From 368f5670f9c19910ee012bc202b2b5b386851214 Mon Sep 17 00:00:00 2001
From: hc-github-team-secure-boundary
 <82989682+hc-github-team-secure-boundary@users.noreply.github.com>
Date: Fri, 30 Jan 2026 15:02:48 -0500
Subject: [PATCH] Backport of fix(e2e): Worker not available error in RDP tests
 into release/0.21.x (#6389)

* backport of commit 2e221ca5e56a6e68f3998233f7d7681e9e272028

* backport of commit b5919db7d63ef0da6227e13dc52ce1be5f92da3f

---------

Co-authored-by: Michael Li <michael.li@hashicorp.com>
---
 enos/enos-scenario-e2e-aws-rdp-base.hcl           |  1 +
 enos/modules/aws_rdp_domain_controller/main.tf    |  2 +-
 enos/modules/aws_rdp_member_server/main.tf        |  2 +-
 .../aws_rdp_member_server_with_worker/main.tf     | 15 +++++++++++++--
 enos/modules/aws_windows_client/main.tf           |  2 +-
 5 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/enos/enos-scenario-e2e-aws-rdp-base.hcl b/enos/enos-scenario-e2e-aws-rdp-base.hcl
index 2360c36a59..432313bcfa 100644
--- a/enos/enos-scenario-e2e-aws-rdp-base.hcl
+++ b/enos/enos-scenario-e2e-aws-rdp-base.hcl
@@ -290,6 +290,7 @@ scenario "e2e_aws_rdp_base" {
       step.create_boundary_cluster,
       step.create_rdp_domain_controller,
       step.create_rdp_member_server,
+      step.create_windows_worker,
       step.create_bucket
     ]
 
diff --git a/enos/modules/aws_rdp_domain_controller/main.tf b/enos/modules/aws_rdp_domain_controller/main.tf
index 2df649b0e0..053e00f5aa 100644
--- a/enos/modules/aws_rdp_domain_controller/main.tf
+++ b/enos/modules/aws_rdp_domain_controller/main.tf
@@ -478,7 +478,7 @@ resource "time_sleep" "wait_for_reboot" {
 resource "enos_local_exec" "wait_for_ssh" {
   depends_on = [time_sleep.wait_for_reboot]
   count      = var.server_version != "2016" ? 1 : 0
-  inline     = ["timeout 600s bash -c 'until ssh -i ${abspath(local_sensitive_file.private_key.filename)} -o BatchMode=Yes -o IdentitiesOnly=yes -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no Administrator@${aws_instance.domain_controller.public_ip} \"echo ready\"; do sleep 10; done'"]
+  inline     = ["timeout 600s bash -c 'until ssh -i ${abspath(local_sensitive_file.private_key.filename)} -o BatchMode=Yes -o IdentitiesOnly=yes -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ConnectTimeout=5 Administrator@${aws_instance.domain_controller.public_ip} \"echo ready\"; do sleep 10; done'"]
 }
 
 locals {
diff --git a/enos/modules/aws_rdp_member_server/main.tf b/enos/modules/aws_rdp_member_server/main.tf
index 03230410f1..bfc5299d5a 100644
--- a/enos/modules/aws_rdp_member_server/main.tf
+++ b/enos/modules/aws_rdp_member_server/main.tf
@@ -282,7 +282,7 @@ resource "time_sleep" "wait_5_minutes" {
 resource "enos_local_exec" "wait_for_ssh" {
   count      = var.server_version != "2016" ? 1 : 0
   depends_on = [time_sleep.wait_5_minutes]
-  inline     = ["timeout 600s bash -c 'until ssh -i ${local.private_key} -o BatchMode=Yes -o IdentitiesOnly=yes -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no Administrator@${aws_instance.member_server.public_ip} \"echo ready\"; do sleep 10; done'"]
+  inline     = ["timeout 600s bash -c 'until ssh -i ${local.private_key} -o BatchMode=Yes -o IdentitiesOnly=yes -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ConnectTimeout=5 Administrator@${aws_instance.member_server.public_ip} \"echo ready\"; do sleep 10; done'"]
 }
 
