Accepting request 1329325 from systemsmanagement:opentofu

OBS-URL: https://build.opensuse.org/request/show/1329325
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/opentofu?expand=0&rev=43

_service

@@ -2,19 +2,21 @@
   <service name="obs_scm" mode="manual">
     <param name="url">https://github.com/opentofu/opentofu/</param>
     <param name="scm">git</param>
-    <param name="revision">v1.8.3</param>
+    <param name="exclude">.git</param>
+    <param name="revision">v1.11.4</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="changesgenerate">enable</param>
-    <param name="exclude">.git</param>
-  </service>
-  <service name="tar" mode="buildtime"/>
-  <service name="recompress" mode="buildtime">
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
   </service>
   <service name="set_version" mode="manual">
   </service>
   <service name="go_modules" mode="manual">
   </service>
+  <!-- services below are running at buildtime -->
+  <service name="tar" mode="buildtime">
+  </service>
+  <service name="recompress" mode="buildtime">
+    <param name="file">*.tar</param>
+    <param name="compression">gz</param>
+  </service>
 </services>

_servicedata

@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/opentofu/opentofu/</param>
-              <param name="changesrevision">7dfe15a7fa2fde489ad99d5434180b3854cfb289</param></service></servicedata>
+              <param name="changesrevision">2a9b7ac61409f7f22bde65c192c5814eb4b75cdf</param></service></servicedata>

opentofu-1.11.4.obscpio

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1707291ce0e1bf786142df19a310ea9ba8b9e3cdf5a0301dc1718d5051bf2b77
+size 22354957

opentofu-1.8.3.obscpio

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d16ccf418b9004015a06c8523d4f4801ddc81262b79835a65f9aebb7178d3f55
-size 19310093

