Hacker Newsnew | past | comments | ask | show | jobs | submit | smithcoin's commentslogin

We use OpenTofu it’s pretty seamless


Now more will be using a combination of OpenTofu and Terraform, and there will probably be some tacit endorsement of OpenTofu by Hashicorp folks in their communication with those who are using both. Good to see!


Does it do ephemeral values yet?


Yep, as of yesterday’s 1.11 release it’s supported!

That also includes a new “enabled” meta argument, so you don’t have to hack around conditional resources with count = 0.

[0]: https://opentofu.org/blog/opentofu-1-11-0/

Disclaimer: affiliated with the project


How do you migrate from count/for_each to `enabled` ?


You can just switch from `count = 1` to `enabled = true` (or vice-versa, works back-and-forth) for a resource and tofu will automatically move it next time you apply.

It's pretty seamless.


That's cool! We'll still need to change all of the references to `resource[0]`, right? Or does tofu obviate that need as well?


I’m not sure I understand. You refer to the conditional resource fields normally - without list indices. You just have to make sure the object isn’t null.

There’s some samples in the docs[0] on safe access patterns!

[0]: https://opentofu.org/docs/language/meta-arguments/enabled/


And you don't get the annoying array form for the resulting resource with the `enabled` syntax, right?

EDIT: Oh just realized the sibling asked the same, but the doc doesn't state that clearly, although it seems to me that the doc implies that yeah, it doesn't use the array form anymore.


Yes indeed! It does not use the annoying array form.


Worth switching to Opentofu only for this, then! I fuckin hate the count pattern for conditional present/not present that leads to an array of size == 1.


Amazing. Good work !


Damn, might finally be able to use it. The lack of ephemeral values was a major blocker.


It doesn't work for me on safari either.


works fine on safari desktop for me


37signals?


Not to go full tin-foil hat - but how do we know it isn't?


The fact that the CIA hasn't black-hole classified it is a good start.


IMHO for a comment of this level of vitriol you should probably cite some sources rather than rely on anecdotal evidence.


Interesting, I find myself thinking the exact opposite.


And we wonder why we can’t get along anymore when the only time we go outside it to grab our Amazon packages off the porch.


It goes both ways too. Customer service in person has digressed pretty far.


Growing up on the South Side of Chicago he's probably a White Sox fan.


Speaking of IAC- I have an existing GCP project with some basic infra (service accounts, cloud run jobs, cloud build scripts, and databases) what is the best tool to _import_ all of this into IAC. The only real tool I’ve found is terraformer. I have no dog in the race regarding tooling e.g if my output is Pulumi, terraform, or just straight YAML. I’m just looking to “codify” it.

Any suggestions from experience?


Just go with plain Terraform.

You can check the docs for the GCP provider to see if the resources you want to manage are "importable" into the Terraform state file; they usually are and you'll see a section at the bottom of each resources documentation page showing you how to do this. e.g. https://registry.terraform.io/providers/hashicorp/google/lat...

Your process will be -

1. Write TF configuration approximating what you think is deployed

2. Import all your resources into the state file

3. Run a `terraform plan ...` to show what Terraform wants to change about your resources (including creating any you missed or changing/recreating any your config doesn't match)

4. Correct your TF configuration to reflect the differences from 3.

5. Goto 3, repeat until you get a "No changes" plan or the you actually want TF to correct some things (add tags, for example)

6. run `terraform apply`

and optionally...

7. set up your CI/automation to run `terraform plan` regularly and report the "drift" via some means - stuff that has been changed about your resources outside of Terraform management.

I put a lot of stock in this last step, because small, incremental change is the cornerstone of platform management. If you want to make a change and come to find there's a huge amount of other stuff you have to correct as well, your change isn't small any more.


You don't need to write all the tf upfront for existing resources.

Use `import` resources in a .tf file (I like to just call it imports.tf) and run `terraform plan -generate-config-out=imported.tf`

That will dump the tf resources - often requires a little adjustment to the generated script, but it's a huge time saver


I used this instead of terraformer. Can agree that it’s a huge timesaver.


Do you have any resources regarding the resignation I could read?


Here's the long message he left stating in part his resignation. The comments which follow spend quite some time speaking about his resignation: https://bugzilla.mozilla.org/show_bug.cgi?id=1910322#c17


His resignation was merely a tactic to diffuse the situation. He didn’t actually leave—he's still there, active as ever.


Thanks for pointing it out - I couldn't really follow the full 'drama' between the two threads.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: