Terraform, a powerful Infrastructure as Code (IAC) tool, has long been the backbone of choice for DevOps professionals and developers seeking to manage their cloud infrastructure efficiently. However, recent shifts in its licensing have sent ripples of concern throughout the tech community.
HashiCorp, the company behind Terraform, made a pivotal decision last month to move away from its longstanding open-source licensing, opting instead for the Business Source License (BSL) 1.1. This license change was not limited to Terraform, but extended through other popular open source projects owned by HashiCorp such as Vault and Nomad. This transformation has sparked intense debates about the future of Terraform’s open-source spirit.
This was the topic of conversation on the most recent episode of OpenObservability Talks where I hosted Omry Hay. Omry is the co-founder and CTO of env0, an automation solution based on Terraform. They’re also one of the creators of OpenTofu, a community-based fork of Terraform and its potential successor in the wake of HashiCorp’s decision.
Table of Contents
Terraform’s Licensing Transition: From Open Source to BSL 1.1
Previously, HashiCorp maintained a portfolio of eight open-source projects, including Terraform, Vault, Nomad, Packer, Consul, Boundary, Vagrant, and more. HashiCorp has done amazing work bringing these projects to their current dominance, and has been a steward of open source. However, the recent shift in licensing has altered the landscape dramatically. These projects are no longer truly open source, now subject to the “source-available” BSL 1.1 license rather than the previously used Mozilla Public License (MPL) v2.0 open-source license.
Under BSL 1.1, users still get access to the source code, and retain the right to run these projects locally, conduct testing, and even employ them in production environments. However, the catch is profound: organizations competing with HashiCorp’s cloud offerings, such as env0, are denied access to the latest project versions.
Implications for Terraform Users: The Disruptive Changes
For regular Terraform users, the drift away from open source nature has introduced several significant implications. First and foremost, Terraform no longer adheres to the quintessential principles of open source. In fact, Omry says that this transformation had been gradually evolving even before the recent relicensing, with HashiCorp refusing to accept community pull requests for Terraform over the past two years.
“In the last few years, [Terraform] wasn’t really a community base,” Omry says. It wasn’t really an open source project. It was by definition, but it wasn’t really something that you can affect and have control over and have a significant feature set that you want to bring into the CLI itself.”
HashiCorp owns the project and has all the legal right to steer it as it sees fit. However, their choice of an open source path created a community around it, and has been the main driver for making Terraform the predominant platform for infrastructure as code today. However, the tension between the community side and the commercial side ultimately drove the current shift, as we’ve also seen with other vendor-owned open source projects in the past years. The dwindling community involvement had begun to strain the relationship between Terraform’s core development team and its contributors.
HashiCorp justified these changes by expressing concerns about other vendors exploiting open source models without making substantial contributions. However, this assertion has been challenged by contributors like Omry, who argue that they were unjustly prevented from contributing. Omry also emphasizes contributions made by vendors and community members to the Terraform ecosystem in the form of Terraform providers and complimentary open source tooling, as well as around educating users about the project.
Vendor Lock-In: Limited Choices for Users
Another significant concern that has emerged is the risk of vendor lock-in. Users who require a Software as a Service (SaaS) solution now find themselves compelled to adopt Terraform Cloud, HashiCorp’s proprietary SaaS offering. This restriction diminishes the freedom of choice for users, potentially limiting their exploration of alternative SaaS solutions more attuned to their needs.
“If you’re using Terraform, you’re just a regular company that uses Terraform,” Omry says. “Now, you’ll only be able to run Terraform on a SaaS-vendor only with Terraform Cloud for example. So, it means your vendor-locked a bit. It means that if you need a SaaS solution, you will have to go with Terraform Cloud.”
This transition has also raised questions about the evolving direction of Terraform’s codebase. Omry shared that the community noted recent features and changes in Terraform appear to cater predominantly to HashiCorp’s commercial offerings, Terraform Cloud and Terraform Enterprise. While pursuing a legitimate business strategy, this shift further distances Terraform from its original open-source ethos.
An illustrative case in point is the unresolved issue of state file encryption in Terraform. The state file, a vital component of Terraform’s infrastructure management, contains sensitive data but has remained unencrypted.
Although there has been an ongoing issue advocating for state file encryption, this feature has been withheld from the Terraform project roadmap. Omry says it seems counter to HashiCorp’s commercial interests, as state management forms a crucial element of their SaaS offerings.
The Rise of OpenTofu: Forking Terraform to Keep It Open
As Terraform’s shift away from open source gathers momentum, the tech community was looking for ways to keep Terraform open and in the spirit of openness and community-driven development. Enter OpenTofu (originally named OpenTF), an Terraform fork that has begun to captivate the imagination of many.
OpenTofu, as its monumental manifesto states, aspires to fill the void left by Terraform’s evolving licensing model. It stands firmly on the principles of open source, utilizing a well-known open source license for all to use without discrimination, impartially welcoming community contributions, and embracing a culture of transparency. This has been welcomed by the community with excitement, judging by the 35 thousand GitHub stars and hundreds of signs on the manifesto.
While GitHub stars and public endorsement are nice, open source is only as good as its working hands. OpenTofu pride itself with over 100 companies, 10 projects, and 400 individuals who pledged their time and resources to the project. Leading the charge are Terraform ecosystem vendors env0, Spacelift, Scalr and Harness, jointly committed to cover the cost of 18 full-time engineers for at least 5 years, as well as Gruntwork which committed to development and open-source community efforts. With 18 full time engineers, and a steering committee of Terraform veterans, OpenTofu seems well staffed to meet its ambitious goals.
Joining The Linux Foundation And The Road Ahead
OpenTofu founders have also chosen the path of foundational open source. The hot news from Open Source Summit Europe 2023, besides the yummy rename from OpenTF, is that OpenTofu has joined The Linux Foundation. The project’s stated end goal, however, is to have OpenTofu as part of Cloud Native Computing Foundation (CNCF). As a CNCF Ambassador I’m biased, but I believe the foundational open source path is the right one, as it provides a vendor-neutral platform for collaboration, and helps reassure that similar cases of open source turning to the dark side will not happen with this project.
Although OpenTofu is still in its infancy, it carries the potential to serve as a bona fide open-source alternative to Terraform, particularly for those who hold community-driven innovation in high regard. Omry also assured that once OpenTofu’s first release is out, migrating from Terraform should be seamless for users. In fact, the original project announcement stated that “OpenTF will be 100% interoperable with future Terraform releases”, which in my opinion is quite a strong commitment to make. I foresee the projects diverging rather quickly, not just due to legal constraints but also due to differing community needs and priority.
“Moving forward, we believe that the feature set that we’ll have will be way more powerful than what Terraform has just because it’s an open source, just because there’s a lot of community people that want to pledge and want to get involved,” Omry says of OpenTofu. “We get a lot of great feedback and a lot of great initiatives and ideas on feature sets that we want to build inside the Terraform ecosystem.”
The Ongoing Evolution of Infrastructure as Code
The shift from open source to the BSL 1.1 license marks a significant transformation in the Terraform ecosystem. It affects both Terraform’s user base and its community of contributors, leaving them to ponder the future of open source in this realm.
OpenTofu emerges as a beacon of hope, embodying a renewed commitment to open source principles and community engagement. As Jim Zemlin, Executive Director at the Linux Foundation, said at Open Source Summit: “The launch of OpenTofu signifies a collective commitment to fostering truly open collaboration and innovation in the realm of infrastructure as code”.
It remains an intriguing question whether OpenTofu can rise to the challenge and offer a compelling alternative to Terraform, preserving the essence of open source in infrastructure management tools.
Want to learn more? Check out the OpenObservability Talks latest episode Terraform is No Longer Open Source. Is OpenTofu the Successor?