Draft: Add Secrets Manager E2E tests to CNG pipeline

Duo Developerrequested to merge
workloads/c57176e76bf into master

Relates to issue #573410

Changes

This MR adds E2E tests for GitLab Secrets Manager to the e2e:test-on-cng pipeline.

New CI Job

  • Added cng-secrets-manager job to .gitlab/ci/test-on-cng/main.gitlab-ci.yml that runs tests tagged with :secrets_manager and :orchestrated
  • Job uses Test::Integration::SecretsManager scenario and runs sequentially (not in parallel)

OpenBao Integration

  • Modified orchestrator to enable OpenBao subchart during CNG deployment when secrets_manager tag is detected
  • Added automatic creation of Kubernetes secret (gitlab-openbao-config) for OpenBao configuration during pre-deployment setup
  • OpenBao configuration is conditionally merged into Helm chart values based on QA_RSPEC_TAGS environment variable

Pipeline Mapping

  • Updated qa/qa/scenario/test/integration/secrets_manager.rb to map the scenario to the cng-secrets-manager job for dynamic pipeline generation

Documentation

  • Updated doc/development/testing_guide/end_to_end/test_pipelines.md with information about the new cng-secrets-manager job

The implementation follows the same pattern as existing CNG integration test jobs (e.g., cng-oauth) to ensure consistency with the existing test infrastructure.

Edited by Fabien Catteau

Merge request reports