Terraform Enterprise v202307-1 (722)
Last required release: v202304-1 (692)
Known Issues
- [Updated August 14, 2024] Runs that rely on dynamic provider credentials and workload identity will fail after a certain number of signing key rotations. This problem is fixed in v202407-1, and you can avoid it by upgrading v202407-1 or above. For details on additional workarounds, including manually trimming keys, refer to our support article.
- [Updated November 25, 2024] Terraform Enterprise does not currently support using a username provided via
REDIS_USER
for authenticating with an external Redis instance. To use authentication with Redis, configure Redis to require only a password for the default user by updating your Redis configuration file (redis.conf
) as follows, replacing<your password>
accordingly:
In the Terraform Enterprise environment, set only the REDIS_PASSWORD
variable with the corresponding value.
Breaking Changes
The "Manage Policy Overrides" organization permission has been modified to remove excessive privileges. This is a breaking change as Policy Overriders may now require explicit additional permissions to perform other tasks. As per the API Stability Policy, backwards-incompatible changes may be necessary to protect your security.
Policy Overriders can no longer: Read cost estimate results. Read run triggers. Read state version outputs. Read state versions. Read workspace resources. Read workspace variables.
Policy Overriders can now: List and read task stages on a run. List comments on a run. * List runs in a workspace.
Cost estimation is now disabled by default for new organizations.
Known Issues
- [Updated August 14, 2024] Runs that rely on dynamic provider credentials and workload identity will fail after a certain number of signing key rotations. This problem is fixed in v202407-1, and you can avoid it by upgrading v202407-1 or above. For details on additional workarounds, including manually trimming keys, refer to our support article.
Deprecations
Redis v5 has reached the end of it's maintenance cycle and is no longer supported.
[Updated] In Terraform Enterprise v202309-1 the server services will be consolidated into a single container named terraform-enterprise. This container runs as a non-root user and contains the logs for all of the server services. Terraform runs will continue to execute in isolated, short-lived containers but will run as a non-root user. A preview of this change is available now using the optional consolidated_services setting. See the consolidated services documentation for more information on this change.
The following Docker Engine versions are deprecated. Support for them will be removed in Terraform Enterprise v202308-1.
- Docker Engine 19.03
- Docker Engine 20.10
The following PostgreSQL server versions are no longer supported due to a known defect:
- 14.0, 14.1, 14.2, 14.3
Highlights
- Redis v6 and v7 are now supported.
Features
- Terraform 1.5 added the ability to import new resources by using
import
blocks in your Terraform configuration, as well as the ability to generateresource
blocks for newly imported resources. These features are now fully supported in Terraform Enterprise. - Continuous Validation is now GA for Terraform Enterprise, allowing you to regularly verify whether your workspace’s custom assertions continue to pass, validating your real-world infrastructure.
Improvements
- The variable sets web copy has been updated to fix heading capitalization and remove some redundant text.
- The workspaces associated with a policy set can now be updated using the policy sets PATCH endpoint.
- Module documentation can now render GitHub emojis.
- No-code module variables are now sorted alphabetically for consistency.
- You can now run on-demand Health Assessments for your workspace with the "Start Health Assessment" button.
Bug Fixes
- Workspaces will no longer list Run triggers where the user cannot read them.
- Workspace email notifications will navigate the user to the relevant workspace, instead of all workspaces.
- Per-policy parameters are now correctly configured for policy checks.
- There were irrelevant errors related to
ddtrace
in log output. This has been resolved and these messages will no longer appear in logs. - Workspace resources no longer fail to be parsed when a user uploads state versions in quick succession. The workspace resources UI will now reflect the latest state version uploaded.
- The Beta tag has been removed from No Code Provisioning flows.
- When running with consolidated services enabled, the node-drain command now has a longer timeout and actually waits for runs to finish before terminating services. This will prevent stuck or zombied runs from appearing after restart.
- The tfe-task-worker service will now start only after the atlas service has successfully started. This resolves an issue where, periodically, the tfe-task-worker would start and begin processing queued runs before atlas was available. This could result in a situation where the Terraform Enterprise would error during startup.
- The task worker service now waits for the Terraform Enterprise API to be up before executing tasks.
Security
- Container updates address reported vulnerabilities (CVEs) in underlying packages and dependencies.