Fix v2 AWS referenced IRSA e2e wiring

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

e2e/suites/provider/cases/aws/secretsmanager/secretsmanager_v2_managed.go

@@ -24,6 +24,8 @@ import (
 	frameworkv2 "github.com/external-secrets/external-secrets-e2e/framework/v2"
 	awscommon "github.com/external-secrets/external-secrets-e2e/suites/provider/cases/aws"
 	"github.com/external-secrets/external-secrets-e2e/suites/provider/cases/common"
+	esv1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1"
+	awsv2alpha1 "github.com/external-secrets/external-secrets/apis/provider/aws/v2alpha1"
 )
 
 var _ = Describe("[awsmanaged] v2 IRSA via referenced service account", Label("aws", "secretsmanager", "managed", "v2"), Ordered, func() {
@@ -74,7 +76,25 @@ var _ = Describe("[awsmanaged] v2 with mounted IRSA", Label("aws", "secretsmanag
 
 func useV2ReferencedIRSA(prov *ProviderV2) func(*framework.TestCase) {
 	return func(tc *framework.TestCase) {
-		tc.Prepare = prov.prepareNamespacedProvider(awsAuthProfileReferencedIRSA)
+		tc.Prepare = func(tc *framework.TestCase, _ framework.SecretStoreProvider) {
+			configName := prov.providerConfigName(awsAuthProfileReferencedIRSA)
+			clusterProviderName := referencedIRSAClusterProviderName(prov.framework.Namespace.Name)
+
+			createSecretsManagerV2Config(prov.framework, prov.framework.Namespace.Name, configName, prov.access, awsAuthProfileReferencedIRSA)
+			frameworkv2.CreateClusterProviderConnection(
+				prov.framework,
+				clusterProviderName,
+				frameworkv2.ProviderAddress("aws"),
+				awsProviderAPIVersion,
+				awsv2alpha1.SecretsManagerKind,
+				configName,
+				prov.framework.Namespace.Name,
+				esv1.AuthenticationScopeManifestNamespace,
+				nil,
+			)
+			frameworkv2.WaitForClusterProviderReady(prov.framework, clusterProviderName, defaultV2WaitTimeout)
+			configureV2ReferencedIRSAStoreRef(tc, clusterProviderName)
+		}
 	}
 }
 
@@ -86,3 +106,12 @@ func useV2MountedIRSA(prov *ProviderV2) func(*framework.TestCase) {
 		)
 	}
 }
+
+func referencedIRSAClusterProviderName(namespace string) string {
+	return namespace + "-referenced-irsa"
+}
+
+func configureV2ReferencedIRSAStoreRef(tc *framework.TestCase, clusterProviderName string) {
+	tc.ExternalSecret.Spec.SecretStoreRef.Kind = esv1.ClusterProviderKindStr
+	tc.ExternalSecret.Spec.SecretStoreRef.Name = clusterProviderName
+}

e2e/suites/provider/cases/aws/secretsmanager/secretsmanager_v2_managed_test.go

@@ -0,0 +1,48 @@
+/*
+Copyright © The ESO Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package aws
+
+import (
+	"testing"
+
+	"github.com/external-secrets/external-secrets-e2e/framework"
+	esv1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1"
+)
+
+func TestConfigureV2ReferencedIRSAStoreRefUsesClusterProvider(t *testing.T) {
+	t.Parallel()
+
+	tc := &framework.TestCase{
+		ExternalSecret: &esv1.ExternalSecret{
+			Spec: esv1.ExternalSecretSpec{
+				SecretStoreRef: esv1.SecretStoreRef{
+					Name: "placeholder",
+					Kind: esv1.ProviderKindStr,
+				},
+			},
+		},
+	}
+
+	configureV2ReferencedIRSAStoreRef(tc, "aws-irsa-cluster-provider")
+
+	if got := tc.ExternalSecret.Spec.SecretStoreRef.Kind; got != esv1.ClusterProviderKindStr {
+		t.Fatalf("expected cluster provider kind %q, got %q", esv1.ClusterProviderKindStr, got)
+	}
+	if got := tc.ExternalSecret.Spec.SecretStoreRef.Name; got != "aws-irsa-cluster-provider" {
+		t.Fatalf("expected cluster provider ref %q, got %q", "aws-irsa-cluster-provider", got)
+	}
+}