test(e2e): update rdp enos modules to wait for pw (#6373)

3 months ago · 36d91b0086
parent 3e3ecd59c9
commit 36d91b0086
8 changed files with 29 additions and 12 deletions
--- a/enos/modules/aws_rdp_domain_controller/main.tf
+++ b/enos/modules/aws_rdp_domain_controller/main.tf
@ -452,8 +452,6 @@ resource "aws_instance" "domain_controller" {
    http_tokens            = "required"
    instance_metadata_tags = "enabled"
  }
-  get_password_data = true
-
  tags = {
    Name = "${var.prefix}-domain-controller-${local.username}"
  }
@ -472,6 +470,12 @@ resource "time_sleep" "wait_for_reboot" {
  create_duration = "20m"
 }

+data "aws_instance" "instance_password" {
+  depends_on        = [time_sleep.wait_10_minutes]
+  instance_id       = aws_instance.domain_controller.id
+  get_password_data = true
+}
+
 # wait for the SSH service to be available on the instance. We specifically use
 # BatchMode=Yes to prevent SSH from prompting for a password to ensure that we
 # can just SSH using the private key
--- a/enos/modules/aws_rdp_domain_controller/outputs.tf
+++ b/enos/modules/aws_rdp_domain_controller/outputs.tf
@ -24,8 +24,7 @@ output "admin_username" {

 output "password" {
  description = "This is the decrypted administrator password for the EC2 instance"
-  value       = nonsensitive(rsadecrypt(aws_instance.domain_controller.password_data, tls_private_key.rsa_4096_key.private_key_pem))
-
+  value       = nonsensitive(rsadecrypt(data.aws_instance.instance_password.password_data, tls_private_key.rsa_4096_key.private_key_pem))
 }

 output "ssh_private_key" {
--- a/enos/modules/aws_rdp_member_server/main.tf
+++ b/enos/modules/aws_rdp_member_server/main.tf
@ -260,7 +260,6 @@ ${var.domain_admin_password}
    http_tokens            = "required"
    instance_metadata_tags = "enabled"
  }
-  get_password_data = true

  tags = {
    Name = "${var.prefix}-rdp-member-server-${local.username}"
@ -276,6 +275,12 @@ resource "time_sleep" "wait_5_minutes" {
  create_duration = "5m"
 }

+data "aws_instance" "instance_password" {
+  depends_on        = [time_sleep.wait_5_minutes]
+  instance_id       = aws_instance.member_server.id
+  get_password_data = true
+}
+
 # wait for the SSH service to be available on the instance. We specifically use
 # BatchMode=Yes to prevent SSH from prompting for a password to ensure that we
 # can just SSH using the private key
--- a/enos/modules/aws_rdp_member_server/outputs.tf
+++ b/enos/modules/aws_rdp_member_server/outputs.tf
@ -25,8 +25,7 @@ output "admin_username" {

 output "password" {
  description = "This is the decrypted administrator password for the EC2 instance"
-  value       = nonsensitive(rsadecrypt(aws_instance.member_server.password_data, file(var.domain_controller_private_key)))
-
+  value       = nonsensitive(rsadecrypt(data.aws_instance.instance_password.password_data, file(var.domain_controller_private_key)))
 }

 output "domain_hostname" {
--- a/enos/modules/aws_rdp_member_server_with_worker/main.tf
+++ b/enos/modules/aws_rdp_member_server_with_worker/main.tf
@ -273,7 +273,6 @@ ${var.domain_admin_password}
    http_tokens            = "required"
    instance_metadata_tags = "enabled"
  }
-  get_password_data = true

  tags = {
    Name = "${var.prefix}-windows-worker-${local.username}"
@ -378,6 +377,12 @@ resource "time_sleep" "wait_2_minutes" {
  create_duration = "2m"
 }

+data "aws_instance" "instance_password" {
+  depends_on        = [time_sleep.wait_2_minutes]
+  instance_id       = aws_instance.worker.id
+  get_password_data = true
+}
+
 # used for debug
 resource "local_file" "powershell_script_output" {
  depends_on = [enos_local_exec.run_powershell_script]
--- a/enos/modules/aws_rdp_member_server_with_worker/outputs.tf
+++ b/enos/modules/aws_rdp_member_server_with_worker/outputs.tf
@ -26,5 +26,5 @@ output "admin_username" {
 // This is the decrypted administrator password for the EC2 instance
 output "admin_password" {
  description = "Decrpted admin password for the EC2 instance"
-  value       = nonsensitive(rsadecrypt(aws_instance.worker.password_data, file(var.domain_controller_private_key)))
-}
+  value       = nonsensitive(rsadecrypt(data.aws_instance.instance_password.password_data, file(var.domain_controller_private_key)))
+}
--- a/enos/modules/aws_windows_client/main.tf
+++ b/enos/modules/aws_windows_client/main.tf
@ -286,7 +286,6 @@ resource "aws_instance" "client" {
    http_tokens            = "required"
    instance_metadata_tags = "enabled"
  }
-  get_password_data = true

  tags = {
    Name = "${var.prefix}-windows-client-${local.username}"
@ -405,3 +404,9 @@ resource "local_file" "powershell_script_output" {
  content    = enos_local_exec.run_powershell_script[0].stdout
  filename   = "${path.root}/.terraform/tmp/setup_windows_client.out"
 }
+
+data "aws_instance" "instance_password" {
+  depends_on        = [enos_local_exec.run_powershell_script]
+  instance_id       = aws_instance.client.id
+  get_password_data = true
+}
--- a/enos/modules/aws_windows_client/outputs.tf
+++ b/enos/modules/aws_windows_client/outputs.tf
@ -26,7 +26,7 @@ output "admin_username" {
 // This is the decrypted administrator password for the EC2 instance
 output "admin_password" {
  description = "The password for the administrator account"
-  value       = nonsensitive(rsadecrypt(aws_instance.client.password_data, tls_private_key.rsa-4096-key.private_key_pem))
+  value       = nonsensitive(rsadecrypt(data.aws_instance.instance_password.password_data, tls_private_key.rsa-4096-key.private_key_pem))
 }

 output "test_username" {