osinfra-io
diff --git a/‎.github/workflows/test.yml‎
Lines changed: 4 additions & 6 deletions b/‎.github/workflows/test.yml‎
Lines changed: 4 additions & 6 deletions
diff --git a/‎.gitignore‎
Lines changed: 3 additions & 21 deletions b/‎.gitignore‎
Lines changed: 3 additions & 21 deletions
diff --git a/‎.pre-commit-config.yaml‎
Lines changed: 9 additions & 24 deletions b/‎.pre-commit-config.yaml‎
Lines changed: 9 additions & 24 deletions
diff --git a/‎.terraform-docs.yml‎
Lines changed: 0 additions & 5 deletions b/‎.terraform-docs.yml‎
Lines changed: 0 additions & 5 deletions
diff --git a/‎README.md‎
Lines changed: 11 additions & 18 deletions b/‎README.md‎
Lines changed: 11 additions & 18 deletions
diff --git a/‎SECURITY.md‎
Lines changed: 1 addition & 1 deletion b/‎SECURITY.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎empty.tofu‎ b/‎empty.tofu‎
diff --git a/‎regional/README.md‎
Lines changed: 2 additions & 47 deletions b/‎regional/README.md‎
Lines changed: 2 additions & 47 deletions
diff --git a/‎regional/helm/datadog-operator.yml‎
Lines changed: 0 additions & 2 deletions b/‎regional/helm/datadog-operator.yml‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎regional/helpers.tf‎
Lines changed: 0 additions & 1 deletion b/‎regional/helpers.tf‎
Lines changed: 0 additions & 1 deletion
@@ -1,4 +1,4 @@
-name: Terraform Tests
+name: OpenTofu Tests
 
 on:
   workflow_dispatch:
@@ -10,14 +10,12 @@ on:
       - "**.md"
 
 permissions:
-  id-token: write
+  contents: read
 
 jobs:
   tests:
     name: Tests
-    uses: osinfra-io/github-terraform-gcp-called-workflows/.github/workflows/test.yml@v0.2.6
+    uses: osinfra-io/github-terraform-gcp-called-workflows/.github/workflows/test.yml@e067c396b92a716f0ea384764ef6b8e1714dfa54
     if: github.actor != 'dependabot[bot]'
     with:
-      service_account: plt-lz-testing-github@plt-lz-terraform-tf00-sb.iam.gserviceaccount.com
-      terraform_version: ${{ vars.TERRAFORM_VERSION }}
-      workload_identity_provider: projects/746490462722/locations/global/workloadIdentityPools/github-actions/providers/github-actions-oidc
+      opentofu_version: ${{ vars.OPENTOFU_VERSION }}
@@ -1,35 +1,17 @@
 # .gitignore
 # https://docs.github.com/en/get-started/getting-started-with-git/ignoring-files
 
-# Local .terraform directories
+# Local .tofu directories
+**/.tofu/*
 **/.terraform/*
 
-# .tfstate files
-*.tfstate
-*.tfstate.*
-
-# Crash log files
-crash.log
-
 # Ignore provider lock file
+.tofu.lock.hcl
 .terraform.lock.hcl
 
-# Ignore any local.tfvars. Most .tfvars files are managed as part of configuration and so should
-# be included in version control.
-local.tfvars
-
-# Ignore override files as they are usually used to override resources locally
-override.tf
-override.tf.json
-*_override.tf
-*_override.tf.json
-
 # Ignore plan output files
 plan.out
 
-# Ignore checkov directories and files
-.external_modules
-
 # Ignore Infracost directories and files
 .infracost
 
 
@@ -10,31 +10,16 @@ repos:
       - id: trailing-whitespace
       - id: check-symlinks
 
-  - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.99.4
+  - repo: https://github.com/osinfra-io/pre-commit-hooks
+    rev: v0.1.1
     hooks:
-      - id: terraform_fmt
-
-      # To speed up local validation add the following to your ~/.zshrc:
-      # export TF_PLUGIN_CACHE_DIR=$HOME/.terraform.d/plugin-cache
-
-      - id: terraform_validate
-        args:
-          - --hook-config=--retry-once-with-cleanup=true
-          - --tf-init-args=-upgrade
-        exclude: tests/fixtures/shared
-
-      # Always run after terraform_validate
+      - id: tofu-fmt
+        verbose: true
 
-      - id: terraform_docs
+      # To speed up local validation:
+      # mkdir -p $HOME/.opentofu.d/plugin-cache
+      # Add the following to your ~/.zshrc:
+      # export TF_PLUGIN_CACHE_DIR=$HOME/.opentofu.d/plugin-cache
 
