search

azurenoops / ref-scca-enclave-landing-zone-starter

A reference implementation of an SCCA-compliant Mission Enclave landing zone that supports running Azure PaaS services using Azure NoOps.
2 stars 7 forks source link

TEST CASE - Deploy LZ Starter to MAC, Single Subscription, using Terraform CLI, Local State Storage #38

Closed timothymeyers closed 2 months ago

timothymeyers commented 11 months ago

This issue is a test case for landing zone starter deployment.

This issue is for a: (mark with an x)

- [ ] bug report -> please search issues before submitting
- [X] test case
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Test steps

  1. (Optionally) Create a branch (or Fork) for testing
  2. Clone repository to your local computer (or into a Codespace)
  3. cd <cloned-dir>/infrastructure/terraform
  4. cp tfvars/parameters.tfvars .
  5. terraform version (should be version >= 1.4.6)
  6. Authenticate Terraform with Azure
  7. terraform init
  8. terraform plan -out test.plan
  9. terraform apply -f test.plan

Expected Results:

  1. Local Terraform State - terraform.tfstate
  2. Landing Zone RGs in separate subscriptions - assumes location is usgovirginia (usgva) a. anoa-usgva-alerting-dev-rg b. anoa-usgva-devsecops-dev-rg c. anoa-usgva-hub-core-dev-rg d. anoa-usgva-id-dev-rg e. anoa-usgva-ops-dev-rg f. anoa-usgva-ops-mgt-logging-dev-rg
  3. Check for AZ firewall at premium level in anoa-usgva-hub-core-dev-rg
  4. Check if there is a Log Analytics workspace in anoa-usgva-ops-mgt-logging-dev-rg
  5. Check if there is a Activity log alert rule in the anoa-usgva-alerting-dev-rg
  6. Check if there is a vnet, subnet and nsg in all the resource groups
  7. Check if Force Tunneling is in each management spoke resource groups

Other helpful details

cheruvu1 commented 7 months ago

I finished testing and was able to deploy to Commercial Cloud. After running the 2nd time, the error was gone.

Error: Error: waiting for Virtual Network Peering: (Name "peering-id-spoke-to-amgnoops-eus-hub-core-dev-vnet" / Virtual Network Name "amgnoops-eus-id-dev-vnet" / Resource Group "amgnoops-eus-id-dev-rg") to be created: network.VirtualNetworkPeeringsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="ReferencedResourceNotProvisioned" Message="Cannot proceed with operation because resource /subscriptions/95a39e6c-6307-4d46-822f-8cd01c623bb5/resourceGroups/amgnoops-eus-id-dev-rg/providers/Microsoft.Network/virtualNetworks/amgnoops-eus-id-dev-vnet used by resource /subscriptions/95a39e6c-6307-4d46-822f-8cd01c623bb5/resourceGroups/amgnoops-eus-id-dev-rg/providers/Microsoft.Network/virtualNetworks/amgnoops-eus-id-dev-vnet/virtualNetworkPeerings/peering-id-spoke-to-amgnoops-eus-hub-core-dev-vnet is not in Succeeded state. Resource is in Updating state and the last operation that updated/is updating the resource is PutSubnetOperation." Details=[] │ │ with module.mod_id_network.azurerm_virtual_network_peering.spoke_to_hub, │ on .terraform/modules/mod_id_network/resources.management.spoke.peering.tf line 9, in resource "azurerm_virtual_network_peering" "spoke_to_hub": │ 9: resource "azurerm_virtual_network_peering" "spoke_to_hub" {