Use OpenTofu to have single .tfvars files for each environment, rather than nested modules
#1247
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… local backend This makes it harder to do the wrong thing. With this change, we avoid a potential footgun when developers use `terraform init` instead of `terraform init -backend-config=dev.s3.tfbackend`. This isn't a functional change because we were already using encryption on everything in our state buckets.
Docs needed to be updated either way. I know we've done some bikeshedding on the directory name before. I didn't previously care whether it was called terraform/, iac/, terraform-iac/ or anything else. Nowadays, I have a tiny reason to prefer the name terraform/: it plays nicely with automatic folder icons. The other options don't.
Swap setup-terraform for setup-opentofu and start using the tofu binary instead of terraform, which should be a drop-in replacement. I didn't want to muck with all the directory names, etc., yet.
This is possible in the newest OpenTofu version, v1.8.0-alpha1, and in fact it's the motivation for migrating. While I was at it, I updated some provider versions that I apparently downgraded by accident while rebasing this branch back onto `dev`. Refs: https://opentofu.org/blog/help-us-test-opentofu-1-8-0-alpha1/#early-variablelocals-evaluation
GaryGSC
commented
Jun 25, 2024
GaryGSC
commented
Jun 25, 2024
This comment was marked as resolved.
This comment was marked as resolved.
Terraform Plan:will create 60 resources:
will delete 59 resources:
|
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
GaryGSC
commented
Jun 25, 2024
rhettjay
approved these changes
Jun 25, 2024
This was referenced Jul 5, 2024
Closed
|
We're waiting on a mainline release of OpenTofu 1.8.0 before merging this, BTW. |
Bumps [terraform-aws-modules/iam/aws](https://github.com/terraform-aws-modules/terraform-aws-iam) from 5.41.0 to 5.42.0. - [Release notes](https://github.com/terraform-aws-modules/terraform-aws-iam/releases) - [Changelog](https://github.com/terraform-aws-modules/terraform-aws-iam/blob/master/CHANGELOG.md) - [Commits](terraform-aws-modules/terraform-aws-iam@v5.41.0...v5.42.0) --- updated-dependencies: - dependency-name: terraform-aws-modules/iam/aws dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…ac/dev/setup/dev/terraform-aws-modules/iam/aws-5.42.0' into opentofu # Conflicts: # terraform-iac/dev/setup/.terraform.lock.hcl # terraform-iac/modules/setup/setup.tf
jvisker
pushed a commit
to byu-oit/tfvm
that referenced
this pull request
Aug 19, 2024
Add support for OpenTofu with the useOpenTofu flag in the tfvm config. This is because OIT will be adopting OpenTofu over Terraform byu-oit/hw-fargate-api#1247 and our internal tool seems to be better than alternatives, in my opinion. --------- Co-authored-by: tab518 <tylerablackham@gmail.com>
# Conflicts: # terraform-iac/modules/setup/setup.tf
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Intro
OpenTofu is a drop-in replacement for Terraform; just swap the
terraformbinary withtofu. There was a fork. Their feature sets are slowly diverging.One of the latest features in OpenTofu is the ability to use variables in backend configurations. This allows us to significantly DRY up our infrastructure code. I don't expect Terraform to implement this feature any time soon: making it easier to use alternative backends conflicts with Hashicorp's business model.
Why bother switching?
Usage
Install OpenTofu using your favorite version manager, navigate to the
terraform/appdirectory, and then run:aws sso logintofu init -var-file=dev.tfvarstofu plan -var-file=dev.tfvarsDiscussion
This has fewer footguns than before. Now that backends are configured via
.tfvars, if you runtofu init -var-file=dev.tfvarsand then accidentally use production variables later (tofu plan -var-file=prd.tfvars), Tofu will warn you that your backend configuration has changed and refuse to proceed. 🙂Now that we don't have
.tfvarsand.tfbackendfiles competing for autocompletion, typing commands is more ergonomic.tofu plan -var-file=d+ Tab autocompletes totofu plan -var-file=dev.tfvars. 🙂When running
tofu initwith a different environment from what's configured on your local machine, Tofu still prompts users to choose between-migrate-stateand-reconfigure. 😕I haven't bothered replacing the word "Terraform" with "Tofu" in all the places, yet.
This module restructuring clobbers the existing state, but I don't really want to fill up the template with a bunch of moved blocks.
Supersedes #980