Draft: Remove dependency on terraform/opentofu serial field
What does this MR do and why?
Functionally, gitlab's terraform http backend really only ever needs to know what the latest state data is. Given the explicit locking structure around this code/workflow, the version field can simply be incremented.
In this change, we simply increment the latest version number or default to 1. This works with both new projects and existing projects (even pre-version-migration).
OpenTofu 1.7.0 will include state encryption which ideally would be completely opaque to all state backends.
Additionally, "serial" is not part of the terraform state data contract.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
How to set up and validate locally
- Install OpenTofu 1.7.0-alpha1
- Setup encrypted configuration in main.tf
terraform {
backend "http" {
}
encryption {
key_provider "pbkdf2" "basic" {
passphrase = "26281afb-83f1-47ec-9b2d-2aebf6417167"
key_length = 32
iterations = 200000
hash_function = "sha512"
salt_length = 12
}
method "aes_gcm" "example" {
keys = key_provider.pbkdf2.basic
}
state {
method = method.aes_gcm.example
fallback{}
}
}
}
resource "tfcoremock_simple_resource" "simple" {
string = "helloworld changes! 1"
}
-
tofu init
using terraform http backend setup provided in Operate > Terraform States tofu apply
- change the "string" field of the mock resource.
tofu apply
- Double check the pg database contains the expected version rows.
Edited by Christian Mesh