From 52bf346a6a325581ffe3be2e594b4cba1e8c119c Mon Sep 17 00:00:00 2001
From: Liran Rotenberg <lrotenbe@redhat.com>
Date: Tue, 5 Dec 2023 18:30:48 +0200
Subject: [PATCH] Add LUKS key to the plan

This patch adds the LUKS keys to the plan specs using a secret ref. It
expected to have list of strings. Each value of the string should
contain the ID or name of the device, and the selector as pointed out in
virt-v2v docs (https://www.libguestfs.org/virt-v2v.1.html).

The secret should be provided in the destination namespace, the key
should be `luks` and the values should be the arguments provided to
virt-v2v, such as:

```
UUID:key:passphrase
UUID:clevis
```

Signed-off-by: Liran Rotenberg <lrotenbe@redhat.com>
---
 .../crd/bases/forklift.konveyor.io_plans.yaml | 39 +++++++++++++++++++
 pkg/apis/forklift/v1beta1/plan.go             |  5 +++
 .../forklift/v1beta1/zz_generated.deepcopy.go |  1 +
 3 files changed, 45 insertions(+)

diff --git a/operator/config/crd/bases/forklift.konveyor.io_plans.yaml b/operator/config/crd/bases/forklift.konveyor.io_plans.yaml
index b851520f0..04fd8ebec 100644
--- a/operator/config/crd/bases/forklift.konveyor.io_plans.yaml
+++ b/operator/config/crd/bases/forklift.konveyor.io_plans.yaml
@@ -218,6 +218,45 @@ spec:
                 - destination
                 - source
                 type: object
+              secret:
+                description: LUKs keys for virt-v2v (https://www.libguestfs.org/virt-v2v.1.html)
+                  References a secret containing credentials and other confidential
+                  information.
+                properties:
+                  apiVersion:
+                    description: API version of the referent.
+                    type: string
+                  fieldPath:
+                    description: 'If referring to a piece of an object instead of
+                      an entire object, this string should contain a valid JSON/Go
+                      field access statement, such as desiredState.manifest.containers[2].
+                      For example, if the object reference is to a container within
+                      a pod, this would take on a value like: "spec.containers{name}"
+                      (where "name" refers to the name of the container that triggered
+                      the event) or if no container name is specified "spec.containers[2]"
+                      (container with index 2 in this pod). This syntax is chosen
+                      only to have some well-defined way of referencing a part of
+                      an object. TODO: this design is not final and this field is
+                      subject to change in the future.'
+                    type: string
+                  kind:
+                    description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                    type: string
+                  namespace:
+                    description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                    type: string
+                  resourceVersion:
+                    description: 'Specific resourceVersion to which this reference
+                      is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                    type: string
+                  uid:
+                    description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
               targetNamespace:
                 description: Target namespace.
                 type: string
diff --git a/pkg/apis/forklift/v1beta1/plan.go b/pkg/apis/forklift/v1beta1/plan.go
index 4a9dd9c50..9c52fb22a 100644
--- a/pkg/apis/forklift/v1beta1/plan.go
+++ b/pkg/apis/forklift/v1beta1/plan.go
@@ -44,6 +44,11 @@ type PlanSpec struct {
 	TransferNetwork *core.ObjectReference `json:"transferNetwork,omitempty"`
 	// Whether this plan should be archived.
 	Archived bool `json:"archived,omitempty"`
+	// LUKs keys for virt-v2v (https://www.libguestfs.org/virt-v2v.1.html)
+	// References a secret containing credentials and
+	// other confidential information.
+	// +optional
+	LUKS core.ObjectReference `json:"secret" ref:"Secret"`
 }
 
 // Find a planned VM.
diff --git a/pkg/apis/forklift/v1beta1/zz_generated.deepcopy.go b/pkg/apis/forklift/v1beta1/zz_generated.deepcopy.go
index fb7d46275..68371f342 100644
--- a/pkg/apis/forklift/v1beta1/zz_generated.deepcopy.go
+++ b/pkg/apis/forklift/v1beta1/zz_generated.deepcopy.go
@@ -734,6 +734,7 @@ func (in *PlanSpec) DeepCopyInto(out *PlanSpec) {
 		*out = new(v1.ObjectReference)
 		**out = **in
 	}
+	out.LUKS = in.LUKS
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PlanSpec.