Verify each resource creation - long running cluster test pipeline.

sivakami · sivakami · commit ea77b671adb0 · 2025-10-29T10:33:02.000-07:00
diff --git a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh
@@ -11,10 +11,52 @@ SUBNET1_PREFIX="10.10.1.0/24"
 SUBNET2_PREFIX="10.10.2.0/24"
 NSG_NAME="${VNET_A1}-nsg"
 
+verify_nsg() {
+  local rg="$1"; local name="$2"
+  echo "==> Verifying NSG: $name"
+  if az network nsg show -g "$rg" -n "$name" &>/dev/null; then
+    echo "[OK] Verified NSG $name exists."
+  else
+    echo "[ERROR] NSG $name not found!" >&2
+    exit 1
+  fi
+}
+
+verify_nsg_rule() {
+  local rg="$1"; local nsg="$2"; local rule="$3"
+  echo "==> Verifying NSG rule: $rule in $nsg"
+  if az network nsg rule show -g "$rg" --nsg-name "$nsg" -n "$rule" &>/dev/null; then
+    echo "[OK] Verified NSG rule $rule exists in $nsg."
+  else
+    echo "[ERROR] NSG rule $rule not found in $nsg!" >&2
+    exit 1
+  fi
+}
+
+verify_subnet_nsg_association() {
+  local rg="$1"; local vnet="$2"; local subnet="$3"; local nsg="$4"
+  echo "==> Verifying NSG association on subnet $subnet..."
+  local associated_nsg
+  associated_nsg=$(az network vnet subnet show -g "$rg" --vnet-name "$vnet" -n "$subnet" --query "networkSecurityGroup.id" -o tsv 2>/dev/null || echo "")
+  if [[ "$associated_nsg" == *"$nsg"* ]]; then
+    echo "[OK] Verified subnet $subnet is associated with NSG $nsg."
+  else
+    echo "[ERROR] Subnet $subnet is NOT associated with NSG $nsg!" >&2
+    exit 1
+  fi
+}
+
+# -------------------------------
+#  1. Create NSG
+# -------------------------------
 echo "==> Creating Network Security Group: $NSG_NAME"
 az network nsg create -g "$RG" -n "$NSG_NAME" -l "$LOCATION" --output none \
   && echo "[OK] NSG '$NSG_NAME' created."
+verify_nsg "$RG" "$NSG_NAME"
 
+# -------------------------------
+#  2. Create NSG Rules
+# -------------------------------
 echo "==> Creating NSG rule to DENY traffic from Subnet1 ($SUBNET1_PREFIX) to Subnet2 ($SUBNET2_PREFIX)"
 az network nsg rule create \
   --resource-group "$RG" \
@@ -30,6 +72,8 @@ az network nsg rule create \
   --output none \
   && echo "[OK] Deny rule from Subnet1 → Subnet2 created."
 
+verify_nsg_rule "$RG" "$NSG_NAME" "deny-subnet1-to-subnet2"
+
 echo "==> Creating NSG rule to DENY traffic from Subnet2 ($SUBNET2_PREFIX) to Subnet1 ($SUBNET1_PREFIX)"
 az network nsg rule create \
   --resource-group "$RG" \
@@ -45,19 +89,21 @@ az network nsg rule create \
   --output none \
   && echo "[OK] Deny rule from Subnet2 → Subnet1 created."
 
-az network vnet subnet update \
-  --name s1 \
-  --vnet-name "$VNET_A1" \
-  --resource-group "$RG" \
-  --network-security-group "$NSG_NAME" \
-  --output none
+verify_nsg_rule "$RG" "$NSG_NAME" "deny-subnet2-to-subnet1"
 
-az network vnet subnet update \
-  --name s2 \
-  --vnet-name "$VNET_A1" \
-  --resource-group "$RG" \
-  --network-security-group "$NSG_NAME" \
-  --output none
+# -------------------------------
+#  3. Associate NSG with Subnets
+# -------------------------------
+for SUBNET in s1 s2; do
+  echo "==> Associating NSG $NSG_NAME with subnet $SUBNET"
+  az network vnet subnet update \
+    --name "$SUBNET" \
+    --vnet-name "$VNET_A1" \
+    --resource-group "$RG" \
+    --network-security-group "$NSG_NAME" \
+    --output none
+  verify_subnet_nsg_association "$RG" "$VNET_A1" "$SUBNET" "$NSG_NAME"
+done
 
 echo "NSG '$NSG_NAME' created successfully with bidirectional isolation between Subnet1 and Subnet2."
 
diff --git a/.pipelines/swiftv2-long-running/scripts/create_pe.sh b/.pipelines/swiftv2-long-running/scripts/create_pe.sh
@@ -14,34 +14,62 @@ SUBNET_PE_A1="pe"
 PE_NAME="${SA1_NAME}-pe"
 PRIVATE_DNS_ZONE="privatelink.blob.core.windows.net"
 
