foreman_opentofu 0.0.1 → 0.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c1a821d0e6f43b76c17c48f1a84cb7bc753f9bbebd6c31c532fea9fcf6cf843b
-  data.tar.gz: 515d5f582f9911cbdaf339b9854baf644437171695f4a7062ac44eb2eb203105
+  metadata.gz: f6bff811eebb374eb3983de89c83faf991c8021e416c677bbfda90837cbeeb5a
+  data.tar.gz: 8741e8b977ba0a078c13ac4642a790e11646f719358f22b69c299368d698a8f0
 SHA512:
-  metadata.gz: 3d0b019416cc34fd4f9c17ca83c08ef7f5861ea88d9d50905508a878be1e05ad2c7a998dacd8a58209eb494845923843015820c1acb20227e6f59b40b15d92c6
-  data.tar.gz: 6286eb806d3b5afca40e28e6d064512b5477b698eb531ab1b4063d18d66ae4b5644536372511c40d7cccac8e0d26ff534625c3dd242c6d19534a949796ed50c6
+  metadata.gz: 67e87113d04444061daa977fca5721d26122035fd821f86284667eb5ad247c7a2002d5bd1d451ec0d4cea84ade9f530eb1dcffa3afb6b931b7a0b78f1f57c5ca
+  data.tar.gz: d2627a46149453ae41fa6f5463bd792501ee51bc0760693a6bafdd3f0da7357ab9e8b8093c98149b5c4b4c7b2e8e03698c8d97996bb1ec3d1ac0990bc719a455

data/README.md

@@ -34,6 +34,91 @@ Provisioning workflow:
 
 Provider-specific details (for example Nutanix, Hetzner) are handled entirely through openTOFU scripts.
 
+### Create new ProviderType
+
+This Plugin empowers you to add support of a new backend VM- or Cloud-Platform yourself.
+Follow these simple steps to do so:
+
+#### Find OpenTofu Provider
+
+Visit the OpenTofu Registry to find a suitable [provider supported by OpenTofu](https://search.opentofu.org/providers).
+The Registry supplies the necessary Data Sources to read information from the Backend as well as Resources to create/update/destroy resources on the Backend.
+
+#### Create Template
+
+You may use the UI-Editor in Hosts -> Templates -> Provisioning Templates to create a new Template.
+Either clone a pre-installed template or create one from scratch.
+In the latter case be sure to select the correct Template Type: OpenTofu Script template.
+
+#### Create Parameter Config
+
+To define which Virtual Machine parameters can be set for a new Host a new config file under `/config` must be added.
+Feel free to use either YAML or JSON (be sure to end the filename with `.json` or `.yaml`).
+The config file defines an array of dicts, where each dict represents a configuration-parameter.
+
+A config-parameter has the following values:
+
+* `name`: the OpenTofu Provider Resource Arguments as stated on the OpenTofu Registry
+* `label`: the label shown in the Foreman UI
+* `type`: data-type of the value, supported values:
+  * `string`
+  * `number`
+  * `bool`
+  * `select`: requires setting `options`
+* `help`: Tooltip describing what that value does and what values are allowed
+* `mandatory`: `true`/`false` defines if omitting the value triggers an error
+* `options`: array of strings representing the possible values
+* `group`: define where the value should be configured
+   * `vm`: ones per Host in the 'Virtual Machine' tab,
+   * `disk`: for each defined disk/volume in the 'Virtual Machine' tab
+   * `nic`: for each defined network-interface on the 'Interfaces' tab
+
+A short config file might look like this:
+
+```json
+[
+  { "name": "memory_size_mib", "type": "number", "group": "vm", "mandatory": false,
+    "label": "Memory (MB)" },
+  { "name": "boot_type", "type": "select", "group": "vm", "mandatory": false,
+    "label": "Firmware", "options": [ "UEFI", "LEGACY", "SECURE_BOOT" ] },
+  { "name": "disk_size_mib", "type": "number", "group": "disk", "mandatory": true,
+    "label": "Size (MB)" },
+  { "name": "model", "type": "select", "group": "nic", "mandatory": true,
+    "options": [ "VIRTIO", "E1000" ] }
+]
+```
+
+The name of the file must be the same as the provider-type name we set in the next step (e.g. `/config/nutanix.json`).
+
+#### Create Provider Type
+
+To let the Foreman OpenTofu Plugin know about your new Provider Type, one additional file has to be created in `/lib/foreman_opentofu/provider_types/`.
+
+A very simple ProviderType file to add a new Provider named `nutanix` has to be located in `lib/foreman_opentofu/provider_types/nutanix.rb` and might look like this:
+
+```ruby
+ForemanOpentofu::ProviderTypeManager.register('nutanix') do
+end
+```
+
+Additional informations about the ProviderType can be set within the `register`-block:
+
+##### `default_attributes`
+
+Define values that should be set as default for attributes.
+The values do not have to be defined in the config-file.
+If attributes are also defined in the config-file and therefore set during Host creation, the default\_attribute values will be overwritten.
+
+```ruby
+ForemanOpentofu::ProviderTypeManager.register('nutanix') do
+  @default_attributes = {
+    'enable_cpu_passthrough' => true,
+    'num_threads_per_core' => 2,
+  }
+end
+```
+
+
 ## Development
 
