foreman_opentofu 0.0.2 → 0.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f6bff811eebb374eb3983de89c83faf991c8021e416c677bbfda90837cbeeb5a
-  data.tar.gz: 8741e8b977ba0a078c13ac4642a790e11646f719358f22b69c299368d698a8f0
+  metadata.gz: e3f7d22aa8036489bd3356eff61fb54608d15c1ced729e2a592257e3383213a5
+  data.tar.gz: 3a7272bc1b5e4a36974b859362d18209d3cbc36293e00c9722a2c6991bdcd0ee
 SHA512:
-  metadata.gz: 67e87113d04444061daa977fca5721d26122035fd821f86284667eb5ad247c7a2002d5bd1d451ec0d4cea84ade9f530eb1dcffa3afb6b931b7a0b78f1f57c5ca
-  data.tar.gz: d2627a46149453ae41fa6f5463bd792501ee51bc0760693a6bafdd3f0da7357ab9e8b8093c98149b5c4b4c7b2e8e03698c8d97996bb1ec3d1ac0990bc719a455
+  metadata.gz: 7efbc5b6168046cac8b716864636ac9f16acd32b229e017ff876d93cde3aecf3ff4e94572e09407ecf2e3de6462592efd46e4bcacf49285c765aceba4e32787b
+  data.tar.gz: f7b2493f8dcca6913ab2167f9cb529610d0e9c91240d43ea324503b24352fa5b0cb774b8ffee4f1cf76791e38ef9440c90ad0bfdbe8390b3b62fa1d4d09d38f5

data/README.md

@@ -1,20 +1,50 @@
 [![Ruby Tests](https://github.com/ATIX-AG/foreman_opentofu/actions/workflows/ruby.yml/badge.svg)](https://github.com/ATIX-AG/foreman_opentofu/actions/workflows/ruby.yml)
 
-# ForemanOpenTOFU
+# Foreman OpenTofu
 
-[Foreman](http://theforeman.org/) plugin that adds that adds a generic openTOFU-based compute resource, enabling host provisioning through openTOFU scripts instead of provider-specific SDK integrations such as fog-vsphere.
+[Foreman](http://theforeman.org/) plugin that adds that adds a generic OpenTofu-based compute resource, enabling host provisioning through OpenTofu scripts instead of provider-specific SDK integrations such as fog-vsphere.
 
-This plugin introduces a new provisioning model where Foreman remains responsible for host lifecycle and orchestration, while openTOFU handles infrastructure creation using its provider ecosystem.
+This plugin introduces a new provisioning model where Foreman remains responsible for host lifecycle and orchestration, while OpenTofu handles infrastructure creation using its provider ecosystem.
 
 The plugin is designed to be easily extendable and can support multiple infrastructure platforms (for example Nutanix, Hetzner) without requiring a dedicated Foreman compute resource plugin per provider.
 
 ## Installation
 
+Install the rubygem as usual or use the RPM/Deb package for your distribution.
+
+If you use the rubygem, make sure to create the folllowing directory and set the correct permissions:
+
+```shell
+
+mkdir -p /var/lib/foreman-opentofu
+mkdir -p /var/lib/foreman-opentofu/plugin-cache
+mkdir -p /var/lib/foreman-opentofu/tmp
+
+chown -R foreman:foreman /var/lib/foreman-opentofu
+chmod 755 /var/lib/foreman-opentofu
+chmod 755 /var/lib/foreman-opentofu/plugin-cache
+chmod 700 /var/lib/foreman-opentofu/tmp
+```
+
+## SELinux
+
+If you have installed the rubygem manually, you need to set the correct SELinux context for the plugin to work properly.
+Re-use the selinux directives defined in the selinux directory of the plugin.
+
+```shell
+cd selinux
+make clean && make all
+mkdir -p /usr/share/selinux/targeted/
+install -m 0600 foreman_opentofu.pp /usr/share/selinux/targeted/
+/usr/sbin/semodule -i /usr/share/selinux/targeted/foreman_opentofu.pp
+/sbin/restorecon -ri /var/lib/foreman-opentofu/
+```
+
 
 ## Usage
-Create a openTofu compute resource and set:
-  * Provider: openTofu
-  * Opentofu Provider: Select desired hypervisor supported by openTofu plugin
+Create a OpenTofu compute resource and set:
+  * Provider: OpenTofu
+  * OpenTofu Provider: Select desired hypervisor supported by OpenTofu plugin
   * URL: Hypervisor specific URL
     
 
@@ -22,17 +52,17 @@ Then add all necessary information to the form.
 
