Terraform
Terraform Enterprise v202209-2 (655)
Last required release: v202207-2 (642)
Changes Since v202209-1
- Updated the internally-managed Vault policy to fix a
403 permission denied
error that prevented Terraform Enterprise from starting.
Known Issues
- The newly introduced data migration contains database logic that is incompatible with PostgreSQL 10.x. You must upgrade your PostgreSQL server to version 11.x or later in order to run Terraform Enterprise v202209-1.
- [Updated August 14, 2024] Runs that rely on dynamic provider credentials and workload identity will fail after a certain number of signing key rotations. This problem is fixed in v202407-1, and you can avoid it by upgrading v202407-1 or above. For details on additional workarounds, including manually trimming keys, refer to our support article.
Breaking Changes
- Speculative Plans are now enabled by default for workspaces using the version control workflow. Because of this change, the UI default now matches the defaults in the Workspace API and the Terraform Cloud/Enterprise Provider.
Highlights
- Terraform Enterprise now enforces the following background migrations and runs them synchronously during upgrades:
DeleteDuplicateHostedFilesForConfigVersions
,BackfillArchivistObjectStorageDeletionRequests
,DeleteSoftDeletedHostedFiles
, andBackfillHostedFileStorageDeletionRequests
. These will block the upgrade process until they are complete. If you have a large installation and are concerned about this blocking the upgrade process you can stop atv202208-3
and wait untiltfe-admin background-migration-status-all
returns a0
exit code before proceeding further. - This release contains a data migration that will lengthen the upgrade process. You can expect it to take roughly 1-2 minutes for 5,000 organizations, 2-4 minutes for 10,000 organizations.
Features
- Each HTML template can now produce a text-only version of the email.
- You can now set a workspace to automatically trigger Terraform runs when you publish a git tag with a specific format
Improvements
- The
PeriodicHostedFileGCWorker
andDeleteArchivistObjectsWorker
jobs have been removed as they have been superseded by theStorageDeletionWorker
. TheStorageDeletionWorker
deletes both hosted files and archivist objects more efficiently than the aforementioned jobs, making them unnecessary. - The State Version Outputs API has new attributes that store and reveal extra type information. You can now include the attribute
json-state-outputs
when creating a state version. These values describe the output values of the state. You can also view thedetailed-type
attribute when viewing state version outputs, which refines the output with the precise Terraform type.
Bug Fixes
- Plan output parsing error is now more descriptive and supports a max json nesting of 400.
- The structured run output diagnostic renderer displays more context for errors caused when you incorrectly call a function or when a pre or postcondition fails. The additional context for incorrect function invocation is only available for runs using Terraform version 1.3.0+.
- We increased the time between when you delete a workspace and when we actually remove that workspace from the Terraform Enterprise database. This buffer period reduces the likelihood of race conditions when you delete a workspace containing lot of data.
- When you delete a workspace in admin view, Terraform Enterprise now properly cancels the deletion when you select Cancel or close the dialog.
- Improved explanations for Runs that were not automatically applied in workspaces with auto-approve enabled
- The workspace destruction process is more reliable. Previously, when you deleted a workspace, Terraform Enterprise would sometimes fail to clean up all associated records. This failure sometimes caused confusion in the UI or caused Terraform Enterprise to consume resources longer than necessary. We made several improvements to address these issues.
- Build agents and the Terraform build worker now ignore
TF_TOKEN_hostname
workspace variables that match the Terraform Enterprise hostname. These processes must authenticate to the Terraform Enterprise host using a run-specific authentication token.
Security
- This release updates the internally-managed Nomad server to version 1.3.4.
- Container updates address reported vulnerabilities (CVEs) in underlying packages and dependencies.