 ### Dev prerequisites

data/app/assets/javascripts/foreman_opentofu/locale/en/foreman_opentofu.js

@@ -0,0 +1,58 @@
+ locales['foreman_opentofu'] = locales['foreman_opentofu'] || {}; locales['foreman_opentofu']['en'] = {
+  "domain": "foreman_opentofu",
+  "locale_data": {
+    "foreman_opentofu": {
+      "": {
+        "Project-Id-Version": "foreman_opentofu 1.0.0",
+        "Report-Msgid-Bugs-To": "",
+        "PO-Revision-Date": "2026-02-16 18:46+0000",
+        "Last-Translator": "FULL NAME <EMAIL@ADDRESS>",
+        "Language-Team": "LANGUAGE <LL@li.org>",
+        "Language": "",
+        "MIME-Version": "1.0",
+        "Content-Type": "text/plain; charset=UTF-8",
+        "Content-Transfer-Encoding": "8bit",
+        "Plural-Forms": "nplurals=INTEGER; plural=EXPRESSION;",
+        "lang": "en",
+        "domain": "foreman_opentofu",
+        "plural_forms": "nplurals=INTEGER; plural=EXPRESSION;"
+      },
+      "127.0.0.1": [
+        ""
+      ],
+      "Common fields": [
+        ""
+      ],
+      "OpenTofu Provider": [
+        ""
+      ],
+      "OpenTofu Script template": [
+        ""
+      ],
+      "OpenTofu Template": [
+        ""
+      ],
+      "Storage": [
+        ""
+      ],
+      "TODO: Description of ForemanPluginTemplate.": [
+        ""
+      ],
+      "URL": [
+        ""
+      ],
+      "Unable to find template specified by %s setting": [
+        ""
+      ],
+      "Unable to render provisioning template": [
+        ""
+      ],
+      "VM Config": [
+        ""
+      ],
+      "e.g. admin": [
+        ""
+      ]
+    }
+  }
+};

data/app/controllers/api/v2/tf_states_controller.rb

@@ -3,14 +3,25 @@ module Api
     class TfStatesController < ::Api::V2::BaseController
       include ::Api::Version2
 
+      # TODO: verify this
+      # We don't require any of these methods for provisioning
+      # skip_before_action :require_login, :check_user_enabled, :session_expiry, :update_activity_time, :set_taxonomy, :authorize, unless: -> { preview? }
+      skip_before_action :set_taxonomy
+
+      # Allow HTTP POST methods without CSRF
+      skip_before_action :verify_authenticity_token
+
+      # overwrite authorize with the local token-based authorization
+      before_action :authorize, except: [:destroy]
+
       resource_description do
         api_version 'v2'
         api_base_url '/foreman_opentofu/api'
       end
 
-      skip_before_action :verify_authenticity_token
       def show
         state = ForemanOpentofu::TfState.find_by(name: params[:name])
+
         if state
           render plain: state.state, content_type: 'application/json'
         else
@@ -19,8 +30,6 @@ module Api
       end
 
       def create
-        state = ForemanOpentofu::TfState.find_or_create_by(name: params[:name])
-
         raw_state = request.body.read
         if raw_state.blank?
           render plain: 'Missing state body', status: :unprocessable_entity
@@ -29,6 +38,7 @@ module Api
         begin
           JSON.parse(raw_state)
 
+          state = ForemanOpentofu::TfState.find_or_initialize_by(name: params[:name])
           state.state = raw_state
           state.save!
           render plain: '', status: :ok
@@ -39,14 +49,42 @@ module Api
       end
 
       def destroy
-        state = ForemanOpentofu::TfState.find_by(name: params[:name])
-        state&.destroy
+        # TODO: at the moment we want to get 200 OK, if the TfState does not exist.
+        #       normally, this would fail with 401, because of no valid token.
+        #       Needs re-evaluation, if this is a security risk.
+        state = ForemanOpentofu::TfState.where(name: params[:name])
+        if state.any?
+          authorize
+          state.first.destroy
+        end
+
         render plain: '', status: :ok
       end
 
       def resource_class
         @resource_class ||= ForemanOpentofu::TfState
       end
+
+      private
+
+      def authorize
+        authenticate_or_request_with_http_token do |token, _options|
+          token = ForemanOpentofu::Token.find_by(name: params[:name], token: token)
+          unless token
+            Rails.logger.warn('TfState-Auth-Token not found')
+            render_error('unauthorized', status: :unauthorized)
+            return false
+          end
+
+          if token.expired?
+            Rails.logger.warn 'TfState token expired, if this keeps happening increase the validity of the token'
+            render_error('unauthorized', status: :unauthorized)
+            return false
+          end
+
+          return true
+        end
+      end
     end
   end
 end

data/app/controllers/concerns/foreman_opentofu/controller/parameters/compute_resource.rb

