diff --git a/.gitignore b/.gitignore index 0a574b7f..fdf188fd 100644 --- a/.gitignore +++ b/.gitignore @@ -27,7 +27,7 @@ go.work.sum # Project IDX .idx/ -# Terraform +# Terraform/OpenTofu ## Local .terraform directories **/.terraform/* @@ -36,7 +36,7 @@ go.work.sum *.tfstate *.tfstate.* -## Ignore transient lock info files created by terraform apply +## Ignore transient lock info files created by terraform/tofu apply .terraform.tfstate.lock.info # Terragrunt diff --git a/cmd/experimental/migrate/gcp/main.go b/cmd/experimental/migrate/gcp/main.go index fb12e9d1..d483607a 100644 --- a/cmd/experimental/migrate/gcp/main.go +++ b/cmd/experimental/migrate/gcp/main.go @@ -87,7 +87,7 @@ func main() { opts := tessera.NewMigrationOptions().WithCTLayout() // Configure antispam storage, if necessary var antispam tessera.Antispam - // Persistent antispam is currently experimental, so there's no terraform or documentation yet! + // Persistent antispam is currently experimental, so there's no OpenTofu or documentation yet! if *persistentAntispam { as_opts := gcp_as.AntispamOpts{ // 1500 appears to be give good performance for migrating logs, but you may need to lower it if you have diff --git a/deployment/README.md b/deployment/README.md index 129e2e41..1ff2f3be 100644 --- a/deployment/README.md +++ b/deployment/README.md @@ -1,6 +1,6 @@ # :gear: Deployment -This directory contains Terraform [modules](./modules/) to deploy TesseraCT on +This directory contains OpenTofu [modules](./modules/) to deploy TesseraCT on GCP and AWS with various setups, and the [instantiations](./live/) we use for our deployments. diff --git a/deployment/live/aws/conformance/ci/README.md b/deployment/live/aws/conformance/ci/README.md index 6c317de1..66e7f3e1 100644 --- a/deployment/live/aws/conformance/ci/README.md +++ b/deployment/live/aws/conformance/ci/README.md @@ -36,6 +36,6 @@ export TESSERACT_PREFIX_NAME={VALUE} Resources will be named using a `${TESSERACT_PREFIX_NAME}-${TESSERACT_BASE_NAME}` convention. -Terraforming the project can be done by: +Deploy the Terraform config with OpenTofu: 1. `cd` to the relevant directory for the environment to deploy/change (e.g. `ci`) 2. Run `terragrunt apply` diff --git a/deployment/live/aws/conformance/ci/terragrunt.hcl b/deployment/live/aws/conformance/ci/terragrunt.hcl index e35192fa..cea77f76 100644 --- a/deployment/live/aws/conformance/ci/terragrunt.hcl +++ b/deployment/live/aws/conformance/ci/terragrunt.hcl @@ -12,7 +12,7 @@ inputs = merge( { # This hack makes it so that the antispam tables are created in the main # tessera DB. We strongly recommend that the antispam DB is separate, but - # creating a second DB from Terraform is too difficult without a large + # creating a second DB from OpenTofu is too difficult without a large # rewrite. For CI purposes, testing antispam, even if in the same DB, is # preferred compared to not testing antispam at all. antispam_database_name = "tesseract" diff --git a/deployment/live/aws/test/README.md b/deployment/live/aws/test/README.md index b009749e..4a14c6dc 100644 --- a/deployment/live/aws/test/README.md +++ b/deployment/live/aws/test/README.md @@ -74,7 +74,7 @@ export AWS_REGION={VALUE} # e.g: us-east-1 export AWS_PROFILE=AdministratorAccess- ``` -Terraforming the account can be done by: +OpenTofuing the account can be done by: 1. `cd` to [/deployment/live/aws/test/](/deployment/live/aws/test/) to deploy/change. 