Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Track the impact of HashiCorp license MPL -> BUSL #4156

Closed
stefanprodan opened this issue Aug 12, 2023 · 8 comments
Closed

Track the impact of HashiCorp license MPL -> BUSL #4156

stefanprodan opened this issue Aug 12, 2023 · 8 comments
Labels
dependencies Pull requests that update a dependency umbrella-issue Umbrella issue for tracking progress of a larger effort

Comments

@stefanprodan
Copy link
Member

stefanprodan commented Aug 12, 2023

This issue is for tracking the usage of HashiCorp Go packages and software products in the Flux project.
xref: cncf/foundation#617

License Evaluation

✅ All the HashiCorp Go packages imported by the Flux project are not affected by the license change as they remain on MPL.

⚠️ The HashiCorp software used in Flux end-to-end testing is affected, both Terraform and Vault are now under BUSL.

We need to decide what do to with the various end-to-end tests that rely on Terraform for infrastructure bootstrap. We've invested tremendous time in developing automated e2e and conformance tests for Flux 2.0 GA. I hope we can keep using Terraform internally as we don't ship any HashiCorp software with Flux, we only use this software in GitHub Actions Workflows. Update: Using Terraform for testing is acceptable.

CNCF License Exceptions

✅ The CNCF exceptions list does cover all the Go packages imported by the Flux CLI and Controllers.

⚠️ The Go packages imported by the Flux Terraform Provider & Test Infra are NOT in the exception list.

❓ We need to decide what do to with the Flux Terraform Provider, if CNCF doesn't add the Terraform Plugin SDK to the exceptions list we may be forced to stop offering an official Terraform Provider for Flux.

Update: License exception request for Terraform Provider SDK cncf/foundation#619

Usage

Go Packages

List of HashiCorp Go packages imported by the Flux project.

Flux CLI & Controllers

  • github.com/hashicorp/errwrap
  • github.com/hashicorp/go-cleanhttp
  • github.com/hashicorp/go-multierror
  • github.com/hashicorp/go-retryablehttp
  • github.com/hashicorp/go-rootcerts
  • github.com/hashicorp/go-secure-stdlib
  • github.com/hashicorp/go-sockaddr
  • github.com/hashicorp/golang-lru
  • github.com/hashicorp/hcl
  • github.com/hashicorp/vault/api

Flux Terraform Provider & Test Infra

  • github.com/hashicorp/terraform-plugin-docs
  • github.com/hashicorp/terraform-plugin-framework
  • github.com/hashicorp/terraform-plugin-framework-timeouts
  • github.com/hashicorp/terraform-plugin-framework-validators
  • github.com/hashicorp/terraform-plugin-go
  • github.com/hashicorp/terraform-plugin-log
  • github.com/hashicorp/terraform-plugin-sdk
  • github.com/hashicorp/terraform-plugin-testing
  • github.com/hashicorp/errwrap
  • github.com/hashicorp/go-checkpoint
  • github.com/hashicorp/go-cleanhttp
  • github.com/hashicorp/go-cty
  • github.com/hashicorp/go-hclog
  • github.com/hashicorp/go-multierror
  • github.com/hashicorp/go-plugin
  • github.com/hashicorp/go-retryablehttp
  • github.com/hashicorp/go-uuid
  • github.com/hashicorp/go-version
  • github.com/hashicorp/hc-install
  • github.com/hashicorp/hcl
  • github.com/hashicorp/logutils
  • github.com/hashicorp/terraform-exec
  • github.com/hashicorp/terraform-json
  • github.com/hashicorp/terraform-registry-address
  • github.com/hashicorp/terraform-svchost
  • github.com/hashicorp/yamux

Flagger Controller

Flagger does not import any Hashicorp packages.

Software

List of HashiCorp software used by the Flux Project.

Flux end-to-end testing

@stefanprodan stefanprodan added umbrella-issue Umbrella issue for tracking progress of a larger effort dependencies Pull requests that update a dependency labels Aug 12, 2023
@stefanprodan stefanprodan pinned this issue Aug 12, 2023
@stefanprodan
Copy link
Member Author

stefanprodan commented Aug 14, 2023

I've raised cncf/foundation#619 with CNCF, we'll need to wait for their answer before we make any decision about Flux Terraform Provider future.

@hiddeco
Copy link
Member

hiddeco commented Aug 14, 2023

When the next SOPS release is out, the kustomize-controller no longer has to (directly) depend on github.com/hashicorp/vault/api (or the Vault container in tests) due to the possibility of dropping the forked key service. Configuration of the authentication token is via a string (https://github.com/getsops/sops/blob/f2a1d4c7828893b19ea2a2271de2f5039b71ba5f/hcvault/keysource.go#L38-L44).

@timofurrer
Copy link
Contributor

❓ We need to decide what do to with the Flux Terraform Provider, if CNCF doesn't add the Terraform Plugin SDK to the exceptions list we may be forced to stop offering an official Terraform Provider for Flux.

@stefanprodan FWIW I think the Terraform Plugin SDK and Framework remain MLP licensed, see this information.

@stefanprodan
Copy link
Member Author

@timofurrer MLP is not an allowed license for CNCF projects, MLP packages must be added the the exception list see cncf/foundation#619

@timofurrer
Copy link
Contributor

@stefanprodan it always has been MLP though, right? I'm trying to understand what changes for the Flux Terraform provider to help make decisions for the once I maintain :)

@stefanprodan
Copy link
Member Author

Hopefully nothing changes and CNCF adds the SDK to the exception list. Worst case scenario, we move the provider repo to https://github.com/fluxcd-community which shouldn’t affect users as this provider is consumed from the Hashicorp’s registry.

@stefanprodan
Copy link
Member Author

We need to decide what do to with the various end-to-end tests that rely on Terraform for infrastructure bootstrap. We've invested tremendous time in developing automated e2e and conformance tests for Flux 2.0 GA. I hope we can keep using Terraform internally as we don't ship any HashiCorp software with Flux, we only use this software in GitHub Actions Workflows.

This has been solved, according to CNCF, only the runtime dependencies must comply with the accepted licenses.

@stefanprodan stefanprodan unpinned this issue Dec 12, 2023
@stefanprodan
Copy link
Member Author

The license exception request for Terraform Provider SDK has been granted cncf/foundation#619

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency umbrella-issue Umbrella issue for tracking progress of a larger effort
Projects
None yet
Development

No branches or pull requests

3 participants