kubev2v
diff --git a/‎operator/.downstream_manifests‎
Lines changed: 53 additions & 5 deletions b/‎operator/.downstream_manifests‎
Lines changed: 53 additions & 5 deletions
diff --git a/‎operator/.upstream_manifests‎
Lines changed: 53 additions & 5 deletions b/‎operator/.upstream_manifests‎
Lines changed: 53 additions & 5 deletions
diff --git a/‎operator/config/crd/bases/forklift.konveyor.io_hooks.yaml‎
Lines changed: 39 additions & 5 deletions b/‎operator/config/crd/bases/forklift.konveyor.io_hooks.yaml‎
Lines changed: 39 additions & 5 deletions
diff --git a/‎pkg/apis/forklift/v1beta1/hook.go‎
Lines changed: 29 additions & 3 deletions b/‎pkg/apis/forklift/v1beta1/hook.go‎
Lines changed: 29 additions & 3 deletions
diff --git a/‎pkg/apis/forklift/v1beta1/zz_generated.deepcopy.go‎
Lines changed: 21 additions & 1 deletion b/‎pkg/apis/forklift/v1beta1/zz_generated.deepcopy.go‎
Lines changed: 21 additions & 1 deletion
@@ -138,6 +138,11 @@ spec:
               controller_max_vm_inflight:
                 description: 'Max concurrent VM migrations (default: 20)'
                 x-kubernetes-int-or-string: true
+              controller_migration_service_account:
+                description: Global default ServiceAccount for migration pods in the
+                  target namespace. Overridden by Plan-level serviceAccount.
+                example: custom-migration-sa
+                type: string
               controller_ovirt_warm_migration:
                 description: 'Enable oVirt warm migration (default: true)'
                 enum:
@@ -572,24 +577,58 @@ spec:
           metadata:
             type: object
           spec:
-            description: Hook specification.
+            description: |-
+              Hook specification.
+              Local playbook hooks require both image and playbook. AAP hooks require spec.aap (image/playbook omitted).
             properties:
+              aap:
+                description: |-
+                  AAP (Ansible Automation Platform) configuration for remote job execution.
+                  When specified, the hook will trigger an AAP job template instead of running a local playbook.
+                properties:
+                  jobTemplateId:
+                    description: ID of the AAP job template to execute.
+                    type: integer
+                  timeout:
+                    description: |-
+                      Timeout for AAP job execution in seconds.
+                      If not specified, defaults to the Hook deadline.
+                    format: int64
+                    type: integer
+                  tokenSecret:
+                    description: |-
+                      Reference to a Secret containing the AAP API token.
+                      The Secret must contain a key named "token" with the Bearer token value.
+                    type: string
+                  url:
+                    description: URL of the AAP instance (e.g., "https://aap.example.com").
+                    type: string
+                required:
+                - jobTemplateId
+                - tokenSecret
+                - url
+                type: object
               deadline:
                 description: Hook deadline in seconds.
                 format: int64
                 type: integer
               image:
-                description: Image to run.
+                description: Image to run the hook workload (required for local playbook
+                  hooks; omit for AAP hooks).
                 type: string
               playbook:
-                description: A base64 encoded Ansible playbook.
+                description: A base64 encoded Ansible playbook (required for local
+                  hooks; omit for AAP hooks).
                 type: string
               serviceAccount:
                 description: Service account.
                 type: string
-            required:
-            - image
             type: object
+            x-kubernetes-validations:
+            - message: either spec.aap must be set, or both spec.image and spec.playbook
+                (non-empty) for a local hook
+              rule: has(self.aap) || (has(self.image) && size(self.image) > 0 && has(self.playbook)
+                && size(self.playbook) > 0)
           status:
             description: Hook status.
             properties:
@@ -3882,6 +3921,15 @@ spec:
                   - true (default): Inspection step runs before transferring any disks and may fail if it detects the migration would fail.
                   - false: No inspection is performed before disk transfer.
                 type: boolean
+              serviceAccount:
+                description: |-
+                  ServiceAccount is the name of the ServiceAccount to use for migration
+                  pods in the target namespace. Overrides the global setting.
+                  If empty, falls back to ForkliftController's controller_migration_service_account,
+                  then to the namespace default.
+                maxLength: 253
+                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+                type: string
               skipGuestConversion:
                 default: false
                 description: Determines if the plan should skip the guest conversion.
 
