AzLocal.UpdateManagement.psd1
|
@{ # Script module or binary module file associated with this manifest. RootModule = 'AzLocal.UpdateManagement.psm1' # Version number of this module. ModuleVersion = '0.7.89' # Supported PSEditions CompatiblePSEditions = @('Desktop', 'Core') # ID used to uniquely identify this module GUID = 'a8b9c0d1-e2f3-4a5b-6c7d-8e9f0a1b2c3d' # Author of this module Author = 'Neil Bird, Microsoft' # Company or vendor of this module CompanyName = 'Microsoft' # Copyright statement for this module Copyright = '(c) Microsoft. All rights reserved.' # Description of the functionality provided by this module Description = 'PowerShell module to manage Azure Local (formerly Azure Stack HCI) cluster updates using Azure Update Manager APIs. Provides functions to start updates, check update status, list available updates, and monitor update runs. Renamed from AzStackHci.ManageUpdates in v0.7.3 to align with the Azure Local product name.' # Minimum version of the PowerShell engine required by this module PowerShellVersion = '5.1' # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export. NestedModules = @( # Private helpers (loaded first) 'Private/Convert-AzLocalUpdateWindowToCron.ps1', 'Private/ConvertFrom-AzLocalCronExpression.ps1', 'Private/ConvertFrom-AzLocalUpdateExclusion.ps1', 'Private/ConvertFrom-AzLocalScheduleYaml.ps1', 'Private/ConvertFrom-AzLocalUpdateSideloaded.ps1', 'Private/ConvertFrom-AzLocalUpdateWindow.ps1', 'Private/Convert-AzLocalScheduleSchemaVersion.ps1', 'Private/ConvertTo-AzLocalAdditionalProperties.ps1', 'Private/ConvertTo-SafeCsvCollection.ps1', 'Private/ConvertTo-SafeCsvField.ps1', 'Private/ConvertTo-ScrubbedCliOutput.ps1', 'Private/ConvertTo-AzLocalUpdateRingKqlFilter.ps1', 'Private/Export-ResultsToJUnitXml.ps1', 'Private/Format-AzLocalDurationHuman.ps1', 'Private/Format-AzLocalIncidentBody.ps1', 'Private/Format-AzLocalUpdateRun.ps1', 'Private/Get-AzLocalClusterUpdateRuns.ps1', 'Private/Get-AzLocalItsmDedupeKey.ps1', 'Private/Get-AzLocalItsmTriggerDecision.ps1', 'Private/Get-AzLocalModuleRootManifestPath.ps1', 'Private/Get-AzLocalPipelineCustomiseMarkers.ps1', 'Private/Get-AzLocalRunEndTime.ps1', 'Private/Get-CurrentStepPath.ps1', 'Private/Get-ExportFormat.ps1', 'Private/Get-HealthCheckFailureSummary.ps1', 'Private/Get-LastUpdateRunErrorSummary.ps1', 'Private/Get-LatestUpdateByYYMM.ps1', 'Private/Get-TagValue.ps1', 'Private/Import-AzLocalFleetState.ps1', 'Private/Install-AzGraphExtension.ps1', 'Private/Invoke-AzCliJson.ps1', 'Private/Invoke-AzLocalSideloadedAutoReset.ps1', 'Private/Invoke-AzLocalSideloadedAutoResetForCluster.ps1', 'Private/Invoke-AzLocalItsmHttp.ps1', 'Private/Invoke-AzLocalServiceNowAdapter.ps1', 'Private/Invoke-AzResourceGraphQuery.ps1', 'Private/Invoke-AzRestJson.ps1', 'Private/Invoke-AzLocalUpdateApply.ps1', 'Private/Invoke-FleetJobsInParallel.ps1', 'Private/Invoke-FleetOpClusterAction.ps1', 'Private/Read-AzLocalApplyUpdatesYamlCrons.ps1', 'Private/Resolve-AzLocalItsmSecret.ps1', 'Private/Resolve-AzLocalUpdateRunDeepestError.ps1', 'Private/Resolve-SafeOutputPath.ps1', 'Private/Resolve-WildcardDate.ps1', 'Private/Resolve-WildcardDateRange.ps1', 'Private/Set-AzLocalClusterTagsMerge.ps1', 'Private/Test-AzCliAvailable.ps1', 'Private/Test-AzLocalAllowedUpdateVersionsString.ps1', 'Private/Test-AzLocalUpdateExclusion.ps1', 'Private/Test-AzLocalUpdateSideloadedAllowed.ps1', 'Private/Test-AzLocalUpdateVersionInProgressMatch.ps1', 'Private/Test-AzLocalUpdateWindow.ps1', 'Private/Test-ExportPathWritable.ps1', 'Private/Write-Log.ps1', 'Private/Write-UpdateCsvLog.ps1', 