RubyGems - foreman_opentofu - Versions diffs - 0.0.3 → 0.0.4 - Mend

foreman_opentofu 0.0.3 → 0.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (33) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ccfa3742aa9fe09edc20f685bf1a65f0f32aa34603572812fd250f64f84c7f60
-  data.tar.gz: 632627c1dbecb3da3282fa29085647263f588eb99753db33d2f2ada53b57680c
+  metadata.gz: e3f7d22aa8036489bd3356eff61fb54608d15c1ced729e2a592257e3383213a5
+  data.tar.gz: 3a7272bc1b5e4a36974b859362d18209d3cbc36293e00c9722a2c6991bdcd0ee
 SHA512:
-  metadata.gz: 1858acdfd4b8e7e32dd3c91765ca1e5e6921da70b8754842e1fa8284bb9b1ceb23b5abb7b22320218d6326167f821d032071915458155545e19ace88dfadd996
-  data.tar.gz: a9f29bd6e263acb43c2a692ed848a71b99c61dce3fb3b64a9ebd7597bceae0280f8b93879b2e5b89a6a8a2244f9cfd5644fdfdc20444353fc962211def091591
+  metadata.gz: 7efbc5b6168046cac8b716864636ac9f16acd32b229e017ff876d93cde3aecf3ff4e94572e09407ecf2e3de6462592efd46e4bcacf49285c765aceba4e32787b
+  data.tar.gz: f7b2493f8dcca6913ab2167f9cb529610d0e9c91240d43ea324503b24352fa5b0cb774b8ffee4f1cf76791e38ef9440c90ad0bfdbe8390b3b62fa1d4d09d38f5

data/README.md CHANGED Viewed

@@ -1,20 +1,50 @@
 [![Ruby Tests](https://github.com/ATIX-AG/foreman_opentofu/actions/workflows/ruby.yml/badge.svg)](https://github.com/ATIX-AG/foreman_opentofu/actions/workflows/ruby.yml)
-# ForemanOpenTOFU
+# Foreman OpenTofu
-[Foreman](http://theforeman.org/) plugin that adds that adds a generic openTOFU-based compute resource, enabling host provisioning through openTOFU scripts instead of provider-specific SDK integrations such as fog-vsphere.
+[Foreman](http://theforeman.org/) plugin that adds that adds a generic OpenTofu-based compute resource, enabling host provisioning through OpenTofu scripts instead of provider-specific SDK integrations such as fog-vsphere.
-This plugin introduces a new provisioning model where Foreman remains responsible for host lifecycle and orchestration, while openTOFU handles infrastructure creation using its provider ecosystem.
+This plugin introduces a new provisioning model where Foreman remains responsible for host lifecycle and orchestration, while OpenTofu handles infrastructure creation using its provider ecosystem.
 The plugin is designed to be easily extendable and can support multiple infrastructure platforms (for example Nutanix, Hetzner) without requiring a dedicated Foreman compute resource plugin per provider.
 ## Installation
+Install the rubygem as usual or use the RPM/Deb package for your distribution.
+If you use the rubygem, make sure to create the folllowing directory and set the correct permissions:
+```shell
+mkdir -p /var/lib/foreman-opentofu
+mkdir -p /var/lib/foreman-opentofu/plugin-cache
+mkdir -p /var/lib/foreman-opentofu/tmp
+chown -R foreman:foreman /var/lib/foreman-opentofu
+chmod 755 /var/lib/foreman-opentofu
+chmod 755 /var/lib/foreman-opentofu/plugin-cache
+chmod 700 /var/lib/foreman-opentofu/tmp
+```
+## SELinux
+If you have installed the rubygem manually, you need to set the correct SELinux context for the plugin to work properly.
+Re-use the selinux directives defined in the selinux directory of the plugin.
+```shell
+cd selinux
+make clean && make all
+mkdir -p /usr/share/selinux/targeted/
+install -m 0600 foreman_opentofu.pp /usr/share/selinux/targeted/
+/usr/sbin/semodule -i /usr/share/selinux/targeted/foreman_opentofu.pp
+/sbin/restorecon -ri /var/lib/foreman-opentofu/
+```
 ## Usage
-Create a openTofu compute resource and set:
-  * Provider: openTofu
-  * Opentofu Provider: Select desired hypervisor supported by openTofu plugin
+Create a OpenTofu compute resource and set:
+  * Provider: OpenTofu
+  * OpenTofu Provider: Select desired hypervisor supported by OpenTofu plugin
   * URL: Hypervisor specific URL
@@ -22,17 +52,17 @@ Then add all necessary information to the form.
 Provisioning workflow:
- * Create a host in Foreman using the openTOFU based compute resource
+ * Create a host in Foreman using the OpenTofu based compute resource
  * Foreman passes host parameters to the plugin
- * The plugin renders and executes openTOFU plans
+ * The plugin renders and executes OpenTofu plans
- * openTOFU provisions the infrastructure
+ * OpenTofu provisions the infrastructure
  * Foreman continues with OS provisioning and configuration
-Provider-specific details (for example Nutanix, Hetzner) are handled entirely through openTOFU scripts.
+Provider-specific details (for example Nutanix, Hetzner) are handled entirely through OpenTofu scripts.
 ### Create new ProviderType
@@ -94,7 +124,7 @@ The name of the file must be the same as the provider-type name we set in the ne
 Sometimes it is necessary to provide a list of possible values that are defined by the backend-service.
 Curating the 'options'-Array is tedious at best or not possible if multiple instances of the backend service are in use.
-This can be addressed by specifiying an OpenTofu-Provider's [DataSource](https://opentofu.org/docs/language/data-sources/) in the following way:
+This can be addressed by specifiying an OpenTofu provider's [DataSource](https://opentofu.org/docs/language/data-sources/) in the following way:
 ```json
 {
@@ -192,7 +222,7 @@ end
 > See [Foreman dev setup](https://github.com/theforeman/foreman/blob/develop/developer_docs/foreman_dev_setup.asciidoc)
-* You need a openTOFU installed on your machine.
