Sergey Nvns - Fotolia

Infrastructure-as-code competitor challenges Terraform

Pulumi 2.0 ratchets up the heat on HashiCorp's rival Terraform IaC tool, adding policy as code, test automation and secrets management features to its mainstream language support.

An infrastructure-as-code upstart issued a direct challenge to Terraform this week with updated features for its offering, as well as tools designed specifically to move users away from the HashiCorp software.

Pulumi 2.0 adds Terraform-like features, such as CrossGuard, a policy-as-code tool for IaC users that directly competes with HashiCorp's Sentinel. The new version fleshes out integration with CI/CD tools for GitOps workflows and automated testing frameworks as well.

With the new release, the company also expanded on its main point of differentiation from Terraform, which uses the domain-specific HashiCorp Configuration Language (HCL). By contrast, Pulumi infrastructure-as-code tools use mainstream programming languages; previous versions supported JavaScript, TypeScript and Python, and version 2.0 adds Go and .NET Core languages.

This approach was the main selling point for Mercedes-Benz Research & Development North America, which began experimenting with Pulumi alongside Terraform last year, and eventually decided to standardize on Pulumi for infrastructure as code. This year, Pulumi 2.0 will be rolled out in production throughout Mercedes-Benz, as well as its parent company, Daimler.

"I don't need to have the traditional full-stack developer because I can get the level of skill I need to code in a language like Python, and still have people with a background in designing and coding infrastructure," said Jay Christopherson, engineering manager at Mercedes-Benz Research & Development North America.

Christopherson's team decided to scrap plans to purchase Terraform Enterprise in favor of Pulumi's paid product in the first half of 2019. That was before the general availability release of Terraform version 0.12, which updated HCL in ways that might have resolved some of the issues Christopherson's team experienced with the infrastructure-as-code tool.

"The main thing I've seen and heard about in Terraform 0.12 has to do with conditional [operators and conditionally omitted arguments] and [input variables]," Christopherson said. "Before [Pulumi], that was one of the biggest pieces of tech debt that we had, the number of inline scripts we had to add to Terraform to account for the lack of complex relationships [between resources]."

However, those updates essentially make HCL more like a mainstream programming language, Christopherson said.

Pulumi CrossGuard policy as code
Pulumi 2.0 adds the CrossGuard policy-as-code tool

Infrastructure as code speaks a universal language as DevOps matures

When Terraform was first developed, infrastructure as code was largely the province of IT ops specialists who might not be familiar with mainstream programming languages -- but the lines between developers and operators have blurred since then, Christopherson said. And there are things mainstream languages can do that domain-specific languages such as HCL still can't, including natively applying the concept of object inheritance from object-oriented programming, in which new objects automatically take on the properties of existing objects.

More importantly, if software developers are ever going to fully support their apps in production, as is the DevOps ideal, learning infrastructure-as-code tools in a familiar language is a much more appealing prospect than learning a domain-specific language, he said.

"The easier you make it, the more willing they are to do it," Christopherson said.

Every member of the developer team needs to code for infrastructure, and Pulumi allowed us to use a language we knew.
Cameron FletcherCTO, Lykke

Pulumi 2.0 production support for .NET will also push DevOps forward at Swiss fintech firm Lykke, which decided to buy Pulumi software last year to manage cloud resources in AWS and Azure. The decision coincided with a move away from a self-managed Kubernetes platform that relied on IT ops specialists to manually configure YAML files, in favor of public cloud application services managed directly by developers.

"Every member of the developer team needs to code for infrastructure, and Pulumi allowed us to use a language we knew," said Cameron Fletcher, CTO at Lykke. At the time, that language was TypeScript, but .NET will eventually be the company's infrastructure-as-code focus.

Fletcher said he was also keen to try out Pulumi 2.0's new CrossGuard tool, which can be used to create and enforce compliance and security policies on Pulumi infrastructure-as-code files in enterprise environments.

Still, there are ways Pulumi doesn't yet mimic developers' familiar tools that Lykke engineers said they would like to see added to the product, such as the ability to debug code locally on developer workstations.

Pulumi seeks to lure away Terraform users with migration tools

Lykke doesn't have to contend with migrating away from another infrastructure as code tool, because it didn't have one in place aside from a few instances of AWS CloudFormation and Azure Resource Manager before signing on with Pulumi. For an established Terraform shop such as Daimler, however, the transition will come with challenges despite a set of tools in version 2.0 that specifically convert Terraform configuration files to Pulumi's mainstream language formats.

"The migration tool is pretty useful for now, at least for simpler Terraform conversions -- the barrier is lower than it used to be," Christopherson said. However, as teams get up to speed with Pulumi infrastructure as code, Daimler will need a way to turn over Pulumi infrastructure stacks created by more experienced developers to individual teams. Right now, that requires changing permissions manually, which will slow down the tool's spread to the wider company, he said.

Pulumi said it has amassed 100 paying customers since its initial launch in late 2018 (more than half of them converts from Terraform), but it still lacks the name recognition of HashiCorp. Fresh from a $175 million funding round, HashiCorp still dominates in open source and infrastructure-as-code circles. HashiCorp doesn't disclose the number of customers it has for Terraform Enterprise, but overall it counts 100 of the Fortune 500 and 200 of the Global 2000 among its total install base, according to its 2019 year in review.

"Pulumi has a lot to offer at the intersection of devs and ops, which is something most enterprises are dealing with now," said Steve Hendrick, an analyst at Enterprise Management Associates. "Like many tech-driven companies, though, they will have marketing challenges as they grow and need to communicate with people beyond other technologists."

As for HashiCorp itself, the company hasn't ruled out giving developers direct interfaces into Terraform, but it generally finds that operations people are still the ones controlling cloud provisioning and infrastructure-as-code tools, CEO David McJannet said. McJannet also pointed out that Pulumi uses Terraform's open source cloud providers for provisioning under the hood, something Pulumi officials acknowledge, but said isn't their product's primary value-add. 

"It's not a mainstream use case as we see it," McJannet said. "We add more users to Terraform Cloud each month than they have in their entire user base -- we don't spend a lot of time thinking about it."

Dig Deeper on Systems automation and orchestration