-  - repo: https://github.com/bridgecrewio/checkov.git
-    rev: 3.2.443
-    hooks:
-      - id: checkov
+      - id: tofu-validate
         verbose: true
-        args:
-          - --download-external-modules=true
-          - --skip-check
-          - "CKV_TF_1"
-          - --quiet
@@ -1,8 +1,8 @@
-# <img align="left" width="45" height="45" src="https://github.com/user-attachments/assets/eb7f0847-4807-4a4a-a36a-86740477c660"> Kubernetes - Datadog Operator Terraform Module
+# <img align="left" width="45" height="45" src="https://github.com/user-attachments/assets/eb7f0847-4807-4a4a-a36a-86740477c660"> Kubernetes - Datadog Operator OpenTofu Module
 
-**[GitHub Actions](https://github.com/osinfra-io/terraform-kubernetes-datadog-operator/actions):**
+**[GitHub Actions](https://github.com/osinfra-io/opentofu-kubernetes-datadog-operator/actions):**
 
-[![Terraform Tests](https://github.com/osinfra-io/terraform-kubernetes-datadog-operator/actions/workflows/test.yml/badge.svg)](https://github.com/osinfra-io/terraform-kubernetes-datadog-operator/actions/workflows/test.yml) [![Dependabot](https://github.com/osinfra-io/terraform-kubernetes-datadog-operator/actions/workflows/dependabot.yml/badge.svg)](https://github.com/osinfra-io/terraform-kubernetes-datadog-operator/actions/workflows/dependabot.yml)
+[![OpenTofu Tests](https://github.com/osinfra-io/opentofu-kubernetes-datadog-operator/actions/workflows/test.yml/badge.svg)](https://github.com/osinfra-io/opentofu-kubernetes-datadog-operator/actions/workflows/test.yml) [![Dependabot](https://github.com/osinfra-io/opentofu-kubernetes-datadog-operator/actions/workflows/dependabot.yml/badge.svg)](https://github.com/osinfra-io/opentofu-kubernetes-datadog-operator/actions/workflows/dependabot.yml)
 
 **[Infracost](https://www.infracost.io):**
 
@@ -12,10 +12,10 @@
 
 ## Repository Description
 
-Terraform **example** module for the Datadog Kubernetes Operator on Google Kubernetes Engine (GKE).
+OpenTofu **example** module for the Datadog Kubernetes Operator on Google Kubernetes Engine (GKE).
 
 > [!NOTE]
-> We do not recommend consuming this module like you might a [public module](https://registry.terraform.io/browse/modules). It is a baseline, something you can fork, potentially maintain, and modify to fit your organization's needs. Using public modules vs. writing your own has various [drivers and trade-offs](https://docs.osinfra.io/fundamentals/architecture-decision-records/adr-0003) that your organization should evaluate.
+> We do not recommend consuming this module like you might a [public module](https://search.opentofu.org). It is a baseline, something you can fork, potentially maintain, and modify to fit your organization's needs. Using public modules vs. writing your own has various [drivers and trade-offs](https://docs.osinfra.io/fundamentals/architecture-decision-records/adr-0003) that your organization should evaluate.
 
 ## 🔩 Usage
 
@@ -28,18 +28,16 @@ Our focus is on the core fundamental practice of platform engineering, Infrastru
 
 >Open Source Infrastructure (as Code) is a development model for infrastructure that focuses on open collaboration and applying relative lessons learned from software development practices that organizations can use internally at scale. - [Open Source Infrastructure (as Code)](https://www.osinfra.io)
 
-To avoid slowing down stream-aligned teams, we want to open up the possibility for contributions. The Open Source Infrastructure (as Code) model allows team members external to the platform team to contribute with only a slight increase in cognitive load. This section is for developers who want to contribute to this repository, describing the tools used, the skills, and the knowledge required, along with Terraform documentation.
+To avoid slowing down stream-aligned teams, we want to open up the possibility for contributions. The Open Source Infrastructure (as Code) model allows team members external to the platform team to contribute with only a slight increase in cognitive load. This section is for developers who want to contribute to this repository, describing the tools used, the skills, and the knowledge required, along with OpenTofu documentation.
 
 See the [documentation](https://docs.osinfra.io/fundamentals/development-setup) for setting up a local development environment.
 