+* You need a OpenTofu installed on your machine.
 * You need ruby 2.7. You can install it with [asdf-vm](https://asdf-vm.com).
 ### Platform
@@ -226,7 +256,7 @@ bundle install
 RAILS_ENV=development bundle exec bin/rake permissions:reset password=changeme
 ```
-* In foreman_openTofu source directory, check code syntax with rubocop and foreman rules:
+* In the `foreman_opentofu` directory, check code syntax with rubocop and foreman rules:
 ```shell
 bundle exec rubocop

data/app/lib/foreman_opentofu/concerns/base_template_scope_extensions.rb CHANGED Viewed

@@ -92,6 +92,41 @@ module ForemanOpentofu
           ''
         end
       end
+      def build_disks
+        disks = @cr_attrs['volumes'].presence || @cr_attrs['volumes_attributes'].presence || @compute_resource.default_volumes
+        disks = [disks] if disks.is_a?(Hash)
+        disks.each_with_index.map do |disk, index|
+          data = @compute_resource.render_disk(disk, self, index)
+          render_provider_data(data)
+        end.join("\n")
+      end
+      def build_nics
+        nics = @cr_attrs['interfaces'].presence || @cr_attrs['interfaces_attributes'].presence || @compute_resource.default_interfaces
+        nics = normalize_interfaces(nics).map do |nic|
+          nic.respond_to?(:with_indifferent_access) ? nic.with_indifferent_access[:compute_attributes].presence || nic : nic
+        end
+        nics.each_with_index.map do |nic, index|
+          data = @compute_resource.render_nic(nic, self, index)
+          render_provider_data(data)
+        end.join("\n")
+      end
+      private
+      def render_provider_data(data)
+        if data.is_a?(Hash) && data[:resource].present?
+          resource = data[:resource]
+          block_to_hcl(['resource', resource[:type], resource[:name]], resource[:content], depth: 0)
+        elsif data.is_a?(Hash) && data.size == 1 && data.values.first.is_a?(Hash)
+          block_name, block_content = data.first
+          block_to_hcl([block_name.to_s], block_content, depth: 1)
+        else
+          to_hcl(data, snippet: true)
+        end
+      end
     end
   end
 end

data/app/models/concerns/foreman_opentofu/vm_command_collection_normalization.rb ADDED Viewed

@@ -0,0 +1,22 @@
+module ForemanOpentofu
+  module VMCommandCollectionNormalization
+    private
+    def normalize_vm_args_collections!(args)
+      [:volumes, :interfaces].each do |collection|
+        raw = args.delete(:"#{collection}_attributes") || args[collection]
+        next if raw.nil?
+        args[collection] = normalize_collection_input(collection, raw)
+      end
+    end
+    def normalize_collection_input(collection, value)
+      return nested_attributes_for(collection, value) if value.is_a?(Hash) || value.is_a?(ActionController::Parameters)
+      Array(value).map do |entry|
+        entry.respond_to?(:deep_symbolize_keys) ? entry.deep_symbolize_keys : entry
+      end
+    end
+  end
+end

data/app/models/foreman_opentofu/opentofu_vm_commands.rb CHANGED Viewed

@@ -1,5 +1,7 @@
 module ForemanOpentofu
   module OpentofuVMCommands
+    include ForemanOpentofu::VMCommandCollectionNormalization
     def find_vm_by_uuid(uuid)
       vm_command_errors('find vm') do
         tf_state = ForemanOpentofu::TfState.find_by(uuid: uuid)
@@ -10,16 +12,19 @@ module ForemanOpentofu
     def new_vm(args = {})
       vm_command_errors('new vm') do
-        args = default_attributes.merge(args)
+        args = default_attributes.merge(args).to_h.symbolize_keys
+        normalize_vm_args_collections!(args)
         executor = client(args)
         data = executor.run_new
-        OpenStruct.new(data['resource_changes'].first['change']['after'])
+        attrs = data['resource_changes'].first['change']['after'] || {}
+        OpenStruct.new(attrs)
       end
     end
     def create_vm(args = {})
       vm_command_errors('create vm') do
-        args = default_attributes.merge(args)
+        args = default_attributes.merge(args).to_h.symbolize_keys
+        normalize_vm_args_collections!(args)
         executor = client(args)
         output = executor.run_create
         ComputeVM.new(self, output)
@@ -50,6 +55,8 @@ module ForemanOpentofu
       raise StandardError, "VM with UUID #{uuid} does not exist" unless tf_state
       vm_command_errors('update vm') do
         attrs = attrs.empty? ? {} : attrs.first
+        attrs = attrs.to_h.symbolize_keys
+        normalize_vm_args_collections!(attrs)
         data = client({ 'name' => tf_state.name }.merge(attrs)).run_create
         ComputeVM.new(self, data)
       end

data/app/models/foreman_opentofu/tofu.rb CHANGED Viewed

@@ -27,7 +27,7 @@ module ForemanOpentofu
     # alias_attribute :username, :user
     # alias_attribute :endpoint, :url
-    delegate :available_attributes, :capabilities, to: :tofu_provider
+    delegate :available_attributes, :capabilities, :render_disk, :render_nic, to: :tofu_provider
     def available_images
       # make sure available_images can use this CR, e.g. for requesting data_source
@@ -90,12 +90,20 @@ module ForemanOpentofu
       ProviderTypeManager.find(opentofu_provider)
     end
-    def new_interface
-      { compute_attributes: {} }
+    def new_interface(attr = {})
+      OpenStruct.new(attr)
     end
-    def new_volume
-      { compute_attributes: {} }
+    def new_volume(attr = {})
+      OpenStruct.new(attr.merge({}))
+    end
+    def default_volumes
+      tofu_provider&.default_volumes || {}
+    end
+    def default_interfaces
+      tofu_provider&.default_interfaces || {}
     end
     def editable_network_interfaces?

