Terraform
Terraform Enterprise v202401-2 (757)
Last required release: v202207-2 (642)
Flexible Deployment Options terraform-enterprise
container digest: amd64/linux sha256:d724fa57019f0b06c10566f1d646f76c7a8b1e7ffe5ef5235a2b3a470fd05fda
Changes Since v202401-1
- In rare cases, no code modules created before upgrading to v202401-1 could contain errors that would cause upgrade failures. This issue has been fixed, upgrades will now complete successfully even if no code modules contain errors.
- Removed an unused Ruby gem that could cause increased memory usage in certain situations.
Known Issues
- [Updated April 16, 2024] If you set the maximum run time on the site admin page to be longer than 24 hours, Terraform Enterprise will not trigger runs on this release version.
- [Updated August 14, 2024] Runs that rely on dynamic provider credentials and workload identity fail after a certain number of signing key rotations. This problem is fixed in v202407-1, and you can avoid it by upgrading v202407-1 or above. For details on additional workarounds, including manually trimming keys, refer to our support article.
- [Updated September 30, 2024] Some deployments are experiencing memory growth issues on v202401-1 or higher, sometimes resulting in out of memory errors that require a restart to resolve. This issue is currently being investigated. It is strongly recommended that you test in a non-production environment before deploying v202401-1 or higher in production, and monitor memory for unexpected growth. This message will be updated when a fix is available in a published release.
- [Updated November 25, 2024] Terraform Enterprise does not currently support using a username provided via
REDIS_USER
for authenticating with an external Redis instance. To use authentication with Redis, configure Redis to require only a password for the default user by updating your Redis configuration file (redis.conf
) as follows, replacing<your password>
accordingly:
requirepass <your password>
In the Terraform Enterprise environment, set only the REDIS_PASSWORD
variable with the corresponding value.
Deprecations
The
consolidated_services_enabled
setting deprecation period has ended, and we have removed the setting. All installations now use the single-container architecture introduced in v202309-1. For more information on this change, refer to consolidated services.Terraform Enterprise now supports new deployment options and will end support for the Replicated Native Scheduler option. The final Replicated release of Terraform Enterprise will be in November 2024. HashiCorp will support this release until April 1, 2026.
To ensure you continue to receive the latest features and fixes, including security updates, please plan to migrate to a new deployment option by November 2024. For more information, check out Flexible Deployment Options or contact your HashiCorp account representative.
Highlights
- You can now control whether an organization's VCS status checks are aggregated. By default, new organizations aggregate VCS status checks. Learn more about VCS status checks.
- The private registry is introducing two features:
- A new branch-based publishing workflow alongside the tags-based publishing workflow.
- Terraform Enterprise can now automatically run tests for modules published in your private registry using the branch-based flow.
Features
- When you start a run from the Terraform Enterprise user interface and select the Plan and Apply run type, clicking Additional planning options allows you to select resource addresses to replace.
- Site administrators can now configure site-wide data retention policies in the admin settings page.
- Data retention policies at the organization and workspace level can now specify "don't delete" to override parent data retention policies.
- You can now execute policy evaluations on-demand. You can also select the runtime version and workspace to evaluate against, allowing for version compatibility testing as well as workspace integration testing.
- Run tasks can now return richly formatted responses to Terraform. This enables users to use streamlined run task reviews in Terraform Enterprise, and provides meaningful context on run task evaluations without having to leave Terraform.
- Added a new workspace setting Auto-apply run triggers, (API:
auto-apply-run-trigger
), which controls whether a workspace should auto-apply runs caused by changes in other workspaces. - Users can now pin policy tool versions (Sentinel and OPA) to execute individual policy sets.
Improvements
- Removed the VCS Branch field on a workspace's VCS settings page for workspaces triggering runs based on git tags in order to clearly display the trigger for any vcs initiated runs.
- Support bundles on docker, kubernetes, and podman (beta) installations now include process information from the
terraform-enterprise
container. - Removed the workspace version setting summary that states versions do not upgrade automatically. When a workspace version is set to a version constraint, the version automatically resolves to the latest version which satisfies the constraint.
- The Agent Pool edit page loads faster for agent pools available to a large number of workspaces.
- You can now pause streaming log output to select text.
- Sentinel Policy checks can now utilize the
resource_drift
attribute for thetfplan/v2
import. - You can now expand or collapse the side navigation via a toggle button.
Bug Fixes
- Runs queued for longer than 10 minutes should not longer become stuck in a pending state.
- The state viewer component now properly checks and renders an appropriate error message for all response errors, rather than only detecting
400
responses and rendering all other response errors as inline state within the state viewer. - Workers running VCS repository ingestion will now drop work when it has passed the completion deadline, and can no longer be completed successfully. This mitigates issues with workers being resource constrained and unable to process all VCS ingestion due to a burst of requests.
- Account sign up now properly creates the user's session so they are not prompted to complete step-up auth after account creation.
- Update organization team page to have required data to correctly display 2FA badges for members.
- Creating multiple VCS-backed workspaces will no longer create duplicate webhooks.
- Connect Organization button will correctly navigate the user's window session to the provider's authorization page. This prevents the authorization flow being initiated in a new session.
- The project name breadcrumb on the project settings page now links to the correct place.
- The name input in the new project form now correctly displays error messages.
- The Provider overview pages in the registry will now load properly.
- Plan output will no longer show an error when nested objects contain empty attributes.
- Fixed error "Resource diff not found" when expanding resources that are drifted but do not have changes.
- Workspace resources' provider names are now updated after running the
terraform state replace-provider
CLI command. - The
tfectl
commandtfectl admin token
returns the appropriate initial admin creation URL. - A GitHub-backed workspace run that contains more than 300 changed files will now properly execute.
Security
- Container and binary updates address reported vulnerabilities (CVEs) in underlying base images, packages, and dependencies.