Skip to content

MTV-3663 | AAP job template hooks for migration plans #5622

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
gwencasey96 wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

MTV-3663 | AAP job template hooks for migration plans #5622

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
54c791b
MTV-3663 | AAP job template hooks for migration plans
gwencasey96 Mar 25, 2026
f034c29
chore: regenerate upstream operator manifests (make update-manifests)
gwencasey96 Mar 31, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 53 additions & 5 deletions operator/.downstream_manifests
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,11 @@ spec:
controller_max_vm_inflight:
description: 'Max concurrent VM migrations (default: 20)'
x-kubernetes-int-or-string: true
controller_migration_service_account:
description: Global default ServiceAccount for migration pods in the
target namespace. Overridden by Plan-level serviceAccount.
example: custom-migration-sa
type: string
controller_ovirt_warm_migration:
description: 'Enable oVirt warm migration (default: true)'
enum:
Expand Down Expand Up @@ -572,24 +577,58 @@ spec:
metadata:
type: object
spec:
description: Hook specification.
description: |-
Hook specification.
Local playbook hooks require both image and playbook. AAP hooks require spec.aap (image/playbook omitted).
properties:
aap:
description: |-
AAP (Ansible Automation Platform) configuration for remote job execution.
When specified, the hook will trigger an AAP job template instead of running a local playbook.
properties:
jobTemplateId:
description: ID of the AAP job template to execute.
type: integer
timeout:
description: |-
Timeout for AAP job execution in seconds.
If not specified, defaults to the Hook deadline.
format: int64
type: integer
tokenSecret:
description: |-
Reference to a Secret containing the AAP API token.
The Secret must contain a key named "token" with the Bearer token value.
type: string
url:
description: URL of the AAP instance (e.g., "https://aap.example.com").
type: string
required:
- jobTemplateId
- tokenSecret
- url
type: object
deadline:
description: Hook deadline in seconds.
format: int64
type: integer
image:
description: Image to run.
description: Image to run the hook workload (required for local playbook
hooks; omit for AAP hooks).
type: string
playbook:
description: A base64 encoded Ansible playbook.
description: A base64 encoded Ansible playbook (required for local
hooks; omit for AAP hooks).
type: string
serviceAccount:
description: Service account.
type: string
required:
- image
type: object
x-kubernetes-validations:
- message: either spec.aap must be set, or both spec.image and spec.playbook
(non-empty) for a local hook
rule: has(self.aap) || (has(self.image) && size(self.image) > 0 && has(self.playbook)
&& size(self.playbook) > 0)
status:
description: Hook status.
properties:
Expand Down Expand Up @@ -3882,6 +3921,15 @@ spec:
- true (default): Inspection step runs before transferring any disks and may fail if it detects the migration would fail.
- false: No inspection is performed before disk transfer.
type: boolean
serviceAccount:
description: |-
ServiceAccount is the name of the ServiceAccount to use for migration
pods in the target namespace. Overrides the global setting.
If empty, falls back to ForkliftController's controller_migration_service_account,
then to the namespace default.
maxLength: 253
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
skipGuestConversion:
default: false
description: Determines if the plan should skip the guest conversion.
Expand Down
66 changes: 60 additions & 6 deletions operator/.upstream_manifests
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,11 @@ spec:
controller_max_vm_inflight:
description: 'Max concurrent VM migrations (default: 20)'
x-kubernetes-int-or-string: true
controller_migration_service_account:
description: Global default ServiceAccount for migration pods in the
target namespace. Overridden by Plan-level serviceAccount.
example: custom-migration-sa
type: string
controller_ovirt_warm_migration:
description: 'Enable oVirt warm migration (default: true)'
enum:
Expand Down Expand Up @@ -572,24 +577,58 @@ spec:
metadata:
type: object
spec:
description: Hook specification.
description: |-
Hook specification.
Local playbook hooks require both image and playbook. AAP hooks require spec.aap (image/playbook omitted).
properties:
aap:
description: |-
AAP (Ansible Automation Platform) configuration for remote job execution.
When specified, the hook will trigger an AAP job template instead of running a local playbook.
properties:
jobTemplateId:
description: ID of the AAP job template to execute.
type: integer
timeout:
description: |-
Timeout for AAP job execution in seconds.
If not specified, defaults to the Hook deadline.
format: int64
type: integer
tokenSecret:
description: |-
Reference to a Secret containing the AAP API token.
The Secret must contain a key named "token" with the Bearer token value.
type: string
url:
description: URL of the AAP instance (e.g., "https://aap.example.com").
type: string
required:
- jobTemplateId
- tokenSecret
- url
type: object
deadline:
description: Hook deadline in seconds.
format: int64
type: integer
image:
description: Image to run.
description: Image to run the hook workload (required for local playbook
hooks; omit for AAP hooks).
type: string
playbook:
description: A base64 encoded Ansible playbook.
description: A base64 encoded Ansible playbook (required for local
hooks; omit for AAP hooks).
type: string
serviceAccount:
description: Service account.
type: string
required:
- image
type: object
x-kubernetes-validations:
- message: either spec.aap must be set, or both spec.image and spec.playbook
(non-empty) for a local hook
rule: has(self.aap) || (has(self.image) && size(self.image) > 0 && has(self.playbook)
&& size(self.playbook) > 0)
status:
description: Hook status.
properties:
Expand Down Expand Up @@ -3882,6 +3921,15 @@ spec:
- true (default): Inspection step runs before transferring any disks and may fail if it detects the migration would fail.
- false: No inspection is performed before disk transfer.
type: boolean
serviceAccount:
description: |-
ServiceAccount is the name of the ServiceAccount to use for migration
pods in the target namespace. Overrides the global setting.
If empty, falls back to ForkliftController's controller_migration_service_account,
then to the namespace default.
maxLength: 253
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
skipGuestConversion:
default: false
description: Determines if the plan should skip the guest conversion.
Expand Down Expand Up @@ -8436,7 +8484,13 @@ spec:
- image: ${OVA_PROXY_IMAGE}
name: ova_proxy
- image: ${VSPHERE_COPY_OFFLOAD_POPULATOR_IMAGE}
name: vsphere_xcopy_volume_populator
name: vsphere_copy_offload_populator
- image: ${HYPERV_PROVIDER_SERVER_IMAGE}
name: hyperv_provider_server
- image: ${CLI_DOWNLOAD_IMAGE}
name: cli_download
- image: ${VIRT_V2V_IMAGE_RHEL9}
name: virt_v2v_rhel9
version: ${MTV_VERSION}
---
apiVersion: scorecard.operatorframework.io/v1alpha3
Expand Down
44 changes: 39 additions & 5 deletions operator/config/crd/bases/forklift.konveyor.io_hooks.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,24 +47,58 @@ spec:
metadata:
type: object
spec:
description: Hook specification.
description: |-
Hook specification.
Local playbook hooks require both image and playbook. AAP hooks require spec.aap (image/playbook omitted).
properties:
aap:
description: |-
AAP (Ansible Automation Platform) configuration for remote job execution.
When specified, the hook will trigger an AAP job template instead of running a local playbook.
properties:
jobTemplateId:
description: ID of the AAP job template to execute.
type: integer
timeout:
description: |-
Timeout for AAP job execution in seconds.
If not specified, defaults to the Hook deadline.
format: int64
type: integer
tokenSecret:
description: |-
Reference to a Secret containing the AAP API token.
The Secret must contain a key named "token" with the Bearer token value.
type: string
url:
description: URL of the AAP instance (e.g., "https://aap.example.com").
type: string
required:
- jobTemplateId
- tokenSecret
- url
type: object
deadline:
description: Hook deadline in seconds.
format: int64
type: integer
image:
description: Image to run.
description: Image to run the hook workload (required for local playbook
hooks; omit for AAP hooks).
type: string
playbook:
description: A base64 encoded Ansible playbook.
description: A base64 encoded Ansible playbook (required for local
hooks; omit for AAP hooks).
type: string
serviceAccount:
description: Service account.
type: string
required:
- image
type: object
x-kubernetes-validations:
- message: either spec.aap must be set, or both spec.image and spec.playbook
(non-empty) for a local hook
rule: has(self.aap) || (has(self.image) && size(self.image) > 0 && has(self.playbook)
&& size(self.playbook) > 0)
status:
description: Hook status.
properties:
Expand Down
32 changes: 29 additions & 3 deletions pkg/apis/forklift/v1beta1/hook.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,15 +6,41 @@ import (
)