data/app/overrides/compute_resources_vms/tofu_indexed_networks_fields.rb ADDED Viewed

@@ -0,0 +1,7 @@
+Deface::Override.new(
+  virtual_path: 'compute_resources_vms/form/_networks',
+  name: 'tofu_indexed_networks_fields',
+  replace_contents: 'div.children_fields',
+  partial: 'foreman_opentofu/compute_resources_vms/indexed_networks_fields',
+  namespaced: true
+)

data/app/overrides/compute_resources_vms/tofu_indexed_volumes_fields.rb ADDED Viewed

@@ -0,0 +1,8 @@
+Deface::Override.new(
+  virtual_path: 'compute_resources_vms/form/_volumes',
+  name: 'tofu_indexed_volumes_fields',
+  replace_contents: 'div.children_fields',
+  partial: 'foreman_opentofu/compute_resources_vms/indexed_volumes_fields',
+  original: '7d0607bbae4c5123e89fff9968e2740a3d0eb323',
+  namespaced: true
+)

data/app/services/foreman_opentofu/app_wrapper.rb CHANGED Viewed

@@ -100,10 +100,24 @@ module ForemanOpentofu
       cmd.map { |item| "'#{item}'" }.append('2>&1').join(' ')
     end
-    def envvars
+    def common_envvars
+      {
+        'TF_PLUGIN_CACHE_DIR' => ForemanOpentofu::OPENTOFU_PLUGIN_CACHE_PATH,
+        'TEMPDIR' => ForemanOpentofu::OPENTOFU_TMP_PATH,
+        'TMPDIR' => ForemanOpentofu::OPENTOFU_TMP_PATH,
+        'TMP' => ForemanOpentofu::OPENTOFU_TMP_PATH,
+        'TEMP' => ForemanOpentofu::OPENTOFU_TMP_PATH,
+      }
+    end
+    def terraform_envvars
       @variables.transform_keys { |variable| "TF_VAR_#{variable}" }
     end
+    def envvars
+      common_envvars.merge(terraform_envvars)
+    end
     def execute(cmd)
       output = nil
       # quote cmdline parameters and add stderr to stdout

data/app/services/foreman_opentofu/opentofu_executer.rb CHANGED Viewed

@@ -6,13 +6,13 @@ module ForemanOpentofu
     def initialize(compute_resource, args = {})
       @compute_resource = compute_resource
-      @cr_attrs = args.to_h
+      @cr_attrs = args.to_h.with_indifferent_access
       @resource = @cr_attrs['resource']
       @host_name = @cr_attrs['name'] || 'test'
     end
     def run(mode = '')
-      Dir.mktmpdir('opentofu_') do |dir|
+      Dir.mktmpdir('opentofu_', ForemanOpentofu::OPENTOFU_TMP_PATH) do |dir|
         # FIXME: integrate the user_data-file into AppWrapper!
         if @cr_attrs['user_data']
           @user_data_filename = File.join(dir, 'userdata')
@@ -21,9 +21,9 @@ module ForemanOpentofu
           end
         end
         tofu = AppWrapper.new(dir, variables: {
-          username: @compute_resource['user'],
-          password: @compute_resource['password'],
-          endpoint: @compute_resource['url'],
+          username: @compute_resource.user,
+          password: @compute_resource.password,
+          endpoint: @compute_resource.url,
         })
         @use_backend = %w[create destroy output].include?(mode)
         @token = create_token(@host_name) if @use_backend

data/app/services/foreman_opentofu/provider_type.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 module ForemanOpentofu
   class ProviderType
     attr_reader :id, :name, :default_attributes
-    attr_accessor :capabilities
+    attr_accessor :capabilities, :disk_renderer, :nic_renderer
     def initialize(id)
       @id = id.to_sym
@@ -70,5 +70,15 @@ module ForemanOpentofu
       #       on image-based deployment we usually only get IPv4/6-address
       { mac: :mac }
     end
+    def render_disk(disk, context, *args)
+      return '' unless disk_renderer
+      context.instance_exec(disk, *args, &disk_renderer)
+    end
+    def render_nic(nic, context, *args)
+      return '' unless nic_renderer
+      context.instance_exec(nic, *args, &nic_renderer)
+    end
   end
 end

data/app/views/compute_resources_vms/form/tofu/_base.html.erb CHANGED Viewed

@@ -1,14 +1,9 @@
 <% provider = compute_resource.tofu_provider %>
 <% if provider.attributes.present? %>
   <% vm_attrs   = provider.attributes('vm') %>
-  <% disk_attrs = provider.attributes('disk') %>
   <%= field_set_tag _("VM Config") do %>
     <%= render :partial => provider_partial(compute_resource, "dynamic_attrs"), :locals => { f: f, attrs: vm_attrs, compute_resource: compute_resource } %>
   <% end %>
-  <%= field_set_tag _("Storage") do %>
-    <%= render :partial => provider_partial(compute_resource, "dynamic_attrs"), :locals => { f: f, attrs: disk_attrs, compute_resource: compute_resource } %>
-  <% end %>
 <% end %>
 <%

data/app/views/compute_resources_vms/form/tofu/_volume.html.erb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ <%= render :partial => provider_partial(compute_resource, "dynamic_attrs"), :locals => { f: f, attrs: compute_resource.tofu_provider.attributes('disk'), compute_resource: compute_resource } %>
2	+

data/app/views/foreman_opentofu/compute_resources_vms/_indexed_networks_fields.html.erb ADDED Viewed

@@ -0,0 +1,47 @@
+<% if compute_resource.is_a?(ForemanOpentofu::Tofu) %>
+  <div class="<%= compute_resource.interfaces_attrs_name %>_fields_template form_template" style="display: none;">
