From aff2623c16b3ed65796d13065d4e814cf1206613 Mon Sep 17 00:00:00 2001 From: dillanb-hashi Date: Wed, 6 May 2026 07:59:28 -0700 Subject: [PATCH] chore(e2e): create multiple users in windows domain (#6675) * chore(e2e): create multiple users in windows domain --- enos/enos-scenario-e2e-aws-rdp-base.hcl | 5 ++ enos/enos-variables.hcl | 6 ++ enos/enos.vars.hcl | 4 + .../modules/aws_rdp_domain_controller/main.tf | 26 ++++++ .../aws_rdp_domain_controller/outputs.tf | 8 ++ .../scripts/create_users.ps1 | 79 +++++++++++++++++++ .../aws_rdp_domain_controller/variables.tf | 23 ++++++ 7 files changed, 151 insertions(+) create mode 100644 enos/modules/aws_rdp_domain_controller/scripts/create_users.ps1 diff --git a/enos/enos-scenario-e2e-aws-rdp-base.hcl b/enos/enos-scenario-e2e-aws-rdp-base.hcl index 91197434d8..a5dd8e1946 100644 --- a/enos/enos-scenario-e2e-aws-rdp-base.hcl +++ b/enos/enos-scenario-e2e-aws-rdp-base.hcl @@ -193,6 +193,7 @@ scenario "e2e_aws_rdp_base" { vpc_id = step.create_base_infra.vpc_id server_version = matrix.rdp_server == "2016" ? "2019" : matrix.rdp_server ip_version = local.ip_version + extra_users = var.extra_windows_users } } @@ -468,4 +469,8 @@ scenario "e2e_aws_rdp_base" { output "aws_ssh_key_path" { value = step.generate_ssh_key.private_key_path } + + output "rdp_domain_users" { + value = step.create_rdp_domain_controller.rdp_domain_users + } } diff --git a/enos/enos-variables.hcl b/enos/enos-variables.hcl index 016184d5a0..61e7e3fbd5 100644 --- a/enos/enos-variables.hcl +++ b/enos/enos-variables.hcl @@ -268,3 +268,9 @@ variable "is_ci" { type = bool default = false } + +variable "extra_windows_users" { + description = "number of extra windows users to create on the ec2 windows client" + type = number + default = 0 +} \ No newline at end of file diff --git a/enos/enos.vars.hcl b/enos/enos.vars.hcl index 93cde1b71e..f071a4604e 100644 --- a/enos/enos.vars.hcl +++ b/enos/enos.vars.hcl @@ -76,6 +76,10 @@ // region where you've got an AWS keypair. Applies to AWS scenarios only. // aws_region = "us-east-1" +// Number of extra users you want to create in RDP scenarios. +// Useful for performance testing. +// extra_windows_users = 0 + // ENTERPRISE ONLY // Path to a license file // boundary_license_path = "./support/boundary.hclic" diff --git a/enos/modules/aws_rdp_domain_controller/main.tf b/enos/modules/aws_rdp_domain_controller/main.tf index 55daef8000..55bc6599a9 100644 --- a/enos/modules/aws_rdp_domain_controller/main.tf +++ b/enos/modules/aws_rdp_domain_controller/main.tf @@ -535,3 +535,29 @@ resource "local_file" "ldaps_script_output" { content = enos_local_exec.run_ldaps_script[0].stdout filename = "${path.root}/.terraform/tmp/setup_ldaps.out" } + +resource "enos_local_exec" "add_create_users_script" { + depends_on = [ + enos_local_exec.make_dir, + ] + count = (var.extra_users > 0 && var.server_version != "2016") ? 1 : 0 + + inline = ["scp -i ${abspath(local_sensitive_file.private_key.filename)} -o IdentitiesOnly=yes -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ${path.module}/scripts/create_users.ps1 Administrator@${aws_instance.domain_controller.public_ip}:${local.test_dir}"] +} + +resource "enos_local_exec" "run_create_users_script" { + depends_on = [ + enos_local_exec.add_create_users_script, + ] + count = (var.extra_users > 0 && var.server_version != "2016") ? 1 : 0 + + inline = ["ssh -i ${abspath(local_sensitive_file.private_key.filename)} -o IdentitiesOnly=yes -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no Administrator@${aws_instance.domain_controller.public_ip} ${local.test_dir}/create_users.ps1 -Count ${var.extra_users} -PasswordPrefix ${var.extra_users_password_base}"] +} + +resource "local_file" "create_users_script_output" { + depends_on = [enos_local_exec.run_create_users_script] + count = (var.extra_users > 0 && var.server_version != "2016") ? 