 Provisioning workflow:
 
- * Create a host in Foreman using the openTOFU based compute resource
+ * Create a host in Foreman using the OpenTofu based compute resource
 
  * Foreman passes host parameters to the plugin
 
- * The plugin renders and executes openTOFU plans
+ * The plugin renders and executes OpenTofu plans
 
- * openTOFU provisions the infrastructure
+ * OpenTofu provisions the infrastructure
 
  * Foreman continues with OS provisioning and configuration
 
-Provider-specific details (for example Nutanix, Hetzner) are handled entirely through openTOFU scripts.
+Provider-specific details (for example Nutanix, Hetzner) are handled entirely through OpenTofu scripts.
 
 ### Create new ProviderType
 
@@ -90,6 +120,73 @@ A short config file might look like this:
 
 The name of the file must be the same as the provider-type name we set in the next step (e.g. `/config/nutanix.json`).
 
+##### Dynamic Config Parameter
+
+Sometimes it is necessary to provide a list of possible values that are defined by the backend-service.
+Curating the 'options'-Array is tedious at best or not possible if multiple instances of the backend service are in use.
+This can be addressed by specifiying an OpenTofu provider's [DataSource](https://opentofu.org/docs/language/data-sources/) in the following way:
+
+```json
+{
+  "name": "volume_group", "type": "select", "group": "disk", "mandatory": true, "label": "Volume Group",
+  "options": {
+    "data_source": {
+      "name": "nutanix_volume_groups_v2",
+      "arguments": {
+        "filter": "name eq 'volume_group_test'",
+        "limit": 20
+      },
+      "entity": {
+        "id": "metadata.uuid"
+      }
+    },
+    "output_path_postfix": "volume_groups"
+  }
+}
+
+```
+The GUI requires a list of objects that at least contain a name and an id for each select-option.
+The `entity` section can be used to define a specific value from an object within the list that the DataSource returns.
+If the object already has `name` and `id` entries, these will automatically used.
+In the above example `name` exists in the object and can be used.
+For the `id` however, a different value must be selected from the object.
+
+This requests the data via OpenTofu in the following construct:
+
+```hcl
+data "nutanix_volume_groups_v2" "all" {
+  filter = "name eq 'volume_group_test'"
+  limit = 20
+}
+output "resources" {
+  value = [ for e in data.nutanix_volume_groups_v2.all.volume_groups: {
+    id = e.metadata.uuid
+    name = e.name
+  } ]
+}
+```
+
+##### Special Parameter
+
+Some config parameter names have special meanings.
+For instance, Image-based Deployment requires binding images available on the backend-service with Operating Systems configured in Foreman.
+To enable Foreman OpenTofu to display the available images, a `select`-parameter with the name `available_images` must be specified.
+It is recommended to tie this to a data-source available in the OpenTofu provider.
+
+```json
+{
+  "name": "available_images", "type": "select",
+  "options": {
+    "data_source": {
+      "name": "hcloud_images",
+      "arguments": { "with_architecture": ["x86"] }
+    },
+    "output_path_postfix": "images"
+  }
+}
+```
+
+
 #### Create Provider Type
 
 To let the Foreman OpenTofu Plugin know about your new Provider Type, one additional file has to be created in `/lib/foreman_opentofu/provider_types/`.
@@ -125,7 +222,7 @@ end
 
 > See [Foreman dev setup](https://github.com/theforeman/foreman/blob/develop/developer_docs/foreman_dev_setup.asciidoc)
 
-* You need a openTOFU installed on your machine.
+* You need a OpenTofu installed on your machine.
 * You need ruby 2.7. You can install it with [asdf-vm](https://asdf-vm.com).
 