opentofu.changes

@@ -1,3 +1,482 @@
+-------------------------------------------------------------------
+Thu Jan 22 06:29:13 UTC 2026 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 1.11.4:
+  * SECURITY ADVISORIES:
+    - Previous releases in the v1.11 series could potentially take
+      an excessive amount of time processing a maliciously-crafted
+      .zip archive during either provider or module installation
+      during tofu init. (#3689)
+  * BREAKING CHANGES:
+    - Modules containing local provider configurations now also
+      reject the enabled argument, matching existing behavior for
+      count, for_each, and depends_on. (#3680)
+    - This was an oversight in the original design of the enabled
+      feature and was missed during the review process. Although
+      our goal is to not introduce breaking changes in patch
+      releases, in some cases it may be warranted. Anyone who has
+      used the enabled feature in this particular way will have
+      unintentionally introduced a foot-gun into their
+      infrastructure and should remedy it post-haste.
+  * BUG FIXES:
+    - In JSON syntax, the state encryption method configuration now
+      allows specifying keys using both normal expression syntax
+      and using template interpolation syntax. Previously only the
+      template interpolation syntax was allowed, which was
+      inconsistent with other parts of the encryption
+      configuration. (#3654)
+    - Providers are not configured anymore with DeferralAllowed
+      capability of OpenTofu since having that created unwanted
+      behaviour from some providers. (#3676)
+    - Resources containing write-only attributes now are rendered
+      consistently during planning. (#3667)
+
+-------------------------------------------------------------------
+Wed Jan 14 07:03:04 UTC 2026 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 1.11.3:
+  * BUG FIXES:
+    - Fix crash when the executed configuration contains an import
+      block that points to unexisting configuration block (#3616)
+    - Fixed tofu test with mock_provider failing during cleanup
+      when lifecycle { ignore_changes } references a block. (#3644)
+    - Fixed state lock not being released when tofu apply is
+      interrupted with Ctrl+C while using the HTTP backend. (#3624)
+    - azure backend: resolve OIDC token dynamically to support ADO
+      refresh. (#3594)
+
+-------------------------------------------------------------------
+Sat Dec 20 07:01:10 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 1.11.2:
+  * UPGRADE NOTES:
+    - The change from #2643, that was announced previously in
+      v1.11.0, has been reverted in this release. OpenTofu will no
+      longer directly recommend using the -exclude= option to work
+      around problems caused by unknown values in provider
+      configurations.
+    - Unfortunately there are existing providers that spuriously
+      report that they cannot plan due to unknown values even when
+      planning would have been successful, and so we cannot rely on
+      providers to accurately signal when unknown values are the
+      cause of an error. Using -exclude is still a valid workaround
+      for these problems even though OpenTofu cannot accurately
+      detect when it's useful to make that suggestion.
+  * BUG FIXES:
+    - Fix crash in plan -generate-config-out with read-only nested
+      attributes (#3553)
+    - It's now possible again to plan changes with the
+      hashicorp/helm and hashicorp/kubernetes providers when the
+      provider configuration contains unknown values, as long as
+      the configuration is carefully written to avoid the plan
+      phase actually depending on those values. (#3592)
+    - When running tofu init on Windows with an azurerm backend,
+      the subscription_id is quoted correctly allowing successful
+      authentication. (#3602)
+    - Fix serialization error in apply when using cloud backend
+      (#3611)
+
+-------------------------------------------------------------------
+Thu Dec 11 08:15:15 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 1.11.1:
+  * BUG FIXES:
+    - Fixed regression where import validation would incorrectly
+      flag variables used in for_each statements within import
+      blocks (#3564)
+    - Fixed lifecycle enabled serialization in plan file (#3566)
+    - Fixed regression when validating import.id expressions
+      (#3567)
+
+-------------------------------------------------------------------
+Thu Dec 11 07:55:26 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 1.11.0:
+  https://github.com/opentofu/opentofu/blob/v1.11/CHANGELOG.md
+  https://opentofu.org/blog/opentofu-1-11-0
+  * Highlights
+    This release cycle introduces major new capabilities and
+    integrations:
+    - Ephemeral Values and Write Only Attributes
+      Ephemeral resources allow you to work with confidential data,
+      temporary credentials, and transient infrastructure without
+      persisting them to your state.
+
+      ephemeral "aws_secretsmanager_random_password" "password" {
+
+      }
+
+      resource "kubernetes_secret_v1" "credentials" {
+        metadata {
+          name = "admin"
+          namespace = "my-app"
+        }
+        data_wo = {
