6f0bd52d3d
The original design for check blocks was a boolean argument "condition" which returns true for valid and false for invalid, and then a separate string argument "error_message" whose value is displayed as part of an error diagnostic if the value is found to be invalid. That design has worked well for simple primitive-typed variables, but it's annoying for variables of collection types because in that case we typically want to apply a validation rule to each element and then mention in the error messages exactly which elements were invalid, which requires both a complicated "condition" expression _and_ a very similar complicated "error_message" expression to repeat essentially the same steps to find out which elements were invalid. This change is a prototype for an optional new design where the block contains only a single argument error_messages that deals with both the condition and the error message generation at the same time. Its expression must return a list of strings where an empty list represents "valid" and a non-empty list represents "invalid". In the invalid case, each element is returned as a separate error diagnostic. This means that module authors can use a "for" expression with an "if" clause to filter out all of the valid elements and to project any invalid elements into an error messages describing what is wrong with them. In principle this could also be used with new provider-defined functions that are designed to take a value and return a list of problems with that value, such as in a hypothetical provider that implements JSON schema-based validation of a data structure using an externally-provided schema. This is only a prototype so the test coverage is rudimentary and it only currently works for input variable validation. If we decide that we'd like to implement something like this for real then we'll want to extend it to work for all of the other kinds of checks -- test assertions, "check" block assertions, and preconditions/postconditions -- since the language design intent is for those to all appear to have essentially the same treatment, despite not all of the code currently being shared between them. Signed-off-by: Martin Atkins <mart@degeneration.co.uk> |
||
|---|---|---|
| .github | ||
| cmd/tofu | ||
| docs | ||
| internal | ||
| rfc | ||
| scripts | ||
| testing | ||
| tools | ||
| version | ||
| website | ||
| .copywrite.hcl | ||
| .devcontainer.json | ||
| .gitignore | ||
| .go-version | ||
| .golangci-complexity.yml | ||
| .golangci.yml | ||
| .goreleaser.yaml | ||
| .licensei.toml | ||
| .tfdev | ||
| CHANGELOG.md | ||
| CODE_OF_CONDUCT.md | ||
| codecov.yml | ||
| CODEOWNERS | ||
| CONTRIBUTING.md | ||
| CONTRIBUTING.RELEASE.md | ||
| Dockerfile | ||
| Dockerfile.minimal | ||
| go.mod | ||
| go.sum | ||
| LICENSE | ||
| MAINTAINERS | ||
| Makefile | ||
| README.md | ||
| RELEASE.md | ||
| SECURITY.md | ||
| tools.go | ||
| TSC_SUMMARY.md | ||
| WEEKLY_UPDATES.md | ||
OpenTofu
- Manifesto
- About the OpenTofu fork
- How to install
- Join our Slack community!
- Weekly OpenTofu Status Updates
OpenTofu is an OSS tool for building, changing, and versioning infrastructure safely and efficiently. OpenTofu can manage existing and popular service providers as well as custom in-house solutions.
The key features of OpenTofu are:
-
Infrastructure as Code: Infrastructure is described using a high-level configuration syntax. This allows a blueprint of your datacenter to be versioned and treated as you would any other code. Additionally, infrastructure can be shared and re-used.
-
Execution Plans: OpenTofu has a "planning" step where it generates an execution plan. The execution plan shows what OpenTofu will do when you call apply. This lets you avoid any surprises when OpenTofu manipulates infrastructure.
-
Resource Graph: OpenTofu builds a graph of all your resources, and parallelizes the creation and modification of any non-dependent resources. Because of this, OpenTofu builds infrastructure as efficiently as possible, and operators get insight into dependencies in their infrastructure.
-
Change Automation: Complex changesets can be applied to your infrastructure with minimal human interaction. With the previously mentioned execution plan and resource graph, you know exactly what OpenTofu will change and in what order, avoiding many possible human errors.
Getting help and contributing
- Have a question? Post it in GitHub Discussions or on the OpenTofu Slack!
- Want to contribute? Please read the Contribution Guide.
- Want to stay up to date? Read the weekly updates, TSC summary, or join the community meetings on Wednesdays at 14:30 CET / 8:30 AM Eastern / 5:30 AM Western / 19:00 India time on this link: https://meet.google.com/xfm-cgms-has (📅 calendar link)
Tip
For more OpenTofu events, subscribe to the OpenTofu Events Calendar!
Reporting security vulnerabilities
If you've found a vulnerability or a potential vulnerability in OpenTofu please follow Security Policy. We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively.
Reporting possible copyright issues
If you believe you have found any possible copyright or intellectual property issues, please contact liaison@opentofu.org. We'll send a confirmation email to acknowledge your report.
Registry Access
In an effort to comply with applicable sanctions, we block access from specific countries of origin.