Terraform
Terraform Enterprise v202405-1 (772)
Last required release: v202207-2 (642)
Flexible Deployment Options terraform-enterprise
container digest: amd64/linux sha256:aea104fc8d022c06fe659aa1bcb9f13639946e6b8cdb622120fca5e61caf1397
Known Issues
- [Updated June 26, 2024] After successfully running a database restore in mounted disk mode, the Terraform Enterprise container, or Replicated application, must be fully stopped and restarted in order for the application to run properly.
- [Updated August 14, 2024] Runs that rely on dynamic provider credentials and workload identity will fail after a certain number of signing key rotations. This problem is fixed in v202407-1, and you can avoid it by upgrading v202407-1 or above. For details on additional workarounds, including manually trimming keys, refer to our support article.
- [Updated September 30, 2024] Some deployments are experiencing memory growth issues on v202401-1 or higher, sometimes resulting in out of memory errors that require a restart to resolve. This issue is currently being investigated. It is strongly recommended that you test in a non-production environment before deploying v202401-1 or higher in production, and monitor memory for unexpected growth. This message will be updated when a fix is available in a published release.
- [Updated November 25, 2024] Terraform Enterprise does not currently support using a username provided via
REDIS_USER
for authenticating with an external Redis instance. To use authentication with Redis, configure Redis to require only a password for the default user by updating your Redis configuration file (redis.conf
) as follows, replacing<your password>
accordingly:
requirepass <your password>
In the Terraform Enterprise environment, set only the REDIS_PASSWORD
variable with the corresponding value.
Deprecations
Terraform Enterprise now supports new deployment options and will end support for the Replicated Native Scheduler option. The final Replicated release of Terraform Enterprise will be in November 2024. HashiCorp will support this release until April 1, 2026.
To ensure you continue to receive the latest features and fixes, including security updates, please plan to migrate to a new deployment option by November 2024. For more information, check out Flexible Deployment Options or contact your HashiCorp account representative.
RedHat Enterprise is ending support for RHEL v7 on June 30th, 2024. Following suit, Terraform Enterprise will no longer support RHEL v7 after June 30th, 2024. Replicated installations of Terraform Enterprise support RHEL 8. The Podman deployment option supports using RHEL 8 or higher.
Highlights
- We have removed a common prefix from the keys which Redis uses for application caching. Upon upgrading, Terraform Enterprise starts with a cold cache and the size of Redis's cache data will approximately double until the old entries expire in three days. If you have an unusually large dataset in Redis and want to remove these old entries sooner, connect to Redis DB 15 and remove them manually by running
redis-cli --scan --pattern 'cache:*' | xargs redis-cli del
. - You can now browse projects from the dedicated projects page for better visibility and manageability. The new project overview page lets you view and search all projects you have access to. This view also provides an overview of the number of teams and workspaces associated with each project.
- [Updated June 14, 2024] Project names can now be up to 40 characters in length.
- Replicated installations now support Amazon Linux 2023, and RedHat Enterprise Linux 8.8.
- The application framework underlying the Terraform Enterprise API has been upgraded from Rails 6.1 to 7.1
Features
- Team-enabled organizations can now delegate team management privileges to non-owners using our three new team permissions. Expanding on the existing "manage membership" permission, teams can now have the ability to "manage teams", "manage organization access", and optionally "include secret teams" at each of these permission levels. Learn more.
Improvements
- Docker 25.0.x, 26.0.x, and 26.1.x is now supported for Docker-based installations of Terraform Enterprise.
- The team setting "Manage organization access" permission now includes a link to documentation.
- We have paginated the workspace list on the workspace settings page where you connect run triggers.
- The aggregated commit status page, which VCS providers link to on commits and PRs, is now more efficient when viewing runs associated with many workspaces.
- Update the organizations list page to include pagination and the ability to create and leave organizations.
- Updating Policy Checks to Sentinel 0.25.1, bringing with it the latest Sentinel improvements.
Bug Fixes
- Private module registry test invocations will no longer fail when downloading the Terraform binary.
- Terraform can now upload state even if an older state version has no lineage value. This resolves a bug that prevented Terraform from uploading state.
- The
terraform output
command now reflect existing outputs. This resolves a bug that prevented Terraform from processing existing outputs. - The assessment results API now returns the correct ID for the workspace relation.
- Private modules uploaded as tar files to the Private Registry will now have all relevant metadata. This resolves a bug where tar files of a particular format were missing metadata.
- The values for the SAML configuration options
AuthnRequestsSigned
andWantAssertionsSigned
are now being set properly in the initializer. This resolves a bug where their value was not being preserved in the SAML metadata. - Support bundles are now available over HTTPS for Mounted Disk installations of Terraform Enterprise. This resolves a bug where the support bundle command would return an error and fail to create a support bundle.
- Terraform Enterprise now successfully detects custom prefixes in S3 buckets when using a custom CA certificate bundle.
Security
- We have updated the internal Vault service to v1.16.2.
- Container and binary updates address reported vulnerabilities (CVEs) in underlying base images, packages, and dependencies.