[AVM Module Issue]: Add Support for VM Patch Assessment Mode

[JonAtWork7]

Check for previous/existing GitHub issues

• I have checked for previous/existing GitHub issues

Issue Type?

Feature Request

(Optional) Module Version

2.0

(Optional) Correlation Id

No response

Description

Description:

Currently, the AVM module for Azure Stack HCI Virtual Machine Instance does not expose input variables to allow users to specify patchMode and assessmentMode for Linux and Windows patch settings. These settings are important for managing OS patching behavior and compliance assessment within VMs.

Proposed Enhancement:

Add new module input variables for:

• linux_patch_mode
• linux_patch_assessment_mode
• windows_patch_mode
• windows_patch_assessment_mode

Wire these variables into the resource definition for both linuxConfiguration.patchSettings and windowsConfiguration.patchSettings in the azapi_resource "hybrid_compute_machine" resource.

Update documentation and example usage to demonstrate how users can configure these settings when deploying VMs.

• Example Usage:

module "virtual_machine" {
  # ... other arguments ...
  linux_patch_mode             = "AutomaticByPlatform"
  linux_patch_assessment_mode  = "ImageDefault"
  windows_patch_mode           = "AutomaticByPlatform"
  windows_patch_assessment_mode = "ImageDefault"
}

Benefits:

• Enables users to fully manage and automate patching and assessment compliance for both Linux and Windows VMs.
• Supports a broader range of customer scenarios and compliance requirements.

References:

Azure Patch and Assessment Policy documentation
Current main.tf reference

Additional context:
The current module implementation sets assessmentMode and patchMode to null for both Linux and Windows. Exposing these as configurable options would allow the module to be more flexible and production-ready.

[microsoft-github-policy-service]

Warning

Tagging the AVM Core Team (@Azure/avm-core-team-technical-terraform) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly.

Tip

• To prevent further actions to take effect, the "Status: Response Overdue 🚩" label must be removed, once this issue has been responded to.
• To avoid this rule being (re)triggered, the ""Needs: Triage 🔍" label must be removed as part of the triage process (when the issue is first responded to)!

[microsoft-github-policy-service]

Warning

Tagging the AVM Core Team (@Azure/avm-core-team-technical-terraform) due to a module owner or contributor having not responded to this issue within 3 business days. The AVM Core Team will attempt to contact the module owners/contributors directly.

Tip

• To prevent further actions to take effect, the "Status: Response Overdue 🚩" label must be removed, once this issue has been responded to.
• To avoid this rule being (re)triggered, the ""Needs: Triage 🔍" label must be removed as part of the triage process (when the issue is first responded to)!

[microsoft-github-policy-service]

Caution

**This issue requires the AVM Core Team's (@Azure/avm-core-team-technical-terraform) immediate attention as it hasn't been responded to within 6 business days. **

Tip

• To avoid this rule being (re)triggered, the "Needs: Triage 🔍" and "Status: Response Overdue 🚩" labels must be removed when the issue is first responded to!
• Remove the "Needs: Immediate Attention ‼️" label once the issue has been responded to.