+    <%= fields_for "#{f.object_name}[#{compute_resource.interfaces_attrs_name}][new_#{compute_resource.interfaces_attrs_name}]", compute_resource.new_interface do |i| %>
+      <%= render :partial => provider_partial(compute_resource, 'network'),
+                 :locals => { :f => i, :compute_resource => compute_resource, :new_host => new_host, :new_vm => new_vm, :remove_title => _('remove network interface'), :selected_cluster => selected_cluster },
+                 :layout => 'compute_resources_vms/form/deletable_layout' %>
+    <% end %>
+  </div>
+  <%= field_set_tag _("Network interfaces"), :id => "network_interfaces" do %>
+    <% if compute_resource.editable_network_interfaces? %>
+      <%= render :partial => 'foreman_opentofu/compute_resources_vms/form/tofu/interfaces_fields',
+                 :locals => { :f => f, :compute_resource => compute_resource, :new_host => new_host, :new_vm => new_vm, :item_layout => item_layout, :selected_cluster => selected_cluster } %>
+      <% if new_vm %>
+        <%= add_child_link '+ ' + _("Add Interface"), compute_resource.interfaces_attrs_name, { :class => "info", :title => _('add new network interface') } %>
+      <% end %>
+    <% else %>
+      <div class="col-md-12">
+        <%= _('No networks found.') %>
+      </div>
+    <% end %>
+  <% end %>
+<% else %>
+  <%= new_child_fields_template(f, compute_resource.interfaces_attrs_name, {
+      :object => compute_resource.new_interface,
+      :partial => provider_partial(compute_resource, 'network'),
+      :form_builder_attrs => { :compute_resource => compute_resource, :new_host => new_host, :new_vm => new_vm, :remove_title => _('remove network interface') },
+      :layout => 'compute_resources_vms/form/deletable_layout' }) %>
+  <%= field_set_tag _("Network interfaces"), :id => "network_interfaces" do %>
+    <% if compute_resource.editable_network_interfaces? %>
+      <%= f.fields_for compute_resource.interfaces_attrs_name do |i| %>
+        <%= render :partial => provider_partial(compute_resource, 'network'),
+            :locals => { :f => i, :compute_resource => compute_resource, :new_host => new_host, :new_vm => new_vm, :remove_title => _('remove network interface'), :selected_cluster => selected_cluster },
+            :layout => 'compute_resources_vms/form/deletable_layout' %>
+      <% end %>
+      <% if new_vm %>
+        <%= add_child_link '+ ' + _("Add Interface"), compute_resource.interfaces_attrs_name, { :class => "info", :title => _('add new network interface') } %>
+      <% end %>
+    <% else %>
+      <div class="col-md-12">
+        <%= _('No networks found.') %>
+      </div>
+    <% end %>
+  <% end %>
+<% end %>

data/app/views/foreman_opentofu/compute_resources_vms/_indexed_volumes_fields.html.erb ADDED Viewed

@@ -0,0 +1,30 @@
+<% if compute_resource.is_a?(ForemanOpentofu::Tofu) %>
+  <div class="volumes_fields_template form_template" style="display: none;">
+    <%= fields_for "#{f.object_name}[volumes][new_volumes]", volume do |i| %>
+      <%= render :partial => provider_partial(compute_resource, 'volume'),
+                 :locals => { :f => i, :compute_resource => compute_resource, :new_host => new_vm, :new_vm => new_vm, :remove_title => _('remove storage volume') },
+                 :layout => "compute_resources_vms/form/#{item_layout}_layout" %>
+    <% end %>
+  </div>
+  <%= render :partial => 'foreman_opentofu/compute_resources_vms/form/tofu/volumes_fields',
+             :locals => { :f => f, :compute_resource => compute_resource, :new_host => new_vm, :new_vm => new_vm, :item_layout => item_layout } %>
+  <% if new_vm %>
+    <%= add_child_link '+ ' + _("Add Volume"), :volumes, { :class => "info", :title => _('add new storage volume') } %>
+  <% end %>
+<% else %>
+  <%= new_child_fields_template(f, :volumes, {
+      :object  => volume,
+      :partial => provider_partial(compute_resource, 'volume'),
+      :form_builder_attrs => { :compute_resource => compute_resource, :new_host => new_vm, :new_vm => new_vm, :remove_title => _('remove storage volume') },
+      :layout => "compute_resources_vms/form/#{item_layout}_layout" }) %>
+  <%= f.fields_for :volumes do |i| %>
+    <%= render :partial => provider_partial(compute_resource, 'volume'), :locals => { :f => i, :compute_resource => compute_resource, :new_host => new_vm, :new_vm => new_vm, :remove_title => _('remove storage volume') }, :layout => "compute_resources_vms/form/#{item_layout}_layout" %>
+  <% end %>
+  <% if new_vm %>
+    <%= add_child_link '+ ' + _("Add Volume"), :volumes, { :class => "info", :title => _('add new storage volume') } %>
+  <% end %>
+<% end %>

data/app/views/foreman_opentofu/compute_resources_vms/form/tofu/_interfaces_fields.html.erb ADDED Viewed

@@ -0,0 +1,12 @@
+<%
+  association = compute_resource.interfaces_attrs_name
+  interfaces = Array.wrap(f.object.public_send(association))
+  interfaces = [compute_resource.new_interface].compact if interfaces.empty?
