Terraform Enterprise v202304-1 (692 Required)

This is a required release!

Known Issues

1. [Updated August 14, 2024] Runs that rely on dynamic provider credentials and workload identity will fail after a certain number of signing key rotations. This problem is fixed in v202407-1, and you can avoid it by upgrading v202407-1 or above. For details on additional workarounds, including manually trimming keys, refer to our support article.

Deprecations

1. Terraform Build Workers are deprecated and will be removed in Terraform Enterprise v202305-1. The base image responsible for executing Terraform runs is now hashicorp/tfc-agent. If you are using an alternative worker image you must migrate to a new image, using hashicorp/tfc-agent as the base image before Terraform Enterprise v202305-1. If you are not using an alternative worker image, then you will automatically migrate to the new base image and no futher action is required. For more information, refer to the Custom Agent Image migration guide.
2. [Updated: August 2023] The aws CLI utility is no longer included in the base image. If the aws CLI utility is needed in your custom agent image, you may install it by following the AWS CLI installation instructions. For more information, refer to the Custom Agent Image migration guide.

Improvements

1. The Projects List API now allows filtering by project names. You can use a filter[names] query parameter with one or more comma-sepearated project names and the results will be limited to projects with those exact name(s). For example: /api/v2/organizations/my-organization/projects?filter[names]=my-project,my-other-project
2. Application improvement now reduces network pressure during long apply operations, or until a job is marked as errored due to a killed agent process.
3. Design improvements to the user, team, and organization token UI and generation flow.
4. Highlight newly created team, user, and organization authentication tokens in the UI
5. Upgrading Sentinel to 0.21, adding support for defined expressions and per-policy parameter values.
6. Add ability to search an organization's teams by name and varsets by name.
7. The base font size across the application is increased to 16px in order to use the new Helios design system components at their intended size, increasing their adoption and accessibility.
8. Additional Project access roles have been added, write and maintain. For more information, refer to the Project Team Access API documentation.

Bug Fixes

1. The tfe-task-worker container no longer fails with a permission denied error when SELinux is enforcing.
2. Background migrations will no longer wait indefinitely on database locks, and will now timeout gracefully after 2 hours and retry.
3. When a run is being cancelled, or undergoing actions that modify the state of a run, the Run Actions form will display a 'waiting' state until the run update occurs.
4. The node-drain admin command now works properly when the run_pipeline_mode configuration setting is set to agent or legacy mode.
5. Users had reported intermittently seeing duplicate rows in the Workspace Overview "Resources" section of a workspace. This bug has been resolved and that UI updated to more consistently show the correct amount of rows, matching the number of Terraform resources managed by the workspace.
6. The application no longer needs to be refreshed after transitioning from the team settings page into user settings via the UI.
7. Sentinel will no longer assume that unknown values are boolean, fixing an issue for some Terraform plan variations.
8. Consuming private providers from other organizations no longer fails when trying to use them in a Terraform configuration.

Security

1. Container updates address reported vulnerabilities (CVEs) in underlying packages and dependencies.
2. The version of Ruby used to run the app has been updated to v3.1.
3. The Link SSO Identity to a different account page now has reCaptcha.