+          username = "admin"
+          password = ephemeral.aws_secretsmanager_random_password.password.random_password
+        }
+
+        data_wo_revision = 1
+        type = "kubernetes.io/basic-auth"
+      }
+
+    - The enabled Meta-Argument
+      If you want to conditionally deploy a resource, you no longer
+      have to use count = var.create_my_resource ? 1 : 0, you can
+      now add the new enabled meta-argument to your resource to
+      conditionally deploy it.
+
+      resource "aws_instance" "web" {
+        ami           = "ami-12345"
+        instance_type = "t3.micro"
+
+        lifecycle {
+          enabled = var.create_instance  # Simple boolean condition
+        }
+      }
+
+  * Compatibility Notes
+    - macOS: Requires macOS 12 Monterey or later
+    - Azure Backend (azurerm):
+      - The endpoint and ARM_ENDPOINT configuration options are no
+        longer supported
+      - The msi_endpoint and ARM_MSI_ENDPOINT options are no longer
+        supported
+      - The environment and metadata_host arguments are now
+        mutually exclusive
+    - issensitive() Function: Now correctly returns unknown results
+      when evaluating unknown values. Code that previously relied
+      on the incorrect behavior may need updates.
+    - Testing with Mocks: Mock values generated during testing now
+      strictly adhere to provider schemas. Test configurations with
+      invalid mock values will need to be corrected.
+    - S3 Module Installation: When installing module packages from
+      Amazon S3 buckets using S3 source addresses OpenTofu will use
+      the same credentials as the AWS CLI and SDK.
+    - TLS and SSH Security:
+      - SHA-1 signatures are no longer accepted for TLS or SSH
+        connections
+      - SSH certificates must comply with the
+        draft-miller-ssh-cert-03 specification
+
+-------------------------------------------------------------------
+Tue Dec 09 06:50:22 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 1.10.8:
+  * SECURITY ADVISORIES:
+    This release contains fixes for some security advisories
+    related to previous releases in this series.
+    - Incorrect handling of excluded subdomain constraint in
+      conjunction with TLS certificates containing wildcard SANs
+      This release incorporates the upstream fixes for
+      GO-2025-4175.
+    - Excessive CPU usage when reporting error about crafted TLS
+      certificate with many hostnames
+      This release incorporates the upstream fixes for
+      GO-2025-4155.
+
+-------------------------------------------------------------------
+Thu Nov 06 14:38:25 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 1.10.7:
+  * SECURITY ADVISORIES:
+    This release contains fixes for some security advisories
+    related to previous releases in this series.
+    - tofu init in OpenTofu v1.10.6 and earlier could potentially
+      use unbounded memory if there is a direct or indirect
+      dependency on a maliciously-crafted module package
+      distributed as a "tar" archive.
+      This would require the attacker to coerce a root module
+      author to depend (directly or indirectly) on a module package
+      they control, using the HTTP, Amazon S3, or Google Cloud
+      Storage source types to refer to a tar archive.
+      This release incorporates the upstream fixes for
+      CVE-2025-58183.
+    - When making requests to HTTPS servers, OpenTofu v1.10.6 and
+      earlier could potentially use unbounded memory or crash with
+      a "panic" error if TLS verification involves an
+      excessively-long certificate chain or a chain including DSA
+      public keys.
+      This affected all outgoing HTTPS requests made by OpenTofu
+      itself, including requests to HTTPS-based state storage
+      backends, module registries, and provider registries. For
+      example, an attacker could coerce a root module author to
+      depend (directly or indirectly) on a module they control
+      which then refers to a module or provider from an
+      attacker-controlled registry. That mode of attack would cause
+      failures in tofu init, at module or provider installation
+      time.
+      Provider plugins contain their own HTTPS client code, which
+      may have similar problems. OpenTofu v1.10.7 cannot address
+      similar problems within provider plugins, and so we recommend
+      checking for similar advisories and fixes in the provider
+      plugins you use.
+      This release incorporates upstream fixes for CVE-2025-58185,
+      CVE-2025-58187, and CVE-2025-58188.
+  * BUG FIXES:
+    - Fix crash in tofu test when using deprecated outputs (#3249)
+    - Fix missing provider functions when parentheses are used
+      (#3402)
+    - for_each inside dynamic blocks can now call provider-defined
+      functions. (#3429)
+
+-------------------------------------------------------------------
+Thu Sep 18 05:28:52 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 1.10.6:
+  * UPGRADE NOTES:
+    - Upgrade go from 1.24.4 to 1.24.6 to fix GO-2025-3849 (3127)
+    - Upgrade github.com/openbao/openbao/api/v2 from 2.1.0 to 2.3.0
+      to fix GO-2025-3783 (3134)
+      - The upgrade is necessary to silence the security scanner
+        and does not affect the actual state encryption provided by