1. Run `terragrunt apply`. If this fails to create the antispam database, @@ -253,6 +253,6 @@ The easiest way to do this, is to [close the account](https://docs.aws.amazon.co If you prefer to delete the resources with `terragrunt destroy`, bear in mind that this command might not destroy all the resources that were created (like -the S3 bucket or DynamoDB instance Terraform created to store its state for +the S3 bucket or DynamoDB instance OpenTofu created to store its state for instance). If `terragrunt destroy` shows no output, run `terragrunt destroy --terragrunt-log-level debug --terragrunt-debug`. diff --git a/deployment/live/gcp/static-ct-staging/cloudbuild/tesseract/README.md b/deployment/live/gcp/static-ct-staging/cloudbuild/tesseract/README.md index c97b67fb..c95c34a3 100644 --- a/deployment/live/gcp/static-ct-staging/cloudbuild/tesseract/README.md +++ b/deployment/live/gcp/static-ct-staging/cloudbuild/tesseract/README.md @@ -12,7 +12,7 @@ logs'](/deployment/live/gcp/static-ct-staging/logs/) Cloud Run service with the latest Docker image. 1. Updating [staging logs'](/deployment/live/gcp/static-ct-staging/logs/) infrastructure with the -latest Terraform config. +latest OpenTofu config. ## Initial setup diff --git a/deployment/live/gcp/static-ct-staging/logs/arche2025h1/README.md b/deployment/live/gcp/static-ct-staging/logs/arche2025h1/README.md index 0448af2e..f443963d 100644 --- a/deployment/live/gcp/static-ct-staging/logs/arche2025h1/README.md +++ b/deployment/live/gcp/static-ct-staging/logs/arche2025h1/README.md @@ -30,7 +30,7 @@ awk \ ### Automatic Deployment This GCP TesseraCT preloaded staging environment is designed to be deployed by -the Cloud Build ([Terraform module](/deployment/modules/gcp/cloudbuild/tesseract/), +the Cloud Build ([OpenTofu module](/deployment/modules/gcp/cloudbuild/tesseract/), [Terragrunt configuration](/deployment/live/gcp/static-ct-staging/cloudbuild/tesseract/)). ### Manual Deployment @@ -57,7 +57,7 @@ You need an Artifact Registry repository to store container images; adapt the configs and commands below to use your registry of choice. The rest of these instructions assume that the repository is hosted on GCP, and called `${GOOGLE_REGION}-docker.pkg.dev/${GOOGLE_PROJECT}/docker-staging`. For -reference, here's a [terraform +reference, here's a [OpenTofu module](/deployment/modules/gcp/artifactregistry/) you can use to set up such a registry. @@ -71,7 +71,7 @@ docker tag tesseract-gcp:latest ${GOOGLE_REGION}-docker.pkg.dev/${GOOGLE_PROJECT docker push ${GOOGLE_REGION}-docker.pkg.dev/${GOOGLE_PROJECT}/docker-staging/tesseract-gcp ``` -Terraforming the project can be done by: +Deploy the Terraform config with OpenTofu: 1. `cd` to [/deployment/live/gcp/static-ct-staging/logs/arche2025h1/](/deployment/live/gcp/static-ct-staging/logs/arche2025h1/). diff --git a/deployment/live/gcp/static-ct-staging/logs/arche2025h2/README.md b/deployment/live/gcp/static-ct-staging/logs/arche2025h2/README.md index c1d4dc67..446c67ec 100644 --- a/deployment/live/gcp/static-ct-staging/logs/arche2025h2/README.md +++ b/deployment/live/gcp/static-ct-staging/logs/arche2025h2/README.md @@ -30,7 +30,7 @@ awk \ ### Automatic Deployment This GCP TesseraCT preloaded staging environment is designed to be deployed by -the Cloud Build ([Terraform module](/deployment/modules/gcp/cloudbuild/tesseract/), +the Cloud Build ([OpenTofu module](/deployment/modules/gcp/cloudbuild/tesseract/), [Terragrunt configuration](/deployment/live/gcp/static-ct-staging/cloudbuild/tesseract/)). ### Manual Deployment @@ -57,7 +57,7 @@ You need an Artifact Registry repository to store container images; adapt the configs and commands below to use your registry of choice. The rest of these instructions assume that the repository is hosted on GCP, and called `${GOOGLE_REGION}-docker.pkg.dev/${GOOGLE_PROJECT}/docker-staging`. For -reference, here's a [terraform +reference, here's a [OpenTofu module](/deployment/modules/gcp/artifactregistry/) you can