- 12 Nov 2024
-
DarkLight
-
PDF
OpenTofu Service
- Updated on 12 Nov 2024
-
DarkLight
-
PDF
OpenTofu Plan
This guide demonstrates the basic concepts around creating and executing an OpenTofu plan
service within IAG5.
Prerequisites
-
You will need a Git repository setup with the OpenTofu
plan
within it. -
Review the Create Repository command to understand how to create a repository.
Create OpenTofu Plan
The iagctl create opentofu-plan
command will create the OpenTofu plan
service.
➡ More detail on all creation
commands is available here.
The command shown below creates an OpenTofu plan
service within IAG5 called simple-tofu
that will leverage a previously configured repository called gateway-resources
.
>_iagctl create opentofu-plan simple-tofu --repository gateway-resources --working-dir opentofuplans
OpenTofu Plans Directory
Important information to understand the structure of gateway-resources
is presented below.
gateway-resources
has been specified for use via the --repository
flag
├── README.md
├── ansibleplaybooks
├── pythonscripts
├── opentofuplans
│ └── main.tf
Notice that the OpenTofu plan
files exist in a directory called opentofuplans
and is denoted using the --working-dir
flag.
Verify OpenTofu Plan Service
Details about the previously created OpenTofu plan
service can be viewed by running the describe
command.
➡ More detail on all iagctl-describe
commands is available here.
>_ iagctl describe opentofu-plan simple-tofu
Output:
Name: simple-tofu
Repo Name: gateway-resources
Working Dir: opentofuplans
Vars:
Var Files:
Decorator:
Description:
Tags:
Execute OpenTofu Plan Service
Within an OpenTofu plan
service, use the run
command to execute either apply
or destroy
.
Apply Command
When the apply
command is executed, IAG5 will run tofu init
and tofu apply
against the plan
along with any additional configuration flags that are set as a part of the service.
From the gateway-resources
directory example, the main.tf
file in OpenTofu reveals that it is a very simple plan
that will create a file on the user's machine.
variable "content" {
type = string
}
variable "location" {
type=string
}
resource "local_file" "foo" {
content = var.content
filename = var.location
file_permission = "0644"
}
The plan requires two variables: content
and location
. Users can supply these values using the --set
flag.
Users can also specify where to save the initial state file using the --state-out
flag.
Users can verify that a file has been created at the location specified using the location
variable.
>_ iagctl run opentofu-plan apply hello-world --set content=hello --set location=/tmp/iagctlTest.txt --state-out @tofu.tfstate
Output:
Start Time: 2024-01-01T12:00:00Z
End Time: 2024-01-01T12:00:01Z
Elapsed Time: 1.372672s
Return Code: 0
Stdout:
Initializing the backend...
Initializing provider plugins...
- Finding latest version of hashicorp/local...
- Installing hashicorp/local v2.5.1...
- Installed hashicorp/local v2.5.1 (signed, key ID 0C0AF313E5FD9F80)
Providers are signed by their developers.
If you'd like to know more about provider signing, you can read about it here:
https://opentofu.org/docs/cli/plugins/signing/
OpenTofu has made some changes to the provider dependency selections recorded
in the .terraform.lock.hcl file. Review those changes and commit them to your
version control system if they represent changes you intended to make.
OpenTofu has been successfully initialized!
You may now begin working with OpenTofu. Try running "tofu plan" to see
any changes that are required for your infrastructure. All OpenTofu commands
should now work.
If you ever set or change modules or backend configuration for OpenTofu,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
OpenTofu used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
OpenTofu will perform the following actions:
# local_file.foo will be created
+ resource "local_file" "foo" {
+ content = "hello"
+ content_base64sha256 = (known after apply)
+ content_base64sha512 = (known after apply)
+ content_md5 = (known after apply)
+ content_sha1 = (known after apply)
+ content_sha256 = (known after apply)
+ content_sha512 = (known after apply)
+ directory_permission = "0777"
+ file_permission = "0644"
+ filename = "/tmp/iagctlTest.txt"
+ id = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
local_file.foo: Creating...