@@ -1,22 +1,3 @@
-# frozen_string_literal: true
-
-# Copyright 2018 Tristan Robert
-
-# This file is part of ForemanFogProxmox.
-
-# ForemanFogProxmox is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-
-# ForemanFogProxmox is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with ForemanFogProxmox. If not, see <http://www.gnu.org/licenses/>.
-
 module ForemanOpentofu
   module Controller
     module Parameters
@@ -28,6 +9,7 @@ module ForemanOpentofu
             super.tap do |filter|
               filter.permit :endpoint,
                 :opentofu_provider,
+                :opentofu_template_id,
                 :username
             end
           end

data/app/models/foreman_opentofu/tofu.rb

@@ -42,6 +42,20 @@ module ForemanOpentofu
       attrs[:opentofu_provider] = value
     end
 
+    def opentofu_template
+      return ProvisioningTemplate.find(attrs[:opentofu_template_id]) if attrs.key? :opentofu_template_id
+      # or default-template for this opentofu_provider
+      nil
+    end
+
+    def opentofu_template_id
+      attrs[:opentofu_template_id]
+    end
+
+    def opentofu_template_id=(value)
+      attrs[:opentofu_template_id] = value
+    end
+
     def self.provider_friendly_name
       'OpenTofu'
     end
@@ -55,7 +69,7 @@ module ForemanOpentofu
     end
 
     def default_attributes
-      {}
+      tofu_provider&.default_attributes || {}
     end
 
     def supports_update?

data/app/models/foreman_opentofu/token.rb

@@ -0,0 +1,16 @@
+module ForemanOpentofu
+  class Token < ApplicationRecord
+    validates :name, presence: true, uniqueness: true
+
+    def expired?
+      !expire.respond_to?(:<=) || (expire <= Time.current)
+    end
+
+    def generate
+      self.expire = Time.current + Setting[:tfstate_token_timeout]
+      self.token = SecureRandom.alphanumeric(255)
+      save!
+      token
+    end
+  end
+end

data/app/services/foreman_opentofu/opentofu_executer.rb

@@ -5,20 +5,42 @@ module ForemanOpentofu
     def initialize(*args)
       @compute_resource = args[0]
       @cr_attrs = args[1] || {}
+      @host_name = @cr_attrs['name'] || 'test'
     end
 
     def run(mode = 'create')
       Dir.mktmpdir('opentofu_') do |dir|
         tofu = AppWrapper.new(dir)
         @use_backend = %w[create destroy output].include?(mode)
+        @token = create_token(@host_name) if @use_backend
         tofu.main_configuration = render_template
         tofu.init
         run_mode(tofu, mode)
       end
     end
 
+    # creates a new authentication token for the TfState API-controller
+    # needed for tofu command to send it's state-file to the database.
+    # returns the created token
+    def create_token(host_name)
+      new_token = nil
+      # This construct makes sure the token is created outside of the current transaction
+      # which is necessary for the API-controller to check the token, while the current transaction still runs
+      # see https://stackoverflow.com/a/11675647
+      Thread.new do
+        ActiveRecord::Base.connection_pool.with_connection do
+          token = ForemanOpentofu::Token.find_or_create_by(name: host_name)
+          new_token = if token.expired?
+                        token.generate
+                      else
+                        token.token
+                      end
+        end
+      end.join
+      new_token
+    end
+
     def run_mode(tofu, mode = 'new')
-      @use_backend = true
       case mode
       when 'new'
         tofu.plan
@@ -49,6 +71,8 @@ module ForemanOpentofu
       scope.instance_variable_set(:@compute_resource, @compute_resource)
       scope.instance_variable_set(:@cr_attrs, @cr_attrs) if @cr_attrs
       scope.instance_variable_set(:@use_backend, @use_backend)
+      scope.instance_variable_set(:@token, @token) if @use_backend
+      scope.instance_variable_set(:@host_name, @host_name)
       rendered_template = Foreman::Renderer::UnsafeModeRenderer.render(source, scope)
       raise ::Foreman::Exception, N_('Unable to render provisioning template') unless rendered_template
 
@@ -56,16 +80,7 @@ module ForemanOpentofu
     end
 
     def provision_template
-      name = ''
-      provider = @compute_resource.opentofu_provider
-      case provider
-      when 'nutanix'
-        name = Setting[:provision_nutanix_host_template]
-      when 'ovirt'
-        name = Setting[:provision_ovirt_host_template]
-      when 'vsphere'
-        name = Setting[:provision_vsphere_host_template]
-      end
+      name = @compute_resource.opentofu_template.name
       template = ProvisioningTemplate.unscoped.find_by(name: name)
       unless template
         raise ::Foreman::Exception.new(N_('Unable to find template specified by %s setting'),

data/app/services/foreman_opentofu/provider_type.rb

@@ -1,6 +1,6 @@
 module ForemanOpentofu
   class ProviderType
-    attr_reader :id, :name
+    attr_reader :id, :name, :default_attributes
 