+%>
+<% interfaces.each_with_index do |interface_obj, idx| %>
+  <%= fields_for "#{f.object_name}[#{association}][#{idx}]", interface_obj do |i| %>
+    <%= render :partial => provider_partial(compute_resource, 'network'),
+               :locals => { :f => i, :compute_resource => compute_resource, :new_host => new_host, :new_vm => new_vm, :remove_title => _('remove network interface'), :selected_cluster => selected_cluster },
+               :layout => "compute_resources_vms/form/#{item_layout}_layout" %>
+  <% end %>
+<% end %>

data/app/views/foreman_opentofu/compute_resources_vms/form/tofu/_volumes_fields.html.erb ADDED Viewed

@@ -0,0 +1,11 @@
+<%
+  volumes = Array.wrap(f.object.volumes)
+  volumes = [compute_resource.new_volume].compact if volumes.empty?
+%>
+<% volumes.each_with_index do |volume_obj, idx| %>
+  <%= fields_for "#{f.object_name}[volumes][#{idx}]", volume_obj do |i| %>
+    <%= render :partial => provider_partial(compute_resource, 'volume'),
+               :locals => { :f => i, :compute_resource => compute_resource, :new_host => new_host, :new_vm => new_vm, :remove_title => _('remove storage volume') },
+               :layout => "compute_resources_vms/form/#{item_layout}_layout" %>
+  <% end %>
+<% end %>

data/app/views/templates/provisioning/hetzner_provision_host.erb CHANGED Viewed

@@ -39,6 +39,8 @@ resource "hcloud_server" "node1" {
   }
 }
+<%= build_disks %>
 output "vm_attrs" {
   value = {
       identity = hcloud_server.node1.id

data/app/views/templates/provisioning/nutanix_provision_default.erb CHANGED Viewed

@@ -32,10 +32,11 @@ resource "nutanix_virtual_machine" "vm" {
   name         = "<%= @host_name %>"
   <%= vm_attributes(['name']) %>
+  <%= build_nics %>
+  <%= build_disks %>
   <%- if @cr_attrs['image_id'].present? %>
   <%- if @cr_attrs['user_data'].present? %>
-  guest_customization_cloud_init_user_data = base64encode("<%= @cr_attrs['user_data']) %>")
+  guest_customization_cloud_init_user_data = base64encode("<%= @cr_attrs['user_data'] %>")
   <%- end %>
   disk_list {
     data_source_reference = {

data/lib/foreman_opentofu/provider_types/hetzner.rb CHANGED Viewed

@@ -5,6 +5,10 @@ require "#{ForemanOpentofu::Engine.root}/app/services/foreman_opentofu/provider_
 ForemanOpentofu::ProviderTypeManager.register('hetzner') do
   @capabilities = [:image]
+  def default_volumes
+    { name: 'volume1', size: 50, automount: true, format: 'ext4' }
+  end
   def provided_attributes
     {
       ip: :vm_ip_address,
@@ -51,6 +55,14 @@ ForemanOpentofu::ProviderTypeManager.register('hetzner') do
         },
         output_path_postfix: 'networks',
       } },
+    { name: 'name', type: 'string', group: 'disk', mandatory: true,
+      label: 'Volume Name' },
+    { name: 'size', type: 'number', group: 'disk', mandatory: true,
+      label: 'Size (GB)' },
+    { name: 'automount', type: 'bool', group: 'disk', mandatory: false,
+      label: 'Automount' },
+    { name: 'format', type: 'select', group: 'disk', mandatory: false,
+      label: 'Format', options: %w[ext4 xfs] },
     { name: 'available_images', type: 'select',
       label: 'Base-OS-Image', options: {
         data_source: {
@@ -63,4 +75,24 @@ ForemanOpentofu::ProviderTypeManager.register('hetzner') do
         output_path_postfix: 'images',
       } },
   ]
+  self.disk_renderer = proc do |disk, index = 0|
+    disk = disk.with_indifferent_access
+    volume_name = disk[:name].presence || "volume#{index + 1}"
+    volume_data = {
+      name: volume_name,
+      size: disk[:size].presence || 50,
+      server_id: :"hcloud_server.node1.id",
+    }
+    volume_data[:automount] = Foreman::Cast.to_bool(disk[:automount]) unless disk[:automount].nil?
+    volume_data[:format] = disk[:format] if disk[:format].present?
+    {
+      resource: {
+        type: 'hcloud_volume',
+        name: "volume#{index + 1}",
+        content: volume_data,
+      },
+    }
+  end
 end

data/lib/foreman_opentofu/provider_types/nutanix.rb CHANGED Viewed

@@ -51,4 +51,30 @@ ForemanOpentofu::ProviderTypeManager.register('nutanix') do
     { "name": 'subnet_uuid', "type": 'select', "group": 'nic', "mandatory": true,
       "label": 'Subnet', "options": { "data_source": { "name": 'nutanix_subnets' }, "output_path_postfix": 'entities', "entity": { "id": 'metadata.uuid' } } },
   ]
+  self.disk_renderer = proc do |disk|
+    {
+      disk_list: {
+        disk_size_mib: disk[:size_gb] * 1024,
+        storage_config: {
+          storage_container_reference: {
+            kind: 'storage_container',
+            uuid: disk[:container_uuid],
+          },
+        },
+      },
+    }
+  end
+  self.nic_renderer = proc do |nic|
+    {
+      nic_list: {
+        subnet_reference: {
+          kind: 'subnet',
+          uuid: nic[:subnet_uuid],
+        },
+        nic_type: nic[:type] || 'NORMAL_NIC',
+      },
+    }
+  end
 end

data/lib/foreman_opentofu/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module ForemanOpentofu
-  VERSION = '0.0.3'.freeze
+  VERSION = '0.0.4'.freeze
 end

data/lib/foreman_opentofu.rb CHANGED Viewed