use to set up such a registry. @@ -71,7 +71,7 @@ docker tag tesseract-gcp:latest ${GOOGLE_REGION}-docker.pkg.dev/${GOOGLE_PROJECT docker push ${GOOGLE_REGION}-docker.pkg.dev/${GOOGLE_PROJECT}/docker-staging/tesseract-gcp ``` -Terraforming the project can be done by: +Deploy the Terraform config with OpenTofu: 1. `cd` to [/deployment/live/gcp/static-ct-staging/logs/arche2025h2/](/deployment/live/gcp/static-ct-staging/logs/arche2025h2/). diff --git a/deployment/live/gcp/static-ct-staging/logs/arche2026h1/README.md b/deployment/live/gcp/static-ct-staging/logs/arche2026h1/README.md index 6ce11e47..7163471e 100644 --- a/deployment/live/gcp/static-ct-staging/logs/arche2026h1/README.md +++ b/deployment/live/gcp/static-ct-staging/logs/arche2026h1/README.md @@ -30,7 +30,7 @@ awk \ ### Automatic Deployment This GCP TesseraCT preloaded staging environment is designed to be deployed by -the Cloud Build ([Terraform module](/deployment/modules/gcp/cloudbuild/tesseract/), +the Cloud Build ([OpenTofu module](/deployment/modules/gcp/cloudbuild/tesseract/), [Terragrunt configuration](/deployment/live/gcp/static-ct-staging/cloudbuild/tesseract/)). ### Manual Deployment @@ -57,7 +57,7 @@ You need an Artifact Registry repository to store container images; adapt the configs and commands below to use your registry of choice. The rest of these instructions assume that the repository is hosted on GCP, and called `${GOOGLE_REGION}-docker.pkg.dev/${GOOGLE_PROJECT}/docker-staging`. For -reference, here's a [terraform +reference, here's a [OpenTofu module](/deployment/modules/gcp/artifactregistry/) you can use to set up such a registry. @@ -71,7 +71,7 @@ docker tag tesseract-gcp:latest ${GOOGLE_REGION}-docker.pkg.dev/${GOOGLE_PROJECT docker push ${GOOGLE_REGION}-docker.pkg.dev/${GOOGLE_PROJECT}/docker-staging/tesseract-gcp ``` -Terraforming the project can be done by: +Deploy the Terraform config with OpenTofu: 1. `cd` to [/deployment/live/gcp/static-ct-staging/logs/arche2026h1/](/deployment/live/gcp/static-ct-staging/logs/arche2026h1/). diff --git a/deployment/live/gcp/static-ct/logs/ci/README.md b/deployment/live/gcp/static-ct/logs/ci/README.md index c5cd9eb3..8413d22e 100644 --- a/deployment/live/gcp/static-ct/logs/ci/README.md +++ b/deployment/live/gcp/static-ct/logs/ci/README.md @@ -18,7 +18,7 @@ At a high level, this environment consists of: ### Automatic Deployment This GCP TesseraCT conformance CI environment is designed to be deployed by the -Cloud Build ([Terraform module](/deployment/modules/gcp/cloudbuild/conformance/), +Cloud Build ([OpenTofu module](/deployment/modules/gcp/cloudbuild/conformance/), [Terragrunt configuration](/deployment/live/gcp/static-ct/cloudbuild/prod/)). ### Manual Deployment @@ -42,7 +42,7 @@ You need an Artifact Registry repository to store container images; adapt the configs and commands below to use your registry of choice. The rest of these instructions assume that the repository is hosted on GCP, and called `${GOOGLE_REGION}-docker.pkg.dev/${GOOGLE_PROJECT}/docker-ci`. For reference, -here's a [terraform module](/deployment/modules/gcp/artifactregistry/) you can +here's a [OpenTofu module](/deployment/modules/gcp/artifactregistry/) you can use to set up such a registry. Build and push the Docker image to Artifact Registry repository: @@ -55,7 +55,7 @@ docker tag conformance-gcp:latest ${GOOGLE_REGION}-docker.pkg.dev/${GOOGLE_PROJE docker push ${GOOGLE_REGION}-docker.pkg.dev/${GOOGLE_PROJECT}/docker-ci/conformance-gcp ``` -Terraforming the project can be done by: +Deploy the Terraform config with OpenTofu: 1. `cd` to [/deployment/live/gcp/static-ct/logs/ci/](/deployment/live/gcp/static-ct/logs/ci/). diff --git