 ### Platform
@@ -159,7 +256,7 @@ bundle install
 RAILS_ENV=development bundle exec bin/rake permissions:reset password=changeme
 ```
 
-* In foreman_openTofu source directory, check code syntax with rubocop and foreman rules:
+* In the `foreman_opentofu` directory, check code syntax with rubocop and foreman rules:
 
 ```shell
 bundle exec rubocop

data/app/lib/foreman_opentofu/concerns/base_template_scope_extensions.rb

@@ -3,19 +3,65 @@ module ForemanOpentofu
     module BaseTemplateScopeExtensions
       extend ActiveSupport::Concern
       extend ApipieDSL::Module
+      include ForemanOpentofu::HclFormat
+      include ForemanOpentofu::NicHelpers
 
       apipie :class, 'Base macros related to Opentofu templates' do
-        name 'Base Content'
-        sections only: %w[all provisioning]
+        name 'OpenTofu helpers'
+        sections only: %w[opentofu_script]
+      end
+
+      apipie :method, 'Returns `terraform`-block including necessary backend definition, if applicable' do
+        required :data, Hash, desc: 'Define the provider-type to pull in, e.g. `{ \'nutanix\' => { \'source\' => \'nutanix/nutanix\', \'version\' => \'2.4.0\' }`'
+        returns String, desc: '`terraform {}`-block based on the data-input, if applicable with TfState-Backend definition.'
+      end
+      # e.g. terraform_block({ 'nutanix' => { 'source' => 'nutanix/nutanix', 'version' => '2.4.0' })
+      def terraform_block(data)
+        block = block_to_hcl(['terraform'])
+        block << '{'
+        block << block_to_hcl(['required_providers'], data, depth: 1)
+        block << backend_block
+        block << "\n}"
+      end
+
+      apipie :method, 'Add "resource" data_source block' do
+        returns String, desc: ''
+      end
+      def resource_block(resource)
+        block = ''
+        path = ['data', resource[:name], 'all']
+
+        # data "<%= @resource[:name] %>" "all" {
+        # <% @resource.dig(:options, 'data_source', 'arguments')&.each do |key, value| %>
+        #   <%= key %> = <%= value.inspect %>
+        # <% end %>
+        # }
+        block << block_to_hcl(path, resource.dig(:options, 'data_source', 'arguments') || {})
+
+        # output "resources" {
+        #   value = [ for e in data.<%= @resource[:name] %>.all.<%= @resource.dig(:options, 'output_path_postfix') %>: {
+        #     id = e.<%= @resource.dig(:options, 'entity', 'id') || 'id' %>
+        #     name = e.<%= @resource.dig(:options, 'entity', 'name') || 'name' %>
+        #     # obj = e
+        #     } ]
+        # }
+        block << block_to_hcl(%w[output resources])
+        block << '{' << "\n"
+        block << "  value = [ for e in data.#{resource[:name]}.all.#{resource.dig(:options, 'output_path_postfix')}: {\n"
+        block << "    id = e.#{resource.dig(:options, 'entity', 'id') || 'id'}\n"
+        block << "    name = e.#{resource.dig(:options, 'entity', 'name') || 'name'}\n"
+        # block << 'obj = e'
+        block << '  } ]' << "\n"
+        block << '}' << "\n"
       end
 
       apipie :method, 'Returns all VM parameters' do
         required :skip_list, Array, desc: 'List of parameters to skip'
         returns String, desc: '"key = value" lines'
       end
-
       def vm_attributes(skip_list = [])
         available_attributes = @compute_resource.available_attributes
+        data = {}
         res = ''
         @cr_attrs.each do |key, value|
           next if skip_list.include? key
@@ -28,60 +74,57 @@ module ForemanOpentofu
           next if conf['group'] != 'vm'
           next if value.blank? && !conf['mandatory']
 
-          res << "#{key} = #{format_value(value, conf['type'])}\n"
+          data[key] = format_value(value, conf['type'])
         end
-        res << nic_attributes(available_attributes)
+        res << to_hcl(data, snippet: true)
       end
 
-      def nic_attributes(available_attributes)
-        interfaces = @cr_attrs['interfaces'] || @cr_attrs['interfaces_attributes']
-        return '' if interfaces.blank?
-
-        interfaces = normalize_interfaces(interfaces)
-        nic_defs = available_attributes.values.select do |attrs|
-          attrs['group'] == 'nic'
-        end
-        res = ''
-        interfaces.each do |iface|
-          next if iface['subnet_uuid'].blank?
-
-          res << build_attribute_block('nic_list', iface, nic_defs)
+      def backend_block
+        if @token
+          data = {
+            address: "#{Setting[:foreman_url]}/api/v2/tf_states/#{@host_name}",
+            headers: {
+              'Authorization' => "Token #{@token}",
+            },
+          }
+          block_to_hcl(%w[backend http], data, depth: 1)
+        else
+          ''
         end
-        res
       end
 