     def initialize(id)
       @id = id.to_sym

data/app/views/compute_resources/form/_tofu.html.erb

@@ -1,8 +1,9 @@
 <%= field_set_tag _("Common fields"), :id => "compute_ressource_common_field_set" do %>
   <%= select_f f, :opentofu_provider, ForemanOpentofu::ProviderTypeManager.enabled_provider_types, :id, :name %>
+  <%= select_f f, :opentofu_template_id, ProvisioningTemplate.of_kind('opentofu_script'), :id, :name %>
   <%= text_f f, :url, :help_block => _("127.0.0.1") %>
   <%= text_f f, :user , :help_block => _("e.g. admin") %>
-  <%= password_f f, :password  %>
+  <%= password_f f, :password, :unset => unset_password? %>
 <% end %>
 <div class="col-md-offset-2">
   <%= test_connection_button_f(f, (true)) %>

data/app/views/compute_resources/show/_tofu.html.erb

@@ -2,6 +2,10 @@
   <td><%= _('OpenTofu Provider') %></td>
   <td><%= @compute_resource.opentofu_provider %></td>
 </tr>
+<tr>
+  <td><%= _('OpenTofu Template') %></td>
+  <td><%= link_to @compute_resource.opentofu_template, edit_provisioning_template_path(@compute_resource.opentofu_template) %></td>
+</tr>
 <tr>
   <td><%= _('URL') %></td>
   <td><%= @compute_resource.url %></td>

data/app/views/templates/provisioning/{nutanix_provision_host.erb → nutanix_provision_default.erb}

@@ -1,14 +1,10 @@
-#!/bin/bash
 <%#
-kind: script
-name: Nutanix provision - host
+kind: opentofu_script
+name: Nutanix provision default
 model: ProvisioningTemplate
 description: |
-  nutanix opentofu script to create vm resource
+  Nutanix OpenTofu script to create vm resource
 -%>
-<%-
-host_name = @cr_attrs['name'] || 'test'
-%>
 
 terraform {
   required_providers {
@@ -18,9 +14,10 @@ terraform {
   }
   <% if @use_backend %>
     backend "http" {
-      address        = "<%= Setting[:foreman_url] %>/api/v2/tf_states/<%= host_name %>"
-      username       = "admin"
-      password       = "changeme"
+      address        = "<%= Setting[:foreman_url] %>/api/v2/tf_states/<%= @host_name %>"
+      headers = {
+        Authorization = "Token <%= @token %>"
+      }
     }
   <% end %>
 }
@@ -36,7 +33,7 @@ data "nutanix_clusters" "clusters" {}
 
 resource "nutanix_virtual_machine" "vm" {
   cluster_uuid = data.nutanix_clusters.clusters.entities.0.metadata.uuid
-  name         = "<%= host_name %>"
+  name         = "<%= @host_name %>"
 
   <%= vm_attributes(['name', 'cluster_uuid']) %>
 

data/app/views/templates/provisioning/{ovirt_provision_host.erb → ovirt_provision_default.erb}

@@ -1,14 +1,10 @@
-#!/bin/bash
 <%#
-kind: script
-name: Ovirt provision - host
+kind: opentofu_script
+name: oVirt provision default
 model: ProvisioningTemplate
 description: |
-  nutanix opentofu script to create vm resource
+  oVirt OpenTofu script to create vm resource
 -%>
-<%-
-host_name = @cr_attrs['name'] || 'test'
-%>
 
 terraform {
   required_providers {
@@ -18,9 +14,10 @@ terraform {
   }
   <% if @use_backend %>
     backend "http" {
-      address        = "<%= Setting[:foreman_url] %>/api/v2/tf_states/<%= host_name %>"
-      username       = "admin"
-      password       = "changeme"
+      address        = "<%= Setting[:foreman_url] %>/api/v2/tf_states/<%= @host_name %>"
+      headers = {
+        Authorization = "Token <%= @token %>"
+      }
     }
   <% end %>
 }
@@ -36,7 +33,7 @@ data "ovirt_blank_template" "blank" {
 }
 
 resource "ovirt_vm" "vm" {
-  name        = "<%= host_name %>"
+  name        = "<%= @host_name %>"
   cluster_id  = "2ad616ea-4b66-11f0-964d-901b0ecbd584"
   template_id = data.ovirt_blank_template.blank.id
   cpu_cores   = <%= @cr_attrs['cpu_cores'] || 1 %>
@@ -47,7 +44,7 @@ resource "ovirt_vm" "vm" {
   memory_ballooning = <%= @cr_attrs['memory_ballooning'] || false %>
 }
 resource "ovirt_vm" "vm" {
-  name        = "<%= host_name %>"
+  name        = "<%= @host_name %>"
   cluster_id  = "2ad616ea-4b66-11f0-964d-901b0ecbd584"
   template_id = data.ovirt_blank_template.blank.id
   <%= "cpu_cores = #{@cr_attrs['cpu_cores'] || 1}" %>

data/db/migrate/20260127160904_add_table_token.foreman_opentofu.rb

@@ -0,0 +1,10 @@
+class AddTableToken < ActiveRecord::Migration[7.0]
+  def change
+    create_table :foreman_opentofu_tokens do |t|
+      t.column :name, :string, limit: 255, index: true
+      t.column :token, :string, limit: 512, index: true
+      t.column :expire, :datetime
+      t.timestamps
+    end
+  end
+end

