HashiCorp Developer AI Private beta now available Sign up today
Terraform
Terraform Home

Terraform Enterprise v202410-1 (798)

Last required release: v202406-1 (776)

Flexible Deployment Options terraform-enterprise container digest: amd64/linux sha256:b27c789bf92e1ee835a5fba9eba26705d71783df0eb73fbd08275ad761fbcbaa

Terraform Enterprise v202410-1

Deprecations

  1. The terraform-build-worker-plan-timeout and terraform-build-worker-apply-timeout attributes in the admin organization and general settings API have been deprecated and will be removed in a future release of Terraform Enterprise. Use the new plan-timeout and apply-timeout attributes instead.

  2. Terraform Enterprise now supports new deployment options and will end support for the Replicated Native Scheduler option. The final Replicated release of Terraform Enterprise will be in November 2024. HashiCorp will support this release until April 1, 2026.

    To ensure you continue to receive the latest features and fixes, including security updates, please plan to migrate to a new deployment option by November 2024. For more information, refer to Terraform Enterprise deployment overview or contact your HashiCorp account representative.

  3. The variables API endpoint, /vars, is deprecated and will be removed in a future release. All existing integrations with this API should transition to the workspace variables API /workspaces/:workspace_id/vars.

  4. PostgreSQL v12 will reach end of life on November 12 2024 and will no longer be supported in Terraform Enterprise after that date. Refer to the requirements for connecting a PostgreSQL ddatabase for a complete list of supported versions.

Known Issues

  1. Updated October 28, 2024. A minor issue with Azure Kubernetes Service (AKS) workload identity authentication may prevent Terraform Enterprise from using the service consistently. To work around this issue, you must set TFE_OBJECT_STORAGE_AZURE_ACCOUNT_KEY in your overrides.yaml file to a non empty string. You must also set the TFE_OBJECT_STORAGE_AZURE_USE_MSI setting to false:
   TFE_OBJECT_STORAGE_AZURE_ACCOUNT_KEY: a25vd25faXNzdWUK  # Set to any non empty string.
   TFE_OBJECT_STORAGE_AZURE_USE_MSI: false

Features

  1. Extends Azure's object storage configuration with workload identity fields by providing workload identity credentials authentication for the Azure backend.
  2. TFE now supports AKS workload identity authentication and authorization.

Improvements

  1. You can now use a SHA3 certificate for SAML signing validation.
  2. Teams with admin access on the default project no longer need to specify a project ID when creating a new workspace via the API. If a project relationship is not specified in the request, the workspace will be created in the default project as long as the caller has appropriate permission.
  3. A small but constant memory leak has been discovered in the API serialization layer and fixed, which should reduce the overall memory consumption of Puma processes over time.

Bug Fixes

  1. Fixed a bug where some variable sets weren't visible in the projects/:project_id/varsets API endpoint for projects that contain no workspaces.
  2. Fixed a bug where attempted eager loading of a user's teams negatively affected performance.
  3. When using tfectl app config --format docker to generate Docker compose configurations, the output has been enhanced to heighten clarity around generated values and formatting has been corrected of some environment variables.
  4. Fixed unhandled exceptions when malformed filter parameters are used in /api/v2 endpoints.
  5. Workspaces API unlock action will now return a 400 status instead of 503 when the latest state version is still pending, but only for Terraform CLI 1.10+ clients.
  6. Users had reported the workspace-variables page returning 404/429 responses and/or rate limiting errors when the workspace is scoped to many projects/variables. This bug has been resolved and the performance of that page has improved.
  7. Services no longer fail to read the CA bundle when PostgreSQL settings are configured to either verify-ca or verify-full
  8. Fixes a known issue with the execution of tfectl node drain, where the task worker would not receive a signal from the command, and the node drain would not work.

Security

  1. We have resolved a vulnerability in which users were able to copy their session cookie from the browser and continue to use it with the API, even after logging out, when API rate limiting was disabled in their admin settings. Terraform Enterprise always requires the cookie session to be active when making an API request authenticated with a cookie.
  2. Container and binary updates address reported vulnerabilities (CVEs) in underlying base images, packages, and dependencies.
Edit this page on GitHub