'Private/Write-Utf8NoBomFile.ps1', # Public exported functions 'Public/Connect-AzLocalServicePrincipal.ps1', 'Public/Copy-AzLocalItsmSample.ps1', 'Public/Copy-AzLocalPipelineExample.ps1', 'Public/Export-AzLocalFleetState.ps1', 'Public/Get-AzLocalApplyUpdatesScheduleConfig.ps1', 'Public/Get-AzLocalApplyUpdatesScheduleNextFirings.ps1', 'Public/Get-AzLocalAvailableUpdates.ps1', 'Public/Get-AzLocalClusterInfo.ps1', 'Public/Get-AzLocalClusterInventory.ps1', 'Public/Get-AzLocalClusterUpdateReadiness.ps1', 'Public/Get-AzLocalFleetProgress.ps1', 'Public/Get-AzLocalFleetStatusData.ps1', 'Public/Get-AzLocalFleetHealthFailures.ps1', 'Public/Get-AzLocalFleetHealthOverview.ps1', 'Public/Get-AzLocalItsmConfig.ps1', 'Public/Get-AzLocalLatestSolutionVersion.ps1', 'Public/Get-AzLocalUpdateRunFailures.ps1', 'Public/Get-AzLocalUpdateRuns.ps1', 'Public/Get-AzLocalUpdateSummary.ps1', 'Public/Invoke-AzLocalFleetOperation.ps1', 'Public/New-AzLocalApplyUpdatesScheduleConfig.ps1', 'Public/New-AzLocalFleetStatusHtmlReport.ps1', 'Public/New-AzLocalIncident.ps1', 'Public/Reset-AzLocalSideloadedTag.ps1', 'Public/Resolve-AzLocalCurrentUpdateRing.ps1', 'Public/Resume-AzLocalFleetUpdate.ps1', 'Public/Set-AzLocalClusterUpdateRingTag.ps1', 'Public/Start-AzLocalClusterUpdate.ps1', 'Public/Stop-AzLocalFleetUpdate.ps1', 'Public/Test-AzLocalApplyUpdatesScheduleCoverage.ps1', 'Public/Test-AzLocalClusterHealth.ps1', 'Public/Test-AzLocalFleetHealthGate.ps1', 'Public/Test-AzLocalItsmConnection.ps1', 'Public/Test-AzLocalUpdateScheduleAllowed.ps1', 'Public/Update-AzLocalApplyUpdatesScheduleConfig.ps1', 'Public/Update-AzLocalPipelineExample.ps1', 'Public/Get-AzLocalFleetConnectivityStatus.ps1', 'Public/New-AzLocalFleetConnectivityStatusSummary.ps1' ) FunctionsToExport = @( 'Connect-AzLocalServicePrincipal', 'Start-AzLocalClusterUpdate', 'Get-AzLocalClusterUpdateReadiness', 'Get-AzLocalClusterInventory', 'Get-AzLocalClusterInfo', 'Get-AzLocalUpdateSummary', 'Get-AzLocalAvailableUpdates', 'Get-AzLocalUpdateRuns', 'Set-AzLocalClusterUpdateRingTag', # Fleet-Scale Operations (v0.5.6) 'Invoke-AzLocalFleetOperation', 'Get-AzLocalFleetProgress', 'Test-AzLocalFleetHealthGate', 'Export-AzLocalFleetState', 'Resume-AzLocalFleetUpdate', 'Stop-AzLocalFleetUpdate', # Pre-Update Health Validation (v0.6.1) 'Test-AzLocalClusterHealth', # Fleet Status Data Collection & Reporting (v0.6.4) 'Get-AzLocalFleetStatusData', 'New-AzLocalFleetStatusHtmlReport', # Update Schedule Tag Helpers (v0.6.4) 'Test-AzLocalUpdateScheduleAllowed', # Sideloaded Payload Workflow (v0.7.1) 'Reset-AzLocalSideloadedTag', # ITSM Connector Phase 1 (v0.7.4) 'Get-AzLocalItsmConfig', 'Test-AzLocalItsmConnection', 'New-AzLocalIncident', # Pipeline-Examples Convenience (v0.7.4 / Update added v0.7.68) 'Copy-AzLocalPipelineExample', 'Update-AzLocalPipelineExample', # ITSM Sample Convenience (v0.7.50) 'Copy-AzLocalItsmSample', # Fleet Health Failures (v0.7.65) - 24-hour system health-check failures across the fleet 'Get-AzLocalFleetHealthFailures', # Apply-Updates Schedule Coverage Advisor (v0.7.65) - compares apply-updates YAML cron(s) to UpdateWindow tags 'Test-AzLocalApplyUpdatesScheduleCoverage', # Update Run Failures (v0.7.68) - ARG-only deep-error extraction (9 levels deep) for fleet-scale verbose error information 'Get-AzLocalUpdateRunFailures', # Ring-Aware Apply-Updates Schedule (v0.7.69) - human-readable schedule file + cycle-based resolver 'Get-AzLocalApplyUpdatesScheduleConfig', 'Resolve-AzLocalCurrentUpdateRing', 'Get-AzLocalApplyUpdatesScheduleNextFirings', 'New-AzLocalApplyUpdatesScheduleConfig', 