data/db/seeds.d/71_provisioning_templates.rb

@@ -2,8 +2,16 @@
 
 User.as_anonymous_admin do
   ProvisioningTemplate.without_auditing do
+    # Create TemplateKind
+    Foreman::Plugin.find(:foreman_opentofu).get_template_labels.keys.map(&:to_sym).each do |type|
+      kind ||= TemplateKind.unscoped.find_or_create_by(name: type)
+      # kind.description = TemplateKind.default_template_descriptions[kind.name]
+      kind.save!
+    end
+
     SeedHelper.import_templates(
-      Dir[File.join("#{ForemanOpentofu::Engine.root}/app/views/templates/provisioning/**/*.erb")]
+      Dir[File.join("#{ForemanOpentofu::Engine.root}/app/views/templates/provisioning/**/*.erb")],
+      'ForemanOpentofu'
     )
   end
 end

data/lib/foreman_opentofu/engine.rb

@@ -22,32 +22,16 @@ module ForemanOpentofu
           # Add Global files for extending foreman-core components and routes
           # Register Nutanix compute resource in foreman
           compute_resource ForemanOpentofu::Tofu
+
+          template_labels 'opentofu_script' => N_('OpenTofu Script template')
+
           settings do
             category :opentofu, N_('Opentofu') do
-              templates = lambda {
-                Hash[ProvisioningTemplate.where(template_kind: TemplateKind.where(name: 'script')).map do |temp|
-                       [temp[:name], temp[:name]]
-                     end ]
-              }
-
-              setting 'provision_nutanix_host_template',
-                type: :string,
-                collection: templates,
-                default: 'Nutanix provision - host',
-                full_name: N_('Nutanix Host provision template'),
-                description: N_('Opentofu script template to use for Nutanix based host provisioning')
-              setting 'provision_ovirt_host_template',
-                type: :string,
-                collection: templates,
-                default: 'Ovirt provision - host',
-                full_name: N_('Ovirt Host provision template'),
-                description: N_('Opentofu script template to use for Ovirt based host provisioning')
-              setting 'provision_vsphere_host_template',
-                type: :string,
-                collection: templates,
-                default: 'Vsphere provision - host',
-                full_name: N_('Vsphere Host provision template'),
-                description: N_('Opentofu script template to use for Vsphere based host provisioning')
+              setting 'tfstate_token_timeout',
+                type: :integer,
+                default: 600,
+                full_name: N_('TfState Token Timeout'),
+                description: N_('Number of seconds a run of Opentofu command is allowed to report tf-state back to the plugin.')
             end
           end
         end

data/lib/foreman_opentofu/version.rb

@@ -1,3 +1,3 @@
 module ForemanOpentofu
-  VERSION = '0.0.1'.freeze
+  VERSION = '0.0.2'.freeze
 end

data/lib/tasks/foreman_opentofu_tasks.rake

@@ -7,8 +7,8 @@ namespace :foreman_opentofu do
     # details are handled in .rubocop.yml
     task.patterns = [ForemanOpentofu::Engine.root.to_s]
   end
-rescue LoadError => e
-  raise e unless Rails.env.production?
+rescue LoadError
+  # Rubocop not loaded
 end
 
 # Tests

data/locale/en/foreman_opentofu.po

@@ -1,19 +1,54 @@
-# foreman_opentofu
-#
-# This file is distributed under the same license as foreman_opentofu.
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the foreman_opentofu package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
 #
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: version 0.0.1\n"
+"Project-Id-Version: foreman_opentofu 1.0.0\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2014-08-20 08:46+0100\n"
-"PO-Revision-Date: 2014-08-20 08:54+0100\n"
-"Last-Translator: Foreman Team <foreman-dev@googlegroups.com>\n"
-"Language-Team: Foreman Team <foreman-dev@googlegroups.com>\n"
+"PO-Revision-Date: 2026-02-16 18:46+0000\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
 "Language: \n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n"
+
+msgid "127.0.0.1"
+msgstr ""
+
+msgid "Common fields"
+msgstr ""
+
+msgid "OpenTofu Provider"
+msgstr ""
+
+msgid "OpenTofu Script template"
+msgstr ""
+
+msgid "OpenTofu Template"
+msgstr ""
+
+msgid "Storage"
+msgstr ""
+
+msgid "TODO: Description of ForemanPluginTemplate."
+msgstr ""
+
+msgid "URL"
+msgstr ""
+
+msgid "Unable to find template specified by %s setting"
+msgstr ""
+
+msgid "Unable to render provisioning template"
+msgstr ""
 