 # Retrieve the domain hostname of the member server, which will be used in
diff --git a/enos/modules/aws_rdp_member_server_with_worker/main.tf b/enos/modules/aws_rdp_member_server_with_worker/main.tf
index 525a02f7a3..cd62857bbe 100644
--- a/enos/modules/aws_rdp_member_server_with_worker/main.tf
+++ b/enos/modules/aws_rdp_member_server_with_worker/main.tf
@@ -291,7 +291,7 @@ resource "enos_local_exec" "wait_for_ssh" {
   depends_on = [
     aws_instance.worker,
   ]
-  inline = ["timeout 600s bash -c 'until ssh -i ${local.private_key} -o BatchMode=Yes -o IdentitiesOnly=yes -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no Administrator@${aws_instance.worker.public_ip} \"echo ready\"; do sleep 10; done'"]
+  inline = ["timeout 600s bash -c 'until ssh -i ${local.private_key} -o BatchMode=Yes -o IdentitiesOnly=yes -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ConnectTimeout=5 Administrator@${aws_instance.worker.public_ip} \"echo ready\"; do sleep 10; done'"]
 }
 
 resource "enos_local_exec" "make_dir" {
@@ -373,7 +373,7 @@ resource "enos_local_exec" "run_powershell_script" {
   inline = ["ssh -i ${local.private_key} -o IdentitiesOnly=yes -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no Administrator@${aws_instance.worker.public_ip} ${local.test_dir}/${basename(local_file.powershell_script.filename)}"]
 }
 
-resource "time_sleep" "wait_2_minutes" {
+resource "time_sleep" "wait_for_instance_reboot_in_script" {
   depends_on      = [enos_local_exec.run_powershell_script]
   create_duration = "2m"
 }
@@ -384,3 +384,14 @@ resource "local_file" "powershell_script_output" {
   content    = enos_local_exec.run_powershell_script.stdout
   filename   = "${path.root}/.terraform/tmp/setup_worker.out"
 }
+
+resource "enos_local_exec" "wait_for_worker" {
+  depends_on = [time_sleep.wait_for_instance_reboot_in_script]
+  inline     = ["timeout 600s bash -c 'until ssh -i ${local.private_key} -o BatchMode=Yes -o IdentitiesOnly=yes -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no Administrator@${aws_instance.worker.public_ip} \"if (-not (Test-Path C:/Test/worker.out)) { exit 1 }\"; do sleep 10; done'"]
+}
+
+data "aws_instance" "instance_password" {
+  depends_on        = [enos_local_exec.wait_for_worker]
+  instance_id       = aws_instance.worker.id
+  get_password_data = true
+}
diff --git a/enos/modules/aws_windows_client/main.tf b/enos/modules/aws_windows_client/main.tf
index 2a019cf19f..cea7657e65 100644
--- a/enos/modules/aws_windows_client/main.tf
+++ b/enos/modules/aws_windows_client/main.tf
@@ -311,7 +311,7 @@ resource "local_sensitive_file" "private_key" {
 # can just SSH using the private key
 resource "enos_local_exec" "wait_for_ssh" {
   depends_on = [aws_instance.client]
-  inline     = ["timeout 600s bash -c 'until ssh -i ${abspath(local_sensitive_file.private_key.filename)} -o BatchMode=Yes -o IdentitiesOnly=yes -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no Administrator@${aws_instance.client.public_ip} \"echo ready\"; do sleep 10; done'"]
+  inline     = ["timeout 600s bash -c 'until ssh -i ${abspath(local_sensitive_file.private_key.filename)} -o BatchMode=Yes -o IdentitiesOnly=yes -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ConnectTimeout=5 Administrator@${aws_instance.client.public_ip} \"echo ready\"; do sleep 10; done'"]
 }
 
 resource "enos_local_exec" "get_go_version" {