'Update-AzLocalApplyUpdatesScheduleConfig', # Fleet Health Overview (v0.7.70) - one row per cluster, ARG-first projection of cluster + updateSummaries (fleet-scale) 'Get-AzLocalFleetHealthOverview', # Latest Released Solution Version (v0.7.70) - public manifest probe (aka.ms/AzureEdgeUpdates) that anchors the rolling YYMM support window 'Get-AzLocalLatestSolutionVersion', # Fleet Connectivity Status (v0.7.79) - 4-scope connectivity audit: cluster, Arc agent, physical NIC, ARB 'Get-AzLocalFleetConnectivityStatus', # Fleet Connectivity Status Summary Renderer (v0.7.87) - markdown step-summary builder used by Step.4 GH+ADO pipelines 'New-AzLocalFleetConnectivityStatusSummary' ) # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export. CmdletsToExport = @() # Variables to export from this module VariablesToExport = @() # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export. AliasesToExport = @() # Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell. PrivateData = @{ PSData = @{ # Tags applied to this module. These help with module discovery in online galleries. Tags = @('Azure', 'AzureLocal', 'AzureStackHCI', 'Updates', 'UpdateManager', 'HCI', 'Automation', 'CICD', 'Pipeline', 'ServiceNow', 'ITSM', 'Incident') # A URL to the license for this module. LicenseUri = 'https://github.com/NeilBird/Azure-Local/blob/main/LICENSE' # A URL to the main website for this project. ProjectUri = 'https://github.com/NeilBird/Azure-Local' # A URL to an icon representing this module. IconUri = '' # ReleaseNotes of this module ReleaseNotes = @' ## Version 0.7.89 - Apply-updates schedule schema v2: mandatory `allowedUpdateVersions` allow-list with `Latest` sentinel ### Added - **Schema v2 with MANDATORY top-level `allowedUpdateVersions` + optional per-row override** (customer-requested "minimum updates" policy). Reserved sentinel `Latest` (case-insensitive, canonicalised to PascalCase) means "no constraint - install latest Ready update on each cluster" (= historic v0.7.88 default). Explicit values match EXACTLY (case-insensitive) on `.name` OR `.properties.version`. Mismatched clusters are SKIPPED with new status `NotInAllowList` (strict no-op). Mixing `Latest` with explicit versions within a single field is REJECTED. - **`Start-AzLocalClusterUpdate -AllowedUpdateVersions [string[]]`** optional. `Latest` (case-insensitive) skips filtering. Explicit `-UpdateName` wins over allow-list. - **`Resolve-AzLocalCurrentUpdateRing`** returns `AllowedUpdateVersions`, `AllowedUpdateVersionsValue`, `AllowedUpdateVersionsSource ('row'|'top-level'|'none')`. Precedence: per-row > top-level; multiple matching rows UNION; rows without the field are "no opinion". `Latest` collapse: when the resolved UNION contains the sentinel (from any contributing row or top-level), the effective list collapses to empty (= no constraint); the `Source` field is retained so audit logs explain WHERE the `Latest` came from. - **Schema migration `1 -> 2`** via `Update-AzLocalApplyUpdatesScheduleConfig`. Idempotent (marker-guarded). Inserts an ACTIVE `allowedUpdateVersions: 'Latest'` so the migrated file satisfies the new mandatory rule with zero behaviour change. - **Audit pipeline (Step.3) Allow-list coverage section.