-      def normalize_interfaces(interfaces)
-        if interfaces.is_a?(Hash)
-          if interfaces.keys.all? { |k| k.to_s =~ /^\d+$/ }
-            interfaces.values
-          else
-            [interfaces]
-          end
-        else
-          Array(interfaces)
-        end
+      def build_disks
+        disks = @cr_attrs['volumes'].presence || @cr_attrs['volumes_attributes'].presence || @compute_resource.default_volumes
+        disks = [disks] if disks.is_a?(Hash)
+        disks.each_with_index.map do |disk, index|
+          data = @compute_resource.render_disk(disk, self, index)
+          render_provider_data(data)
+        end.join("\n")
       end
 
-      def build_attribute_block(block_name, attrs, nic_defs)
-        res = "#{block_name} {\n"
-        attrs.each do |k, v|
-          next if v.blank?
-          conf = nic_defs.find { |a| (a['name'] || a[:name]) == k }
-          next unless conf
-          res << "  #{k} = #{format_value(v, conf['type'])}\n" if conf
+      def build_nics
+        nics = @cr_attrs['interfaces'].presence || @cr_attrs['interfaces_attributes'].presence || @compute_resource.default_interfaces
+        nics = normalize_interfaces(nics).map do |nic|
+          nic.respond_to?(:with_indifferent_access) ? nic.with_indifferent_access[:compute_attributes].presence || nic : nic
         end
-        res << "}\n"
-        res
+
+        nics.each_with_index.map do |nic, index|
+          data = @compute_resource.render_nic(nic, self, index)
+          render_provider_data(data)
+        end.join("\n")
       end
 
       private
 
-      def format_value(val, type)
-        case type
-        when 'string', 'select' then "\"#{val}\""
-        when 'bool' then Foreman::Cast.to_bool(val)
-        when 'number' then val.to_i
-        else val
+      def render_provider_data(data)
+        if data.is_a?(Hash) && data[:resource].present?
+          resource = data[:resource]
+          block_to_hcl(['resource', resource[:type], resource[:name]], resource[:content], depth: 0)
+        elsif data.is_a?(Hash) && data.size == 1 && data.values.first.is_a?(Hash)
+          block_name, block_content = data.first
+          block_to_hcl([block_name.to_s], block_content, depth: 1)
+        else
+          to_hcl(data, snippet: true)
         end
       end
     end

data/app/lib/foreman_opentofu/hcl_format.rb

@@ -0,0 +1,95 @@
+module ForemanOpentofu
+  module HclFormat
+    def default_opts(opts = {})
+      {
+        indent: 2,
+        depth: 0,
+        snippet: false,
+      }.merge opts
+    end
+
+    # possible `opts`:
+    #   `indent` : number of whitespace to indent; default 2
+    #   `depth`  : start value of depth (for indentation); default: 0
+    #   `snippet`: if `true` and var is a `Hash` string will not be framed with `{}`
+    def to_hcl(var, opts = {})
+      opts = default_opts.merge(opts)
+
+      case var
+      when Hash then hash_to_hcl(var, opts)
+      when Array then array_to_hcl(var, opts)
+      when String then var.inspect
+      else var.to_s
+      end
+    end
+
+    def prefix_hcl(opts)
+      "\n#{' ' * opts[:indent] * opts[:depth]}"
+    end
+
+    # output a hcl-block:
+    # hello "how" "are" "you" { ... }
+    # the above would be created by: block_to_hcl(['hello,'how', 'are', 'you'], { .. })
+    def block_to_hcl(names, content = nil, opts = {})
+      opts = default_opts(opts)
+
+      hcl = prefix_hcl(opts)
+      hcl << names[0]
+      hcl << ' '
+      # sub-block-names are quoted
+      hcl << names[1..].map(&:to_s).map(&:inspect).join(' ')
+      hcl << ' ' if hcl[-1] != ' '
+      hcl << to_hcl(content, opts)
+    end
+
+    def hash_to_hcl(hsh, opts)
+      opts = default_opts(opts)
+      hcl = ''
+      new_opts = opts.merge(snippet: false)
+
+      unless opts[:snippet]
+        hcl << '{'
+        new_opts[:depth] = opts[:depth] + 1
+      end
+
+      close_block_on_newline = false
+
+      hsh.each do |key, value|
+        hcl << prefix_hcl(new_opts)
+        hcl << "#{key} = #{to_hcl(value, new_opts)}"
+        close_block_on_newline = true
+      end
+      hcl << prefix_hcl(opts) if close_block_on_newline
+      hcl << '}' unless opts[:snippet]
+      hcl
+    end
+
+    def array_to_hcl(hsh, opts)
+      opts = default_opts(opts)
+      hcl = '['
+      new_opts = opts.merge(
+        depth: opts[:depth] + 1
+      )
+      close_block_on_newline = false
+
+      hsh.each do |value|
+        hcl << prefix_hcl(new_opts)
+        hcl << to_hcl(value, new_opts)
+        hcl << ','
+        close_block_on_newline = true
+      end
+      hcl.chomp!(',')
+      hcl << prefix_hcl(opts) if close_block_on_newline
+      hcl << ']'
+    end
+
+    def format_value(val, type)
+      case type
+      when 'string', 'select' then val
+      when 'bool' then Foreman::Cast.to_bool(val)
+      when 'number' then val.to_i
+      else val
+      end
+    end
+  end
+end