+# -------------------------------
+#  Function: Verify Resource Exists
+# -------------------------------
+verify_dns_zone() {
+  local rg="$1"; local zone="$2"
+  echo "==> Verifying Private DNS zone: $zone"
+  if az network private-dns zone show -g "$rg" -n "$zone" &>/dev/null; then
+    echo "[OK] Verified DNS zone $zone exists."
+  else
+    echo "[ERROR] DNS zone $zone not found!" >&2
+    exit 1
+  fi
+}
+
+verify_dns_link() {
+  local rg="$1"; local zone="$2"; local link="$3"
+  echo "==> Verifying DNS link: $link for zone $zone"
+  if az network private-dns link vnet show -g "$rg" --zone-name "$zone" -n "$link" &>/dev/null; then
+    echo "[OK] Verified DNS link $link exists."
+  else
+    echo "[ERROR] DNS link $link not found!" >&2
+    exit 1
+  fi
+}
+
+verify_private_endpoint() {
+  local rg="$1"; local name="$2"
+  echo "==> Verifying Private Endpoint: $name"
+  if az network private-endpoint show -g "$rg" -n "$name" &>/dev/null; then
+    echo "[OK] Verified Private Endpoint $name exists."
+  else
+    echo "[ERROR] Private Endpoint $name not found!" >&2
+    exit 1
+  fi
+}
+
 # 1. Create Private DNS zone
 echo "==> Creating Private DNS zone: $PRIVATE_DNS_ZONE"
 az network private-dns zone create -g "$RG" -n "$PRIVATE_DNS_ZONE" --output none \
   && echo "[OK] DNS zone $PRIVATE_DNS_ZONE created."
 
-# 2. Link DNS zone to VNet
-echo "==> Linking DNS zone $PRIVATE_DNS_ZONE to VNet $VNET_A1"
-az network private-dns link vnet create \
-  -g "$RG" -n "${VNET_A1}-link" \
-  --zone-name "$PRIVATE_DNS_ZONE" \
-  --virtual-network "$VNET_A1" \
-  --registration-enabled false \
-  && echo "[OK] Linked DNS zone to $VNET_A1."
-
-az network private-dns link vnet create \
-  -g "$RG" -n "${VNET_A2}-link" \
-  --zone-name "$PRIVATE_DNS_ZONE" \
-  --virtual-network "$VNET_A2" \
-  --registration-enabled false \
-  && echo "[OK] Linked DNS zone to $VNET_A2."
-
-az network private-dns link vnet create \
-  -g "$RG" -n "${VNET_A3}-link" \
-  --zone-name "$PRIVATE_DNS_ZONE" \
-  --virtual-network "$VNET_A3" \
-  --registration-enabled false \
-  && echo "[OK] Linked DNS zone to $VNET_A3."
+verify_dns_zone "$RG" "$PRIVATE_DNS_ZONE"
 
+# 2. Link DNS zone to VNet
+for VNET in "$VNET_A1" "$VNET_A2" "$VNET_A3"; do
+  LINK_NAME="${VNET}-link"
+  echo "==> Linking DNS zone $PRIVATE_DNS_ZONE to VNet $VNET"
+  az network private-dns link vnet create \
+    -g "$RG" -n "$LINK_NAME" \
+    --zone-name "$PRIVATE_DNS_ZONE" \
+    --virtual-network "$VNET" \
+    --registration-enabled false \
+    --output none \
+    && echo "[OK] Linked DNS zone to $VNET."
+  verify_dns_link "$RG" "$PRIVATE_DNS_ZONE" "$LINK_NAME"
+done
 
 # 3. Create Private Endpoint
 echo "==> Creating Private Endpoint for Storage Account: $SA1_NAME"
@@ -54,3 +82,6 @@ az network private-endpoint create \
   --connection-name "${PE_NAME}-conn" \
   --output none \
   && echo "[OK] Private Endpoint $PE_NAME created for $SA1_NAME."
+verify_private_endpoint "$RG" "$PE_NAME"
+
+echo "All Private DNS and Endpoint resources created and verified successfully."
diff --git a/.pipelines/swiftv2-long-running/scripts/create_peerings.sh b/.pipelines/swiftv2-long-running/scripts/create_peerings.sh
@@ -8,16 +8,31 @@ VNET_A2="cx_vnet_a2"
 VNET_A3="cx_vnet_a3"
 VNET_B1="cx_vnet_b1"
 
+verify_peering() {
+  local rg="$1"; local vnet="$2"; local peering="$3"
+  echo "==> Verifying peering $peering on $vnet..."
+  if az network vnet peering show -g "$rg" --vnet-name "$vnet" -n "$peering" --query "peeringState" -o tsv | grep -q "Connected"; then
+    echo "[OK] Peering $peering on $vnet is Connected."
+  else
+    echo "[ERROR] Peering $peering on $vnet not found or not Connected!" >&2
+    exit 1
+  fi
+}
+
 peer_two_vnets() {
   local rg="$1"; local v1="$2"; local v2="$3"; local name12="$4"; local name21="$5"
   echo "==> Peering $v1 <-> $v2"
   az network vnet peering create -g "$rg" -n "$name12" --vnet-name "$v1" --remote-vnet "$v2" --allow-vnet-access --output none \
     && echo "Created peering $name12"
   az network vnet peering create -g "$rg" -n "$name21" --vnet-name "$v2" --remote-vnet "$v1" --allow-vnet-access --output none \
     && echo "Created peering $name21"
+
+  # Verify both peerings are active
+  verify_peering "$rg" "$v1" "$name12"
+  verify_peering "$rg" "$v2" "$name21"
 }
 