** New Markdown section prints the top-level fleet default, a per-row effective-allow-list table (after row > top-level resolution), and recommendation yaml snippets for the first 3 rows inheriting from top-level. v1 schedules see a migration nudge. ### Changed - **Validator** now accepts `schemaVersion: 1` OR `2`. **v2 files MUST have a top-level `allowedUpdateVersions:` field** - omitting it is rejected with a remediation message. v2 field values are parsed and validated (empty tokens, trailing `;`, whitespace inside a token, and mixed `Latest`+explicit all rejected; case-insensitive dedup preserves first-occurrence order). - **Generator** emits `schemaVersion: 2` with an ACTIVE top-level `allowedUpdateVersions: 'Latest'` line plus commented per-row `# allowedUpdateVersions: '<explicit>'` examples. - **`Automation-Pipeline-Examples/apply-updates-schedule.example.yml`** updated to v2 with the new mandatory field + a Phase-4 Prod-ring per-row override worked example. - **`Automation-Pipeline-Examples/README.md`** new Section 8.4 walks operators through model, worked example, finding update names, v1->v2 migration, and audit pipeline support. - **Step.6 (GH Actions + ADO)** plumbs the allow-list end-to-end via `RESOLVED_ALLOWED_UPDATE_VERSIONS`. Manual / non-Schedule runs pass empty. `NotInAllowList` added to the `skipped` KPI bucket. - **Step.3 audit Markdown gate fix:** previously `$haveSchedule` was undefined in the summary step's scope (separate `pwsh` process), causing the Schedule diff table to silently not render. `HAVE_SCHEDULE` + `SCHEDULE_PATH` are now exported via `GITHUB_OUTPUT` (GH) / `setvariable ... isOutput=true` (ADO). ### Pipeline pin bumps - All 18 bundled `Step.{0..8}.yml` templates bump `GENERATED_AGAINST_MODULE_VERSION` from `'0.7.88'` to `'0.7.89'`. Inline-script changes: Step.6 (allow-list plumbing) + Step.3 (gate fix + Allow-list coverage section), both platforms. The other 14 are pin-only. ### Migration - **Module:** `Install-Module AzLocal.UpdateManagement -Force`. `-AllowedUpdateVersions` is optional; unset OR `Latest` = historic behaviour unchanged. - **Pipelines:** `Copy-AzLocalPipelineExample -Destination <path> -Update`. - **`apply-updates-schedule.yml`:** run `Update-AzLocalApplyUpdatesScheduleConfig -Path <path>` to migrate v1 -> v2. The migrator inserts an active `allowedUpdateVersions: 'Latest'` (zero behaviour change). Or hand-edit: bump `schemaVersion: 1` -> `2` AND add `allowedUpdateVersions: 'Latest'` (or explicit) at top-level. v1 files continue to work; only the new field is rejected on v1. ## Version 0.7.88 - Step.8 fleet-health step-summary readability polish (section reorder + column rename) For full v0.7.88 release notes see: https://github.com/NeilBird/Azure-Local/blob/main/AzLocal.UpdateManagement/CHANGELOG.md ## Version 0.7.87 - Extract Step.4 fleet-connectivity summary renderer to module function + 21K-cap Pester regression guard For full v0.7.87 release notes see: https://github.com/NeilBird/Azure-Local/blob/main/AzLocal.UpdateManagement/CHANGELOG.md ## Version 0.7.86 - Documentation follow-up: Automation-Pipeline-Examples README + appendix refreshed for the 9-step pipeline set For full v0.7.86 release notes see: https://github.com/NeilBird/Azure-Local/blob/main/AzLocal.UpdateManagement/CHANGELOG.md ## Version 0.7.85 - Step.4 reconciliation table: bidirectional interpretation + actionable guidance For full v0.7.85 release notes see: https://github.com/NeilBird/Azure-Local/blob/main/AzLocal.UpdateManagement/CHANGELOG.md ## Version 0.7.84 - HOTFIX: Get-AzLocalFleetConnectivityStatus correctness (3 bugs) + cross-call ARG throttle cooldown For full v0.7.84 release notes see: https://github.com/NeilBird/Azure-Local/blob/main/AzLocal.UpdateManagement/CHANGELOG.md ## Version 0.7.83 - HOTFIX: Step.4 ARB [char].Trim() bug on single-cluster ClusterId For full v0.7.83 release notes see: https://github.com/NeilBird/Azure-Local/blob/main/AzLocal.UpdateManagement/CHANGELOG.md ## Version 0.7.82 - Bundled custom-role JSON artifact For full v0.7.82 release notes see: https://github.com/NeilBird/Azure-Local/blob/main/AzLocal.UpdateManagement/CHANGELOG.md ## Version 0.7.81 - Pipeline RBAC guidance: custom role first For full v0.7.81 release notes see: https://github.com/NeilBird/Azure-Local/blob/main/AzLocal.UpdateManagement/CHANGELOG.md ## Version 0.7.80 - RBAC custom role: fleet-connectivity reads For full v0.7.80 release notes see: https://github.com/NeilBird/Azure-Local/blob/main/AzLocal.UpdateManagement/CHANGELOG.md ## Version 0.7.79 - Step.5 default schedule enabled For full v0.7.79 release notes see: https://github.com/NeilBird/Azure-Local/blob/main/AzLocal.UpdateManagement/CHANGELOG.md ## Version 0.7.78 - Step.4 blank-field regression fix For full v0.7.78 release notes see: https://github.com/NeilBird/Azure-Local/blob/main/AzLocal.UpdateManagement/CHANGELOG.md ## Version 0.7.77 - Step.4 fleet-connectivity hotfix (ARG JSON parse hardening) For full v0.7.77 release notes see: https://github.com/NeilBird/Azure-Local/blob/main/AzLocal.UpdateManagement/CHANGELOG.md ## Version 0.7.76 - Renamed to -AzLocal* + quality hardening - Exported/public cmdlets and internal helpers renamed from `-AzureLocal*` to `-AzLocal*` to align with the module name. **Migration:** search- and-replace `-AzureLocal` with `-AzLocal` in your scripts after `Install-Module AzLocal.UpdateManagement -Force`. Module GUID unchanged. - Includes targeted hardening from the module review cycle (row-shape safety, health-check dedup, test coverage, docs cleanup, publish hygiene) plus Step.0 pipeline pin parity (drift warning now fires from the first job rather than Step.1). All 18 `Step.{0..8}.yml` templates bump `GENERATED_AGAINST_MODULE_VERSION` `0.7.75` -> `0.7.76`. - See `CHANGELOG.md` for the full per-cmdlet rename map and detailed notes. ## Version 0.7.75 - Hardening: Test-AzLocalApplyUpdatesScheduleCoverage auto-detects CI host platform For full v0.7.75 release notes see: https://github.com/NeilBird/Azure-Local/blob/main/AzLocal.UpdateManagement/CHANGELOG.md ## Version 0.7.74 - Bug fix: Get-AzLocalFleetHealthOverview KQL regression (ParserFailure at char 2757) + Step.3 recommendation UX rewrite For full v0.7.74 release notes see: https://github.com/NeilBird/Azure-Local/blob/main/AzLocal.UpdateManagement/CHANGELOG.md ## Version 0.7.73 - Bug fix: Get-AzLocalFleetHealthOverview normalises ARG HealthState values so Step.7 "Healthy Clusters" count is correct (was 0 against any fleet) For full v0.7.73 release notes see: https://github.com/NeilBird/Azure-Local/blob/main/AzLocal.UpdateManagement/CHANGELOG.md ## Version 0.7.72 - Pipeline samples hotfix: Step.1/2/5 GitHub Actions Summary panels now render, AZURE_TENANT_ID secret->variable, pipeline pin bumps For full v0.7.72 release notes see: https://github.com/NeilBird/Azure-Local/blob/main/AzLocal.UpdateManagement/CHANGELOG.md ## Older releases For release notes covering v0.7.71 and earlier, see the CHANGELOG: https://github.com/NeilBird/Azure-Local/blob/main/AzLocal.UpdateManagement/CHANGELOG.md '@ # Prerelease string of this module # Prerelease = '' # Flag to indicate whether the module requires explicit user acceptance for install/update/save # RequireLicenseAcceptance = $false # External dependent modules of this module # ExternalModuleDependencies = @() } } # HelpInfo URI of this module # HelpInfoURI = '' # Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix. # DefaultCommandPrefix = '' } |