Hello all!
Welcome to the next issue of the Tidy Cloud AWS newsletter! In this issue, I reflect a bit on Hashicorp’s recent change to a Business Source License for their products.
Enjoy!
Hashicorp changed their licensing to BSL from open source a few days ago. Others, like Elasticsearch, Redis and Cockroach Labs, have done the same in the past. How will this impact users of their products?
Not as open as before
What this means is that the products will still be free to use for many of the customers. However, competitors to HashiCorp cannot use or embed the source code and products in their offerings. They need to get a special licensing deal with Hashicorp in order to do so. See also Hashicorp’s frequently asked questions.
So what are these products then? HashiCorp’s website lists Terraform, Packer, Vault, Consul, Boundary, Nomad, Waypoint, and Vagrant as their products. Vagrant does not have a commercial offering, and a few of the other products make more sense if you are into the Hashicorp ecosystem.
The main two products that a good deal of may use without the rest of the Hashicorp ecosystem are Terraform and Packer, I think. The competition mostly revolves around Terraform usage, so the license change will affect those using old Terraform Cloud and Terraform Enterprise, now called Hashicorp Cloud Platform.
Companies like Spacelift, Scalr, and Env0, and maybe Terramate Cloud, are among the competitors. A less obvious one is Oracle Cloud’s Resource Manager, which is a managed service that helps manage infrastructure based on Terraform.
Hashicorp confirms they will keep all Terraform providers, SDKs, and Cloud Development Kit (CDKTF) open source.
Hashicorp’s Business Source License is for new releases only. The existing release still has the old open source license. Hashicorp will do security patches on the open source releases until December 31st, 2023.
Who will be affected?
While Hashicorp claims only competitors to their commercial offerings will be affected, I believe it could affect others as well. The direct effect is on competitors, but customers who chose them are also affected. A problem here, though, is that the definition of a competitor is very vague, so it seems to be at the whim of Hashicorp if they decide you are a competitor. If not today, then perhaps tomorrow. Or if you are not competing with their products today, perhaps they will release a competing product to your product later?
There is a lot of uncertainty about this license.
Contrary to companies like Elasticsearch and Redis Labs, the main competitor targets seem to be not the hyper-scale cloud providers. Instead, it seems to be smaller businesses like Spacelift, Env0, and others. Hashicorp themselves has over 2400 employees with a $100+ million in revenue per quarter, some of their competitors only a handful of people. They are not making a profit, though, so this is probably a way for them to make the company profitable.
Spacelift wrote a short note about this, stating that it is certainly legal for Hashicorp to do this, but questioning of this is ethical to do. Joe Duffy from Pulumi also wrote a short note on this topic as well.
Pulumi should not be affected, since they have their own core engine for infrastructure-as-code. License change won’t affect Terraform providers used to access resources which do not have Pulumi providers yet.
Many people think Pulumi is based on Terraform, but it’s not. This is a communication challenge for Pulumi.
Oracle Cloud may make a deal with Hashicorp about their Resource Manager offering, but it won’t be a big problem for them..
AWS will not care much either. I do not think they use anything of the Terraform core or any of the other Hashicorp products.
But there are many relatively smaller companies that certainly will care and worry about their business.
OpenTF
Gruntwork’s Yevgeniy Brikman wrote a great post titled The future of Terraform must be open. He outlines a lot of what is bad with this new license, and presents a new initiative, called the OpenTF manifesto.
The idea is to convince Hashicorp to revert to an open source license for Terraform. If they do not do that, they will fork the open source licensed version of Terraform and work on a version of Terraform that will be open source, forever.
The manifesto has a GitHub repository where you can show your support by signing up.. Several companies and a few individuals have signed. They may provide development support for a fork.
I applaud this initiative, and I hope that Terraform will stay open source.
Final thoughts
I am a bit torn about this topic. It is fine if a company uses a Business Source License for their products, and Hashicorp is not pretending it is an open source license after the change. As they are not profitable and publicly traded, they most likely need to satisfy the investors. For many users of their products, it will not be much or any difference.
However, this is done after several years of being open source, and basically changed overnight. There are probably several smaller companies that might get into difficulties. Their products aren’t bad and the competition isn’t better, but the conditions they competed under changed a lot. It remains to see which license deals these companies get. It is not a nice way to try to get ahead of the competition.
What do you think?
You can find the contents of this bulletin and older ones, and more at Cloudgnosis.org. You will also find other useful articles around AWS automation and infrastructure-as-software.
Until next time,
/Erik