Why I Believe HCL is Better than YAML - HashiCorp Solutions Engineering Blog - Medium
HashiCorp Solutions Engineering Blog - MediumExplore the differences between YAML andHCL.
Audience: practitioners, security professionals, operations teams, and technical advisers
Tags: Terraform, YAML, HashiCorp Language (HCL), Computing, Cloud, Cloud Operating Model, HashiCorp, Nomad, Kubernetes
There are several ways to automate infrastructure. By now most developers are probably familiar with YAML and HCL. Some may not yet have an opinion or understanding of both. This article is meant as an opinionated technical review of the YAML-based world of Kubernetes vs HashiCorp’s configuration language(HCL).
A Review ofYAML
YAML stands for YAML Ain’t Markup Language and uses whitespace delimiters (i.e. tabs or spaces) instead of explicitly marked blocks like JSON (curly braces {}). I don’t really see any arguments that YAML is a quality of life improvement over JSON, and I have some downsides to share that I think people don’t understand related toYAML.
A good place to find out about these downsides is if you google “YAML Hate” to get at least 10 pages of articles describing grievances with YAML. First off, the YAML specification is bulky. It has 23,449 words, way more than other languages in its classification. That means a lot of complexity. Below I’ll share a few more examples illustrating this complexity and the other common issues that users of YAML commonly pointout.
A Simple But ComplexExample
Let’s start with a simple example of an external YAML parameter or astring:
image: “{{ .Vaules.image }}”This simple example gets more complicated quickly. What if we add an optionalfield?:
{{- with .resourceGroup }}resourceGroup: {{ . }}{{- end }}Going deeper let’s push an array or map into the configuration:
{{- with .Values.podAnnotations }}annotations:
{{ toYaml . | indent 8 }}{{- end }}Providing configuration data with YAML is complex even in this simple example, and complexity breeds misconfigurations. Misconfigurations, of course, are one of the most common sources of security vulnerabilities.
Spacing
Spacing alone in YAML is very difficult from a usability standpoint. In YAML determining an array of hashes versus a hash with a single list can be difficult for beginners.
The Norway Country CodeIssue
Let’s say you want to use the country code for Norway which is NO. That’s all well and good until typing NO causes a boolean error because YAML will see NO as the opposite of yes and following boolean logic, will result in an error. Even linting tools can miss this and cause major problems.
Security Issues
The attack surface is very large as it can be referenced by exploiting the memory and creating a sort of zip bomb. Having the server accept YAML is a known issue but can still be exploited by unsuspecting new users. In a recent GitHub advisory TensorFlow found, “YAML support requires a significant amount of work” they removed support for YAML due to the arbitrary code execution vulnerability. These types of attacks are common due to the unsafe function to deserialize YAML-encoded machine learningmodels.
A Review ofHCL
HCL is a JSON-based variant that is easier for machines to generate and parse than YAML. Let’s take a look at the origin of HCL and compare it with YAML. Back in July 2014, HashiCorp co-founder Mitchell Hashimoto made a “passing tests” commit and HCL was created. At the time there were several languages being used at HashiCorp like Ruby for Vagrant and Json for Consul and Packer. HCL was built as a structured language that could be readable to humans and machines targeting DevOps tools (especially Terraform), servers,etc.
A generic configuration’s goal is to make complex configurations DRY; behavior is not part of the goal of the language. HCL configurations and applications that parse them are not generic; there is a syntax and logic built into the configuration itself we do not see in a generic language like YAML or JSON. Getting to “Hello World” or even the most complex use cases are simple to learn and adopt. HCL is also open source and available to everyone.
Let’s start with a simple block example inHCL:
resource “aws_instance” “example” {ami = “abc123”
network_interface {# …
}
}
The ability to use blocks and arguments are more consistent in HCL. Here is anexample:
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.27"
}
}required_version = ">= 0.14.9"
}
provider "aws" {
profile = "default"
region = "us-west-2"
}resource "aws_instance" "app_server" {
ami = "ami-830c94e3"
instance_type = "t2.micro"tags = {
Name = "ExampleAppServerInstance"
}
}Above you can see how blocks remain a container for other content. Arguments are consistently used to build a complete infrastructure configuration in the containers. This is much more efficient thanYAML.
So what can you do with HCL? Most people know by now HCL is the language associated with Terraform. With HCL becoming a more general configuration language, building infrastructure on-premises, or in multi-cloud environments is consistent and simple withHCL.
If YAML and Kubernetes are TooComplex…
When Kubernetes was created the focus was on the API. The solution at the time was YAML since there really were not many options. Kubernetes was designed to do over a dozen things on its own. If Kubernetes is too complex or some of your workloads do not run on Kubernetes, orchestration of workloads with Nomad is a simpler option. Like Terraform, Nomad and the entire HashiStack uses HCL, and is focused on infrastructure automation for existing workloads including, but not limited to, Kubernetes.
Did you know that you can manage Helm or Kubernetes with Terraform? When Kubernetes was initially designed YAML may have been the best of few options available; however there are many more options available today. I hope this article was informative and that you learned more about the history of YAML and the use cases ofHCL.
Thanks for reading. Find me on Linkedin if you have any feedback.
Why I Believe HCL is Better than YAML was originally published in HashiCorp Solutions Engineering Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.
本文章由 flowerss 抓取自RSS,版权归源站点所有。
查看原文:Why I Believe HCL is Better than YAML - HashiCorp Solutions Engineering Blog - Medium