 ### 🛠️ Tools
 
-- [checkov](https://github.com/bridgecrewio/checkov)
 - [helm](https://github.com/helm/helm)
 - [infracost](https://github.com/infracost/infracost)
+- [osinfra-pre-commit-hooks](https://github.com/osinfra-io/pre-commit-hooks)
 - [pre-commit](https://github.com/pre-commit/pre-commit)
-- [pre-commit-terraform](https://github.com/antonbabenko/pre-commit-terraform)
-- [terraform-docs](https://github.com/terraform-docs/terraform-docs)
 
 ### 📋 Skills and Knowledge
 
@@ -49,21 +47,16 @@ Links to documentation and other resources required to develop and iterate in th
 
 ### 🔍 Tests
 
-All tests are [mocked](https://developer.hashicorp.com/terraform/language/tests/mocking) allowing us to test the module without creating infrastructure or requiring credentials. The trade-offs are acceptable in favor of speed and simplicity. In a Terraform test, a mocked provider or resource will generate fake data for all computed attributes that would normally be provided by the underlying provider APIs.
+All tests are [mocked](https://opentofu.org/docs/cli/commands/test/#the-mock_provider-blocks) allowing us to test the module without creating infrastructure or requiring credentials. The trade-offs are acceptable in favor of speed and simplicity. In an OpenTofu test, a mocked provider or resource will generate fake data for all computed attributes that would normally be provided by the underlying provider APIs.
 
 ```none
-terraform init
+tofu init
 ```
 
 ```none
-terraform test
+tofu test
 ```
 
-## 📓 Terraform Documentation
+## 📓 OpenTofu Documentation
 
 > A child module automatically inherits default (un-aliased) provider configurations from its parent. The provider versions below are informational only and do **not** need to align with the provider configurations from its parent.
-
-## 📓 Terraform Regional Documentation
-
-- [regional](regional/README.md)
-- [regional/manifests](regional/manifests/README.md)
@@ -7,6 +7,6 @@ the community, but it does come with some risks.
 ## Reporting a Vulnerability
 
 Privately discuss, fix, and publish information about security vulnerabilities in this repository by drafting a new
-[security advisory](https://github.com/osinfra-io/terraform-kubernetes-datadog-operator/security/advisories/new).
+[security advisory](https://github.com/osinfra-io/opentofu-kubernetes-datadog-operator/security/advisories/new).
 
 <!-- This file is managed by the osinfra-io/github-organization-management repository and should not be edited directly. -->
@@ -1,48 +1,3 @@
-# Terraform Documentation
+# OpenTofu Documentation
 
-A child module automatically inherits its parent's default (un-aliased) provider configurations. The provider versions below are informational only and do **not** need to align with the provider configurations from its parent.
-
-<!-- BEGIN_TF_DOCS -->
-## Requirements
-
-No requirements.
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_helm"></a> [helm](#provider\_helm) | 3.0.2 |
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.37.1 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_helpers"></a> [helpers](#module\_helpers) | github.com/osinfra-io/terraform-core-helpers//child | v0.1.2 |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [helm_release.datadog_operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [kubernetes_secret_v1.datadog_operator_secret](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1) | resource |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_agent_namespace"></a> [agent\_namespace](#input\_agent\_namespace) | Namespace for the Datadog Agent | `string` | `"datadog"` | no |
-| <a name="input_api_key"></a> [api\_key](#input\_api\_key) | Datadog API key | `string` | n/a | yes |
-| <a name="input_app_key"></a> [app\_key](#input\_app\_key) | Datadog APP key | `string` | n/a | yes |
-| <a name="input_cluster_prefix"></a> [cluster\_prefix](#input\_cluster\_prefix) | Prefix for your cluster name, region, and zone (if applicable) will be added to the end of the cluster name | `string` | n/a | yes |
-| <a name="input_limits_cpu"></a> [limits\_cpu](#input\_limits\_cpu) | CPU limits for the Datadog Operator | `string` | `"200m"` | no |
-| <a name="input_limits_memory"></a> [limits\_memory](#input\_limits\_memory) | Memory limits for the Datadog Operator | `string` | `"64Mi"` | no |
-| <a name="input_operator_version"></a> [operator\_version](#input\_operator\_version) | The version of the Datadog Operator to install | `string` | `"2.11.1"` | no |
-| <a name="input_requests_cpu"></a> [requests\_cpu](#input\_requests\_cpu) | CPU requests for the Datadog Operator | `string` | `"100m"` | no |
-| <a name="input_requests_memory"></a> [requests\_memory](#input\_requests\_memory) | Memory requests for the Datadog Operator | `string` | `"32Mi"` | no |
-| <a name="input_watch_namespaces"></a> [watch\_namespaces](#input\_watch\_namespaces) | Restricts the Operator to watch its managed resources on specific namespaces - set to [""] to watch all namespaces | `list(string)` | <pre>[<br/>  "datadog"<br/>]</pre> | no |
-
-## Outputs
-
-No outputs.
-<!-- END_TF_DOCS -->
+> A child module automatically inherits default (un-aliased) provider configurations from its parent. The provider versions below are informational only and do **not** need to align with the provider configurations from its parent.
@@ -3,8 +3,6 @@
 remoteConfiguration:
   enabled: true
 
-# Base64 High Entropy String
-# checkov:skip=CKV_SECRET_6: False positive
 apiKeyExistingSecret: datadog-operator-secret
 appKeyExistingSecret: datadog-operator-secret