- HashiCorp is moving its products previously licensed as Open Source away from it to Business Source License (BSL) moving forward
- Terraform is a popular Infrastructure as Code tool used for provisioning cloud resources like AWS, Azure among others
- Terraform version 1.5.5 and earlier are still open source
- there is a push for a community maintained open source fork if this decision is not reversed, OpenTF
Gruntwork response on the problem with BSL
- https://blog.gruntwork.io/the-future-of-terraform-must-be-open-ab0b9ba65bca?gi=be31818bcbaf
- Gruntwork is a creator of the tool Terragrunt which is an open source wrapper around Terraform to provide some additional tools for it
We will see how this plays out… Terraform is awesome but the product would not be very popular today if open source developers hadn’t worked for 10 years for free to maintain and update it.
Now they take all their work and decides it’s not open source anymore, because hashicorp needs to make money.
I for one am recommending pulumi for any of my teams new infrastructure needs.
I used pulumi but it’s much worse than terraform. I didn’t used to think so before I learned terraform however.
My main reason to dislike pulumi is that you have to work around it’s async behavior in python. Maybe it’s better and more natural if you use typescript, but I had to constantly wrap methods in Outputs and other things to get the code to work.
I had to adapt my code to how pulumi worked all the time. With terraform, I just write it and it works.
So I’m using it with Python. For me it’s able to do some stuff that terrafom never would be able to (Ive got a spot where resources are generated for each file/object on disk).
Give me an example… What file on disk are you generating a pulumi resource from?
We’ve got it rigged up for aws sso. Each department can make any number of permissions sets (and link to any number of groups). The config for that is all stored in git (with code owners configured so you can only mess up your own stuff).
I wonder how many of those “open source developers”, are actually employees of the same companies HashiCorp is accusing now of competing against them. No company is going to pay their employees to contribute to a piece of software, that they then have to buy a license for… so this can very well mean that HashiCorp is cutting off contributions from the same people most capable of contributing in the first place.
No, just new versions.
Not so “just”. Terraform open source version went into a fork. Who will work on that one and who will continue with the hashicorp version? It’s a split in the community now, and I bet most devs will continue on the hashicorp version.
I bet most devs will continue on the hashicorp version
Only the hobbyist ones. Every dev paid for by a company using the products, will be on the OpenSource fork.
It’s something companies often forget: open source, and the GPL in particular, is a way for companies to cooperate. Use the AGPL if you want to prevent unfair server-side competition. Switching to the BSL is restricting cooperation to only those with less experience.
PS: IANAL, but by reading MariaDB’s guidelines for the BSL, HashiCorp may not even have applied it correctly.
We were considering Vault, I guess we’ll look into alternatives now, are there any decent Free Software ones in the first place?
ive not done secrets management before but i came across this list on hackernews, a few non-cloud ones use open source license https://news.ycombinator.com/item?id=37133054#37151218
but another user there have mentioned that while most of them integrate with Kubernetes and AWS, short lived DB credentials are not in any of those listed
I’ve been using Infisical recently and I like it a lot.
I’m not an infra dev, but a previous project used SOPS and it seemed alright
For the people who continue to work on the open source fork of terraform, can HashiCorp pull their commits into their closed source BSL fork?
I would assume not, but I am curious if there’s some weird workaround of their previous license that they still own contributions
The integrations with other services are implemented in plugins which are separate programs, that are installed separately, and communicate with the core over RPC. I would imagine these plugins can continue to be licensed however their owners choose. I think this license change just applies to core.
Before a contributor’s code is accepted the contributor must sign a CLA which grants Hashicorp a license to do whatever to what is contributed. See: https://www.hashicorp.com/cla
Grant of Copyright License. Subject to the terms and conditions of this Agreement, You hereby grant to HashiCorp and to recipients of software distributed by HashiCorp a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Your Contributions and such derivative works.
ouch… Well, with the fork they wont have to do that anymore… so thats good.
When Canonical originally had such a CLA to contribute to Ubuntu it was pretty controversial (I don’t think it was common at all at the time), this situation with HashiCorp perfectly demonstrates why.
I’m not as familiar with MPLv2 but I don’t think they can with contributions to the fork. Since those contributions won’t be part of the original “we own all your work” agreement they couldn’t simply close source those contributions.
From the BSL FAQ:
Q: I have written a code patch to a BSL project and would like the BSL vendor to maintain the code as part of the BSL project. How do I contribute it?
A: License your code using the “new BSD” license or dedicate it to the public domain. Code contributions under “new BSD” is compatible with BSL. See BSD on Wikipedia.
That would seem to rule out the MPLv2.
That is for continuing contributions to the commercial project, the fork should be using the old license not the BSL.
If HashiCorp is unwilling to switch Terraform back to an open source license, we propose to fork the legacy MPL-licensed Terraform
The question was if HashiCorp could take contributions to the fork and put them into their commercial product.
That means HashiCorp could only take contributions licensed under the BSD or public domain, or under a CLA. The fork would be none of those.
What a shame.
I was hit aggressively by HC sales team last year, we are using TF and Vault, and were looking to add consul, now it is pretty vauge how it will all pan put
Fuck’em. 'Nuff said.
Not that I’d know much about this, but can’t you easily replace terraform with some script that remotely installs NixOS?
i dont think theyre equivalent tools since Terraform is used for things like creating cloud VMs with the selected OS image, configuring subnets and route tables among other things which i dont believe NixOS is meant for
Terraform is great automation, but it really shines over scripts in a few ways:
- intrinsic documentation for your infrastructure
- much less brittle to differences in the initial state
- changing your setup later doesn’t require any new script logic, just a simple config change
- much better support for collaborative editing