@@ -138,6 +138,11 @@ spec:
               controller_max_vm_inflight:
                 description: 'Max concurrent VM migrations (default: 20)'
                 x-kubernetes-int-or-string: true
+              controller_migration_service_account:
+                description: Global default ServiceAccount for migration pods in the
+                  target namespace. Overridden by Plan-level serviceAccount.
+                example: custom-migration-sa
+                type: string
               controller_ovirt_warm_migration:
                 description: 'Enable oVirt warm migration (default: true)'
                 enum:
@@ -572,24 +577,58 @@ spec:
           metadata:
             type: object
           spec:
-            description: Hook specification.
+            description: |-
+              Hook specification.
+              Local playbook hooks require both image and playbook. AAP hooks require spec.aap (image/playbook omitted).
             properties:
+              aap:
+                description: |-
+                  AAP (Ansible Automation Platform) configuration for remote job execution.
+                  When specified, the hook will trigger an AAP job template instead of running a local playbook.
+                properties:
+                  jobTemplateId:
+                    description: ID of the AAP job template to execute.
+                    type: integer
+                  timeout:
+                    description: |-
+                      Timeout for AAP job execution in seconds.
+                      If not specified, defaults to the Hook deadline.
+                    format: int64
+                    type: integer
+                  tokenSecret:
+                    description: |-
+                      Reference to a Secret containing the AAP API token.
+                      The Secret must contain a key named "token" with the Bearer token value.
+                    type: string
+                  url:
+                    description: URL of the AAP instance (e.g., "https://aap.example.com").
+                    type: string
+                required:
+                - jobTemplateId
+                - tokenSecret
+                - url
+                type: object
               deadline:
                 description: Hook deadline in seconds.
                 format: int64
                 type: integer
               image:
-                description: Image to run.
+                description: Image to run the hook workload (required for local playbook
+                  hooks; omit for AAP hooks).
                 type: string
               playbook:
-                description: A base64 encoded Ansible playbook.
+                description: A base64 encoded Ansible playbook (required for local
+                  hooks; omit for AAP hooks).
                 type: string
               serviceAccount:
                 description: Service account.
                 type: string
-            required:
-            - image
             type: object
+            x-kubernetes-validations:
+            - message: either spec.aap must be set, or both spec.image and spec.playbook
+                (non-empty) for a local hook
+              rule: has(self.aap) || (has(self.image) && size(self.image) > 0 && has(self.playbook)
+                && size(self.playbook) > 0)
           status:
             description: Hook status.
             properties:
@@ -3882,6 +3921,15 @@ spec:
                   - true (default): Inspection step runs before transferring any disks and may fail if it detects the migration would fail.
                   - false: No inspection is performed before disk transfer.
                 type: boolean
+              serviceAccount:
+                description: |-
+                  ServiceAccount is the name of the ServiceAccount to use for migration
+                  pods in the target namespace. Overrides the global setting.
+                  If empty, falls back to ForkliftController's controller_migration_service_account,
+                  then to the namespace default.
+                maxLength: 253
+                pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+                type: string
               skipGuestConversion:
                 default: false
                 description: Determines if the plan should skip the guest conversion.
 
