chore(e2e): create multiple users in windows domain (#6675)

* chore(e2e): create multiple users in windows domain
2 weeks ago · aff2623c16
parent c2eca9ab3d
commit aff2623c16
7 changed files with 151 additions and 0 deletions
--- a/enos/enos-scenario-e2e-aws-rdp-base.hcl
+++ b/enos/enos-scenario-e2e-aws-rdp-base.hcl
@ -193,6 +193,7 @@ scenario "e2e_aws_rdp_base" {
      vpc_id         = step.create_base_infra.vpc_id
      server_version = matrix.rdp_server == "2016" ? "2019" : matrix.rdp_server
      ip_version     = local.ip_version
+      extra_users    = var.extra_windows_users
    }
  }

@ -468,4 +469,8 @@ scenario "e2e_aws_rdp_base" {
  output "aws_ssh_key_path" {
    value = step.generate_ssh_key.private_key_path
  }
+
+  output "rdp_domain_users" {
+    value = step.create_rdp_domain_controller.rdp_domain_users
+  }
 }
--- a/enos/enos-variables.hcl
+++ b/enos/enos-variables.hcl
@ -268,3 +268,9 @@ variable "is_ci" {
  type        = bool
  default     = false
 }
+
+variable "extra_windows_users" {
+  description = "number of extra windows users to create on the ec2 windows client"
+  type        = number
+  default     = 0
+}
--- a/enos/enos.vars.hcl
+++ b/enos/enos.vars.hcl
@ -76,6 +76,10 @@
 // region where you've got an AWS keypair. Applies to AWS scenarios only.
 // aws_region = "us-east-1"