+        OpenBao.
+  * BUG FIXES:
+    - Variables with validation no longer interfere with the
+      destroy process (#3131)
+    - Fixed crash when processing multiple deprecated marks on a
+      complex object (#3105)
+    - When OpenTelemetry encounters errors, log it at the warning
+      level instead of panic (#3235)
+
+-------------------------------------------------------------------
+Sun Aug 03 11:30:39 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 1.10.5:
+  * BUG FIXES:
+    - Fixed issue where usage of TF_PLUGIN_CACHE_DIR could result
+      in unexpected lock contention errors (#3090)
+      NOTE: It is still highly recommended to have valid
+      .terraform.lock.hcl files in projects using
+      TF_PLUGIN_CACHE_DIR
+
+-------------------------------------------------------------------
+Fri Aug 01 12:14:02 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 1.10.4:
+  * BUG FIXES:
+    - Fixed crash where sensitive set values used in for_each could
+      cause a panic. (#3070)
+    - Fixed incorrect approach to mocking provider "ReadResource"
+      calls in test. (#3068)
+    - Reduced calls to ListKeys in azure backend (for rate
+      limiting). (#3083)
+
+-------------------------------------------------------------------
+Wed Jul 16 06:21:22 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 1.10.3:
+  * BUG FIXES:
+    - OpenTofu will no longer crash in a rare case where a
+      dynamically-invalid expression has its error suppressed by
+      try or can and then that expression becomes relevant for
+      deciding whether to report a "change outside of OpenTofu" in
+      the human-oriented plan diff. (#2988)
+    - Ensure provider downloads into temp are cleaned up correctly
+      on windows. (#2843)
+    - Correctly handle structural typed attributes during test
+      provider mocking. (#2994)
+    - Fix erroneous detection of changes with sensitive resource
+      attributes. (#3024)
+
+-------------------------------------------------------------------
+Sat Jul 12 14:36:01 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- BuildRequire go1.24 >= 1.24.4 to not use go1.25rc2
+
+-------------------------------------------------------------------
+Wed Jul 02 05:18:34 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 1.10.2:
+  * S3 backend now correctly sends the x-amz-server-side-encryption
+    header for the lockfile. (#2870)
+  * A provider source address explicitly using the hostname
+    registry.terraform.io will no longer cause errors related to a
+    corresponding provider on registry.opentofu.org when executing
+    workflow commands like plan and apply. (#2979)
+
+-------------------------------------------------------------------
+Mon Jun 30 04:49:13 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 1.10.1:
+  * BUG FIXES:
+    - Fix TF_APPEND_USER_AGENT handling in the S3 remote state
+      backend. (#2955)
+  * OTHER CHANGES:
+    - OpenTofu is now built with Go 1.24.4, which should clear some
+      false-positive indirect security advisories.
+
+-------------------------------------------------------------------
+Wed Jun 25 05:02:13 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 1.10.0:
+  We're thrilled to announce the release of OpenTofu 1.10.0, our
+  most comprehensive update yet! This release represents months of
+  dedicated work from our community, introducing some fantastic
+  features that will improve how OpenTofu users manage and
+  distribute infrastructure as code.
+  Full changelog:
+  https://github.com/opentofu/opentofu/blob/v1.10/CHANGELOG.md
+  * Highlights
+    This release cycle introduces major new capabilities and
+    integrations:
+    - OCI Registry Support
+      Full integration with OCI registries for both provider and
+      module distribution, valuable for organizations with private
+      infrastructure-as-code components, air-gapped environments,
+      or enhanced security requirements.
+      For more information, refer to Module Packages in OCI
+      Registries and Provider Mirrors in OCI Registries.
+      https://opentofu.org/docs/cli/oci_registries/module-package/
+      https://opentofu.org/docs/cli/oci_registries/provider-mirror/
+    - Native S3 Locking
+      Simplify your infrastructure by using S3's conditional writes
+      capability for state locking, eliminating the need for a
+      separate DynamoDB table.
+    - OpenTelemetry Tracing
+      Gain insights into OpenTofu operations with experimental
+      OpenTelemetry tracing, completely local and under your
+      control.
+    - Resource Management with Target Files
+      Manage complex deployments more easily with the new
+      -target-file and -exclude-file options, allowing
+      version-controlled resource targeting patterns.
+    Code examples can be found here:
+    https://github.com/opentofu/opentofu/releases/tag/v1.10.0
+  * Compatibility Notes
+    - Linux: Requires kernel version 3.2 or later
+    - macOS: Requires macOS 11 Big Sur or later
+    - The ghcr.io/opentofu/opentofu image is no longer supported as
+      a base image
+    - Windows: Symbolic links and junctions are now handled
+      differently
+    - The PostgreSQL backend in OpenTofu 1.10 should not be used