@@ -3,4 +3,8 @@ require 'deface'
 module ForemanOpentofu
   require 'foreman_opentofu/version'
   require 'foreman_opentofu/engine'
+  OPENTOFU_MAIN_PATH = '/var/lib/foreman-opentofu'.freeze
+  OPENTOFU_TMP_PATH = File.join(OPENTOFU_MAIN_PATH, 'tmp').freeze
+  OPENTOFU_PLUGIN_CACHE_PATH = File.join(OPENTOFU_MAIN_PATH, 'plugin-cache').freeze
 end

data/selinux/Makefile ADDED Viewed

@@ -0,0 +1,22 @@
+# installation paths
+SHAREDIR := /usr/share/selinux
+AWK ?= gawk
+NAME ?= $(strip $(shell $(AWK) -F= '/^SELINUXTYPE/{ print $$2 }' /etc/selinux/config))
+ifeq ($(MLSENABLED),)
+	MLSENABLED := 1
+endif
+ifeq ($(MLSENABLED),1)
+	NTYPE = mcs
+endif
+ifeq ($(NAME),mls)
+	NTYPE = mls
+endif
+TYPE ?= $(NTYPE)
+HEADERDIR := $(SHAREDIR)/devel/include
+include $(HEADERDIR)/Makefile

data/selinux/foreman_opentofu.fc ADDED Viewed

@@ -0,0 +1,3 @@
+/var/lib/foreman-opentofu$                                 gen_context(system_u:object_r:foreman_opentofu_base_t,s0)
+/var/lib/foreman-opentofu/plugin-cache(/.*)?               gen_context(system_u:object_r:foreman_opentofu_cache_t,s0)
+/var/lib/foreman-opentofu/tmp(/.*)?                        gen_context(system_u:object_r:foreman_opentofu_work_t,s0)

data/selinux/foreman_opentofu.if ADDED Viewed

File without changes

data/selinux/foreman_opentofu.te ADDED Viewed

@@ -0,0 +1,93 @@
+policy_module(foreman_opentofu, 1.0)
+############################################################
+# Custom file types used only for the
+# dedicated OpenTofu workspace under:
+#   /var/lib/foreman-opentofu
+############################################################
+# Base directory: /var/lib/foreman-opentofu
+type foreman_opentofu_base_t;
+files_type(foreman_opentofu_base_t)
+# Provider/plugin cache: /var/lib/foreman-opentofu/plugin-cache
+type foreman_opentofu_cache_t;
+files_type(foreman_opentofu_cache_t)
+# Temporary work tree: /var/lib/foreman-opentofu/tmp
+type foreman_opentofu_work_t;
+files_type(foreman_opentofu_work_t)
+require {
+    type foreman_rails_t;
+    type cgroup_t;
+    type sysctl_net_t;
+    # Directory operations needed for creating/removing OpenTofu work/cache directories.
+    class dir { add_name create getattr open read remove_name rmdir search write };
+    # File operations needed
+    class file { append create execute execute_no_trans getattr ioctl lock map open read rename setattr unlink write };
+    # Symlink handling inside cache/work trees.
+    class lnk_file { create getattr read unlink };
+    # Unix socket files created in the controlled tmp tree for tofu <-> provider communication.
+    class sock_file { create getattr open read write unlink };
+    # Required so tofu can connect to the provider plugin over a local unix stream socket.
+    class unix_stream_socket connectto;
+}
+############################################################
+# Exact system lookups observed in AVCs
+############################################################
+# tofu inspects /sys/fs/cgroup during init/plan
+allow foreman_rails_t cgroup_t:dir search;
+# provider inspects /proc/sys/net and reads sysctl files
+allow foreman_rails_t sysctl_net_t:dir search;
+allow foreman_rails_t sysctl_net_t:file { getattr open read };
+# tofu connects to the provider through a local unix socket
+allow foreman_rails_t self:unix_stream_socket connectto;
+############################################################
+# Base directory: /var/lib/foreman-opentofu
+############################################################
+# Allow tofu to traverse the base dir and create child
+# entries directly below it, such as plugin-cache/tmp.
+allow foreman_rails_t foreman_opentofu_base_t:dir { create search getattr open read write add_name };
+############################################################
+# Plugin cache: /var/lib/foreman-opentofu/plugin-cache
+############################################################
+# Allow creating and managing cache subdirectories.
+allow foreman_rails_t foreman_opentofu_cache_t:dir { create search getattr open read write add_name remove_name };
+# Allow downloading providers, adjusting permissions,
+# locking .lock files, and executing provider binaries
+# directly from the cache tree.
+allow foreman_rails_t foreman_opentofu_cache_t:file { create getattr open read write append rename unlink execute execute_no_trans map ioctl lock setattr };
+# Allow minimal symlink handling inside the cache tree.
+allow foreman_rails_t foreman_opentofu_cache_t:lnk_file { create getattr read unlink };
+############################################################
+# Work tree: /var/lib/foreman-opentofu/tmp
+############################################################
+# Allow creating/removing per-run temporary directories.
+allow foreman_rails_t foreman_opentofu_work_t:dir { create search getattr open read write add_name remove_name rmdir };
+# Allow creating and managing files in the work tree.
+allow foreman_rails_t foreman_opentofu_work_t:file { create getattr open read write append rename unlink execute execute_no_trans map ioctl lock setattr };
+# Allow minimal symlink handling in the work tree.