 peer_two_vnets "$RG" "$VNET_A1" "$VNET_A2" "A1-to-A2" "A2-to-A1"
 peer_two_vnets "$RG" "$VNET_A2" "$VNET_A3" "A2-to-A3" "A3-to-A2"
 peer_two_vnets "$RG" "$VNET_A1" "$VNET_A3" "A1-to-A3" "A3-to-A1"
-echo "VNet peerings created successfully."
+echo "All VNet peerings created and verified successfully."
diff --git a/.pipelines/swiftv2-long-running/scripts/create_storage.sh b/.pipelines/swiftv2-long-running/scripts/create_storage.sh
@@ -30,7 +30,17 @@ for SA in "$SA1" "$SA2"; do
   && echo "Storage account $SA created successfully."
 done
 
-echo "All storage accounts created successfully."
+# Verify creation success
+  echo "==> Verifying storage account $SA exists..."
+  if az storage account show --name "$SA" --resource-group "$RG" &>/dev/null; then
+    echo "[OK] Storage account $SA verified successfully."
+  else
+    echo "[ERROR] Storage account $SA not found after creation!" >&2
+    exit 1
+  fi
+done
+
+echo "All storage accounts created and verified successfully."
 
 # Set pipeline output variables
 set +x
diff --git a/.pipelines/swiftv2-long-running/scripts/create_vnets.sh b/.pipelines/swiftv2-long-running/scripts/create_vnets.sh
@@ -24,24 +24,61 @@ A3_MAIN="10.12.1.0/24"
 
 B1_MAIN="10.20.1.0/24"
 
+# -------------------------------
+# Verification functions
+# -------------------------------
+verify_vnet() {
+  local rg="$1"; local vnet="$2"
+  echo "==> Verifying VNet: $vnet"
+  if az network vnet show -g "$rg" -n "$vnet" &>/dev/null; then
+    echo "[OK] Verified VNet $vnet exists."
+  else
+    echo "[ERROR] VNet $vnet not found!" >&2
+    exit 1
+  fi
+}
+
+verify_subnet() {
+  local rg="$1"; local vnet="$2"; local subnet="$3"
+  echo "==> Verifying subnet: $subnet in $vnet"
+  if az network vnet subnet show -g "$rg" --vnet-name "$vnet" -n "$subnet" &>/dev/null; then
+    echo "[OK] Verified subnet $subnet exists in $vnet."
+  else
+    echo "[ERROR] Subnet $subnet not found in $vnet!" >&2
+    exit 1
+  fi
+}
+
+# -------------------------------
+#  Create VNets and Subnets
+# -------------------------------
 # A1
 az network vnet create -g "$RG" -n "$VNET_A1" --address-prefix 10.10.0.0/16 --subnet-name s1 --subnet-prefix "$A1_S1" -l "$LOCATION" --output none \
  && echo "Created $VNET_A1 with subnet s1"
 az network vnet subnet create -g "$RG" --vnet-name "$VNET_A1" -n s2 --address-prefix "$A1_S2" --output none \
  && echo "Created $VNET_A1 with subnet s2"
 az network vnet subnet create -g "$RG" --vnet-name "$VNET_A1" -n pe --address-prefix "$A1_PE" --output none \
  && echo "Created $VNET_A1 with subnet pe"
+# Verify A1
+verify_vnet "$RG" "$VNET_A1"
+for sn in s1 s2 pe; do verify_subnet "$RG" "$VNET_A1" "$sn"; done
 
 # A2
 az network vnet create -g "$RG" -n "$VNET_A2" --address-prefix 10.11.0.0/16 --subnet-name s1 --subnet-prefix "$A2_MAIN" -l "$LOCATION" --output none \
  && echo "Created $VNET_A2 with subnet s1"
+verify_vnet "$RG" "$VNET_A2"
+verify_subnet "$RG" "$VNET_A2" "s1"
 
 # A3
 az network vnet create -g "$RG" -n "$VNET_A3" --address-prefix 10.12.0.0/16 --subnet-name s1 --subnet-prefix "$A3_MAIN" -l "$LOCATION" --output none \
  && echo "Created $VNET_A3 with subnet s1"
+verify_vnet "$RG" "$VNET_A3"
+verify_subnet "$RG" "$VNET_A3" "s1"
 
 # B1
 az network vnet create -g "$RG" -n "$VNET_B1" --address-prefix 10.20.0.0/16 --subnet-name s1 --subnet-prefix "$B1_MAIN" -l "$LOCATION" --output none \
  && echo "Created $VNET_B1 with subnet s1"
+verify_vnet "$RG" "$VNET_B1"
+verify_subnet "$RG" "$VNET_B1" "s1"
 
-echo "All VNets and subnets created successfully."
+echo " All VNets and subnets created and verified successfully."