+      alongside older versions
+
+-------------------------------------------------------------------
+Fri Apr 25 06:50:58 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- Update to version 1.9.1:
+  * BUG FIXES:
+    - Provider used in import is correctly identified. (#2336)
+    - plantimestamp() now returns unknown value during validation
+      (#2397)
+    - Syntax error in the required_providers block does not panic
+      anymore, but yields "syntax error" (2344)
+    - Fix the error message when default value of a complex
+      variable is containing a wrong type (2394)
+    - Changing Go version to 1.22.11 in order to fix CVE-2024-45336
+      and CVE-2024-45341 (#2438)
+    - Fix the way OpenTofu downloads a module that is sourced from
+      a GitHub branch containing slashes in the name. (2396)
+    - Changing Go version to 1.22.12 in order to fix CVE-2025-22866
+      and CVE-2024-45341 (#2438)
+
+-------------------------------------------------------------------
+Fri Jan 10 05:54:48 UTC 2025 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.9.0:
+  We're proud to announce that OpenTofu 1.9.0 is now officially
+  out! This release includes a lot of major and minor new features,
+  as well as a ton of community contributions!
+  The highlights are:
+  * for_each in provider configuration blocks: An alternate (aka
+    "aliased") provider configuration can now have multiple
+    dynamically-chosen instances using the for_each argument:
+
+    provider "aws" {
+      alias    = "by_region"
+      for_each = var.aws_regions
+
+      region = each.key
+    }
+
+    Each instance of a resource can also potentially select a
+    different instance of the associated provider configuration,
+    making it easier to declare infrastructure that ought to be
+    duplicated for each region.
+  * -exclude planning option: similar to -target, this allows
+    operators to tell OpenTofu to work on only a subset of the
+    objects declared in the configuration or tracked in the state.
+
+      tofu plan -exclude=kubernetes_manifest.crds
+
+    While -target specifies the objects to include and skips
+    everything not needed for the selected objects, -exclude
+    instead specifies objects to skip. OpenTofu will exclude the
+    selected objects and everything that depends on them.
+
+  Please take the above for a spin and let us know your feedback!
+  For all the features, see the detailed changelog.
+  https://github.com/opentofu/opentofu/blob/v1.9.0/CHANGELOG.md
+
+-------------------------------------------------------------------
+Fri Dec 27 12:21:43 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.8.8:
+  * prepare branch for v1.8.8 release (#2314)
+  * [BACKPORT v1.8] bump golang.org/x/net from 0.25 to 0.33 (#2311)
+    (#2313)
+  * Backport[v1.8]: Bump golang.org/x/crypto from 0.21.0 to 0.31.0
+    (#2288)
+  * [BACKPORT] add simulated state serialization between tofu test
+    runs (#2274) (#2276)
+
+-------------------------------------------------------------------
+Fri Dec 06 06:27:00 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.8.7:
+  * BUG FIXES:
+    - Error messages related to validation of sensitive input
+      variables will no longer disclose the sensitive value in the
+      UI. (#2219)
+    - Changes to encryption configuration now auto-apply the
+      migration (#2232)
+    - Updated github.com/golang-jwt/jwt/v4 from 4.4.2 to 4.5.1 to
+      make security scanners happy (no vulnerability, see #2179)
+    - tofu test is now setting nulls for dynamic type when
+      generating mock values. (#2245)
+    - Variables declared in test files are now taking into account
+      type default values. (#2244)
+
+-------------------------------------------------------------------
+Fri Nov 22 19:26:51 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.8.6:
+  * update 1.8 versions (#2211)
+  * fix changelog for 1.8.6 (#2207)
+  * [BACKPORT] add missing changelog entry for http backend logging
+    (#2206) (#2209)
+  * Bump golang version to 1.22.8 (address CVE-2024-34156) (#2050)
+    (#2182)
+  * [BACKPORT] fix mock type conversion in tofu test (#2144)
+    (#2197)
+  * [BACKPORT] fix mock provider validation (#2140) (#2196)
+  * [BACKPORT] Add DEBUG-level logging to the "http" state storage
+    backend (#2120) (#2192)
+  * [BACKPORT] pin node version for docusaurus build (#2177)
+    (#2194)
+
+-------------------------------------------------------------------
+Tue Nov 12 06:51:32 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.8.5:
+  * Prepare for the v1.8.6 release (#2137)
+  * v1.8 Backport: Fix regression of backend reinit detection when
+    backend schema has required arguments (#2135)
+  * Partially unknown provider functions arguments fixed (#2127)
+    (#2133)
+
+-------------------------------------------------------------------
+Thu Oct 24 08:28:04 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.8.4:
+  * Bumped versionfile for 1.8 (#2097)
+  * Backport recent changes to v1.8 (#2093)
+  * CHANGELOG entry for #2055 and #2060
+  * command/init: Support static eval for backend config migration
+    check
+
 -------------------------------------------------------------------
 Fri Oct 04 19:47:21 UTC 2024 - opensuse_buildservice@ojkastl.de
 

