Update Runner's Secrets Resolver for AWS Secrets Manager

Description

Modify GitLab Runner's secrets resolver to process AWS Secrets Manager requests and handle errors properly. This is the Runner-side component that will retrieve secrets from AWS Secrets Manager during pipeline execution.

Goals

  • Update Runner's secrets resolver to recognize AWS Secrets Manager provider type
  • Implement handling for AWS Secrets Manager request parameters
  • Ensure proper error handling and reporting
  • Maintain compatibility with existing secret providers

Implementation Plan

  1. Locate the main secrets resolver in GitLab Runner
  2. Add handling for "aws-secret-manager" provider type
  3. Extract necessary parameters from the request
  4. Call the AWS Secrets Manager client with appropriate parameters
  5. Handle and report errors appropriately

Key code changes will include:

// helpers/secrets/resolver.go (or similar)

func (r *Resolver) Resolve(ctx context.Context, secret Secret) (string, error) {
    switch secret.Provider {
    // Existing providers...
    
    case "aws-secret-manager":
        return r.resolveAWSSecret(ctx, secret)
    
    default:
        return "", fmt.Errorf("unknown secret provider: %s", secret.Provider)
    }
}

// Implementation of resolveAWSSecret method to handle AWS-specific parameters
func (r *Resolver) resolveAWSSecret(ctx context.Context, secret Secret) (string, error) {
    // Extract required and optional parameters
    name, region, versionID, versionStage := extractAWSParameters(secret)
    
    // Call AWS client
    // Handle errors
    // Return secret value
}

Testing Plan

  1. Write unit tests that verify:

    • AWS Secrets Manager requests are correctly identified
    • Required parameters are properly extracted
    • Client is called with correct parameters
    • Error conditions are properly handled and reported

  2. Test error conditions:

    • Missing required parameters
    • Authentication failures
    • AWS service errors

Acceptance Criteria

  • Runner's secrets resolver correctly identifies AWS Secrets Manager requests
  • Required parameters are properly extracted and validated
  • AWS Secrets Manager client is called with correct parameters
  • Error conditions are properly handled and reported
  • All tests pass

Dependencies

  • Implement AWS Secrets Manager Client in Runner
Edited by Aditya Tiwari