data/app/lib/foreman_opentofu/nic_helpers.rb

@@ -0,0 +1,47 @@
+module ForemanOpentofu
+  module NicHelpers
+    include ForemanOpentofu::HclFormat
+
+    def nic_attributes(block_name = nil)
+      nic_defs = @compute_resource.available_attributes('nic')
+      interfaces = normalize_interfaces(@cr_attrs['interfaces'] || @cr_attrs['interfaces_attributes'])
+      res = ''
+      interfaces.each do |iface|
+        missing_attrs = nic_defs.select { |name, cfg| cfg[:mandatory] && iface[name].blank? }
+        # TODO: log the fact that we skip this due to missing mandatory attributes
+        next unless missing_attrs.empty?
+
+        res << if block_given?
+                 yield(iface, nic_defs)
+               else
+                 block_to_hcl([block_name], sanitize_attributes(iface, nic_defs), depth: 1)
+               end
+      end
+      res
+    end
+
+    def normalize_interfaces(interfaces)
+      if interfaces.is_a?(Hash)
+        if interfaces.keys.all? { |k| k.to_s =~ /^\d+$/ }
+          interfaces.values
+        else
+          [interfaces]
+        end
+      else
+        Array(interfaces)
+      end
+    end
+
+    def sanitize_attributes(attrs, defs)
+      data = {}
+      attrs.each do |k, v|
+        next if v.blank?
+
+        next unless defs[k]
+
+        data[k] = format_value(v, defs.dig(k, :type))
+      end
+      data
+    end
+  end
+end

data/app/models/concerns/foreman_opentofu/vm_command_collection_normalization.rb

@@ -0,0 +1,22 @@
+module ForemanOpentofu
+  module VMCommandCollectionNormalization
+    private
+
+    def normalize_vm_args_collections!(args)
+      [:volumes, :interfaces].each do |collection|
+        raw = args.delete(:"#{collection}_attributes") || args[collection]
+        next if raw.nil?
+
+        args[collection] = normalize_collection_input(collection, raw)
+      end
+    end
+
+    def normalize_collection_input(collection, value)
+      return nested_attributes_for(collection, value) if value.is_a?(Hash) || value.is_a?(ActionController::Parameters)
+
+      Array(value).map do |entry|
+        entry.respond_to?(:deep_symbolize_keys) ? entry.deep_symbolize_keys : entry
+      end
+    end
+  end
+end

data/app/models/concerns/orchestration/tofu/compute.rb

@@ -3,13 +3,9 @@ module Orchestration
     module Compute
       extend ActiveSupport::Concern
 
-      def computeValue(_foreman_attr, fog_attr)
-        value = ''
-        value += vm.send(fog_attr).to_s
-        value
-      end
-
       def match_macs_to_nics(fog_attr)
+        return super unless compute_resource.is_a?(ForemanOpentofu::Tofu)
+
         interfaces.select(&:physical?).each do |nic|
           mac = vm.send(fog_attr)
           logger.debug "Orchestration::Compute: nic #{nic.inspect} assigned to #{vm.inspect}"
@@ -19,6 +15,29 @@ module Orchestration
         end
         true
       end
+
+      def setUserData
+        return super unless compute_resource.is_a?(ForemanOpentofu::Tofu)
+
+        logger.info "Rendering UserData template for #{name}"
+        template = provisioning_template(kind: 'cloud-init')
+        template ||= provisioning_template(kind: 'user_data')
+        # For some reason this renders as 'built' in spoof view but 'provision' when
+        # actually used. For now, use foreman_url('built') in the template
+        if template.nil?
+          # rubocop:disable Layout/LineLength
+          failure(format(_("Image \"%{image}\" needs user data, but \"%{os}\" is not associated to any provisioning template of the kind user_data. Please associate it with a suitable template or uncheck 'User data' from the image definition."),
+            image: image.name,
+            os: operatingsystem))
+          # rubocop:enable Layout/LineLength
+          return false
+        end
+
+        compute_attributes['user_data'] = render_template(template: template)
+
+        return false if errors.any?
+        true
+      end
     end
   end
 end

