Adding resources to dynamic scope

Varma 1,385 Reputation points
2024-04-25T17:42:01.4333333+00:00

I know it might be out of scope but need your inputs on this.

how to add dynamic scope to existing maintenance configuration.

I have created maintenance configuration using terraform. here is the code for maintenance configuration:

provider "azurerm" {
  features {}
}
terraform {
  required_providers {
    azapi = {
      source  = "Azure/azapi"
      version = "=0.4.0"
    }
  }
}
resource "azurerm_resource_group" "example" {
  name     = "example-resources"
  location = "West Europe"
}
# resource "azurerm_maintenance_configuration" "example" {
#   name                = "example-mc"
#   resource_group_name = azurerm_resource_group.example.name
#   location            = azurerm_resource_group.example.location
#   scope               = "InGuestPatch"
#   tags = {
#     Env = "prod"
#   }
  
# }
resource "azapi_resource" "vm_maintenance" {
  type      = "Microsoft.Maintenance/maintenanceConfigurations@2021-09-01-preview"
  name      = "vm-mc"
  parent_id = "/subscriptions/XXXX/resourceGroups/example-resources"
  location  = azurerm_resource_group.example.location
  body = jsonencode({
    properties = {
      visibility          = "Custom"
      namespace           = "Microsoft.Maintenance"
      maintenanceScope    = "InGuestPatch"
      extensionProperties = {
        "InGuestPatchMode" = "User"
      }
      maintenanceWindow = {
        startDateTime      = formatdate("YYYY-MM-DD 17:30", timestamp())
        expirationDateTime = null
        duration           = "PT3H30M"
        timeZone           = "Eastern Standard Time"
        recurEvery         = "120Hour"
      }
      installPatches = {
        linuxParameters = {
          classificationsToInclude  = ["Critical", "Security", "Other"]
          packageNameMasksToExclude = null
          packageNameMasksToInclude = null
        }
        windowsParameters = {
          classificationsToInclude = ["Critical", "Security" , "UpdateRollup", "FeaturePack" , "ServicePack", "Definition" ,"Tools", "Updates"  ]
          kbNumbersToExclude       = null
          kbNumbersToInclude       = null 
        }
        rebootSetting = "RebootIfRequired"
      }
    }
  })
}
resource "azapi_resource" "vm_maintenance_assignment" {
  type      = "Microsoft.Maintenance/configurationAssignments@2021-09-01-preview"
  name      = "vm--mca"
  parent_id = "/subscriptions/XXX/resourceGroups/example-resources/providers/Microsoft.Compute/virtualMachines/test1"
  location  = "East US 2"
  body = jsonencode({
    properties = {
      maintenanceConfigurationId = azapi_resource.vm_maintenance.id
    }
  })
}


and I am trying to follow to add a dynamic scope to above mainteance configuration but where to begin and how to provide input values

https://learn.microsoft.com/en-us/azure/templates/microsoft.maintenance/configurationassignments?pivots=deployment-language-terraform

Azure Update Manager
Azure Update Manager
An Azure service to centrally manages updates and compliance at scale.
326 questions
0 comments No comments
{count} votes

Accepted answer
  1. Stanislav Zhelyazkov 25,311 Reputation points MVP
    2024-04-26T08:22:52.5866667+00:00

    Hi,

    The answer to this question is no different than the one for this one Error: Bicep deployment of maintenance configuration + dynamic scope for Update Manager just the language differs but when using AzAPI the properties part is the same or similar. Most important is that dynamic scope is basically Microsoft.Maintenance/configurationAssignments resource but deployed at subscription scope. Direct assignments are the same resource but they are scoped to the VM/Arc server where dynamic scope is a resource that is deployed at subscription scope. When at that scope it has different properties:

    • maintenanceConfigurationId - the value is the resource ID of the maintenance configuration.
    • resourceId - the value is the subscription resource ID where the dynamic scope is deployed.
    • filter - The value is if you want to provide any filter to your dynamic scope like specific locations, OS types, resource groups, resource types or tags.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.