It's Time to Switch to OpenTofu
8 comments
·January 22, 2025adamgordonbell
Or use code instead of HCL.
I joined Pulumi because I believe that using the abstraction and tooling that a proper language allows is the way to go, but anything that's not config: CDK, Bicep, TF CDK, etc – is to me a step in the right direction.
It's not that HCL is bad, and I get that it's dominant. It's just the same complaint I have with yaml and yaml templating: You will want something more than a config file at some point. Start today.
janalsncm
Yeah this was one of the things about terraform that I never liked. After spending all day writing my imperative code, I’m going to write some declarative JSON to deploy it? Why?
There’s a good discussion here: https://news.ycombinator.com/item?id=42663231
taeric
What is HCL?
Comparing to yalm and such, I'm assuming it is using a templating tool that presents a "not programming" front? If so, I think I'm 100% in agreement.
It is complicated, I think, because declarative is nice. But the idea that you have to forego all execution to get declarative code is frustrating, in the extreme.
swiftcoder
> What is HCL?
It's that weird declarative language used in terraform configuration files
l2dy
I've been waiting for https://github.com/opentofu/registry/pull/824 ("Revert commit that removed Russian providers") to be resolved, but it seems to have stalled.
Open source does not work as I envisioned, I guess.
zgoldberg
OpenTofu is now more secure (state encryption), maintainable (early variable evaluation), and powerful (provider iteration) than Terraform. This is the advantage of being truly open source, foundation-managed, and community-driven.
Now is a good time to make the switch!
null
Just to include this in the discussion, here's some major features that have been added over the last year (but there's a huge amount of small ones too):
- End-to-End State Encryption - lets you encrypt your state-file end-to-end, either with a key management system like AWS KMS, or static keys.
- Early Evaluation - the ability to parameterize initialiation-time values, like module versions and sources, backend configuration parameters, etc. and keep them DRY.
- Provider Iteration - lets you use for_each with providers, e.g. create one provider per region, something that currently requires a bunch of copy-paste, or tools like Terragrunt
- -exclude flag - the opposite of the -target flag, letting you skip planning/applying certain resources.
Probably the best way to see a summary is to check out the release blog posts for 1.7[0], 1.8[1], and 1.9[2], as well as TFA itself. If you'd like to learn more, I recommend taking a look at the related docs, too.
[0]: https://opentofu.org/blog/opentofu-1-7-0/
[1]: https://opentofu.org/blog/opentofu-1-8-0/
[2]: https://opentofu.org/blog/opentofu-1-9-0/
Disclaimer: involved in opentofu