// Hook specification.
// Local playbook hooks require both image and playbook. AAP hooks require spec.aap (image/playbook omitted).
//
// +kubebuilder:validation:XValidation:rule="has(self.aap) || (has(self.image) && size(self.image) > 0 && has(self.playbook) && size(self.playbook) > 0)",message="either spec.aap must be set, or both spec.image and spec.playbook (non-empty) for a local hook"
type HookSpec struct {
// Service account.
ServiceAccount string `json:"serviceAccount,omitempty"`
// Image to run.
Image string `json:"image"`
// A base64 encoded Ansible playbook.
// Image to run the hook workload (required for local playbook hooks; omit for AAP hooks).
// +optional
Image string `json:"image,omitempty"`
// A base64 encoded Ansible playbook (required for local hooks; omit for AAP hooks).
Playbook string `json:"playbook,omitempty"`
// Hook deadline in seconds.
Deadline int64 `json:"deadline,omitempty"`
// AAP (Ansible Automation Platform) configuration for remote job execution.
// When specified, the hook will trigger an AAP job template instead of running a local playbook.
// +optional
AAP *AAPConfig `json:"aap,omitempty"`
}

// AAPConfig defines configuration for executing hooks via Ansible Automation Platform.
type AAPConfig struct {
// URL of the AAP instance (e.g., "https://aap.example.com").
// +kubebuilder:validation:Required
URL string `json:"url"`
// ID of the AAP job template to execute.
// +kubebuilder:validation:Required
JobTemplateID int `json:"jobTemplateId"`
// Reference to a Secret containing the AAP API token.
// The Secret must contain a key named "token" with the Bearer token value.
// +kubebuilder:validation:Required
TokenSecret string `json:"tokenSecret"`
// Timeout for AAP job execution in seconds.
// If not specified, defaults to the Hook deadline.
// +optional
Timeout int64 `json:"timeout,omitempty"`
}

// Hook status.
Expand Down
22 changes: 21 additions & 1 deletion pkg/apis/forklift/v1beta1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading
Loading