551579f5eb
Previously we interpreted a "required_version" argument in a "terraform" block as if it were specifying an OpenTofu version constraint, when in reality most modules use this to represent a version constraint for OpenTofu's predecessor instead. The primary effect of this commit is to introduce a new top-level block type called "language" which describes language and implementation compatibility metadata in a way that intentionally differs from what's used by OpenTofu's predecessor. This also causes OpenTofu to ignore the required_version argument unless it appears in an OpenTofu-specific file with a ".tofu" suffix, and makes OpenTofu completely ignore the language edition and experimental feature opt-in options from OpenTofu's predecessor on the assumption that those could continue to evolve independently of changes in OpenTofu. We retain support for using required_versions in .tofu files as a bridge solution for modules that need to remain compatible with OpenTofu versions prior to v1.12. Module authors should keep following the strategy of having both a versions.tf and a versions.tofu file for now, and wait until the OpenTofu v1.11 series is end-of-life before adopting the new "language" block type. I also took this opportunity to simplify how we handle these parts of the configuration, since the OpenTofu project has no immediate plans to use either multiple language editions or language experiments and so for now we can reduce our handling of those language features to just enough that we'd return reasonable error messages if today's OpenTofu is exposed to a module that was written for a newer version of OpenTofu that extends these language features. The cross-cutting plumbing for representing the active experiments for a module is still present so that we can reactivate it later if we need to, but for now that set will always be empty. Signed-off-by: Martin Atkins <mart@degeneration.co.uk>
Homepage | Slack | Get Started
OpenTofu is an OSS tool for building, changing, and versioning infrastructure safely and efficiently. OpenTofu can manage existing and popular service providers as well as custom in-house solutions.
Getting help and contributing
- Have a question?
- Post it in GitHub Discussions
- Open a GitHub issue
- Join us in the #opentofu channel on the CNCF Slack!
- Want to contribute?
- Please read the Contribution Guide.
- Recurring Events
- Community Meetings on Wednesdays at 12:30 UTC (calendar)
- Technical Steering Committee Meetings every other Tuesday at 4pm UTC (calendar)
Tip
For more OpenTofu events, subscribe to the OpenTofu Events Calendar!
Key features
-
Infrastructure as Code: Infrastructure is described using a high-level configuration syntax. This allows a blueprint of your datacenter to be versioned and treated as you would any other code. Additionally, infrastructure can be shared and re-used.
-
Execution Plans: OpenTofu has a "planning" step where it generates an execution plan. The execution plan shows what OpenTofu will do when you call apply. This lets you avoid any surprises when OpenTofu manipulates infrastructure.
-
Resource Graph: OpenTofu builds a graph of all your resources, and parallelizes the creation and modification of any non-dependent resources. Because of this, OpenTofu builds infrastructure as efficiently as possible, and operators get insight into dependencies in their infrastructure.
-
Change Automation: Complex changesets can be applied to your infrastructure with minimal human interaction. With the previously mentioned execution plan and resource graph, you know exactly what OpenTofu will change and in what order, avoiding many possible human errors.
Nightly Builds
Nightly builds are available for testing the latest changes on main. These are experimental and not intended for production use. Each build is removed after 30 days.
Nightly builds can be found at https://nightlies.opentofu.org/nightlies. For those who want to automate with tooling, https://nightlies.opentofu.org/nightlies/latest.json will be kept up to date with the latest build information.
For more details, see RELEASE.md.
Reporting security vulnerabilities
If you've found a vulnerability or a potential vulnerability in OpenTofu please follow Security Policy. We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively.
Reporting possible copyright issues
If you believe you have found any possible copyright or intellectual property issues, please contact liaison@opentofu.org. We'll send a confirmation email to acknowledge your report.
Registry Access
In an effort to comply with applicable sanctions, we block access from specific countries of origin. For more details, see the Registry Inclusion Policy.