包阅导读总结
1. 关键词:OpenTofu、1.7.0 版本、Terraform、新功能、状态加密
2. 总结:
OpenTofu 1.7.0 发布,带来多项新功能,如状态加密等。它由 Terraform 分叉而来,社区发展迅速,兼容 Terraform 1.5,缺乏策略执行框架,鼓励社区参与提出未来版本的建议。
3. 主要内容:
– OpenTofu 1.7.0 发布
– 新增功能
– 端到端状态加密,保护状态文件
– 动态提供商定义函数
– “removed”块
– 可循环导入块
– 兼容性与迁移路径
– 兼容 Terraform 1.5,提供从后续版本的迁移路径
– 社区发展
– 过去四个月发展迅速,用户和贡献者增多
– registry 日请求超百万
– 评价与期待
– 状态加密受欢迎
– 期待更多功能如动态提供商等
– 未来展望
– 鼓励社区投票参与
– 考虑将变量用于模块源和后端配置
思维导图:
文章来源:infoq.com
作者:Matt Saunders
发布时间:2024/7/5 0:00
语言:英文
总字数:451字
预计阅读时间:2分钟
评分:83分
标签:opentofu 170,DevOps,基础设施即代码,Terraform,云安全
以下为原文内容
本内容来源于用户推荐转载,旨在分享知识与观点,如有侵权请联系删除 联系邮箱 media@ilingban.com
OpenTofu 1.7.0 has been releasedwith new features, including end-to-end state encryption, dynamic provider-defined functions, a “removed” block,and loopable import blocks.
OpenTofu is an open-source infrastructure-as-code tool for declarative cloud infrastructure creation using various APIs. It was forked last year from HashiCorp’s Terraform after the latter’s license change.
The new version introduces several significant features and improvements:
- End-to-end state encryption: state files are now protected regardless of the storage backend used. Users can provide encryption passphrases via environment variables or use key management systems like AWS KMS, GCP KMS, or OpenBao.
- Dynamic provider-defined functions: providers can now offer native functions for use in OpenTofu code. An OpenTofu-specific feature allows providers to dynamically define custom functions based on configuration, enabling integration with other programming languages.
- Removed block: this feature allows users to mark OpenTofu-created resources for removal from the state file while preserving the created infrastructure.
- Loopable import blocks: this enables declarative bulk importing of resources in OpenTofu code, facilitating large-scale migrations.
OpenTofu 1.7.0 maintains compatibility with Terraform 1.5 and offers migration paths from later versions. The announcement also highlights the significant growth of the OpenTofu community since its initial release four months prior. While exact user numbers are not tracked, registry usage has more than doubled in the last month, reaching over a million daily requests. The project has attracted 65 unique contributors for this release and has garnered 20,000 stars on GitHub.
The end-to-end state encryption has been well-received. Writing on Reddit, user sPENKMAn is one of many who look forward to simplifying their scripts:
Now I can ditch my “encrypt file and upload the file to object storage” wrapper script as soon as we switch to opentofu!
– sPENKMAn
On DevOps.com, Steven J. Vaughan-Nichols explains that OpenTofu lacks a policy-as-code enforcement framework and suggests that engineers could now pair OPA with OpenTofu to mirror the functionality of adding HashiCorp Sentinel with Terraform.
The project encourages community voting and participation as it looks towards OpenTofu 1.8, and to this end, a list of the most upvoted issues has been created. One feature under consideration for the next version is the ability to use variables as module sources and in backend configuration, addressing a frequently requested capability.
Other Reddit comments refer to long-desired functionality not yet being included, though the original poster adds that this should be added soon:
I will set fireworks off when they add dynamic/loopable providers.
– aleques-itj
I LOVE the dynamic imports piece and I am so looking forward to dynamic providers/aliases. Giving me even more of a reason to switch over to tofu.
– Mymonument
The announcement concludes by inviting users to open issues or reach out via Slack to suggest features for future releases.