+// Number of extra users you want to create in RDP scenarios.
+// Useful for performance testing.
+// extra_windows_users = 0
+
 // ENTERPRISE ONLY
 // Path to a license file
 // boundary_license_path = "./support/boundary.hclic"
--- a/enos/modules/aws_rdp_domain_controller/main.tf
+++ b/enos/modules/aws_rdp_domain_controller/main.tf
@ -535,3 +535,29 @@ resource "local_file" "ldaps_script_output" {
  content    = enos_local_exec.run_ldaps_script[0].stdout
  filename   = "${path.root}/.terraform/tmp/setup_ldaps.out"
 }
+
+resource "enos_local_exec" "add_create_users_script" {
+  depends_on = [
+    enos_local_exec.make_dir,
+  ]
+  count = (var.extra_users > 0 && var.server_version != "2016") ? 1 : 0
+
+  inline = ["scp -i ${abspath(local_sensitive_file.private_key.filename)} -o IdentitiesOnly=yes -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ${path.module}/scripts/create_users.ps1 Administrator@${aws_instance.domain_controller.public_ip}:${local.test_dir}"]
+}
+
+resource "enos_local_exec" "run_create_users_script" {
+  depends_on = [
+    enos_local_exec.add_create_users_script,
+  ]
+  count = (var.extra_users > 0 && var.server_version != "2016") ? 1 : 0
+
+  inline = ["ssh -i ${abspath(local_sensitive_file.private_key.filename)} -o IdentitiesOnly=yes -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no Administrator@${aws_instance.domain_controller.public_ip} ${local.test_dir}/create_users.ps1 -Count ${var.extra_users} -PasswordPrefix ${var.extra_users_password_base}"]
+}
+
+resource "local_file" "create_users_script_output" {
+  depends_on = [enos_local_exec.run_create_users_script]
+  count      = (var.extra_users > 0 && var.server_version != "2016") ? 1 : 0
+
+  content  = enos_local_exec.run_create_users_script[0].stdout
+  filename = "${path.root}/.terraform/tmp/create_users.out"
+}
--- a/enos/modules/aws_rdp_domain_controller/outputs.tf
+++ b/enos/modules/aws_rdp_domain_controller/outputs.tf
@ -51,3 +51,11 @@ output "vault_ldap_user" {
  description = "User created for Vault LDAP use"
  value       = local.vault_ldap_user
 }
+
+output "rdp_domain_users" {
+  description = "Extra domain users created for performance testing"
+  value = [
+    for user_number in range(var.extra_users) :
+    "Username: ${var.extra_users_username_base}${user_number + 1} Password: ${var.extra_users_password_base}${user_number + 1}"
+  ]
+}
--- a/enos/modules/aws_rdp_domain_controller/scripts/create_users.ps1
+++ b/enos/modules/aws_rdp_domain_controller/scripts/create_users.ps1
@ -0,0 +1,79 @@
+[CmdletBinding()]
+param(
+	[Parameter(Mandatory = $true)]
+	[ValidateRange(1, 10000)]
+	[int]$Count,
+
+	[Parameter(Mandatory = $false)]
+	[ValidateRange(1, 1000000)]
+	[int]$StartAt = 1,
+
+	[Parameter(Mandatory = $false)]
+	[ValidateNotNullOrEmpty()]
+	[string]$UsernamePrefix = "user",
+
+	[Parameter(Mandatory = $false)]
+	[ValidateNotNullOrEmpty()]
+	[string]$PasswordPrefix = "p@ssw0rd00!",
+
+	[Parameter(Mandatory = $false)]
+	[ValidateNotNullOrEmpty()]
+	[string]$AdminGroupName = "Domain Admins"
+)
+
+$ErrorActionPreference = "Stop"
+
+Import-Module ActiveDirectory
+
+$domain = Get-ADDomain
+$dnsRoot = $domain.DNSRoot
+$createdUsers = 0
+
+function Grant-AdminGroupMembership {
+	param(
+		[Parameter(Mandatory = $true)]
+		[string]$SamAccountName
+	)
+
+	try {
+		Add-ADGroupMember -Identity $AdminGroupName -Members $SamAccountName -ErrorAction Stop
+		Write-Host "Granted domain admin access to user: $SamAccountName"
+	}
+	catch {
+		if ($_.Exception.Message -match "already a member") {
+			Write-Host "User '$SamAccountName' is already in '$AdminGroupName'."
+		}
+		else {
+			throw
+		}
+	}
+}
+
+for ($i = $StartAt; $i -lt ($StartAt + $Count); $i++) {
+	$username = "$UsernamePrefix$i"
+	$plainPassword = "$PasswordPrefix$i"
+	$securePassword = ConvertTo-SecureString $plainPassword -AsPlainText -Force
+
+	$existingUser = Get-ADUser -Filter "SamAccountName -eq '$username'" -ErrorAction SilentlyContinue
+	if ($existingUser) {
+		Write-Warning "User '$username' already exists. Skipping."
+		Grant-AdminGroupMembership -SamAccountName $username
+		continue
+	}
+
+	New-ADUser `
+		-Name $username `
+		-SamAccountName $username `
+		-UserPrincipalName "$username@$dnsRoot" `
+		-AccountPassword $securePassword `
+		-Enabled $true `
+		-PasswordNeverExpires $true
+
+	$createdUsers++
+	Write-Host "Created user: $username"
+
+	Grant-AdminGroupMembership -SamAccountName $username
+
+}
+
+Write-Host "Done. Created $createdUsers user(s)."
--- a/enos/modules/aws_rdp_domain_controller/variables.tf
+++ b/enos/modules/aws_rdp_domain_controller/variables.tf
@ -6,6 +6,29 @@ variable "vpc_id" {
  description = "Id of VPC to add additional infra resources to."
 }

+variable "extra_users" {
+  type        = number
+  description = "Number of additional domain users to be created"
+  default     = 0
+
+  validation {
+    condition     = var.extra_users >= 0 && floor(var.extra_users) == var.extra_users
+    error_message = "extra_users must be a whole number greater than or equal to 0."
+  }
+}
+
+variable "extra_users_password_base" {
+  type        = string
+  description = "base of password for the extra users"
+  default     = "p@ssw0rd00!"
+}
+
+variable "extra_users_username_base" {
+  type        = string
+  description = "base of username for the extra users"
+  default     = "user"
+}
+
 # =================================================================
 # ec2 instance configuration
 # =================================================================