Skip to main content

OpenTofu Workflow

OpenTofu is an open-source infrastructure-as-code (IaC) tool that helps you define and manage cloud infrastructure through code. It offers a transparent, community-driven alternative to Terraform, ensuring open usage without licensing restrictions.

StackGuardian’s integration with OpenTofu simplifies infrastructure workflows, empowering teams to manage infrastructure efficiently and at scale. This integration offers:

  • Unrestricted Usage: Built on an Apache 2.0 license, OpenTofu ensures flexibility for all users, including commercial entities.
  • Simplified Migration: Existing Terraform workflows can transition to OpenTofu with minimal changes.
  • Enhanced Control: Users benefit from custom lifecycle actions, approvals, and workflow automation, tailored to diverse environments.
  • Future-Proof Innovation: OpenTofu’s community-driven development ensures compatibility and a user-focused roadmap.

Introduction​

This guide walks you through creating an OpenTofu workflow on StackGuardian and explores each configuration option in detail.

Source and Parameters​

OpenTofu workflows on StackGuardian support two source types:

  1. Git Repository: Fetch configuration code directly from private repositories using version control systems like GitHub or GitLab. Learn more about configuring repositories in Version Control Settings.
  2. Subscribed Templates: Use pre-built templates from the StackGuardian Library to deploy infrastructure with a no-code approach. These templates simplify deployment and reduce manual configuration efforts.

For more detailed information, refer to the Source and Parameters Guide.

Runtime Environment​

Define the deployment and execution environment for your OpenTofu workflow. This includes selecting cloud connectors, specifying variables, and configuring private runners if necessary.

You can reference the StackGuardian Environment Variables for your OpenTofu variables.

OpenTofu Configuration​

In the OpenTofu Configuration section, you can define runtime behaviors such as state management, lifecycle custom steps, and integrations. This step includes configurations for actions like initializing, planning, applying, or destroying resources.

To learn more about runtime environment settings, see the Runtime Configuration Guide.

Metadata, Review, and Launch​

After configuring the OpenTofu workflow, click Next to update the workflow metadata (e.g., name, description, and tags). Finally, click Launch to execute the workflow.

Create OpenTofu Workflow​

Discover additional ways to Create OpenTofu Workflows on StackGuardian.

OpenTofu-Specific Lifecycle Custom Steps​

StackGuardian enables users to define custom actions at different stages of the OpenTofu workflow lifecycle. These steps provide fine-grained control over the execution process.

  1. Pre Init: Execute commands before running tofu init. This is useful for environment setup and pre-configuration checks.
  2. Pre Plan: Run steps before tofu plan to validate configurations or prepare resources.
  3. Post Plan: Perform actions after the plan is generated, such as analyzing or auditing the plan.
  4. Pre Apply: Ensure all prerequisites are met before applying changes to infrastructure.
  5. Post Apply: Execute post-deployment validations or trigger follow-up actions after the apply phase.

For more details, refer to the Lifecycle Custom Steps Guide.

Accessing Workflow Files in StackGuardian​

StackGuardian provides a clear directory structure for accessing and managing files during workflow execution. For a detailed overview on the key directories, refer to Accessing Workflow Files.

Mounting Custom Binaries​

StackGuardian supports mounting custom binaries for advanced workflows. This enables users to execute additional logic by integrating custom scripts or binaries directly into the workflow runtime.

Prerequisites​

Before configuring custom binaries, ensure that:

  • A private runner is used, as custom binaries require controlled environments for security and accessibility.
  • The required Terraform/OpenTofu binary is stored on the private runner.

Configuring Custom Binaries for OpenTofu​

StackGuardian allows users to specify a Custom Tool Path for OpenTofu workflows to execute a specific binary version.

Steps to Configure​

  1. Navigate to the Workflow Configuration Go to Library > Configure Workflow and open the OpenTofu Configuration section.

  2. Enable OpenTofu Customizations Click on OpenTofu Customizations to expand the options.

  3. Enable Custom Tool Path Select the Custom Tool Path option.

  4. Specify the Custom OpenTofu Binary Enter the full path to the custom OpenTofu binary stored in your private runner. Example: /usr/bin/terraform198

    OpenTofu Customizations

Dive into Workflow​

StackGuardian workflows provide multiple tabs for monitoring, managing, and refining your deployments. Each tab offers specific insights and actions to optimize your workflow experience.

Overview​

The Overview tab highlights key workflow details, including compliance check results, cost estimations, and resource summaries like drift detection and schedules. It offers a quick snapshot of your workflow's status. Learn more in the Workflow Overview Guide.

Runs​

The Runs tab lists all executions with real-time status, unique run IDs, and metadata, such as user actions and modification timestamps. Click a Run ID to view detailed logs and execution progress. Explore the Workflow Runs Guide.

Outputs​

The Outputs tab displays execution results and downloadable artifacts like tfstate.json. Use key-value pairs to reference outputs in other workflows, making your infrastructure provisioning more dynamic. See the Workflow Outputs Guide.

Settings​

The Settings tab enables post-creation updates, such as modifying input variables, refining OpenTofu runtime settings, reordering custom steps, or managing cloud connectors and environment variables. Learn more in the Workflow Settings Guide.