OpenTofu Service
  • 29 Oct 2024
  • Dark
    Light
  • PDF

OpenTofu Service

  • Dark
    Light
  • PDF

Article summary

OpenTofu Plan

This guide demonstrates the basic concepts around creating and executing an OpenTofu plan service within IAG5.

Prerequisites

  • You will need a Git repository setup with the OpenTofu plan within it.

  • Review the Create Repository command to understand how to create a repository.

Create OpenTofu Plan

The iagctl create opentofu-plan command will create the OpenTofu plan service.

More detail on all creation commands is available here.

The command shown below creates an OpenTofu plan service within IAG5 called simple-tofu that will leverage a previously configured repository called gateway-resources.

>_iagctl create opentofu-plan simple-tofu --repository gateway-resources --working-dir opentofuplans

OpenTofu Plans Directory

Important information to understand the structure of gateway-resources is presented below.

gateway-resources has been specified for use via the --repository flag

├── README.md
├── ansibleplaybooks
├── pythonscripts
├── opentofuplans
│   └── main.tf

Notice that the OpenTofu plan files exist in a directory called opentofuplans and is denoted using the --working-dir flag.

Verify OpenTofu Plan Service

Details about the previously created OpenTofu plan service can be viewed by running the describe command.

More detail on all iagctl-describe commands is available here.

>_ iagctl describe opentofu-plan simple-tofu
Output:

Name:        simple-tofu
Repo Name:   gateway-resources
Working Dir: opentofuplans
Vars:        
Var Files:   
Decorator:   
Description: 
Tags:        

Execute OpenTofu Plan Service

Within an OpenTofu plan service, use the run command to execute either apply or destroy.

Apply Command

When the apply command is executed, IAG5 will run tofu init and tofu apply against the plan along with any additional configuration flags that are set as a part of the service.

From the gateway-resources directory example, the main.tf file in OpenTofu reveals that it is a very simple plan that will create a file on the user's machine.

variable "content" {
  type = string
}

variable "location" {
  type=string
}

resource "local_file" "foo" {
  content  = var.content
  filename = var.location
  file_permission = "0644"
}

The plan requires two variables: content and location. Users can supply these values using the --set flag.

Users can also specify where to save the initial state file using the --state-out flag.

Users can verify that a file has been created at the location specified using the location variable.

>_ iagctl run opentofu-plan apply hello-world --set content=hello --set location=/tmp/iagctlTest.txt --state-out @tofu.tfstate
Output:

Start Time:   2024-01-01T12:00:00Z
End Time:     2024-01-01T12:00:01Z
Elapsed Time: 1.372672s
Return Code: 0
Stdout:        
Initializing the backend...

Initializing provider plugins...
- Finding latest version of hashicorp/local...
- Installing hashicorp/local v2.5.1...
- Installed hashicorp/local v2.5.1 (signed, key ID 0C0AF313E5FD9F80)

Providers are signed by their developers.
If you'd like to know more about provider signing, you can read about it here:
https://opentofu.org/docs/cli/plugins/signing/

OpenTofu has made some changes to the provider dependency selections recorded
in the .terraform.lock.hcl file. Review those changes and commit them to your
version control system if they represent changes you intended to make.

OpenTofu has been successfully initialized!

You may now begin working with OpenTofu. Try running "tofu plan" to see
any changes that are required for your infrastructure. All OpenTofu commands
should now work.

If you ever set or change modules or backend configuration for OpenTofu,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

OpenTofu used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

OpenTofu will perform the following actions:

  # local_file.foo will be created
  + resource "local_file" "foo" {
      + content              = "hello"
      + content_base64sha256 = (known after apply)
      + content_base64sha512 = (known after apply)
      + content_md5          = (known after apply)
      + content_sha1         = (known after apply)
      + content_sha256       = (known after apply)
      + content_sha512       = (known after apply)
      + directory_permission = "0777"
      + file_permission      = "0644"
      + filename             = "/tmp/iagctlTest.txt"
      + id                   = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.
local_file.foo: Creating...
local_file.foo: Creation complete after 0s [id=c3499c2729730a7f807efb8676a92dcb6f8a3f8f]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Stderr:     
State File: {"check_results":null,"lineage":"f48d5e76-b162-ccd2-6670-e1cbc62cfaa6","outputs":{},"resources":[{"instances":[{"attributes":{"content":"example","content_base64":null,"content_base64sha256":"UNhY4JhezH9gQYqvDMWrWH9CwlcKiECVqejMrND2VFw=","content_base64sha512":"O7Eu2jwpjbXeJVl/VNkk8uF+eKJq2JU+2CGO5oLwu76QIeLzAJ0VLJEb8fJexoOpAnFBZnZ6+9jlvQ+wEk7Lig==","content_md5":"1a79a4d60de6718e8e5b326e338ae533","content_sha1":"c3499c2729730a7f807efb8676a92dcb6f8a3f8f","content_sha256":"50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c","content_sha512":"3bb12eda3c298db5de25597f54d924f2e17e78a26ad8953ed8218ee682f0bbbe9021e2f3009d152c911bf1f25ec683a902714166767afbd8e5bd0fb0124ecb8a","directory_permission":"0777","file_permission":"0644","filename":"/tmp/gatewayTest.txt","id":"c3499c2729730a7f807efb8676a92dcb6f8a3f8f","sensitive_content":null,"source":null},"schema_version":0,"sensitive_attributes":[]}],"mode":"managed","name":"foo","provider":"provider[\"registry.opentofu.org/hashicorp/local\"]","type":"local_file"}],"serial":1,"terraform_version":"1.6.2","version":4}

Destroy Command

When the run opentofu-plan destroy command is executed, IAG5 will run tofu init and tofu destroy against the plan along with any additional configuration flags that are set as a part of the service.

To delete the file that was created as a part of the previously run apply command, use the following syntax:

>_ iagctl run opentofu-plan destroy simple-tofu --set content=hello --set location=/tmp/iagctlTest.txt --state @tofu.tfstate

You are now passing in a state file that IAG5 will read from and write to when executing the plan using the --state flag.

The following syntax can also be used to pass in the state file:

>_ iagctl run opentofu-plan destroy simple-tofu --set content=hello --set location=/tmp/toreroTest.txt --state '{"check_results":null,"lineage":"f48d5e76-b162-ccd2-6670-e1cbc62cfaa6","outputs":{},"resources":[{"instances":[{"attributes":{"content":"example","content_base64":null,"content_base64sha256":"UNhY4JhezH9gQYqvDMWrWH9CwlcKiECVqejMrND2VFw=","content_base64sha512":"O7Eu2jwpjbXeJVl/VNkk8uF+eKJq2JU+2CGO5oLwu76QIeLzAJ0VLJEb8fJexoOpAnFBZnZ6+9jlvQ+wEk7Lig==","content_md5":"1a79a4d60de6718e8e5b326e338ae533","content_sha1":"c3499c2729730a7f807efb8676a92dcb6f8a3f8f","content_sha256":"50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c","content_sha512":"3bb12eda3c298db5de25597f54d924f2e17e78a26ad8953ed8218ee682f0bbbe9021e2f3009d152c911bf1f25ec683a902714166767afbd8e5bd0fb0124ecb8a","directory_permission":"0777","file_permission":"0644","filename":"/tmp/gatewayTest.txt","id":"c3499c2729730a7f807efb8676a92dcb6f8a3f8f","sensitive_content":null,"source":null},"schema_version":0,"sensitive_attributes":[]}],"mode":"managed","name":"foo","provider":"provider[\"registry.opentofu.org/hashicorp/local\"]","type":"local_file"}],"serial":1,"terraform_version":"1.6.2","version":4}'

Decorators

It is possible to put restrictions around the inputs that are accepted by an OpenTofu plan by utilizing decorators. For more information on decorators, please refer to this guide.

CLI Reference

For command references see → Command References Index

  • iagctl create service opentofu-plan

  • iagctl run opentofu-plan

  • iagctl get services

  • iagctl describe service

  • iagctl delete service


Was this article helpful?

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.