Terraform
Terraform Enterprise v202306-1 (713)
Last required release: v202304-1 (692)
Known Issues
- The
RunExternalStatus
data migration now runs in the foreground for visibility. However, if there are a large number of runs this migration can take a long time to complete. - [Updated August 14, 2024] Runs that rely on dynamic provider credentials and workload identity will fail after a certain number of signing key rotations. This problem is fixed in v202407-1, and you can avoid it by upgrading v202407-1 or above. For details on additional workarounds, including manually trimming keys, refer to our support article.
Deprecations
In Terraform Enterprise v202308-1 the server services will be consolidated into a single container named
terraform-enterprise
. This container runs as a non-root user and contains the logs for all of the server services. Terraform runs will continue to execute in isolated, short-lived containers but will now run as a non-root user. This change is available now using the optionalconsolidated_services
setting. See the consolidated services documentation for more information on this change.The following Docker Engine versions are deprecated. Support for them will be removed in Terraform Enterprise v202308-1.
- Docker Engine 19.03
- Terraform Build Workers are now deprecated and have been removed. The base image responsible for executing Terraform runs is now
hashicorp/tfc-agent
. If you were using an alternative worker image you must migrate to a new image, usinghashicorp/tfc-agent
as the base image. If you are not using an alternative worker image, then you will automatically migrate to the new base image and no futher action is required. For more information, refer to the Custom Agent Image migration guide. - [Updated: August 2023] The
aws
CLI utility is no longer included in the base image. If theaws
CLI utility is needed in your custom agent image, you may install it by following the AWS CLI installation instructions. For more information, refer to the Custom Agent Image migration guide.
Highlights
- No-code provisioning is now available in Terraform Enterprise. No-code provisioning enables organizations to set up self-service workflows for application developers that need infrastructure but are not familiar with Terraform.
- Docker Engine 23.0 and 24.0 are now supported.
Improvements
- You can now cancel a passed policy check to unblock runs that are stuck at the policy check step.
- Terraform Enterprise now uses Sentinel v0.22.0 for policy checks, adding support for the
sentinel
block. - Prefixed the names of the ephemeral Docker containers that run Terraform plan and apply operations with "tfe-agent-".
- The Run Tasks Integration API payload now includes the
configuration_version_id
andworkspace_working_directory
attributes. - You can now access Sentinel policy check results through a new and streamlined user interface.
- Added a new Copy Configuration link to copy the full configuration details of a module from its overview page.
- The
tfe-admin retrieve-iact
command no longer contains trailing whitespace.
Bug Fixes
- Run tasks and policy sets no longer count discarded workspaces that have yet to be deleted.
- Long workspace notification names are now properly displayed on the notifications page.
- Long workspace run task names and descriptions are now properly displayed on the run tasks page.
- Workspaces using the GitHub App Integration can now renew expiring refresh tokens.
- Workspaces can no longer be assigned an agent pool that is not scoped to that workspace. Affected workspaces will revalidate their assigned agent pool on next save.
- APIs now return project scoped variable set information for all users with the proper permissions.
Security
- Container updates address reported vulnerabilities (CVEs) in underlying packages and dependencies.