Terraform Enterprise v202202-1 (599)
Deprecations
The Terraform Enterprise April 2022 release will:
- Remove the demo operational mode, which is also known as the proof of concept (PoC) operational mode. The mounted disk operational mode will replace the demo operational mode for both non-production and production Terraform Enterprise environments. To check which mode your installation is using, run
replicatedctl app-config export --template '{{ .installation_type.Value }}'
. The valuepoc
indicates that your installation is using the demo operational mode. The April 2022 release notes will contain more information about how to migrate. - Update the names of containers, which may break container monitoring or custom tooling that identifies containers by name. The April 2022 release notes will explain these name changes in more detail and provide a complete list of old and new container names.
- Change the default value of
restrict_worker_metadata_access
to 1 (true) instead of 0 (false). If you rely on the instance metadata endpoint (and make use of its instance profile), you must explicitly set therestrict_worker_metadata_access
configuration flag inreplicated.conf
to 0.
Features
- Changed tag name restrictions to include letters, numbers, colons, hyphens, and underscores; and must begin and end with an alphanumeric character.
- Added the ability to fuzzy find or find an exact match for Terraform versions using query parameters.
Bug Fixes
- Fixed rendering of multi-paragraph Terraform diagnostic messages.
- Fixed run source UI "triggered from CLI" when using CLI cloud integration.
- Fixed
deprecated-reason
to be null if tool version is un-deprecated in the Terraform Versions API. - Fixed slow initial UI load for users who belong to hundreds of organizations.
- Fixed bug to disallow workspace from being renamed when a run has not completed.
- Fixed a UI issue where newly created organization API tokens weren't shown when the previous one was recently deleted.
- Updated Sentinel to 0.18.6
Security
- Modified Terraform Enterprise application logging configuration to remediate inadvertent capture of HTTP request bodies (CVE-2022-25374).
- Enables ACLs for the internally-managed Nomad service so that requests to Nomad must be authenticated.
- Fixed rate limiting to be based on the AuthenticationToken instead of remote IP in some cases.
- Updated the version of Rails to address CVE 2022-23633.
- Updated the version of the internally-managed Vault server to 1.9.3.
- Updated the version of the internally-managed Nomad server to 1.2.4.
- Ongoing container updates to address reported vulnerabilities in underlying packages / dependencies.