HashiCorp, the company behind infrastructure-as-code tool Terraform, announced plans on 10 August to pivot from its open-source roots to the source-available Business Source License, which limits commercial usage of its software by other companies.
This is within its right to do, likewise, various other companies including Couchbase, Elastic and Redis have shifted to the Business Source License in recent years, to varying amounts of controversy. Enthusiasm for open-source business models has wavered since the pandemic, as economic challenges have prompted software companies to reassess opportunities for revenue generation.
This change affects all HashiCorp’s products, although the impact will be felt most strongly around Terraform, which benefited from an expansive community that created tools and learning resources, and contributed code that enabled Terraform to manage data sources and infrastructure objects such as virtual networks, compute instances, data storage buckets and higher-level components like DNS records.
Since Terraform launched in 2014, a variety of commercial solutions collectively titled Terraform Automation and COllaboration Software (TACOS) emerged, with HashiCorp’s own Terraform Enterprise service.
Adopted by the Community, Controlled by a Single Company
For practitioners, the utility of Terraform was found in plug-ins (“providers”) published by HashiCorp partners and from the community — the value is in the orchestration and connection of disparate components found in an organization’s IT landscape. The open-source licence of Terraform resulted in broad community adoption and standardization of this software, and enabled the creation of start-ups providing software that uses and expands on Terraform Core while adding value in the larger continuous integration and continuous delivery or GitOps stack.
Practitioners view this as an ecosystem. HashiCorp views this as competition: the announcement names “vendors who take advantage of pure OSS models, and the community work on OSS projects, for their own commercial goals, without providing material contributions back”.
This is an interesting — and not wholly advisable — angle to take. Joe Duffy, the founder of Pulumi, called the phrasing “disingenuous”, noting that “We tried many times to contribute upstream fixes to Terraform providers, but HashiCorp would never accept them. So, we’ve had to maintain forks”.
Given that HashiCorp required volunteers contributing code to Terraform to sign a Contributor License Agreement giving the company the ability to relicense the software, HashiCorp’s gradual retreat from open source isn’t surprising. Similarly, a view of Terraform on GitHub paints a dim picture of HashiCorp’s engagement with contributors and the code they submit to these projects.
Pleading for Reconsideration, But Pledging to Fork
A coalition of TACOS, including Digger, env0, Gruntwork, Massdriver, Scalr, Spacelift, Terrateam and Terramate, published the OpenTF Manifesto, identifying the sudden licensing change — which, they note, occurred “without community input,” as a poison pill for Terraform. The Manifesto gained over 2,000 co-signers since it was posted. Likewise, the document raises the spectre that “every company, vendor and developer using Terraform has to wonder whether what they are doing could be construed as competitive with HashiCorp’s offerings”, potentially putting them in violation of the Business Source License.
The OpenTF Manifesto requests HashiCorp to hand over stewardship of Terraform to an appropriate open-source foundation — naming the Linux Foundation and the Cloud Native Computing Foundation as examples — with the aim of ensuring the availability of Terraform under a truly open-source licence with impartial, community-driven governance.
Short of this outcome, the pledging companies say that forking Terraform from the last open-source version is a “fallback plan”, which requires resources to maintain in the long term. In support of this endeavour, env0 and Spacelift each pledged to cover the cost of five full-time equivalent developers for at least five years, and Scalr pledged to cover the cost of three for the same duration.
Infrastructure as Code Has the Biggest Impact on IT Operations
Among automation tools, few utilities have as wide-ranging impact as infrastructure-as-code tools. A plurality (38%) in CCS Insight’s IT Infrastructure Software Study for Financial Services and Insurance identified infrastructure configuration and programming as having the biggest impact today on IT operations. This is two percentage points ahead of IT operations and service management software, amusingly putting it in second place for impact in IT operations.
Although the appeal from the OpenTF Manifesto for HashiCorp to donate Terraform to a foundation is unlikely to result in an about-face on this licensing change, the creation of a Terraform fork seems inevitable — the continued commercial existence of many of the TACOS relies on an actively maintained, open-source Terraform package.
With a neutral, open-source, community-controlled Terraform, HashiCorp would need to compete on merit and price for Terraform Enterprise. To its credit, HashiCorp’s abandoning of the “SSO tax” — a price penalty for integration with a provider of single sign-on like Okta for improved security — was a step in the right direction.
Closing a Window, Opening a Door
Although other commercial open-source software has weathered the PR storm in a transition to a proprietary closed-source model — and other HashiCorp products are reasonably likely to fare similarly — Terraform will probably be the exception to the trend. Community adoption is the driver of Terraform’s success, the plug-ins and modules that enable it to work with external resources are predominantly not maintained by HashiCorp. In this circumstance, a community- or foundation-controlled fork is likely to hit critical mass in becoming the industry standard, because of the role the community played in the initial success of Terraform.
As commercial open-source software faces market realities in needing to find revenue streams, I expect circumstances like this to continue. Similar transitions would be well-served by communicating expectations upfront of what’s free and what’s paid, and how this scales with broader adoption. Of course, this is largely unrealistic: predicting changes in business strategy years in advance is roughly as challenging as predicting stock prices years in advance.
However, artificially limiting perceived competitive products in a software ecosystem defined by volunteer efforts doesn’t seem like a winning move. In trying to exercise control over Terraform, it appears abundantly likely that HashiCorp faces a segmented community as forks gain mindshare among technical practitioners.