data/app/models/foreman_opentofu/compute_vm.rb

@@ -47,6 +47,16 @@ module ForemanOpentofu
       reboot
     end
 
+    def vm_ip_address
+      @attributes['vm_ip_address']
+    end
+
+    def wait_for(&block)
+      # TODO: I guess we have nothing to wait for
+      # and we need to change the context of the given block
+      instance_eval(&block)
+    end
+
     private
 
     def define_dynamic_readers!

data/app/models/foreman_opentofu/opentofu_vm_commands.rb

@@ -1,34 +1,39 @@
 module ForemanOpentofu
   module OpentofuVMCommands
+    include ForemanOpentofu::VMCommandCollectionNormalization
+
     def find_vm_by_uuid(uuid)
       vm_command_errors('find vm') do
         tf_state = ForemanOpentofu::TfState.find_by(uuid: uuid)
-        data = client({ 'name' => tf_state&.name }).run('output')
+        data = client({ 'name' => tf_state&.name }).run_output
         ComputeVM.new(self, data)
       end
     end
 
     def new_vm(args = {})
       vm_command_errors('new vm') do
-        args = default_attributes.merge(args)
+        args = default_attributes.merge(args).to_h.symbolize_keys
+        normalize_vm_args_collections!(args)
         executor = client(args)
-        data = executor.run('new')
-        OpenStruct.new(data['resource_changes'].first['change']['after'])
+        data = executor.run_new
+        attrs = data['resource_changes'].first['change']['after'] || {}
+        OpenStruct.new(attrs)
       end
     end
 
     def create_vm(args = {})
       vm_command_errors('create vm') do
-        args = default_attributes.merge(args)
+        args = default_attributes.merge(args).to_h.symbolize_keys
+        normalize_vm_args_collections!(args)
         executor = client(args)
-        output = executor.run('create')
+        output = executor.run_create
         ComputeVM.new(self, output)
       end
     end
 
     def destroy_vm(uuid)
       tf_state = ForemanOpentofu::TfState.find_by(uuid: uuid)
-      client({ 'name' => tf_state&.name }).run('destroy')
+      client({ 'name' => tf_state&.name }).run_destroy
       return unless tf_state
 
       Rails.logger.info "Deleting tfstate for #{tf_state&.name}"
@@ -36,12 +41,12 @@ module ForemanOpentofu
     end
 
     def start_vm(name)
-      output = client({ 'name' => name, 'power_state' => 'on' }).run('create')
+      output = client({ 'name' => name, 'power_state' => 'on' }).run_create
       output['vm']['power_state'] == 'on'
     end
 
     def stop_vm(name)
-      output = client({ 'name' => name, 'power_state' => 'off' }).run('create')
+      output = client({ 'name' => name, 'power_state' => 'off' }).run_create
       output['vm']['power_state'] == 'off'
     end
 
@@ -50,15 +55,21 @@ module ForemanOpentofu
       raise StandardError, "VM with UUID #{uuid} does not exist" unless tf_state
       vm_command_errors('update vm') do
         attrs = attrs.empty? ? {} : attrs.first
-        data = client({ 'name' => tf_state.name }.merge(attrs)).run('create')
+        attrs = attrs.to_h.symbolize_keys
+        normalize_vm_args_collections!(attrs)
+        data = client({ 'name' => tf_state.name }.merge(attrs)).run_create
         ComputeVM.new(self, data)
       end
     end
 
+    def fetch_resource(resource_name = '', options = {})
+      client({ 'resource' => { name: resource_name, options: options } }).run_fetch
+    end
+
     def test_connection(options = {})
       super
       begin
-        client.run('test_connection')
+        client.run_test_connection
       rescue StandardError => e
         Rails.logger.error("OpenTofu test connection failed: #{e.message}")
         errors.add(:base, e.message)