HashiCorp moves the goal posts on open source Terraform licensing. Now what?

August 25, 2023
10 min

A large ecosystem of users, companies, vendors, and partners has grown around HashiCorp’s Terraform since it was open sourced in 2014. On August 10th, 2023, HashiCorp announced a modification to its open source licensing from the Mozilla Public License (MPL 2.0) to the Business Source License (v1.1) (the “BSL”), a non-open source license.

HashiCorp has stopped being a provider of open source products. It’s not the first company to do this, joining Confluent, MongoDB and Elastic who built out their open source communities and then, as adoption grew, changed business model because it’s expensive and highly unprofitable. It’s a lesson that few open source advocates take note of, mainly because open source adoption is a bottoms-up motion with value created through developer enablement, community building, ongoing innovation, and low or no cost. Potential business risks are rarely a factor in the decision.

This blog post may appear self-serving making yet more noise on a subject that is causing so much concern. However, this type of situation is at the core of why we specifically designed the Quali Torque platform to overcome infrastructure management changes, technical or otherwise.

Quali is a keen advocate of open source, and we understand what it takes to ensure all infrastructure, development, and IT operations tooling decisions are supported with risk mitigated. We assume infrastructure will grow in complexity with constant change, and that is why the announcement by HashiCorp is not a business or technology issue for Quali customers.

Decoding HashiCorp’s Ambiguous Move

There have been many characterizations of this change ranging from this is not a big deal, to this is a major disruption. There are changes and there are massive disrupters.

Disrupters are things with few answers or alternatives, and the impact creates major business issues. This situation is clearly on the side of the massive disrupters. Unlike most software industry changes such as mergers, acquisitions, product end-of-life decisions and company failures, this disruption is not temporary or short-term.

HashiCorp strived to make its open source product a solution that would eventually grab the attention of business users. With this announcement, Hashi has finally succeeded, although not for the right reasons.

For HashiCorp the terms of the BSL and the ‘use grants’ remain vague. This change has created significant uncertainty, speculation, and spirited debate about the short- and long-term implications.

End-users who leverage HashiCorp open source but do not use it in a commercial product

1. Investment Impact and Risk. Users who have invested considerable time, resources and effort with open source Terraform now face uncertainty about their usage rights and compliance with new license terms. Reliance on Terraform now carries more risk. If HashiCorp halts Terraform development or goes under, organizations may be left without a supported alternative.

2. Business Performance and Stability. Organizations using Terraform will see higher costs and complexity, affecting business performance. Addressing Terraform issues, bugs, and security vulnerabilities will be harder under the new license, impacting software stability.

3. License Transition and Usage. MPL 2.0 licensing applies to versions up to and including version 1.5.5. Going forward users must ensure usage does not violate the new license terms.

4. Support vs. Cost. Reducing support for the growing open source community might seem like a cost-saving move. Supporting the same user base without community help could be more expensive. While open source Terraform is free, it will have usage restrictions. It’s crucial to assess your present and future Terraform needs.

5. Unplanned Expenditures and Lost Productivity. If you are a customer of a commercial product that embeds HashiCorp open source, be prepared for increased product costs, limited support for future versions, and new licensing terms. The licensing change could lead to lost productivity for long-term Terraform users if using Terraform becomes more burdensome or costly.

Users who leverage HashiCorp open source into a commercial product

1. Limited options. The shift to BSL aims to strictly control and limit commercial uses of HashiCorp source code, potentially affecting products using BSL licensed code in offerings deemed competitive to HashiCorp.

2. Restrictive practices. Embedding or hosting BSL licensed code in an offering deemed competitive to HashiCorp is not permitted.

3. Competitive inhibitor. Building solutions around Terraform carries the risk that HashiCorp might now, or in the future, view you as competition and shut you down.

4. New contract, new relationship. Commercial solutions that use open source Terraform will need to establish a licensing agreement with HashiCorp.

5. Quality. Maintaining Terraform’s quality could be more challenging under the BSL, possibly impacting users’ and partners’ experiences.

Open source community

· Community Discouragement. This change will discourage the open source community from further contributing to HashiCorp’s Terraform.

· Contributor Aggravation. Many developers feel aggravated that their open source contributions are about to become part of a restricted commercial license.

· OpenTF Foundation. The OpenTF Foundation has emerged and is proposing open source Terraform be forked and maintained in a new foundation.

This change to BSL necessitates that every company, vendor, and user of HashiCorp open source code carefully evaluate the legal implications of their usage.

Quali Provides a Safe Path Forward

We believe this decision by HashiCorp will fragment the IaC community further. However, for customers of Quali this is not an issue as we ensure normalization and consistency across IaC, irrespective of source and creator.

Quali orchestrates the integration and blueprinting any IaC technology for self-service, on-demand, governed consumption of cloud environments with optimized cloud costs.

· Safe and Compliant: Quali does not embed nor commercialize Terraform components in our source code.

· Support Community-Driven Forks: For our new and existing customers, there is no impact on current and future Terraform usage, and we remove the uncertainty of your future IaC decision making. We support the potential creation and use of community-driven forks of Terraform.

· Integrate Alternative Technologies: We will continue to integrate multiple automation and IaC technologies that complement, enhance, or reduce dependencies in Terraform.

· Future proof: Ensure ongoing, uninterrupted operations by future-proofing your infrastructure automation and orchestration.

Quali solutions are designed to accommodate new technologies, open source or otherwise, that emerge in the future. We serve our customers by adding value on top of common IaC and container technologies like Terraform, CloudFormation, Kubernetes, Cross Plane, Helm, Ansible and others. Quali solutions are designed to accommodate new technologies, open source or otherwise, that emerge in the future.

Quali is committed to helping companies accelerate software application delivery, reduce cloud and operational costs, and simplify infrastructure complexity. Our platform provides secure and governed self-service access to private and public cloud resources.

Our team has extensive experience in automation, infrastructure orchestration, and open source technologies. We can assist in mitigating any potential issues arising from the HashiCorp licensing change and help you adapt and evolve your application environments with minimal disruption.

HashiCorp’s licensing change is a nuanced issue with far-reaching implications for those reliant on Terraform technology. By being proactive and prepared, organizations can navigate these changes and continue to thrive.

Learn more about how Quali Torque supports infrastructure as code.