local_file.foo: Creation complete after 0s [id=c3499c2729730a7f807efb8676a92dcb6f8a3f8f]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Stderr:
State File: {"check_results":null,"lineage":"f48d5e76-b162-ccd2-6670-e1cbc62cfaa6","outputs":{},"resources":[{"instances":[{"attributes":{"content":"example","content_base64":null,"content_base64sha256":"UNhY4JhezH9gQYqvDMWrWH9CwlcKiECVqejMrND2VFw=","content_base64sha512":"O7Eu2jwpjbXeJVl/VNkk8uF+eKJq2JU+2CGO5oLwu76QIeLzAJ0VLJEb8fJexoOpAnFBZnZ6+9jlvQ+wEk7Lig==","content_md5":"1a79a4d60de6718e8e5b326e338ae533","content_sha1":"c3499c2729730a7f807efb8676a92dcb6f8a3f8f","content_sha256":"50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c","content_sha512":"3bb12eda3c298db5de25597f54d924f2e17e78a26ad8953ed8218ee682f0bbbe9021e2f3009d152c911bf1f25ec683a902714166767afbd8e5bd0fb0124ecb8a","directory_permission":"0777","file_permission":"0644","filename":"/tmp/gatewayTest.txt","id":"c3499c2729730a7f807efb8676a92dcb6f8a3f8f","sensitive_content":null,"source":null},"schema_version":0,"sensitive_attributes":[]}],"mode":"managed","name":"foo","provider":"provider[\"registry.opentofu.org/hashicorp/local\"]","type":"local_file"}],"serial":1,"terraform_version":"1.6.2","version":4}
Destroy Command
When the run opentofu-plan destroy
command is executed, IAG5 will run tofu init
and tofu destroy
against the plan
along with any additional configuration flags that are set as a part of the service.
To delete the file that was created as a part of the previously run apply
command, use the following syntax:
>_ iagctl run opentofu-plan destroy simple-tofu --set content=hello --set location=/tmp/iagctlTest.txt --state @tofu.tfstate
You are now passing in a state file that IAG5 will read from and write to when executing the plan
using the --state
flag.
The following syntax can also be used to pass in the state file:
>_ iagctl run opentofu-plan destroy simple-tofu --set content=hello --set location=/tmp/toreroTest.txt --state '{"check_results":null,"lineage":"f48d5e76-b162-ccd2-6670-e1cbc62cfaa6","outputs":{},"resources":[{"instances":[{"attributes":{"content":"example","content_base64":null,"content_base64sha256":"UNhY4JhezH9gQYqvDMWrWH9CwlcKiECVqejMrND2VFw=","content_base64sha512":"O7Eu2jwpjbXeJVl/VNkk8uF+eKJq2JU+2CGO5oLwu76QIeLzAJ0VLJEb8fJexoOpAnFBZnZ6+9jlvQ+wEk7Lig==","content_md5":"1a79a4d60de6718e8e5b326e338ae533","content_sha1":"c3499c2729730a7f807efb8676a92dcb6f8a3f8f","content_sha256":"50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c","content_sha512":"3bb12eda3c298db5de25597f54d924f2e17e78a26ad8953ed8218ee682f0bbbe9021e2f3009d152c911bf1f25ec683a902714166767afbd8e5bd0fb0124ecb8a","directory_permission":"0777","file_permission":"0644","filename":"/tmp/gatewayTest.txt","id":"c3499c2729730a7f807efb8676a92dcb6f8a3f8f","sensitive_content":null,"source":null},"schema_version":0,"sensitive_attributes":[]}],"mode":"managed","name":"foo","provider":"provider[\"registry.opentofu.org/hashicorp/local\"]","type":"local_file"}],"serial":1,"terraform_version":"1.6.2","version":4}'
Decorators
It is possible to put restrictions around the inputs that are accepted by an OpenTofu plan
by utilizing decorators. For more information on decorators, please refer to this guide.
CLI Reference
For command references see → Command References Index
-
iagctl create service opentofu-plan
-
iagctl run opentofu-plan
-
iagctl get services
-
iagctl describe service
-
iagctl delete service