+allow foreman_rails_t foreman_opentofu_work_t:lnk_file { create getattr read unlink };
+# Allow creating local unix socket files in the controlled tmp tree
+allow foreman_rails_t foreman_opentofu_work_t:sock_file { create getattr open read write unlink };

data/test/lib/foreman_opentofu/concerns/base_template_scope_extensions_test.rb CHANGED Viewed

@@ -106,5 +106,32 @@ module ForemanOpentofu
       assert_not_empty block
       assert_snapshot self, 'vm_attributes', block
     end
+    test 'build_disks renders provider-defined resource snippets' do
+      cr = FactoryBot.create(:opentofu_nutanix_cr)
+      cr.stubs(:default_volumes).returns([])
+      cr.stubs(:render_disk).with({ 'size' => 50 }, anything, 0).returns(
+        {
+          resource: {
+            type: 'hcloud_volume',
+            name: 'volume1',
+            content: { size: 50, server_id: :'hcloud_server.node1.id' },
+          },
+        }
+      )
+      source = ::Foreman::Renderer::Source::String.new(
+        name: 'Parameter',
+        content: '<%= build_disks %>'
+      )
+      scope = ::Foreman::Renderer.get_scope(variables: {
+        cr_attrs: { 'volumes' => [{ 'size' => 50 }] },
+        compute_resource: cr,
+      })
+      block = ::Foreman::Renderer.render(source, scope)
+      assert_includes block, 'resource "hcloud_volume" "volume1"'
+      assert_includes block, 'size = 50'
+      assert_includes block, 'server_id = hcloud_server.node1.id'
+    end
   end
 end

data/test/models/foreman_opentofu/opentofu_vm_commands_test.rb CHANGED Viewed

@@ -44,6 +44,33 @@ module ForemanOpentofu
       assert_instance_of ComputeVM, vm
     end
+    test '#create_vm normalizes indexed volume and interface hashes before client call' do
+      captured_args = nil
+      @nutanix_cr.stubs(:client).with do |args|
+        captured_args = args
+        true
+      end.returns(@executor)
+      @executor.stubs(:run_create).returns({ 'id' => 'vm1' })
+      @nutanix_cr.create_vm(
+        'name' => 'vm1',
+        'volumes' => {
+          '0' => { 'size' => '13', 'label' => 'disk0' },
+        },
+        'interfaces_attributes' => {
+          '0' => { 'network_id' => 'net-1', 'adapter_type' => 'vmxnet3' },
+        }
+      )
+      assert_kind_of Array, captured_args[:volumes]
+      assert_equal '13', captured_args[:volumes][0][:size]
+      assert_equal 'disk0', captured_args[:volumes][0][:label]
+      assert_kind_of Array, captured_args[:interfaces]
+      assert_equal 'net-1', captured_args[:interfaces][0][:network_id]
+      assert_equal 'vmxnet3', captured_args[:interfaces][0][:adapter_type]
+    end
     test '#create_vm wraps exceptions' do
       @executor.stubs(:run_create).raises(StandardError.new('boom'))

data/test/services/app_wrapper_test.rb CHANGED Viewed

@@ -49,10 +49,22 @@ module ForemanOpentofu
     test 'variables specified as envvars' do
       envvars = app_wrapper.send(:envvars)
-      assert_empty(envvars.keys.reject { |var| var.starts_with?('TF_VAR_') })
       assert_equal 'secret', envvars['TF_VAR_password']
     end
+    test 'terraform variables all start with TF_VAR_' do
+      terraform_envvars = app_wrapper.send(:terraform_envvars)
+      assert_empty(terraform_envvars.keys.reject { |var| var.starts_with?('TF_VAR_') })
+    end
+    test 'common variables as envvars' do
+      envvars = app_wrapper.send(:envvars)
+      assert_equal ForemanOpentofu::OPENTOFU_PLUGIN_CACHE_PATH, envvars['TF_PLUGIN_CACHE_DIR']
+      %w[TEMPDIR TMPDIR TMP TEMP].each do |var|
+        assert_equal ForemanOpentofu::OPENTOFU_TMP_PATH, envvars[var]
+      end
+    end
     test 'create_variables_file()' do
       app_wrapper.create_variables_file
       expected = "variable \"user\" {\n  type = string\n  sensitive = false\n}"

data/test/services/foreman_opentofu/provider_type_test.rb CHANGED Viewed

@@ -156,5 +156,18 @@ module ForemanOpentofu
     test 'provided_attributes()' do
       assert_instance_of Hash, provider_type.provided_attributes
     end
+    test 'hetzner renders disk as hcloud_volume resource data' do
+      hetzner = ProviderTypeManager.find('hetzner')
+      rendered = hetzner.render_disk({ size: 50, format: 'ext4', automount: true }, nil, 0)
+      assert_equal 'hcloud_volume', rendered.dig(:resource, :type)
+      assert_equal 'volume1', rendered.dig(:resource, :name)
+      assert_equal 50, rendered.dig(:resource, :content, :size)
+      assert_equal :'hcloud_server.node1.id', rendered.dig(:resource, :content, :server_id)
+      assert rendered.dig(:resource, :content, :automount)
+      assert_equal 'ext4', rendered.dig(:resource, :content, :format)
+    end
   end
 end

data/test/services/opentofu_executer_test.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 require 'test_helper'
+require 'minitest/stub_const'
 module ForemanOpentofu
   class OpentofuExecuterTest < ActiveSupport::TestCase
@@ -23,58 +24,80 @@ module ForemanOpentofu
       @app_mock.stubs(:output).with('vm_attrs').returns('identity' => 'uuid-1')
     end
+    # Could not add this stub in setup as it would then try to automatically run
+    # remove_const to remove the stub_const afterwards and this method does not exist
+    def stub_opentofu_tmp_dir(&block)
+      ForemanOpentofu.stub_const(:OPENTOFU_TMP_PATH, '/tmp/', &block)
+    end
     test '#run create updates tf_state and returns attrs' do
-      tf_state = FactoryBot.create(:tf_state, name: 'vm-1')
-      result = @executor.run_create
-      tf_state.reload
-      assert_equal tf_state.uuid, result['identity']
