Add Integration Tests for AWS Secrets Manager (runner side)

Issue: Add Integration Tests for AWS Secrets Manager

Description

Create runner-side integration tests that verify the entire AWS Secrets Manager retrieval process works correctly from resolved CI/CD configuration to secret retrieval in the GitLab Runner.

Goals

  • Develop integration tests for the complete AWS Secrets Manager workflow on the runner side
  • Test realistic scenarios from CI configuration to secret retrieval
  • Verify interoperability between GitLab and Runner components
  • Identify and fix any integration issues in the runner's secret resolution process

Implementation Plan (Brief Overview)

  1. Set up test environment with mocked AWS services.
  2. Create test fixtures for AWS Secrets Manager
  3. Implement Go-based tests within the runner codebase
  4. Test various configuration options and error scenarios

The integration tests should cover:

  1. Runner's processing of resolved AWS Secrets Manager configuration
  2. Different configuration options (file vs. variable, version options)
  3. Error handling and recovery
  4. Performance considerations

Testing Plan

Create integration tests that:

  1. Mock Setup: Initialize mocked AWS Secrets Manager and STS services
  2. Parse CI configuration with AWS Secrets Manager
  3. Resolve configuration through GitLab's secrets resolver
  4. Pass resolved configuration to Runner
  5. Authenticate with AWS using OIDC tokens
  6. Retrieve secrets from AWS Secrets Manager
  7. Verify secret values are correctly provided to the job

Use mocks for AWS services to avoid external dependencies:

func TestEndToEndAwsSecretManager(t *testing.T) {
    // Set up mock AWS services
    mockAws := setupMockAwsServices()
    
    // Create test configuration
    config := createTestConfig()
    
    // Process through GitLab resolver
    resolved := resolveSecrets(config)
    
    // Process through Runner resolver
    value, err := runnerResolver.Resolve(context.Background(), resolved)
    
    // Verify results
    assert.NoError(t, err)
    assert.Equal(t, "expected-secret-value", value)
}

Acceptance Criteria

  • Integration tests verify the complete AWS Secrets Manager workflow
  • Tests cover various configuration options
  • Tests verify error handling and recovery
  • Tests are reliable and don't depend on external services
  • All tests pass consistently

Dependencies

  • Implement AWS Secrets Manager Resolver
  • Implement AWS Secrets Manager Client in Runner
  • Update Runner's Secrets Resolver for AWS Secrets Manager
Edited by Dmytro Biryukov