a/deployment/modules/aws/insecuretlskey/README.md b/deployment/modules/aws/insecuretlskey/README.md index 0c976b2a..e6965cda 100644 --- a/deployment/modules/aws/insecuretlskey/README.md +++ b/deployment/modules/aws/insecuretlskey/README.md @@ -1,5 +1,5 @@ # WARNING - PLEASE READ > [WARNING] -> This module will store unencrypted private keys in the Terraform state file. +> This module will store unencrypted private keys in the OpenTofu state file. > DO NOT use this for production logs. diff --git a/deployment/modules/aws/insecuretlskey/main.tf b/deployment/modules/aws/insecuretlskey/main.tf index b9221a72..bb6ea039 100644 --- a/deployment/modules/aws/insecuretlskey/main.tf +++ b/deployment/modules/aws/insecuretlskey/main.tf @@ -11,10 +11,11 @@ terraform { # # Security Notice # The private key generated by this resource will be stored unencrypted in your -# Terraform state file. Use of this resource for production deployments is not +# Terraform/OpenTofu state file. Use of this resource for production deployments is not # recommended. # # See https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key. +# See https://search.opentofu.org/provider/hashicorp/tls/latest/docs/resources/private_key#tls_private_key-resource. resource "tls_private_key" "ecdsa_p256" { algorithm = "ECDSA" ecdsa_curve = "P256" diff --git a/deployment/modules/aws/storage/main.tf b/deployment/modules/aws/storage/main.tf index d585a5f2..0ea3cecb 100644 --- a/deployment/modules/aws/storage/main.tf +++ b/deployment/modules/aws/storage/main.tf @@ -57,9 +57,9 @@ data "aws_secretsmanager_secret_version" "db_credentials" { # Configure the MySQL provider based on the outcome of # creating the aws_db_instance. -# This requires that the machine running terraform has access +# This requires that the machine running OpenTofu has access # to the DB instance created above. This is _NOT_ the case when -# GitHub actions are applying the terraform. +# GitHub actions are applying the OpenTofu. provider "mysql" { endpoint = aws_rds_cluster_instance.cluster_instances[0].endpoint username = aws_rds_cluster.log_rds_cluster.master_username diff --git a/deployment/modules/aws/tesseract/conformance/main.tf b/deployment/modules/aws/tesseract/conformance/main.tf index b310a972..42bfcc6c 100644 --- a/deployment/modules/aws/tesseract/conformance/main.tf +++ b/deployment/modules/aws/tesseract/conformance/main.tf @@ -33,7 +33,7 @@ module "secretsmanager" { } # [WARNING] -# This module will store unencrypted private keys in the Terraform state file. +# This module will store unencrypted private keys in the OpenTofu state file. # DO NOT use this for production logs. module "insecuretlskey" { source = "../../insecuretlskey" diff --git a/deployment/modules/aws/tesseract/test/main.tf b/deployment/modules/aws/tesseract/test/main.tf index 4c1748e9..33c53fc8 100644 --- a/deployment/modules/aws/tesseract/test/main.tf +++ b/deployment/modules/aws/tesseract/test/main.tf @@ -22,7 +22,7 @@ module "secretsmanager" { } # [WARNING] -# This module will store unencrypted private keys in the Terraform state file. +# This module will store unencrypted private keys in the OpenTofu state file. # DO NOT use this for production logs. module "insecuretlskey" { source = "../../insecuretlskey" diff --git a/deployment/modules/gcp/storage/main.tf b/deployment/modules/gcp/storage/main.tf index 4ba82df8..c9e9e539 100644 --- a/deployment/modules/gcp/storage/main.tf +++ b/deployment/modules/gcp/storage/main.tf @@ -7,7 +7,7 @@ terraform { } } -# TODO(phboneff): import tessera terraform directly +# TODO(phboneff): import tessera OpenTofu directly # Services resource "google_project_service" "serviceusage_googleapis_com" { service = "serviceusage.googleapis.com"