Terraform Enterprise v202401-1 (751)
Last required release: v202304-1 (692)
Flexible Deployment Options terraform-enterprise
container digest: amd64/linux sha256:a8db9a80790b05744c19e649ba5a89a1c7a48486c956ede4e1b44927153b982a
Known Issues
- [Updated April 16, 2024] If you set the maximum run time on the site admin page to be longer than 24 hours, Terraform Enterprise will not trigger runs on this release version. Configure your maximum run time to 24 hours or less.
- [Updated February 26, 2024] In rare cases, no code modules created before upgrading to this release could contain errors that would cause upgrade failures. This issue is fixed in v202401-2.
- [Updated August 14, 2024] Runs that rely on dynamic provider credentials and workload identity fail after a certain number of signing key rotations. This problem is fixed in v202407-1, and you can avoid it by upgrading v202407-1 or above. For details on additional workarounds, including manually trimming keys, refer to our support article.
Deprecations
- The
consolidated_services_enabled
setting deprecation period has ended and we have removed the setting. All installations now use the single-container architecture introduced in v202309-1. For more information on this change, see consolidated services. - Terraform Enterprise now supports new deployment options and we will end support for the Replicated Native Scheduler option. The final Replicated release of Terraform Enterprise will be in November 2024. The final Replicated release will be supported until April 1, 2026.
To ensure you continue to receive the latest features and fixes, please plan to migrate to a new deployment option by November 2024. For more information, refer to the deployments overview or contact your HashiCorp account representative.
Highlights
- You can now control whether an organization's VCS status checks are aggregated. By default, new organizations aggregate VCS status checks. Learn more about VCS status checks.
- The private registry is introducing two features:
- A new branch-based publishing workflow alongside the tags-based publishing workflow.
- Terraform Enterprise can now automatically run tests for modules published in your private registry using the branch-based flow.
Features
- When you start a run from the Terraform Enterprise user interface and select the Plan and Apply run type, clicking Additional planning options allows you to select resource addresses to replace.
- Site administrators can now configure site-wide data retention policies in the admin settings page.
- Data retention policies at the organization and workspace level can now specify "don't delete" to override parent data retention policies.
- You can now execute policy evaluations on-demand. You can also select the runtime version and workspace to evaluate against, allowing for version compatibility testing as well as workspace integration testing.
- Run tasks can now return richly formatted responses to Terraform. This enables users to use streamlined run task reviews in Terraform Enterprise, and provides meaningful context on run task evaluations without having to leave Terraform.
- Added a new workspace setting Auto-apply run triggers, (API:
auto-apply-run-trigger
), which controls whether a workspace should auto-apply runs caused by changes in other workspaces. - Users can now pin policy tool versions (Sentinel and OPA) to execute individual policy sets.
Improvements
- Removed the VCS Branch field on a workspace's VCS settings page for workspaces triggering runs based on git tags in order to clearly display the trigger for any vcs initiated runs.
- Support bundles on Docker, Kubernetes, and Podman (beta) installations now include process information from the
terraform-enterprise
container. - Removed the workspace version setting summary that states versions do not upgrade automatically. When a workspace version is set to a version constraint, the version automatically resolves to the latest version which satisfies the constraint.
- The Agent Pool edit page loads faster for agent pools available to a large number of workspaces.
- You can now pause streaming log output to select text.
- Sentinel Policy checks can now utilize the
resource_drift
attribute for thetfplan/v2
import. - You can now expand or collapse the side navigation via a toggle button.
Bug Fixes
- Runs queued for longer than 10 minutes should not longer become stuck in a pending state.
- The state viewer component now properly checks and renders an appropriate error message for all response errors, rather than only detecting
400
responses and rendering all other response errors as inline state within the state viewer. - Workers running VCS repository ingestion will now drop work when it has passed the completion deadline, and can no longer be completed successfully. This mitigates issues with workers being resource constrained and unable to process all VCS ingestion due to a burst of requests.
- Account sign up now properly creates the user's session so they are not prompted to complete step-up auth after account creation.
- Update organization team page to have required data to correctly display 2FA badges for members.
- Creating multiple VCS-backed workspaces will no longer create duplicate webhooks.
- Connect Organization button will correctly navigate the user's window session to the provider's authorization page. This prevents the authorization flow being initiated in a new session.
- The project name breadcrumb on the project settings page now links to the correct place.
- The name input in the new project form now correctly displays error messages.
- The Provider overview pages in the registry will now load properly.
- Plan output will no longer show an error when nested objects contain empty attributes.
- Fixed error "Resource diff not found" when expanding resources that are drifted but do not have changes.
- Workspace resources' provider names are now updated after running the
terraform state replace-provider
CLI command. - The
tfectl
commandtfectl admin token
returns the appropriate initial admin creation URL. - A GitHub-backed workspace run that contains more than 300 changed files will now properly execute.
Security
- Container and binary updates address reported vulnerabilities (CVEs) in underlying base images, packages, and dependencies.