You dont have javascript enabled! Please enable it! Things To Keep In Mind When Switching From Terraform To OpenTofu For IaC - CHARBEL NEMNOM - MVP | MCT | CCSP | CISM - Cloud & CyberSecurity

Things to Keep in Mind When Switching from Terraform to OpenTofu for IaC

4 Min. Read

OpenTofu, the open-source fork of the popular IaC tool Terraform, has been drawing attention for good reasons. In the summer of 2023, Terraform creator HashiCorp announced that the next versions of their IaC tool will no longer be open-source. Instead, Terraform is now available under the Business Source License (BUSL).

This change has prompted Terraform users to start looking for alternatives, and one of the most viable options is OpenTofu, which announced its general availability release earlier in 2024.

Moving to OpenTofu might not be as simple, but there will be challenges. This article discusses a few things to consider before switching from Terraform to OpenTofu.

Switching from Terraform to OpenTofu

As of the summer of 2023, Terraform users faced a significant shift when HashiCorp, the creator of the popular Infrastructure as Code (IaC) tool, announced a transition to the Business Source License (BUSL) for future versions. This prompted a surge in interest in alternatives, and one solution that emerged prominently is OpenTofu. Launched in January 2024, OpenTofu has garnered attention as the open-source fork of Terraform, aiming to maintain the ethos of its predecessor.

The next sections discuss the considerations and challenges of transitioning from Terraform to OpenTofu. From inevitable feature divergences to community-driven development, state file and provider compatibility, and the opportune moment for migration, we delve into key aspects that organizations must weigh before making the switch. Understanding these nuances will empower users to make informed decisions as the landscape evolves, ensuring a smooth transition and effective utilization of OpenTofu’s capabilities.

Inevitable Divergence

The official OpenTofu website says that OpenTofu 1.6.x is “very similar” to Terraform 1.6.x regarding features and functions. However, the feature sets are bound to diverge in the future. OpenTofu may or may not gain the latter’s new features as an open-source alternative to Terraform, but there are at least two notable differences today.

Terraform version 1.7 features mock data, while OpenTofu does not. Mock data refers to placeholder or simulated data readily available in different Terraform operations requiring data sources such as those obtained from external APIs or databases. This mock data makes it possible to plan and test operations without requiring access to potentially sensitive actual data.

Inevitable Divergence
Inevitable Divergence

Another notable difference between the two IaC tools is that the ‘removed’ block is available in Terraform v1.7 and not on OpenTofu. This feature is used within a state file when a previously monitored object is removed. It indicates that Terraform no longer tracks an object marked ‘removed‘ because it is no longer supposed to be part of the infrastructure. This object can be a data source or resource previously managed by Terraform but was intentionally removed from the configuration. To ensure consistency, the ‘removed’ block feature is important in managing state files.

When deciding to switch to OpenTofu, it is important to remember that the tool may not be the same as Terraform. Organizations that plan to use both Terraform and OpenTofu may need to decide to stick to just a single option. Using two or more IaC management tools, like Terraform and Pulumi, in one organization is possible. However, it would be a misconception that Terraform and OpenTofu would have the same functions and operate in the same way.

Community-Driven Features and Changes

The OpenTofu project was created to maintain the original intent of the Terraform open-source project. Many of those who once contributed to Terraform are involved in OpenTofu. As part of the Linux Foundation, and with many IaC management experts and IaC tool users backing it, there is reasonable assurance that OpenTofu will be a well-maintained tool that will carry on the advantages associated with the open-source Terraform. Its codebase will continuously be developed, maintained, and made available.

There is little reason to doubt that OpenTofu can take over what Terraform has left behind. More than 140 organizations and more than 700 noted individuals from the IT space, including Yevgeniy Brikman of Gruntwork, have already pledged support to this open-source Terraform alternative.

Community-Driven Features and Changes
Community-Driven Features and Changes

More than a dozen full-time developers have also committed to working on the project for the next five years. As OpenTofu’s FAQ indicates, “The community will decide what features OpenTofu will have. Some long-awaited Terraform features will be publicly available soon.”

To fully take advantage of OpenTofu, users should engage in the tool’s open-source community. Issues and requests for new features should be communicated clearly. OpenTofu’s development is driven by community discussions and user feedback. Major changes go through the public Request for Comments process, and OpenTofu is committed not to making breaking changes in the foreseeable future.

State File Compatibility

OpenTofu works with state files created with Terraform, but only up to version 1.5.x. Anything created with higher Terraform versions will no longer be compatible with OpenTofu.

Even though the tools’ versions 1.6.x are said to be similar, the core files they produce for IaC management are no longer interoperable. Most Terraform users will likely not have problems exporting their state files to OpenTofu during migration since most still use v1.5 or older. The tool’s 1.6 and 1.7 versions are fairly recent (five and one month old).

State File Compatibility
State File Compatibility

If organizations continue using Terraform, their state files will likely no longer be compatible with OpenTofu. State file incompatibility is not necessarily an insurmountable challenge upon migration but can be inconvenient.

Terraform Provider Compatibility

Thankfully, incompatibility is not an issue for Terraform’s providers.’ OpenTofu does not have its providers and relies on those that work with Terraform. As such, the providers used in Terraform are expected to work similarly with OpenTofu unless they decide to change their licenses. There are no indications that providers plan to alter their open-source licensing, but keeping an eye on this issue is still advisable.

Terraform Provider Compatibility
Terraform Provider Compatibility

One important detail to remember regarding providers is that a separate registry is used in OpenTofu for providers. OpenTofu uses the provider and module registry protocols to discover details and install providers. The providers are identified through addresses following the format ‘hostname/namespace/type.’

The Right Time to Migrate

The best time to migrate to OpenTofu from Terraform is probably when the differences between Terraform and OpenTofu are not so pronounced. Switchers are unlikely to encounter incompatibility issues and other migration-related challenges since most have not yet adopted the latest versions of Terraform. This is not to say that it’s best to stop using Terraform. However, it would be advantageous for organizations to switch earlier, especially if their reason for doing so is the preference for an open-source tool.

Migrating from Terraform to OpenTofu
Migrating from Terraform to OpenTofu

In Conclusion

Migrating to OpenTofu is still a quick and straightforward process. There are almost no hurdles concerning the existing codebase, runtime environment, and state file management.

Considering the abovementioned details that we discussed, the migration process is rather effortless and seamless. However, this experience may not be the same for those who migrate to OpenTofu from the most recent version of Terraform.

__
Thank you for reading my blog.

If you have any questions or feedback, please leave a comment.

-Charbel Nemnom-

Photo of author
About the Author
Charbel Nemnom
Charbel Nemnom is a Senior Cloud Architect with 20+ years of IT experience. As a Swiss Certified Information Security Manager (ISM), CCSP, CISM, MVP, and MCT, he excels in optimizing mission-critical enterprise systems. His extensive practical knowledge spans complex system design, network architecture, business continuity, and cloud security, establishing him as an authoritative and trustworthy expert in the field. Charbel frequently writes about Cloud, Cybersecurity, and IT Certifications.
Previous

What Is Azure Cost Management?

5 Crucial Steps to Stop Server-Side Template Injection Attacks

Next

Let me know what you think, or ask a question...