Add gsm-config ConfigMap to prowgen

[psalajova]

These changes enable ci-operator to access the gsm-config.yaml mapping file when the Secrets Store CSI Driver is enabled (gsm-config.yaml defines how GSM secrets are bundled and consumed for the Vault to GSM migration).

Changes

• Added GSMConfig() mutator in pkg/prowgen/podspec.go that mounts the gsm-config ConfigMap at /etc/gsm-config and adds the --gsm-config flag
• Added tests and updated fixtures

Impact
This will only affect jobs with enable_secrets_store_csi_driver: true in their .config.prowgen file. Generated pods will include:

• Volume: gsm-config ConfigMap
• VolumeMount: /etc/gsm-config
• Arg: --gsm-config=/etc/gsm-config/gsm-config.yaml

Dependencies

• Requires Add gsm-config.yaml release#73557 (ConfigMap sync via config_updater) (already merged)
• Related to ci-operator: Implement 3-level naming hierarchy changes to CSI mechanism #4900 and https://issues.redhat.com/browse/DPTP-4656

[openshift-ci-robot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: automatic mode

[coderabbitai]

Walkthrough

This PR adds Google Secret Manager (GSM) configuration support to the prowgen package. It introduces three constants for GSM ConfigMap naming and mount paths, creates a new PodSpecMutator to mount gsm-config ConfigMaps and apply configuration parameters, integrates this mutator into multi-stage test job builders when secrets store CSI driver is enabled, and adds unit tests with corresponding fixtures.

Changes

Cohort / File(s)	Summary
Constants & Core Implementation pkg/api/constant.go	Added three exported constants: GSMConfigConfigMap, GSMConfigMountPath, GSMConfigFileParameter for GSM configuration references.
PodSpecMutator Implementation pkg/prowgen/podspec.go	New GSMConfig() PodSpecMutator function that mounts a gsm-config ConfigMap, defines volume and volume mount, and appends --gsm-config parameter to container arguments.
Job Builder Integration pkg/prowgen/jobbase.go	Updated two multi-stage test configuration paths to invoke GSMConfig() mutator in addition to secrets store CSI driver enablement when info.Config.EnableSecretsStoreCSIDriver is true.
Test Suite pkg/prowgen/podspec_test.go	Added TestGSMConfig unit test verifying mutator behavior against fixture expectations.
Test Fixtures pkg/prowgen/testdata/zz_fixture_TestGSMConfig_*.yaml, zz_fixture_TestNewProwJobBaseBuilderForTest_multi_stage_test_with_CSI_enabled.yaml	YAML fixtures demonstrating expected pod spec output with GSM ConfigMap volumes, mounts at /etc/gsm-config, and configuration parameters.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

✨ Finishing touches

• 📝 Generate docstrings

---

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between fb50a03 and 330086f.

📒 Files selected for processing (6)

• pkg/api/constant.go
• pkg/prowgen/jobbase.go
• pkg/prowgen/podspec.go
• pkg/prowgen/podspec_test.go
• pkg/prowgen/testdata/zz_fixture_TestGSMConfig_add_gsm_config_volume_and_mount.yaml
• pkg/prowgen/testdata/zz_fixture_TestNewProwJobBaseBuilderForTest_multi_stage_test_with_CSI_enabled.yaml

🧰 Additional context used

📓 Path-based instructions (1)

**

⚙️ CodeRabbit configuration file

-Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity.

Files:

• pkg/api/constant.go
• pkg/prowgen/testdata/zz_fixture_TestGSMConfig_add_gsm_config_volume_and_mount.yaml
• pkg/prowgen/podspec.go
• pkg/prowgen/jobbase.go
• pkg/prowgen/podspec_test.go
• pkg/prowgen/testdata/zz_fixture_TestNewProwJobBaseBuilderForTest_multi_stage_test_with_CSI_enabled.yaml

🧬 Code graph analysis (2)

pkg/prowgen/podspec.go (1)

pkg/api/constant.go (3)

• GSMConfigConfigMap (21-21)
• GSMConfigMountPath (22-22)
• GSMConfigFileParameter (23-23)

pkg/prowgen/jobbase.go (1)

pkg/prowgen/podspec.go (2)

• Arg (301-307)
• GSMConfig (583-595)

🔇 Additional comments (6)

pkg/prowgen/podspec_test.go (1)

517-530: LGTM!

The test follows established patterns in the file (parallel execution, fixture comparison) and adequately exercises the GSMConfig() mutator. The test structure is consistent with similar tests like TestCIPullSecret and TestLeaseClient.

pkg/prowgen/jobbase.go (1)

151-156: LGTM!

The GSMConfig() mutator is correctly added alongside the existing CSI driver flag in both multi-stage test branches. This ensures jobs with enable_secrets_store_csi_driver: true will have the gsm-config ConfigMap mounted and the --gsm-config flag added to ci-operator.

Also applies to: 166-171

pkg/api/constant.go (1)

21-24: LGTM!

The new constants follow the established naming conventions and patterns in this file. The mount path /etc/gsm-config is consistent with other configuration mount paths.

pkg/prowgen/testdata/zz_fixture_TestNewProwJobBaseBuilderForTest_multi_stage_test_with_CSI_enabled.yaml (1)

11-11: LGTM!

The fixture correctly reflects the expected pod spec with GSM config integration: the --gsm-config argument, the /etc/gsm-config volume mount, and the ConfigMap volume definition are all properly specified and sorted.

Also applies to: 27-29, 41-43

pkg/prowgen/podspec.go (1)

561-595: LGTM!

The GSMConfig() mutator implementation follows the established patterns used by other mutators in this file (e.g., LeaseClient(), Claims(), Promotion()). The volume, volume mount, and parameter are correctly defined using the constants from pkg/api/constant.go, and error handling is properly implemented.

pkg/prowgen/testdata/zz_fixture_TestGSMConfig_add_gsm_config_volume_and_mount.yaml (1)

1-44: Fixture aligns with GSM config wiring.

The args, mount path, and ConfigMap volume look consistent with the GSM config integration.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.5.0)

Command failed

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

@psalajova: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/images	330086f	link	true	/test images
ci/prow/breaking-changes	330086f	link	false	/test breaking-changes

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[Prucek]

/hold
Feel free to unhold whenever you are ready

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Prucek, psalajova

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [Prucek,psalajova]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment