OpenTofu & platform engineering: Transitioning from Terraform by enhancing developer experience

May 16, 2024
10 min

Amid the uncertainty regarding Terraform, more DevOps teams are embracing OpenTofu to define application Infrastructure as Code (IaC).

For teams that have spent years familiarizing themselves with Terraform, this transition carries a lot of implications:

  • How many of your developers will have the expertise in OpenTofu to orchestrate and provision application environments when needed?
  • Will your teams need to authenticate security every time they provision infrastructure?
  • What about orchestrating environments that require resources defined in OpenTofu, Terraform, and other IaC tools? How much manual coding and validation will that require?

A platform engineering approach can help accelerate the adoption of OpenTofu by simplifying the developer experience to remove the complexity so anyone can run the infrastructure they need—regardless of their expertise in IaC.

This article will walk through how to create a developer platform leveraging your infrastructure defined via OpenTofu alongside other IaC technologies.

Step 1. Connect your repository to import your resource configurations defined in IaC

Ultimately, the objective is to create a self-service platform that simplifies the provisioning of environments for all stakeholders who need them.

This approach will rely on reusable templates defining the code that the users of your platform will initiate to provision their environments.

To start, just enter the URL for your repository and Torque will discover all your IaC modules and generate new YAML files containing the resource configuration.

Torque discovers the IaC modules in your Git repositories.

Torque automatically generates a YAML leveraging your Terraform configuration so you can provision via Torque.

These files will make it easier to both:

  • Provision individual resources via Torque’s self-service catalog, and
  • Create templates for more complex environments that may require multiple assets

Step 2. Select the resources you need for your environment

Once you’ve generated assets in Torque based on your resource configurations, you can use them to orchestrate and provision multi-asset environments via Torque.

Let’s say you need to run an application environment that requires compute, storage, and database services.

In Torque, you’ll find all the resources generated from your repository in the Designer Canvas, easily accessible in the Asset Library.

Add resources to your environment by selecting the IaC assets that Torque discovered via your Git repository.

Just search for the assets in the Asset Library, then click “Add” to bring them into your environment design.

Connect the assets in your environment to set dependencies.

You can then connect the assets in the Designer Canvas to set dependencies, and define the parameters for each one via a user-friendly form.

As you complete this design process, Torque automatically generates a YAML file defining the resources, dependencies, and parameters for your environment.

Torque automatically generates a YAML file with the code defining the resources, dependencies, and parameters to generate your environment.

This eliminates the need to orchestrate the environment and allows you to share self-service access to provision it.

Particularly for use cases that require multiple cloud services defined in different IaC tools—say, OpenTofu and Terraform, for example—this approach normalizes the resource configurations to create the code for provisioning the environment, thereby eliminating the need to reconcile the differences between the tools.

Step 3. Add your auto-generated YAML file to your self-service catalog

With this source file defining your environment, you can launch your application environment by initiating the code.

You can also extend this access to others in your team. Torque accomplishes this by:

  • Simplifying the provisioning so users can simply click “launch” without manually setting the parameters for your infrastructure service
  • Enforcing role-based permissions so your teams can provision environments without access to create or modify environments in the platform
  • Authenticating the cloud infrastructure provisioned automatically via Torque so no one has to enter credentials manually

While only those with administrator-level permissions can create environment blueprints, they can distribute access by publishing those blueprints to Torque’s self-service catalog.

In the catalog, users can browse and search to find and launch environments via self-service.

The self-service catalog allows developers to provision environments by simply clicking “launch,” without the need to set parameters or authentication.

When provisioning the environment, Torque applies default values for the duration (after which Torque will automatically terminate the environment), parameters, and tags applied to the cloud resources provisioned.

This makes it easier for anyone who needs an environment to launch them, regardless of their expertise in IaC or cloud technologies.

To learn more about platform engineering with Quali Torque, watch this brief demo:

Additional Resources