0acefb40c1
Previously we used an API design that suggested that provider schemas were treated as a read-through cache with providers loaded only on demand. However, that's really a fiction: during graph construction the AttachSchemaTransformer would always end up loading all of the schemas up front anyway, and so everything after that point would always be pulling from that cache. To make the situation a little more explicit so that the system is easier to follow -- particularly now that we'll be exposing work like this in OpenTelemetry tracing -- we'll switch to a model where populating the cache is an explicit step and then all downstream calls just assume the cache is already populated. This means that there's now one obvious place where the provider schema lookups are triggered, but we'll also do the real work in the background and thus we can make some progress on the graph construction (CPU bound) concurrently with the schema fetching (I/O bound) so that the schema is more likely to be available at or soon after the start of the execution of AttachSchemaTransformer, which will then block until the schema loading has completed. We have some unit tests that were previously depending on the "load schemas on first request, wherever it happens" behavior and so those are now updated here to either explicitly load the schemas themselves or to rely on a higher-level helper to do it for them, but for normal code and for context tests we expect that the schema loading will always be triggered at the first entry into an exported method of Context, with subsequent calls able to reuse that cache as long as they are still working with the same providers. Signed-off-by: Martin Atkins <mart@degeneration.co.uk>
OpenTofu
OpenTofu is an OSS tool for building, changing, and versioning infrastructure safely and efficiently. OpenTofu can manage existing and popular service providers as well as custom in-house solutions.
The key features of OpenTofu are:
-
Infrastructure as Code: Infrastructure is described using a high-level configuration syntax. This allows a blueprint of your datacenter to be versioned and treated as you would any other code. Additionally, infrastructure can be shared and re-used.
-
Execution Plans: OpenTofu has a "planning" step where it generates an execution plan. The execution plan shows what OpenTofu will do when you call apply. This lets you avoid any surprises when OpenTofu manipulates infrastructure.
-
Resource Graph: OpenTofu builds a graph of all your resources, and parallelizes the creation and modification of any non-dependent resources. Because of this, OpenTofu builds infrastructure as efficiently as possible, and operators get insight into dependencies in their infrastructure.
-
Change Automation: Complex changesets can be applied to your infrastructure with minimal human interaction. With the previously mentioned execution plan and resource graph, you know exactly what OpenTofu will change and in what order, avoiding many possible human errors.
Getting help and contributing
- Have a question?
- Post it in GitHub Discussions
- Open a GitHub issue
- Join the OpenTofu Slack!
- Want to contribute?
- Please read the Contribution Guide.
- Recurring Events
- Community Meetings on Wednesdays at 12:30 UTC at this link: https://meet.google.com/xfm-cgms-has (📅 calendar link)
- Technical Steering Committee Meetings every other Tuesday at 4pm UTC at this link: https://meet.google.com/cry-houa-qbk (📅 calendar link)
Tip
For more OpenTofu events, subscribe to the OpenTofu Events Calendar!
Reporting security vulnerabilities
If you've found a vulnerability or a potential vulnerability in OpenTofu please follow Security Policy. We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively.
Reporting possible copyright issues
If you believe you have found any possible copyright or intellectual property issues, please contact liaison@opentofu.org. We'll send a confirmation email to acknowledge your report.
Registry Access
In an effort to comply with applicable sanctions, we block access from specific countries of origin.