateConfiguration\_rebootSetting](#input\_updateConfiguration\_rebootSetting) | Reboot setting for the software update configuration. Values are IfRequired, Never, Always, RebootOnly | `string` | `""` | no |
| <a name="input_updateConfiguration_update_duration"></a> [updateConfiguration\_update\_duration](#input\_updateConfiguration\_update\_duration) | Maximum time allowed for the software update configuration run. Define the Hours of duration as string. | `string` | `"4"` | no |
| <a name="input_updateConfiguration_windows_excludedKbNumbers"></a> [updateConfiguration\_windows\_excludedKbNumbers](#input\_updateConfiguration\_windows\_excludedKbNumbers) | (Optional) KB numbers excluded from the software update configuration. | `list(string)` | `[]` | no |
| <a name="input_updateConfiguration_windows_includedKbNumbers"></a> [updateConfiguration\_windows\_includedKbNumbers](#input\_updateConfiguration\_windows\_includedKbNumbers) | (Optional) KB numbers included from the software update configuration. | `list(string)` | `[]` | no |
| <a name="input_updateConfiguration_windows_includedUpdateClassifications"></a> [updateConfiguration\_windows\_includedUpdateClassifications](#input\_updateConfiguration\_windows\_includedUpdateClassifications) | Update classification included in the software update configuration. A comma separated string with required values. Critical,Definition,FeaturePack,Security,ServicePack,Tools,Unclassified,UpdateRollup,Updates | `string` | `""` | no |
No modules.

## Outputs
## Resources by Files

No outputs.
### main.tf

| Name | Type |
|------|------|
| [azurerm_automation_job_schedule.set_deployment_schedules](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/automation_job_schedule) | resource |
| [azurerm_automation_runbook.set_deployment_schedules](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/automation_runbook) | resource |
| [azurerm_automation_schedule.every_12h_starting_7am](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/automation_schedule) | resource |
| [time_static.schedule_start_tomorrow_7am](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/static) | resource |
<!-- END_TF_DOCS -->

# Contribute
Expand Down

0 comments on commit a400a12

Please sign in to comment.