+msgid "VM Config"
+msgstr ""
+
+msgid "e.g. admin"
+msgstr ""

data/locale/foreman_opentofu.pot

@@ -1,19 +1,67 @@
-# foreman_opentofu
-#
-# This file is distributed under the same license as foreman_opentofu.
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the foreman_opentofu package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
 #
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: version 0.0.1\n"
+"Project-Id-Version: foreman_opentofu 1.0.0\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2014-08-20 08:46+0100\n"
-"PO-Revision-Date: 2014-08-20 08:46+0100\n"
-"Last-Translator: Foreman Team <foreman-dev@googlegroups.com>\n"
-"Language-Team: Foreman Team <foreman-dev@googlegroups.com>\n"
+"POT-Creation-Date: 2026-02-16 18:46+0000\n"
+"PO-Revision-Date: 2026-02-16 18:46+0000\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
 "Language: \n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n"
 
+#: ../app/services/foreman_opentofu/opentofu_executer.rb:53
+msgid "Unable to render provisioning template"
+msgstr ""
+
+#: ../app/services/foreman_opentofu/opentofu_executer.rb:62
+msgid "Unable to find template specified by %s setting"
+msgstr ""
+
+#: ../app/views/compute_resources/form/_tofu.html.erb:1
+msgid "Common fields"
+msgstr ""
+
+#: ../app/views/compute_resources/form/_tofu.html.erb:4
+msgid "127.0.0.1"
+msgstr ""
+
+#: ../app/views/compute_resources/form/_tofu.html.erb:5
+msgid "e.g. admin"
+msgstr ""
+
+#: ../app/views/compute_resources/show/_tofu.html.erb:2
+msgid "OpenTofu Provider"
+msgstr ""
+
+#: ../app/views/compute_resources/show/_tofu.html.erb:6
+msgid "OpenTofu Template"
+msgstr ""
+
+#: ../app/views/compute_resources/show/_tofu.html.erb:10
+msgid "URL"
+msgstr ""
+
+#: ../app/views/compute_resources_vms/form/tofu/_base.html.erb:5
+msgid "VM Config"
+msgstr ""
+
+#: ../app/views/compute_resources_vms/form/tofu/_base.html.erb:9
+msgid "Storage"
+msgstr ""
+
+#: ../lib/foreman_opentofu/engine.rb:26
+msgid "OpenTofu Script template"
+msgstr ""
+
+#: gemspec.rb:2
+msgid "TODO: Description of ForemanPluginTemplate."
+msgstr ""

data/test/controllers/api/v2/tf_states_controller_test.rb

@@ -6,9 +6,14 @@ module Api
       setup do
         @tf_one = FactoryBot.create(:tf_state)
         @tf_two = FactoryBot.create(:tf_state)
+        @token_one = FactoryBot.create(:foreman_opentofu_token, name: @tf_one.name)
+        @token_two = FactoryBot.create(:foreman_opentofu_token, name: @tf_two.name)
+        @authorization_one = ActionController::HttpAuthentication::Token.encode_credentials(@token_one.token)
+        @authorization_two = ActionController::HttpAuthentication::Token.encode_credentials(@token_two.token)
       end
 
       test 'should show tf_state when present' do
+        request.headers['HTTP_AUTHORIZATION'] = @authorization_one
         get :show, params: { name: @tf_one.name }
 
         assert_response :success
@@ -18,19 +23,34 @@ module Api
         assert_equal 'bar', body['foo']
       end
 
-      test 'should return 404 when tf_state is missing' do
+      test 'should return 401 when tf_state is missing' do
+        request.headers['HTTP_AUTHORIZATION'] = @authorization_one
         get :show, params: { name: 'missing-vm' }
 
-        assert_response :not_found
-        assert_equal '', @response.body
+        assert_response :unauthorized
+      end
+
+      test 'should return 401 when token expired' do
+        @token_one.expire = Time.current - 3600
+        @token_one.save!
+
+        assert @token_one.expired?
+
+        get :show, params: { name: @tf_one.name }
+
+        assert_response :unauthorized
+        assert_not_equal @tf_one.state, @response.body
       end
 
       test 'should create tf_state with valid json body' do
+        token = FactoryBot.create(:foreman_opentofu_token, name: 'new-vm')
+
         attrs = { hello: 'world' }
-        assert_difference('ForemanOpentofu::TfState.count', 1) do
-          @request.env['CONTENT_TYPE'] = 'application/json'
-          post :create, params: { name: 'new-vm' }, body: attrs.to_json
-        end
+        request.headers['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Token.encode_credentials(token.token)
+        @request.env['CONTENT_TYPE'] = 'application/json'
+        post :create,
+          params: { name: 'new-vm' },
+          body: attrs.to_json
 
         assert_response :success
 
@@ -40,7 +60,10 @@ module Api
       end
 
       test 'should update tf_state when already exists' do
-        post :create, params: { name: @tf_one.name }, body: { updated: true }.to_json
+        request.headers['HTTP_AUTHORIZATION'] = @authorization_one
+        post :create,
+          params: { name: @tf_one.name },
+          body: { updated: true }.to_json
 
         assert_response :success
 
@@ -49,6 +72,7 @@ module Api
 
       test 'should destroy tf_state when present' do
         assert_difference('ForemanOpentofu::TfState.count', -1) do
+          request.headers['HTTP_AUTHORIZATION'] = @authorization_two
           delete :destroy, params: { name: @tf_two.name }
         end
 
