TFE Release v202208-3 (652)
Last required release: v202207-2 (642)
Changes Since v202208-2:
- Fixed a regression where run pipeline metrics would not appear in the Prometheus endpoint.
Changes Since v202208-1:
- Database migrations will now successfully complete on startup when running PostgreSQL 10 and 11.
Known Issues
- [Updated August 14, 2024] Runs that rely on dynamic provider credentials and workload identity will fail after a certain number of signing key rotations. This problem is fixed in v202407-1, and you can avoid it by upgrading v202407-1 or above. For details on additional workarounds, including manually trimming keys, refer to our support article.
Features
- You can enable workload identity at either the workspace level or the variable set level by specifying a value for the
TFC_WORKLOAD_IDENTITY_AUDIENCE
environment variable. Enabling workload identity generates a token, stored in theTFC_WORKLOAD_IDENTITY_TOKEN
variable in your run environment. You can use the token to authenticate cloud providers instead of relying on long-lived credentials in Terraform Enterprise. Contact your HashiCorp representative for details and setup instructions.
Improvements
- Terraform bundles now attempt to determine the version of the
terraform
binary to more efficiently extract Terraform plugins. - When you create a VCS-backed workspace and configure variables in the UI, Terraform Enterprise now validates variable values for the correct type (boolean, string, number, map, list). If the type is incorrect, Terraform Enterprise displays an error message. This helps you configure the required variables for the first run.
- When generating Sentinel mocks, the
full_name
field will now be included in provider configuration blocks. The value of this field is the entire fully-qualified provider name including hostname and namespace, providing alignment with Terraform CLI json output.
Bug Fixes
- The Run UI now renders one-line errors in plans or applies correctly, so you do not need to download raw text logs to review the output.
- The Module Registry Protocol endpoint
/v1/modules/{namespace}/{name}/{provider}/versions
no longer errors when handling modules with a large number of versions.
Security
- Reading outputs through the Workspaces API's includable relationships now requires permission to read the state version outputs of the workspace.
- Terraform Enterprise updated
rails
to 6.1.6. This change addresses reported vulnerabilities (CVEs). - Container updates address reported vulnerabilities (CVEs) in underlying packages and dependencies.