With OpenTofu exclusive features making such an early debut, is the intention to remain a superset of upstream Terraform functionality and spec, or allow OpenTofu to diverge and move in its own direction? Will you aim to stick to compatibility with Terraform providers/modules?
Is the potential impact of community fragmentation on your mind as many commercial users who don’t care about open source ideology stick to the tried-and-true Hashicorp Terraform?
Is there any intention to try and supplement the tooling around the core product to provide an answer to features like Terraform Cloud dashboard, sentinel policies and other things companies may want out of the product outside of the command line tool itself?
> With OpenTofu exclusive features making such an early debut, is the intention to remain a superset of upstream Terraform functionality and spec, or allow OpenTofu to diverge and move in its own direction?
The intention is to let it diverge. There will surely be some amount of shared new features, but we're generally going our own way.
> Will you aim to stick to compatibility with Terraform providers/modules?
Yes.
Regarding providers, we might introduce some kind of superset protocol for providers at some point, for tofu-exclusive functionality, but we'll make sure to design it in a way where providers keep working with both Terraform and OpenTofu.
Regarding modules, this one will be more tricky, as there might be Terraform languages features that aren't supported in OpenTofu and vice-versa. We have a proposal[0] to tackle this, and enable module authors to easily create modules with support for both, even when using some exclusive features of any one of them.
> Is the potential impact of community fragmentation on your mind as many commercial users who don’t care about open source ideology stick to the tried-and-true Hashicorp Terraform?
We've talked to a lot of people, and we've met many who see the license changes as a risk for them, while OpenTofu, with its open-source nature, is the less-risky choice in their eyes. That includes large enterprises.
> Is there any intention to try and supplement the tooling around the core product to provide an answer to features like Terraform Cloud dashboard, sentinel policies and other things companies may want out of the product outside of the command line tool itself?
That's mostly covered by the companies sponsoring OpenTofu's development: Spacelift (I work here), env0, Scalr, Harness, Gruntworks.
We're definitely open to collaborating on a single project under the Linux Foundation's governance. However, I believe that it will still take some time until that acquisition is finalized, the announcement said "until end of 2024" iirc.
Yes, that's mostly covered by the companies sponsoring OpenTofu's development: Spacelift[0] (I work here), env0[1], Scalr[2], Harness[3], Gruntworks[4].
None of these are a replacement of Terraform Cloud (recently rebranded to HCP Terraform). For example, when you create a PR, it could affect multiple workspaces. The new experimental version of TFC/TFE (I refuse to call it HCP!) implements Stacks, which is something like a workflow, and links one workspace output to other workspace inputs. None of the open-source solutions, including the paid Digger [0], support this - only the paid one, such as Spacelift [1] (which is the closest to TFC if you ask me). Having a monorepo of Terraform is a common design pattern, so, if I change an embedded module, it could trigger changes it many workspaces. As far as I know, Atlantis [2] can't really help in this case.
By the way, the reason I singled-out Spacelift is due to its quality, and the great Terraform provider it has. Scalr [3], for example, has a really low-quality Terraform provider. I extensively use the hashicorp/tfe provider to manage TFC itself.
Hey Nikolay, thanks for sharing your experience with Scalr. When did you last evaluate the provider? afaik it covers everything, but perhaps we missed something?
I admit I haven't tried it yet, but based on the description, provider-defined functions makes me nervous. It's easy to picture it as yet another tool for people with bad taste to create a horrible, impure monstrosity (people love to do this with terraform already by wrapping it).
I'm very excited for state encryption though! Wondering how safe it is to check an encrypted state file into a public GitHub repo.
OpenTofu is a fork of the code past 1.5.0, so for anything below that, it's basically a drop-in replacement. For versions past 1.6.0 it's still easy[0].
There was also a cool blog post by Masterpoint about migrating over a pretty large setup, with a high degree of complexity, successfully[1].
The technical lead has an answer here [0] about this concern. It may not answer all your worries, but it's definitely something they're aware of and planning for.
Yes, but these are two features that have been widely requested and the PR's languishing for years because they competed with Hashicorp's cloud offering.
OpenTofu 1.7.0 is now officially out, with a couple of great features, including the first tofu-exclusives, which I know many have been asking for.
Happy to answer any questions you may have!