@@ -57,6 +81,7 @@ module Api
 
       test 'should return ok when destroying missing tf_state' do
         assert_no_difference('ForemanOpentofu::TfState.count') do
+          request.headers['HTTP_AUTHORIZATION'] = @authorization_two
           delete :destroy, params: { name: 'missing-vm' }
         end
 

data/test/factories/token.rb

@@ -0,0 +1,10 @@
+FactoryBot.define do
+  factory :foreman_opentofu_token, class: 'ForemanOpentofu::Token' do
+    sequence(:name) { |n| "vm-#{n}" }
+    sequence(:token) { |n| "secret#{n}" }
+    expire { Time.current + 3600 }
+    trait :expired do
+      expire { Time.current - 3600 }
+    end
+  end
+end

data/test/models/foreman_opentofu/tofu_test.rb

@@ -0,0 +1,46 @@
+require 'test_helper'
+
+class TofuTest < ActiveSupport::TestCase
+  # FIXME: be more generic!
+  let(:subject) { FactoryBot.create :opentofu_nutanix_cr }
+
+  should validate_presence_of :provider
+  should validate_presence_of :url
+  should validate_presence_of :user
+  should validate_presence_of :password
+  should delegate_method(:available_attributes).to(:tofu_provider)
+
+  test 'validates provider is Tofu' do
+    subject.provider = 'Unknown'
+    assert_not subject.valid?
+
+    subject.provider = 'Tofu'
+    assert subject.valid?
+  end
+
+  test 'responds to opentofu_template' do
+    assert_respond_to subject, :opentofu_template
+  end
+
+  test 'not assigned template returns nil' do
+    assert_not_include subject.attrs, :opentofu_template_id
+
+    assert_nil subject.opentofu_template
+  end
+
+  test 'has tofu-template' do
+    template = FactoryBot.create(:provisioning_template) # , template_kind: FactoryBot.create(:template_kind, name: 'opentofu_script'))
+    subject.opentofu_template_id = template.id
+
+    assert_equal template, subject.opentofu_template
+  end
+
+  test 'has tofu provider' do
+    assert_instance_of Symbol, subject.opentofu_provider
+    assert_instance_of ForemanOpentofu::ProviderType, subject.tofu_provider
+  end
+
+  test 'delegates available_attributes to opentofu-provider' do
+    assert_equal subject.tofu_provider.available_attributes, subject.available_attributes
+  end
+end

data/test/models/foreman_opentofu/token_test.rb

@@ -0,0 +1,36 @@
+require 'test_helper'
+
+class TokenTest < ActiveSupport::TestCase
+  let(:subject) { FactoryBot.create(:foreman_opentofu_token, :expired) }
+
+  should validate_presence_of :name
+
+  test 'expires' do
+    assert subject.expired?
+
+    subject.expire = nil
+    assert subject.expired?
+
+    subject.expire = ''
+    assert subject.expired?
+
+    subject.expire = Time.zone.now
+    assert subject.expired?
+  end
+
+  test 'generates new token' do
+    old_token = subject.token
+
+    subject.generate
+    assert_not_equal old_token, subject.token
+    assert_not_empty subject.token
+
+    subject.save!
+    assert_not_equal old_token, subject.reload.token
+  end
+
+  test 'generates valid token' do
+    subject.generate
+    assert_not subject.expired?
+  end
+end

data/test/services/foreman_opentofu/provider_type_test.rb

@@ -0,0 +1,68 @@
+module ForemanOpentofu
+  class ProviderTypeTest < ActiveSupport::TestCase
+    # FIXME: use a non-existing ProviderType and stub the CR_ATTRS instead
+    let(:provider_type) { ProviderType.new('nutanix') }
+
+    test 'has name' do
+      assert_not_empty provider_type.name
+    end
+
+    test 'has attributes' do
+      assert provider_type.attributes?
+    end
+
+    test 'finds all attributes' do
+      attributes = provider_type.attributes
+
+      assert_not_empty attributes
+      assert_not_empty(attributes.select { |a| a['group'] == 'vm' })
+      assert_not_empty(attributes.select { |a| a['group'] == 'nic' })
+      assert_not_empty(attributes.select { |a| a['group'] == 'disk' })
+    end
+
+    test 'finds group attributes' do
+      attributes = provider_type.attributes('vm')
+
+      assert_not_empty attributes
+      assert_not_empty(attributes.select { |a| a['group'] == 'vm' })
+      assert_empty(attributes.select { |a| a['group'] == 'nic' })
+      assert_empty(attributes.select { |a| a['group'] == 'disk' })
+    end
+
+    test 'has available_attributes' do
+      attr_hash = provider_type.available_attributes
+
+      assert_instance_of Hash, attr_hash
+      assert_include attr_hash.keys, 'num_sockets'
+      assert_equal 'num_sockets', attr_hash['num_sockets']['name']
+    end
+
+    test 'no available_attributes raises' do
+      provider_type.expects(:attributes?).returns(false)
+
+      assert_raises(RuntimeError) do
+        provider_type.available_attributes
+      end
+    end
+
+    test 'no default_attributes returns nil' do
+      assert_nil provider_type.default_attributes
+    end
+
+    test 'returns default_attributes, if any' do
+      def_attr = {
+        'server_type' => 'cx23',
+        'image' => 'debian-13',
+      }
+
+      provider_type.instance_eval do
+        @default_attributes = def_attr
+      end
+
+      assert_not_nil provider_type.default_attributes
+      assert_instance_of Hash, provider_type.default_attributes
+      assert_not_empty provider_type.default_attributes
+      assert_equal def_attr, provider_type.default_attributes
+    end
+  end
+end

