5fa35c5601
This introduces the concept of "backend aliases", which are alternative names that can be used to refer to a given backend. Each backend type has one canonical name and zero or more alias names. The "backend" block in the root module can specify either a canonical backend type or an alias, but internally OpenTofu will always track the backend type using its canonical name. In particular, the following are all true when the configuration specifies an alias instead of a canonical backend type: - The "tofu init" output includes a brief extra message saying which backend type OpenTofu actually used, because that is the name that we'd prioritize in our documentation and so an operator can use the canonical type to find the relevant docs when needed. - The .terraform/terraform.tfstate file that tracks the working directory's currently-initialized backend settings always uses the canonical backend type, and so it's possible to freely switch between aliases and canonical without "tofu init" thinking that a state migration might be needed. - Plan files similarly use the canonical backend type to track which backend was active when the plan was created, which doesn't have any significant user-facing purpose, but is consistent with the previous point since the settings in the plan file effectively substitute for the .terraform/terraform.tfstate file when applying a saved plan. - The terraform_remote_state data source in the provider terraform.io/builtin/terraform accepts both canonical and alias in its backend type argument, treating both as equivalent for the purpose of fetching the state snapshot for the configured workspace. The primary motivation for this new facility is to allow the planned "oracle_oci" backend to have an alias "oci" to allow writing configurations that are cross-compatible with HashiCorp Terraform, since that software has chosen to have unqualified OCI mean Oracle's system, whereas OpenTofu has previously established that unqualified OCI means "Open Container Initiative" in our ecosystem. In particular, this design makes it possible in principle to bring an existing Terraform configuration specifying backend "oci" over to OpenTofu without modifications, and then to optionally switch it to specifying backend "oracle-oci" at a later time without a spurious prompt to migrate state snapshots to the same physical location where they are already stored. This commit doesn't actually introduce any aliases and therefore doesn't have any tests for the new mechanism because our backend system uses a global table that isn't friendly to mocking for testing purposes. I've tested this manually using a placeholder alias to have confidence that it works, and I expect that a subsequent commit introducing the new "oracle_oci" backend will also introduce its "oci" alias and will include tests that cover use of the alias and migration from the alias to the canonical name and vice-versa. Signed-off-by: Martin Atkins <mart@degeneration.co.uk> |
||
|---|---|---|
| .github | ||
| cmd/tofu | ||
| contributing | ||
| docs | ||
| internal | ||
| rfc | ||
| scripts | ||
| testing | ||
| tools | ||
| version | ||
| website | ||
| .copywrite.hcl | ||
| .devcontainer.json | ||
| .gitattributes | ||
| .gitignore | ||
| .go-version | ||
| .golangci.yml | ||
| .goreleaser.yaml | ||
| .licensei.toml | ||
| .tfdev | ||
| CHANGELOG.md | ||
| CHARTER.md | ||
| CODE_OF_CONDUCT.md | ||
| codecov.yml | ||
| CODEOWNERS | ||
| CONTRIBUTING.md | ||
| CONTRIBUTING.RELEASE.md | ||
| Dockerfile | ||
| Dockerfile.minimal | ||
| go.mod | ||
| go.sum | ||
| GOVERNANCE.md | ||
| LICENSE | ||
| MAINTAINERS.md | ||
| Makefile | ||
| README.md | ||
| RELEASE.md | ||
| SECURITY.md | ||
| tools.go | ||
| WEEKLY_UPDATES.md | ||
OpenTofu
OpenTofu is an OSS tool for building, changing, and versioning infrastructure safely and efficiently. OpenTofu can manage existing and popular service providers as well as custom in-house solutions.
The key features of OpenTofu are:
-
Infrastructure as Code: Infrastructure is described using a high-level configuration syntax. This allows a blueprint of your datacenter to be versioned and treated as you would any other code. Additionally, infrastructure can be shared and re-used.
-
Execution Plans: OpenTofu has a "planning" step where it generates an execution plan. The execution plan shows what OpenTofu will do when you call apply. This lets you avoid any surprises when OpenTofu manipulates infrastructure.
-
Resource Graph: OpenTofu builds a graph of all your resources, and parallelizes the creation and modification of any non-dependent resources. Because of this, OpenTofu builds infrastructure as efficiently as possible, and operators get insight into dependencies in their infrastructure.
-
Change Automation: Complex changesets can be applied to your infrastructure with minimal human interaction. With the previously mentioned execution plan and resource graph, you know exactly what OpenTofu will change and in what order, avoiding many possible human errors.
Getting help and contributing
- Have a question?
- Post it in GitHub Discussions
- Open a GitHub issue
- Join the OpenTofu Slack!
- Want to contribute?
- Please read the Contribution Guide.
- Recurring Events
- Community Meetings on Wednesdays at 12:30 UTC at this link: https://meet.google.com/xfm-cgms-has (📅 calendar link)
- Technical Steering Committee Meetings every other Tuesday at 4pm UTC at this link: https://meet.google.com/cry-houa-qbk (📅 calendar link)
Tip
For more OpenTofu events, subscribe to the OpenTofu Events Calendar!
Reporting security vulnerabilities
If you've found a vulnerability or a potential vulnerability in OpenTofu please follow Security Policy. We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively.
Reporting possible copyright issues
If you believe you have found any possible copyright or intellectual property issues, please contact liaison@opentofu.org. We'll send a confirmation email to acknowledge your report.
Registry Access
In an effort to comply with applicable sanctions, we block access from specific countries of origin.