denisismagilov - Fotolia
HashiCorp Terraform 1.0 features stability, upgrade relief
With graduation to a stable version, HashiCorp Terraform users won't have to deal with any more breaking changes in new versions of the infrastructure-as-code tool.
HashiCorp Terraform version 1.0, released this week, contains few new technical feature updates. But that's actually the point.
The company is known for its unconventional philosophy on what constitutes a "version 1.0" product and has spent seven years updating, supporting and marketing the infrastructure-as-code tool without this designation. Other HashiCorp products such as Nomad container orchestration and Vault secrets management also spent long periods being used in production before reaching version 1.0.
Terraform is used to define infrastructure resources using programming code, which DevOps teams can then automatically test and deploy alongside applications using the same processes. Terraform is among the most widely used such tools, with more than 100 million open source downloads to date. The HashiCorp-hosted Terraform Cloud has amassed 120,000 customers.
Despite its widespread production use, each new version of Terraform over the last three years came with significant updates, which sometimes meant a destabilizing upgrade process. Version 0.12, which featured an overhaul to the tool's HCL domain-specific language in early 2019, required users to refactor their infrastructure code. Three more versions released in 2020 added significant new technical capabilities such as efficient dependency management and improved integration with other HashiCorp tools, but they also required significant changes to Terraform workflows.
Now, HashiCorp Terraform users that upgrade to version 1.0 from version 0.14 and higher can expect a different experience, according to a keynote presentation from co-founder and CTO Mitchell Hashimoto at the vendor's HashiConf virtual event this week.
"We're focusing on interoperability, upgrades and maintenance for version 1.0 and beyond," Hashimoto said. "Any upgrades in the Terraform 1.x [series] from [version] 1.0 [on] will no longer require rewriting any existing code, and all 1.x [configurations] will be backwards-compatible."
HashiCorp Terraform 1.0 pledge: No more upgrade pain
Starting with version 1.0, HashiCorp Terraform upgrades will not disrupt production workflows, a distinct contrast with upgrades between 0.x versions, according to users.
"In the past we had a lot of effort to update all our internal modules and repositories after each Terraform release," said Björn Jessen-Noak, a senior cloud engineering consultant at MediaMarktSaturn, a consumer electronics retail company in Germany that maintains more than 30 Terraform modules to provision Google Cloud resources for hundreds of projects.
"Now we can take care [with] the new changes per release, and each module should also work with the previous 1.x version," Jessen-Noak said. "This is especially useful when we look at this at scale -- it depends on the module and the Terraform release, but it [previously took] between 40 and 100 hours [to upgrade]."
Version 1.0 also suggests improved stability for some Terraform users, who dealt with issues during past upgrades such as a bug in the Terraform 0.14.0 release in December that overlooked an ignore_changes command within some module configuration files. That bug was fixed with version 0.14.1 within a week, but it could have wreaked havoc in environments without experienced IT ops pros supervising the upgrade.
"We caught it, but if we hadn't, it would've rebuilt every server in every environment, which could've been catastrophic," said Kyler Middleton, principal DevOps network architect at Veradigm, a healthcare data services company based in Chicago. Middleton sees version 1.0 as "a promise from HashiCorp that those types of scary bugs will be fewer, and they'll treat stability with extra priority over new features," they said.
Terraform 1.0 will be supported for 18 months. In the open source version, this means HashiCorp will continue to investigate and fix bugs for at least that long, though fixes may be issued in future dot-releases. However, version 1.0 will be cross-compatible with Terraform state from versions 0.14 and 0.15, and will support remote state data sources from version 0.12 and later. Users will be able to run multiple versions of Terraform resources at the same time within version 1.x releases.
Terraform Cloud adds fresh UI, plans integrations
Meanwhile, HashiCorp's Terraform Cloud rolled out two new technical features this week, a Workspace Overview UI and support for curated public modules in private Terraform Registries. The UI will offer more detailed information than previous Terraform Cloud versions on what's happening during Terraform runs in real time and what resources are affected.
Terraform Cloud administrators will also be able to offer their own versions of shared public Terraform Registry modules within private registries to ensure their compliance with security policies.
Terraform Enterprise users expect that these updates will eventually become available in the on-premises version as well.
"The current UI is not really informative and easy to use [with] more than two or three workspaces, [and] the new UI will also add change visibility," Jessen-Noak said. "The registry might help us to go further on the road of compliance."
HashiCorp also previewed a new feature coming in beta next quarter for Terraform Cloud called Run Checks, which integrates third-party tools such as GitHub Actions and Bridgecrew compliance scans directly into Terraform workflows. With these integrations, Terraform will call out to an external system such as a cost management or security analysis tool, which will prevent Terraform from applying changes that fail to comply with those tools' policies.
Run Checks will finalize Terraform's transition from a domain-specific language for infrastructure provisioning to a broader IT automation platform and ecosystem, said Gregg Siegfried, an analyst at Gartner.
"It's going to start getting competition in different areas, but as you embed that [broader] workflow into the way you manage cloud resources, it goes well beyond cloud provisioning," he said. "Holding it up just against [AWS] CloudFormation or [Azure Resource Manager] is no longer doing the tool justice."
Finally, HashiCorp is keeping abreast of newer infrastructure-as-code competitors such as Pulumi with a Cloud Development Kit, which reached version 0.4 late last month, that supports mainstream programming languages such as Python, TypeScript and Java.
Engineering teams already familiar with Terraform HCL won't necessarily jump to the other language interfaces, but they could broaden Terraform's appeal beyond its existing user base, said Phil Fenstermacher, a systems engineer at William & Mary, a university in Williamsburg, Va.
"From our DevOps team's point of view, there isn't a huge gap that needs filling here," he said. "But it's a nice option that might help bridge the gap to other departments."