Terraform Enterprise v202404-2 (764)
Last required release: v202304-1 (692)
Flexible Deployment Options terraform-enterprise
container digest: amd64/linux sha256:3b564b51884573aca0dc59e7042ab6dab1cf9136284e56560805c6fef6567d69
Changes Since v202404-1
- Terraform Enterprise properly detects S3 bucket prefixes, allowing it to read and write to the blob storage without issues.
- External service passwords and vault encryption passwords with special characters no longer prevent Terraform Enterprise's startup.
- External vault tokens now refresh properly.
- You can now enable the global run tasks feature.
- The private registry lists module versions.
- The application footer shows the correct version of the application,
v202404-2
instead ofdev
. - [Updated November 25, 2024] Terraform Enterprise does not currently support using a username provided via
REDIS_USER
for authenticating with an external Redis instance. To use authentication with Redis, configure Redis to require only a password for the default user by updating your Redis configuration file (redis.conf
) as follows, replacing<your password>
accordingly:
requirepass <your password>
In the Terraform Enterprise environment, set only the REDIS_PASSWORD
variable with the corresponding value.
Known Issues
- [Updated May 13, 2024] Replicated-based installs running in Active/Active mode are unable to properly supply a Redis configuration to the application. This is fixed in v202405-1.
- [Updated May 24, 2024] Private module registry test invocations may fail when downloading the Terraform binary. This is fixed in v202405-1.
- [Updated May 24, 2024] Terraform may fail to upload state when an older state version has no lineage value. This is fixed in v202405-1.
- [Updated May 24, 2024] The
terraform output
command may not reflect all existing outputs. This is fixed in v202405-1. - [Updated May 24, 2024] The assessment results API may not return the correct ID for the workspace relation. This is fixed in v202405-1.
- [Updated May 24, 2024] Private modules uploaded to the Private Registry as tar files may be missing some metadata. This is fixed in v202405-1.
- [Updated May 24, 2024] The values for the SAML configuration options
AuthnRequestsSigned
andWantAssertionsSigned
are not being preserved in the SAML metadata. This is fixed in v202405-1. - [Updated May 24, 2024] Mounted Disk installations of Terraform Enterprise are failing to generate support bundles. This is fixed in v202405-1.
- [Updated June 26, 2024] After successfully running a database restore in mounted disk mode, the Terraform Enterprise container, or Replicated application, must be fully stopped and restarted in order for the application to run properly.
- [Updated August 14, 2024] Runs that rely on dynamic provider credentials and workload identity will fail after a certain number of signing key rotations. This problem is fixed in v202407-1, and you can avoid it by upgrading v202407-1 or above. For details on additional workarounds, including manually trimming keys, refer to our support article.
Deprecations
Terraform Enterprise now supports new deployment options and will end support for the Replicated Native Scheduler option. The final Replicated release of Terraform Enterprise will be in November 2024. HashiCorp will support this release until April 1, 2026.
To ensure you continue to receive the latest features and fixes, including security updates, migrate to a new deployment option by November 2024. For more information, check out Flexible Deployment Options or contact your HashiCorp account representative.
RedHat Enterprise will end support for RHEL v7 on June 30th, 2024. As such, Terraform Enterprise will no longer be supported on that operating system after that date.
Features
- Podman is now a supported deployment option. Requirements, installation and migration instructions from Replicated are available.
- You can now specify which projects can use repositories from a VCS connection. By default, Terraform Enterprise enables every workspace in an organization to access the repositories from every VCS connection. If you want to limit which projects have access to repositories from a given VCS connection, you can change this setting to restrict connection to specific projects.
- You can now associate a run task to all workspaces in the organization. Refer to this blog post for more details.
- You can now create runs with debugging mode enabled from the UI and API, allowing quick access to trace level run logs.
- You can now provide a custom pod template for worker pods with v1.2.0 of the helm chart.
Improvements
- Hosted agents now dequeue jobs in priority order.
- When a user creates a new project or updates a project name whitespace is now removed from both ends of the name. The allows for a better user experience if a user accidentally adds spaces before or after.
- Breadcrumbs for projects-related pages are now a more accurate representation of the user's location in Terraform Enterprise.
- Bitbucket Data Center is now a supported VCS integration.
- Workspace tasks can now be associated to more than one run stage.
Bug Fixes
- Environment variables in priority variable sets will now overwrite workspace variables with the same key. Previously, priority variable sets did not work for environment-type variables.
- Workspaces can now be fully deleted even if they contain a state version which was rolled back. Previously, a bug caused issues with deleting workspaces under these conditions, leading to incomplete removal.
- Searching for a Policy Set no longer is interrupted by unexpected reloads.
- Workspaces with long names in a Kubernetes-hosted Terraform Enterprise installation can now successfully run plan or apply operations. Previously, a bug caused these operations to fail.
- You can now use
tfe-backup-restore
to generate blob storage backups. - Any
tfectl
command that executes across remote nodes and takes more than 30 seconds to complete no longer fails silently. - All Docker container metrics now have an associated
name
label, ensuring proper identification and monitoring. - Terraform Enterprise no longer silently fails runs in organizations with a plan or apply timeout value exceeding 24 hours. If you had previously configured this setting to greater than 24 hours, it will be reduced to 24 hours on start.
- The
tfectl support bundle
command now generates a complete manifest.json file.
Security
- Each service now runs under a unique user id inside the Terraform Enterprise container.
- Container and binary updates address reported vulnerabilities (CVEs) in underlying base images, packages, and dependencies.