Support OpenTofu (epic)

[nitrocode]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.

---

• [ ] I'd be willing to implement this feature (contributing guide)

Describe the user story

Please support usage of opentofu

https://github.com/opentffoundation/opentf

Describe the solution you'd like

See above

• #4337
• #4338
• #4339

Describe the drawbacks of your solution

N/A

Describe alternatives you've considered

N/A

[raynigon]

This Ticket should be renamed to Support OpenTofu terraform fork, to make it easier to find.

[chenrui333]

Should be just Support OpenTofu (I think almost everyone knows OpenTofu at this point)

[sirvantedbrl]

@nitrocode @chenrui333 @raynigon I would like to work on this issue, could you assign me?

[chenrui333]

@sirvantedbrl feel free to kick off a PR and we can start from there. Thanks!

[sirvantedbrl]

@chenrui333 İ'm starting to work on sending a PR, thank you.

[GenPage]

The idea is that we will still support both Terraform and OpenTofu. There may be some hard-code references to Terraform. We want to abstract that so that we don't have to do this again for even another tool. Atlantis long-term should be vendor-agnostic.

[chenrui333]

opentofu just GA today, https://github.com/opentofu/opentofu/releases/tag/v1.6.0

[nitrocode]

A workaround for users that want to go down the opentofu path before support is official could do the following.

1. Set --tf-download=false to avoid downloading terraform versions
2. Use a custom container to download a opentofu release as /usr/bin/opentofu_<version>
3. Use a custom workflow to override the init, plan, and apply steps to use the opentofu cli instead of the terraform cli

[jmateusppay]

Worked for me

Installation with helm:

values.yaml

initConfig:
  enabled: true
  image: alpine:latest
  imagePullPolicy: IfNotPresent
  # sharedDir is set as env var INIT_SHARED_DIR
  sharedDir: /plugins
  workDir: /tmp
  sizeLimit: 250Mi
  # example of how the script can be configured to install tools/providers required by the atlantis pod
  script: |
    #!/bin/sh
    set -eoux pipefail

    # terragrunt
    TG_VERSION="0.55.10"
    TG_SHA256_SUM="1ad609399352348a41bb5ea96fdff5c7a18ac223742f60603a557a54fc8c6cff"
    TG_FILE="${INIT_SHARED_DIR}/terragrunt"
    wget https://github.com/gruntwork-io/terragrunt/releases/download/v${TG_VERSION}/terragrunt_linux_amd64 -O "${TG_FILE}"
    echo "${TG_SHA256_SUM} ${TG_FILE}" | sha256sum -c
    chmod 755 "${TG_FILE}"
    terragrunt -v

    # OpenTofu
    TF_VERSION="1.6.2"
    TF_FILE="${INIT_SHARED_DIR}/tofu"
    wget https://github.com/opentofu/opentofu/releases/download/v${TF_VERSION}/tofu_${TF_VERSION}_linux_amd64.zip
    unzip tofu_${TF_VERSION}_linux_amd64.zip
    mv tofu ${INIT_SHARED_DIR}
    chmod 755 "${TF_FILE}"
    tofu -v

environment: 
  ATLANTIS_TF_DOWNLOAD: false
  TERRAGRUNT_TFPATH: /plugins/tofu

repoConfig: |
  ---
  repos:
  - id: /.*/
    apply_requirements: [approved, mergeable]
    allow_custom_workflows: true
    allowed_overrides: [workflow, apply_requirements, delete_source_branch_on_merge]

atlantis.yaml

version: 3
automerge: true
parallel_plan: true
parallel_apply: false
projects:
- name: terragrunt
  dir: .
  workspace: terragrunt
  delete_source_branch_on_merge: true
  autoplan:
    enabled: false
  apply_requirements: [mergeable, approved]
  workflow: terragrunt
workflows:
  terragrunt:
    plan:
      steps:
      - env:
          name: TF_IN_AUTOMATION
          value: 'true'
      - run: find . -name '.terragrunt-cache' | xargs rm -rf
      - run: terragrunt init -reconfigure
      - run:
          command: terragrunt plan -input=false -out=$PLANFILE
          output: strip_refreshing
    apply:  
      steps:      
        - run: terragrunt apply $PLANFILE

I hope it helps :)

[nitrocode]

Nice work! I think the above is worth documenting on the site. The one suggestion I have would be to keep the version as a suffix in the binary name for consistency with how we currently use terraform.

We'd also need to document without using a wrapper like terragrunt/atmos/terramate/etc

Reading the description of this issue over and it's more targeting the auto download of opentofu than the usage of opentofu. Maybe we can document the above and re-title this issue as "Support autodownload of opentofu"?

Your solution of installing opentofu manually and disabling auto download should work as expected.

I also saw that the new aws 5.40 aws providers, which contain custom functions, are backwards compatible (but without custom function support) with older versions of terraform and current versions of opentofu. One less worry with switching from tf to opentofu.

[nitrocode]

Perhaps since so many people have upvoted this issue, we should move the contents and title of this issue into its own issue for autodownloading opentofu

• https://github.com/runatlantis/atlantis/issues/4339

Then this this issue can be (informally) an epic for full opentofu support so it can be broken up into smaller issues/subtasks

[kvendingoldo]

Hi! I think that in scope of it you can start to use tenv: tool for managing Terraform, Terragrunt and OpenTofu by a single binary file.

You're also welcome to open any issues or contribute to tenv.

[jmateusppay]

This is my doc to deployment Atlantis with OpenTofu.

https://medium.com/@contato.matthewd/deployment-atlantis-with-opentofu-85ca0fbe45e5