opentofu.obsinfo

@@ -1,4 +1,4 @@
 name: opentofu
-version: 1.8.3
-mtime: 1727968171
-commit: 7dfe15a7fa2fde489ad99d5434180b3854cfb289
+version: 1.11.4
+mtime: 1769011048
+commit: 2a9b7ac61409f7f22bde65c192c5814eb4b75cdf

opentofu.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package opentofu
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2026 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +19,7 @@
 %define executable_name tofu
 
 Name:           opentofu
-Version:        1.8.3
+Version:        1.11.4
 Release:        0
 Summary:        Declaratively manage your cloud infrastructure
 License:        MPL-2.0
@@ -29,21 +29,35 @@ Source:         %{name}-%{version}.tar.gz
 Source1:        vendor.tar.gz
 Source99:       opentofu-rpmlintrc
 BuildRequires:  bash-completion
+BuildRequires:  go1.25 >= 1.25.6
 BuildRequires:  golang-packaging
-BuildRequires:  golang(API) >= 1.21
 # See: https://github.com/hashicorp/opentofu/issues/22807
 ExcludeArch:    %{ix86} %{arm}
 
 %description
 Fork of Terraform
 
-OpenTofu is an OSS tool for building, changing, and versioning infrastructure safely and efficiently. OpenTofu can manage existing and popular service providers as well as custom in-house solutions.
+OpenTofu is an OSS tool for building, changing, and versioning infrastructure
+safely and efficiently. OpenTofu can manage existing and popular service
+providers as well as custom in-house solutions.
 
 The key features of OpenTofu are:
-- Infrastructure as Code: Infrastructure is described using a high-level configuration syntax. This allows a blueprint of your datacenter to be versioned and treated as you would any other code. Additionally, infrastructure can be shared and re-used.
-- Execution Plans: OpenTofu has a "planning" step where it generates an execution plan. The execution plan shows what OpenTofu will do when you call apply. This lets you avoid any surprises when OpenTofu manipulates infrastructure.
-- Resource Graph: OpenTofu builds a graph of all your resources, and parallelizes the creation and modification of any non-dependent resources. Because of this, OpenTofu builds infrastructure as efficiently as possible, and operators get insight into dependencies in their infrastructure.
-- Change Automation: Complex changesets can be applied to your infrastructure with minimal human interaction. With the previously mentioned execution plan and resource graph, you know exactly what OpenTofu will change and in what order, avoiding many possible human errors.
+- Infrastructure as Code: Infrastructure is described using a high-level
+  configuration syntax. This allows a blueprint of your datacenter to be
+  versioned and treated as you would any other code. Additionally, infrastructure
+  can be shared and re-used.
+- Execution Plans: OpenTofu has a "planning" step where it generates an
+  execution plan. The execution plan shows what OpenTofu will do when you call
+  apply. This lets you avoid any surprises when OpenTofu manipulates
+  infrastructure.
+- Resource Graph: OpenTofu builds a graph of all your resources, and
+  parallelizes the creation and modification of any non-dependent resources.
+  Because of this, OpenTofu builds infrastructure as efficiently as possible, and
+  operators get insight into dependencies in their infrastructure.
+- Change Automation: Complex changesets can be applied to your infrastructure
+  with minimal human interaction. With the previously mentioned execution plan
+  and resource graph, you know exactly what OpenTofu will change and in what
+  order, avoiding many possible human errors.
 
 %prep
 %autosetup -p 1 -a 1

vendor.tar.gz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:74806382de8e422b1a8fe7a8e464bf1c19bac72ee5c80f5b59d06553c7c918be
-size 15577573
+oid sha256:0b0c71f119ef30ab9107799782ae5176a06212f4ced0ec41c6783bc5a235d075
+size 20464711