@@ -47,24 +47,58 @@ spec:
           metadata:
             type: object
           spec:
-            description: Hook specification.
+            description: |-
+              Hook specification.
+              Local playbook hooks require both image and playbook. AAP hooks require spec.aap (image/playbook omitted).
             properties:
+              aap:
+                description: |-
+                  AAP (Ansible Automation Platform) configuration for remote job execution.
+                  When specified, the hook will trigger an AAP job template instead of running a local playbook.
+                properties:
+                  jobTemplateId:
+                    description: ID of the AAP job template to execute.
+                    type: integer
+                  timeout:
+                    description: |-
+                      Timeout for AAP job execution in seconds.
+                      If not specified, defaults to the Hook deadline.
+                    format: int64
+                    type: integer
+                  tokenSecret:
+                    description: |-
+                      Reference to a Secret containing the AAP API token.
+                      The Secret must contain a key named "token" with the Bearer token value.
+                    type: string
+                  url:
+                    description: URL of the AAP instance (e.g., "https://aap.example.com").
+                    type: string
+                required:
+                - jobTemplateId
+                - tokenSecret
+                - url
+                type: object
               deadline:
                 description: Hook deadline in seconds.
                 format: int64
                 type: integer
               image:
-                description: Image to run.
+                description: Image to run the hook workload (required for local playbook
+                  hooks; omit for AAP hooks).
                 type: string
               playbook:
-                description: A base64 encoded Ansible playbook.
+                description: A base64 encoded Ansible playbook (required for local
+                  hooks; omit for AAP hooks).
                 type: string
               serviceAccount:
                 description: Service account.
                 type: string
-            required:
-            - image
             type: object
+            x-kubernetes-validations:
+            - message: either spec.aap must be set, or both spec.image and spec.playbook
+                (non-empty) for a local hook
+              rule: has(self.aap) || (has(self.image) && size(self.image) > 0 && has(self.playbook)
+                && size(self.playbook) > 0)
           status:
             description: Hook status.
             properties:
 
@@ -6,15 +6,41 @@ import (
 )
 
 // Hook specification.
+// Local playbook hooks require both image and playbook. AAP hooks require spec.aap (image/playbook omitted).
+//
+// +kubebuilder:validation:XValidation:rule="has(self.aap) || (has(self.image) && size(self.image) > 0 && has(self.playbook) && size(self.playbook) > 0)",message="either spec.aap must be set, or both spec.image and spec.playbook (non-empty) for a local hook"
 type HookSpec struct {
 	// Service account.
 	ServiceAccount string `json:"serviceAccount,omitempty"`
-	// Image to run.
-	Image string `json:"image"`
-	// A base64 encoded Ansible playbook.
+	// Image to run the hook workload (required for local playbook hooks; omit for AAP hooks).
+	// +optional
+	Image string `json:"image,omitempty"`
+	// A base64 encoded Ansible playbook (required for local hooks; omit for AAP hooks).
 	Playbook string `json:"playbook,omitempty"`
 	// Hook deadline in seconds.
 	Deadline int64 `json:"deadline,omitempty"`
+	// AAP (Ansible Automation Platform) configuration for remote job execution.
+	// When specified, the hook will trigger an AAP job template instead of running a local playbook.
+	// +optional
+	AAP *AAPConfig `json:"aap,omitempty"`
+}
+
+// AAPConfig defines configuration for executing hooks via Ansible Automation Platform.
+type AAPConfig struct {
+	// URL of the AAP instance (e.g., "https://aap.example.com").
+	// +kubebuilder:validation:Required
+	URL string `json:"url"`
+	// ID of the AAP job template to execute.
+	// +kubebuilder:validation:Required
+	JobTemplateID int `json:"jobTemplateId"`
+	// Reference to a Secret containing the AAP API token.
+	// The Secret must contain a key named "token" with the Bearer token value.
+	// +kubebuilder:validation:Required
+	TokenSecret string `json:"tokenSecret"`
+	// Timeout for AAP job execution in seconds.
+	// If not specified, defaults to the Hook deadline.
+	// +optional
+	Timeout int64 `json:"timeout,omitempty"`
 }
 
 // Hook status.