Dependencies & Unit Status

Status: Stable OpenTaco models explicit dependencies between units with one resource per edge (opentaco_dependency). No database is introduced: the entire dependency graph lives in a normal Terraform state for a dedicated unit named __opentaco_system. Key ideas:
  • One edge per output: from (from_unit_id, from_output) to (to_unit_id, to_input).
  • Store only digests (base64url SHA‑256 of canonical JSON) and timestamps — no plaintext values.
  • Update on writes: when a unit is written, the service updates all relevant edges in a single read/modify/write cycle under a lock.
  • Derive status at query time with red/yellow/green semantics and present friendly labels in the CLI.

Provider resource: opentaco_dependency

resource "opentaco_dependency" "a_to_b_dburl" {
  from_unit_id = "org/app/A"
  from_output   = "db_url"

  to_unit_id   = "org/app/B"
  to_input      = "db_url"  # optional, for clarity in docs/UX
}
Computed fields (in tfstate only): in_digest, out_digest, status, last_in_at, last_out_at. Deterministic ID: 
id = base64url(sha256(
  from_unit_id + "\n" + from_output + "\n" + to_unit_id + "\n" + to_input
))

Graph storage and surgery

  • Graph lives in __opentaco_system and is just a normal tfstate with opentaco_dependency resources.
  • On any unit write (HTTP backend or S3‑compat), the service:
    • Source refresh (outgoing): for edges where from_unit_id matches the written unit, compute in_digest from that output and set status to ok if in_digest == out_digest, else pending. If the output is missing, set unknown.
    • Target acknowledge (incoming): for edges where to_unit_id matches the written unit, copy out_digest ← in_digest, set status = ok.
  • The service acquires a lock on __opentaco_system, reads, modifies in memory, bumps serial, writes, and unlocks.
  • If graph tfstate is missing/corrupt or locked, the write proceeds and the graph update is skipped with a warning (non‑blocking).

Hashing

  • Digest = base64url(SHA‑256(canonical JSON bytes of the output))
  • Canonical JSON approximates RFC 8785: sorted object keys, arrays in order, no insignificant whitespace.
  • Equality is by digest only.

Status semantics

  • Edge (status):
    • ok: in_digest == out_digest and non‑empty
    • pending: both set and unequal
    • unknown: source output missing or not yet set
  • Unit (derived):
    • red: the unit has any incoming edge with pending
    • yellow: no incoming pending, but an upstream (transitively) is red
    • green: neither red nor yellow
CLI maps these to friendly, color-coded labels:
  • up to date (green)
  • needs re-apply (red)
  • might need re-apply (yellow)

API & CLI

  • API: GET /v1/units/{id}/status returns unit status and incoming edges.
  • CLI: taco unit status [<id> | --prefix <pfx>] [-o json]
    • No args (or --prefix /) lists all units.
    • Table output uses the friendly, colored labels above; -o json returns raw statuses.

Example

See examples/dependencies/ for a runnable A→B→C setup. A’s output includes a timestamp so every apply simulates a new upstream change.