data/test/services/opentofu_executer_test.rb

@@ -7,7 +7,7 @@ module ForemanOpentofu
       @cr_attrs = { 'name' => 'vm-1' }
       @executor = OpentofuExecuter.new(@compute_resource, @cr_attrs)
 
-      @template = FactoryBot.create(:provisioning_template, name: Setting[:provision_nutanix_host_template])
+      @template = FactoryBot.create(:provisioning_template, name: 'Nutanix test script')
       @executor.stubs(:provision_template).returns(@template)
 
       @app_mock = mock('AppWrapper')

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: foreman_opentofu
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
 platform: ruby
 authors:
 - ATIX-AG
 bindir: bin
 cert_chain: []
-date: 2026-02-06 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: deface
@@ -33,6 +33,7 @@ files:
 - LICENSE
 - README.md
 - Rakefile
+- app/assets/javascripts/foreman_opentofu/locale/en/foreman_opentofu.js
 - app/controllers/api/v2/tf_states_controller.rb
 - app/controllers/concerns/foreman_opentofu/compute_resources_vms_controller.rb
 - app/controllers/concerns/foreman_opentofu/controller/parameters/compute_resource.rb
@@ -42,6 +43,7 @@ files:
 - app/models/foreman_opentofu/opentofu_vm_commands.rb
 - app/models/foreman_opentofu/tf_state.rb
 - app/models/foreman_opentofu/tofu.rb
+- app/models/foreman_opentofu/token.rb
 - app/overrides/compute_resources/remove_virtual_machines_tab.rb
 - app/services/foreman_opentofu/app_wrapper.rb
 - app/services/foreman_opentofu/compute_fetcher.rb
@@ -54,13 +56,14 @@ files:
 - app/views/compute_resources_vms/form/tofu/_dynamic_attrs.html.erb
 - app/views/compute_resources_vms/form/tofu/_network.html.erb
 - app/views/compute_resources_vms/index/_tofu.html.erb
-- app/views/templates/provisioning/nutanix_provision_host.erb
-- app/views/templates/provisioning/ovirt_provision_host.erb
+- app/views/templates/provisioning/nutanix_provision_default.erb
+- app/views/templates/provisioning/ovirt_provision_default.erb
 - config/initializers/compute_attrs.rb
 - config/nutanix.json
 - config/ovirt.json
 - config/routes.rb
 - db/migrate/20250625192757_create_tf_state.foreman_opentofu.rb
+- db/migrate/20260127160904_add_table_token.foreman_opentofu.rb
 - db/seeds.d/71_provisioning_templates.rb
 - lib/foreman_opentofu.rb
 - lib/foreman_opentofu/engine.rb
@@ -70,6 +73,7 @@ files:
 - lib/foreman_opentofu/version.rb
 - lib/tasks/foreman_opentofu_tasks.rake
 - locale/Makefile
+- locale/en/LC_MESSAGES/foreman_opentofu.mo
 - locale/en/foreman_opentofu.po
 - locale/foreman_opentofu.pot
 - locale/gemspec.rb
@@ -77,9 +81,13 @@ files:
 - test/factories/compute_resources.rb
 - test/factories/foreman_opentofu_factories.rb
 - test/factories/tf_state_factories.rb
+- test/factories/token.rb
 - test/models/foreman_opentofu/opentofu_vm_commands_test.rb
+- test/models/foreman_opentofu/tofu_test.rb
+- test/models/foreman_opentofu/token_test.rb
 - test/models/foreman_opentofu_test.rb
 - test/services/app_wrapper_test.rb
+- test/services/foreman_opentofu/provider_type_test.rb
 - test/services/opentofu_executer_test.rb
 - test/test_plugin_helper.rb
 homepage: https://github.com/ATIX-AG/foreman_opentofu
@@ -104,7 +112,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.3
+rubygems_version: 4.0.3
 specification_version: 4
 summary: Plugin to provision host using opentofu
 test_files:
@@ -112,8 +120,12 @@ test_files:
 - test/factories/compute_resources.rb
 - test/factories/foreman_opentofu_factories.rb
 - test/factories/tf_state_factories.rb
+- test/factories/token.rb
 - test/models/foreman_opentofu/opentofu_vm_commands_test.rb
+- test/models/foreman_opentofu/tofu_test.rb
+- test/models/foreman_opentofu/token_test.rb
 - test/models/foreman_opentofu_test.rb
 - test/services/app_wrapper_test.rb
+- test/services/foreman_opentofu/provider_type_test.rb
 - test/services/opentofu_executer_test.rb
 - test/test_plugin_helper.rb