1d3548a0e7
Prevously OpenTofu's provider installer would try to install a package even if there was already a directory there which doesn't match the package contents. That's effective in making us more likely to end up with a working provider cache directory, but risks clobbering a package directory that the operator intentionally modified for some reason. We'll now require that if an existing directory (or symlink to one) is present at the place where we'd need to put our cache entry then its contents must already match what we're trying to install, thereby making this a no-op. If the existing contents don't match then we'll fail with an error to let the operator decide whether they need to keep something from their modified directory before deleting it. In earlier versions of OpenTofu, silently replacing an existing directory was actually sometimes done intentionally to ensure that the cache would definitely match the dependency lock file, but we no longer need to do that because as of OpenTofu v1.12 the provider installer now exits early (without downloading anything at all) if a matching package is already present, so we never end up trying to replace a package that was already present on disk unless it's the case we're now trying to catch as an error here. The handling of this is in PackageLocalArchive because the two network-based location types (HTTP archive and OCI blob archive) work by first fetching the archive to a temporary local location and then asking the local archive location to finish the installation. This is covered by e2etests rather than a unit test because successfully hitting this error requires both the "providercache" and "getproviders" packages to cooperate to let execution reach this late step without any earlier code doing an early exit due to the directory already being present. The e2etest runs through that entire codepath to make sure we reach the error message we're expecting to reach. Signed-off-by: Martin Atkins <mart@degeneration.co.uk>
Homepage | Slack | Get Started
OpenTofu is an OSS tool for building, changing, and versioning infrastructure safely and efficiently. OpenTofu can manage existing and popular service providers as well as custom in-house solutions.
Getting help and contributing
- Have a question?
- Post it in GitHub Discussions
- Open a GitHub issue
- Join us in the #opentofu channel on the CNCF Slack!
- Want to contribute?
- Please read the Contribution Guide.
- Recurring Events
- Community Meetings on Wednesdays at 12:30 UTC (calendar)
- Technical Steering Committee Meetings every other Tuesday at 4pm UTC (calendar)
Tip
For more OpenTofu events, subscribe to the OpenTofu Events Calendar!
Key features
-
Infrastructure as Code: Infrastructure is described using a high-level configuration syntax. This allows a blueprint of your datacenter to be versioned and treated as you would any other code. Additionally, infrastructure can be shared and re-used.
-
Execution Plans: OpenTofu has a "planning" step where it generates an execution plan. The execution plan shows what OpenTofu will do when you call apply. This lets you avoid any surprises when OpenTofu manipulates infrastructure.
-
Resource Graph: OpenTofu builds a graph of all your resources, and parallelizes the creation and modification of any non-dependent resources. Because of this, OpenTofu builds infrastructure as efficiently as possible, and operators get insight into dependencies in their infrastructure.
-
Change Automation: Complex changesets can be applied to your infrastructure with minimal human interaction. With the previously mentioned execution plan and resource graph, you know exactly what OpenTofu will change and in what order, avoiding many possible human errors.
Nightly Builds
Nightly builds are available for testing the latest changes on main. These are experimental and not intended for production use. Each build is removed after 30 days.
Nightly builds can be found at https://nightlies.opentofu.org/nightlies. For those who want to automate with tooling, https://nightlies.opentofu.org/nightlies/latest.json will be kept up to date with the latest build information.
For more details, see RELEASE.md.
Reporting security vulnerabilities
If you've found a vulnerability or a potential vulnerability in OpenTofu please follow Security Policy. We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively.
Reporting possible copyright issues
If you believe you have found any possible copyright or intellectual property issues, please contact liaison@opentofu.org. We'll send a confirmation email to acknowledge your report.
Registry Access
In an effort to comply with applicable sanctions, we block access from specific countries of origin. For more details, see the Registry Inclusion Policy.