Upgrade Terraform Binary to Latest

[shivenduverma-sap]

What problem are you facing?

Many new features such as for_each in import, bug fixes, etc. are not available in older versions of Terraform
Current version: 1.5.5
Expected version: 1.9.3,

How could Official Terraform Provider help solve your problem?

Please upgrade !! We are blocked in the adoption of the provider

[jbw976]

Unfortunately, we cannot upgrade the version of the Terraform binary past 1.5.x due to the switch to the BSL license. Some related discussion on this topic can be found at:

• Update at least to v1.6 #247 (comment)
• Update at least to v1.6 #247 (comment)
• Support terraform v1.6 #227 (comment)

It may be possible though to update to a newer version of the 1.5.x release, e.g. https://github.com/hashicorp/terraform/releases/tag/v1.5.7.

That would require updating at least https://github.com/upbound/provider-terraform/blob/main/cluster/images/provider-terraform/Dockerfile#L6 and then testing/validation that I'm sure the maintainers of this repo could recommend 😇

[bobh66]

@jbw976 that would require updating https://github.com/upbound/terraform/ to the 1.5.7 tag and rebuilding.

[shivenduverma-sap]

Hi,
Thanks for the replies @jbw976 @bobh66
Quick question: A lot of the "new/shiny" functionality in Terraform related to imports have come in the later versions. Somebody moving from conventional pipeline based Terraform to crossplane would definitely use them and would be a prerequisite for the move. Terraform versions >=1.6 not being supported is a big hindrance to adoption of provider-terraform.
We are in the process of this adoption and if this is the end of life, we would stop the adoption. What are your thoughts on the future of this?

Thanks in advance!

[bobh66]

@shivenduverma-sap Given the restrictive licensing changes I don't see a scenario that would allow us to use a version of terraform that uses the new license (anything beyond 1.5.7).

We recommend using provider-terraform as a transitional step when migrating from terraform to Crossplane, and to fill in the gaps when existing providers don't support specific resources that are available in terraform. Unfortunately it's going to get harder to use provider-terraform to run existing terraform modules when they use features that are specific to 1.6 and later.

[jbw976]

I can imagine a future where OpenTofu is supported, which has exciting new development velocity, but there are some legal/approval hurdles that have to be cleared before that can happen, e.g., #247 (comment)

[bobh66]

I can imagine a future where OpenTofu is supported, which has exciting new development velocity,

I agree, but I don't think OpenTofu will support the latest terraform features for a while yet, if ever. (if they forked at 1.5 there are a lot of new features in 1.6, 1.7, etc - certainly possible but takes work)

[mbbush]

I can imagine a future where OpenTofu is supported, which has exciting new development velocity,

I agree, but I don't think OpenTofu will support the latest terraform features for a while yet, if ever. (if they forked at 1.5 there are a lot of new features in 1.6, 1.7, etc - certainly possible but takes work)

On the contrary, they already support features like removed and for_each in imports. I'm not clear on the extent to which they're doing conformance testing against newer hashicorp tf versions, but https://opentofu.org/blog/what-we-learned-while-working-on-opentofus-new-test-feature/ seems to at least point in that direction.

It does seem kind of silly to say that we can use the MPL-licensed Terraform 1.5.5 binary, but not the MPL-licensed opentofu binary, because of concerns at the CNCF about the MPL license terms.

[bobh66]

On the contrary, they already support features like removed and for_each in imports. I'm not clear on the extent to which they're doing conformance testing against newer hashicorp tf versions, but https://opentofu.org/blog/what-we-learned-while-working-on-opentofus-new-test-feature/ seems to at least point in that direction.

Great - I'm happy to be wrong.

It does seem kind of silly to say that we can use the MPL-licensed Terraform 1.5.5 binary, but not the MPL-licensed opentofu binary, because of concerns at the CNCF about the MPL license terms.

I don't think we're saying we can't use it, we're saying that we're not lawyers and we don't know enough to make a good decision without input from the lawyers, which we have been trying to get.

If we get the go-ahead then I think that would be a good option to pursue.

[shivenduverma-sap]

And what do you think about the timelines?
A 1 year old release gathers some security vulnerabilites and terraform has some major bug fixes with init, import, etc. in the newer releases. How would you say the timelines could look like(vague estimates are also appreciated!) with OpenTofu being the next binary?

[jeanduplessis]

At this point in time, we will not allow overriding the Terraform binary with the possibility of one released after 1.5.x as they are released under the BSL license. This provider would violate the license terms, and we do not want to open the possibility for that even if the action was taken by a user of the provider.