1 : 0 + + content = enos_local_exec.run_create_users_script[0].stdout + filename = "${path.root}/.terraform/tmp/create_users.out" +} \ No newline at end of file diff --git a/enos/modules/aws_rdp_domain_controller/outputs.tf b/enos/modules/aws_rdp_domain_controller/outputs.tf index d8f609e725..afc540a36c 100644 --- a/enos/modules/aws_rdp_domain_controller/outputs.tf +++ b/enos/modules/aws_rdp_domain_controller/outputs.tf @@ -51,3 +51,11 @@ output "vault_ldap_user" { description = "User created for Vault LDAP use" value = local.vault_ldap_user } + +output "rdp_domain_users" { + description = "Extra domain users created for performance testing" + value = [ + for user_number in range(var.extra_users) : + "Username: ${var.extra_users_username_base}${user_number + 1} Password: ${var.extra_users_password_base}${user_number + 1}" + ] +} diff --git a/enos/modules/aws_rdp_domain_controller/scripts/create_users.ps1 b/enos/modules/aws_rdp_domain_controller/scripts/create_users.ps1 new file mode 100644 index 0000000000..7860b7c03e --- /dev/null +++ b/enos/modules/aws_rdp_domain_controller/scripts/create_users.ps1 @@ -0,0 +1,79 @@ +[CmdletBinding()] +param( + [Parameter(Mandatory = $true)] + [ValidateRange(1, 10000)] + [int]$Count, + + [Parameter(Mandatory = $false)] + [ValidateRange(1, 1000000)] + [int]$StartAt = 1, + + [Parameter(Mandatory = $false)] + [ValidateNotNullOrEmpty()] + [string]$UsernamePrefix = "user", + + [Parameter(Mandatory = $false)] + [ValidateNotNullOrEmpty()] + [string]$PasswordPrefix = "p@ssw0rd00!", + + [Parameter(Mandatory = $false)] + [ValidateNotNullOrEmpty()] + [string]$AdminGroupName = "Domain Admins" +) + +$ErrorActionPreference = "Stop" + +Import-Module ActiveDirectory + +$domain = Get-ADDomain +$dnsRoot = $domain.DNSRoot +$createdUsers = 0 + +function Grant-AdminGroupMembership { + param( + [Parameter(Mandatory = $true)] + [string]$SamAccountName + ) + + try { + Add-ADGroupMember -Identity $AdminGroupName -Members $SamAccountName -ErrorAction Stop + Write-Host "Granted domain admin access to user: $SamAccountName" + } + catch { + if ($_.Exception.Message -match "already a member") { + Write-Host "User '$SamAccountName' is already in '$AdminGroupName'." + } + else { + throw + } + } +} + +for ($i = $StartAt; $i -lt ($StartAt + $Count); $i++) { + $username = "$UsernamePrefix$i" + $plainPassword = "$PasswordPrefix$i" + $securePassword = ConvertTo-SecureString $plainPassword -AsPlainText -Force + + $existingUser = Get-ADUser -Filter "SamAccountName -eq '$username'" -ErrorAction SilentlyContinue + if ($existingUser) { + Write-Warning "User '$username' already exists. Skipping." + Grant-AdminGroupMembership -SamAccountName $username + continue + } + + New-ADUser ` + -Name $username ` + -SamAccountName $username ` + -UserPrincipalName "$username@$dnsRoot" ` + -AccountPassword $securePassword ` + -Enabled $true ` + -PasswordNeverExpires $true + + $createdUsers++ + Write-Host "Created user: $username" + + Grant-AdminGroupMembership -SamAccountName $username + +} + +Write-Host "Done. Created $createdUsers user(s)." diff --git a/enos/modules/aws_rdp_domain_controller/variables.tf b/enos/modules/aws_rdp_domain_controller/variables.tf index 1c22e7bc48..ee25acb368 100644 --- a/enos/modules/aws_rdp_domain_controller/variables.tf +++ b/enos/modules/aws_rdp_domain_controller/variables.tf @@ -6,6 +6,29 @@ variable "vpc_id" { description = "Id of VPC to add additional infra resources to." } +variable "extra_users" { + type = number + description = "Number of additional domain users to be created" + default = 0 + + validation { + condition = var.extra_users >= 0 && floor(var.extra_users) == var.extra_users + error_message = "extra_users must be a whole number greater than or equal to 0." + } +} + +variable "extra_users_password_base" { + type = string + description = "base of password for the extra users" + default = "p@ssw0rd00!" +} + +variable "extra_users_username_base" { + type = string + description = "base of username for the extra users" + default = "user" +} + # ================================================================= # ec2 instance configuration # =================================================================