-      assert_not_nil tf_state.uuid, 'tf_state UUID should be set'
+      stub_opentofu_tmp_dir do
+        tf_state = FactoryBot.create(:tf_state, name: 'vm-1')
+        result = @executor.run_create
+        tf_state.reload
+        assert_equal tf_state.uuid, result['identity']
+        assert_not_nil tf_state.uuid, 'tf_state UUID should be set'
+      end
     end
     test '#run output returns vm_attrs' do
-      result = @executor.run_output
-      assert_equal 'uuid-1', result['identity']
+      stub_opentofu_tmp_dir do
+        result = @executor.run_output
+        assert_equal 'uuid-1', result['identity']
+      end
     end
     test '#run destroy calls destroy' do
-      @executor.run_destroy
-      assert_nil ForemanOpentofu::TfState.find_by(uuid: 'uuid-1')
+      stub_opentofu_tmp_dir do
+        @executor.run_destroy
+        assert_nil ForemanOpentofu::TfState.find_by(uuid: 'uuid-1')
+      end
     end
     test '#run new calls plan and show_plan' do
-      @app_mock.expects(:plan)
-      @app_mock.expects(:show_plan)
-      @executor.run_new
+      stub_opentofu_tmp_dir do
+        @app_mock.expects(:plan)
+        @app_mock.expects(:show_plan)
+        @executor.run_new
+      end
     end
     test '#run test_connection only plans' do
-      @app_mock.expects(:plan)
-      @executor.run_test_connection
+      stub_opentofu_tmp_dir do
+        @app_mock.expects(:plan)
+        @executor.run_test_connection
+      end
     end
     test '#run creates user_data file' do
-      executor = OpentofuExecuter.new(@compute_resource, { 'user_data' => 'HelloWorld' })
-      executor.expects(:render_template)
-      file_mock = Minitest::Mock.new
-      file_mock.expect(:write, nil, ['HelloWorld'])
-      File.stub(:open, [], file_mock) do
-        executor.run do |_tofu|
+      stub_opentofu_tmp_dir do
+        executor = OpentofuExecuter.new(@compute_resource, { 'user_data' => 'HelloWorld' })
+        executor.expects(:render_template)
+        file_mock = Minitest::Mock.new
+        file_mock.expect(:write, nil, ['HelloWorld'])
+        File.stub(:open, [], file_mock) do
+          executor.run do |_tofu|
+          end
         end
+        file_mock.verify
       end
-      file_mock.verify
     end
     test '#render_template raises exception if nil returned' do
-      Foreman::Renderer::UnsafeModeRenderer.stubs(:render).returns(nil)
-      assert_raises(Foreman::Exception) { @executor.send(:render_template, 'create') }
+      stub_opentofu_tmp_dir do
+        Foreman::Renderer::UnsafeModeRenderer.stubs(:render).returns(nil)
+        assert_raises(Foreman::Exception) { @executor.send(:render_template, 'create') }
+      end
     end
     test 'render_template with resource' do
-      executor = OpentofuExecuter.new(@compute_resource, { 'resource' => { name: 'datasource_name1', options: {} } })
-      executor.stubs(:provision_template).returns(@template)
+      stub_opentofu_tmp_dir do
+        executor = OpentofuExecuter.new(@compute_resource, { 'resource' => { name: 'datasource_name1', options: {} } })
+        executor.stubs(:provision_template).returns(@template)
-      @app_mock.expects(:output).with('resources')
-      executor.run_fetch
+        @app_mock.expects(:output).with('resources')
+        executor.run_fetch
+      end
     end
   end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: foreman_opentofu
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.4
 platform: ruby
 authors:
 - ATIX-AG
@@ -40,6 +40,7 @@ files:
 - app/lib/foreman_opentofu/concerns/base_template_scope_extensions.rb
 - app/lib/foreman_opentofu/hcl_format.rb
 - app/lib/foreman_opentofu/nic_helpers.rb
+- app/models/concerns/foreman_opentofu/vm_command_collection_normalization.rb
 - app/models/concerns/orchestration/tofu/compute.rb
 - app/models/foreman_opentofu/compute_vm.rb
 - app/models/foreman_opentofu/opentofu_vm_commands.rb
@@ -47,6 +48,8 @@ files:
 - app/models/foreman_opentofu/tofu.rb
 - app/models/foreman_opentofu/token.rb
 - app/overrides/compute_resources/remove_virtual_machines_tab.rb
+- app/overrides/compute_resources_vms/tofu_indexed_networks_fields.rb
+- app/overrides/compute_resources_vms/tofu_indexed_volumes_fields.rb
 - app/services/foreman_opentofu/app_wrapper.rb
 - app/services/foreman_opentofu/opentofu_executer.rb
 - app/services/foreman_opentofu/provider_type.rb
@@ -57,7 +60,12 @@ files:
 - app/views/compute_resources_vms/form/tofu/_base.html.erb
 - app/views/compute_resources_vms/form/tofu/_dynamic_attrs.html.erb
 - app/views/compute_resources_vms/form/tofu/_network.html.erb
+- app/views/compute_resources_vms/form/tofu/_volume.html.erb
 - app/views/compute_resources_vms/index/_tofu.html.erb
+- app/views/foreman_opentofu/compute_resources_vms/_indexed_networks_fields.html.erb
+- app/views/foreman_opentofu/compute_resources_vms/_indexed_volumes_fields.html.erb
+- app/views/foreman_opentofu/compute_resources_vms/form/tofu/_interfaces_fields.html.erb
+- app/views/foreman_opentofu/compute_resources_vms/form/tofu/_volumes_fields.html.erb
 - app/views/images/form/_tofu.html.erb
 - app/views/templates/provisioning/hetzner_provision_host.erb
 - app/views/templates/provisioning/nutanix_provision_default.erb
@@ -79,6 +87,10 @@ files:
 - locale/en/foreman_opentofu.po
 - locale/foreman_opentofu.pot
 - locale/gemspec.rb
+- selinux/Makefile
+- selinux/foreman_opentofu.fc
+- selinux/foreman_opentofu.if
+- selinux/foreman_opentofu.te
 - test/controllers/api/v2/tf_states_controller_test.rb
 - test/factories/compute_resources.rb
 - test/factories/foreman_opentofu_factories.rb