Terraform
Terraform Enterprise v202211-1 (660)
Last required release: v202207-2 (642)
Known Issues
- [Updated August 14, 2024] Runs that rely on dynamic provider credentials and workload identity will fail after a certain number of signing key rotations. This problem is fixed in v202407-1, and you can avoid it by upgrading v202407-1 or above. For details on additional workarounds, including manually trimming keys, refer to our support article.
Deprecations
The following operating systems are deprecated, and Terraform Enterprise will stop supporting them following the February 2023 release (v202302-1).
- Debian 8, 9
- Ubuntu 14.04, 16.04
- Amazon Linux 2014.03, 2014.09, 2015.03, 2015.09, 2016.03, 2016.09, 2017.03, 2017.09, 2018.03
The following PostgreSQL server versions are deprecated, and Terraform Enterprise will stop supporting them following the February 2023 release (v202302-1).
- PostgreSQL 11
Features
- The Workspaces API now supports two options for deleting workspaces: safe delete and force delete. Safe delete prevents you from accidentally deleting locked workspaces or workspaces that are managing resources. When you delete a workspace with resources, Terraform can no longer track or manage the remaining infrastructure. Organization owners can force delete locked workspaces with resources, and they can choose whether to give workspace administrators force delete permissions.
Improvements
- The API produces a clearer error message when you try to assign the same team to a workspace more than once.
- The SQL query to retrieve organization owners is optimized to improve the latency for requests using the owners team API token.
- You can now re-authorize OAuth clients without losing workspace VCS connections.
Bug Fixes
- The post plan completed run state will now trigger a needs attention notification when a Post Plan Task is configured.
- The run summary now shows a warning when advisory policies fail instead of a passing icon.
- The plan UI output no longer suggests sensitive config values exist when they are not defined.
- The Workspace Outputs API no longer replaces dashes with underscores for keys in the
detailed-type
field. This bug prevented Terraform CLI 1.2+ from displaying output values when their names contained dashes. - Terraform Enterprise now delays populating outputs from state versions until it can parse the state file outside of the create request. This helps avoid long request times and timeouts when Terraform produces thousands of outputs.
- Workspace resources that have multiple instances now store their resource address using the correct index key. These resources previously used an integer index that didn't match the resource address in Terraform state. In particular, this affects resources created with the
for_each
meta-argument. - The UI no longer incorrectly tags variables from variable sets as Overwritten. When navigating between workspaces that share a variable set, the UI used to occasionally tag variables as Overwritten when there were no local overrides in the current workspace.
- Exceptions in Sidekiq workers cannot log sensitive run variables.
Security
- Updated Fluent Bit to version 1.9.9.
- The
tfe-fluent-bit
container now uses a Distroless image, which improves security by eliminating unnecessary packages. - Container updates address reported vulnerabilities (CVEs) in underlying packages and dependencies.