Terraform
Terraform Enterprise v202311-1 (742)
Last required release: v202207-2 (642)
Flexible Deployment Options terraform-enterprise
container digest: amd64/linux sha256:93fad2721b712ab78723b31c8cc98d317d48d43a3acd8c0ace2425b7e372360d
Known Issues
- [Updated: December 15, 2023] Customers using a terraform bundle and have a configured working directory may see an error in their runs that reads
Operation failed: failed packing filesystem: illegal slug error: invalid symlink
. You can work around this error using a custom agent image built ontfc-agent
v1.12. We plan to fix this error in v202401-1 of Terraform Enterprise. Contact support for help with this issue.
Highlights
The v202311-1 release contains two significant changes that improve storage utilization:
- You can now configure data retention policies that allow Terraform Enterprise to automatically delete old configuration versions and state versions. This prevents unbounded storage growth.
- The overall executable plan storage footprint has been dramatically reduced by removing the provider version cache from the executable plan storage for every plan.
Features
- You can now delete configuration versions and state versions to reclaim storage space.
- State versions may be created and uploaded separately, allowing large state transmissions in terraform v1.6+ to complete without exceeding the API timeout. Previously, create and upload was a single process that could lead to timeouts when dealing with large state files.
- Prior to Terraform v.1.6.x, the state version API returned archivist URLs. The API now returns TFE API URLs, which redirect to archivist URLs. To download state versions, you must follow redirects and include authentication as described in the API overview.
Improvements
- We have improved screen reader usability for the policy sets page.
- Users that do not have access to a project receive a warning when attempting to view the project's policy set(s).
- When creating or modifying workspaces, the version control provider section now has seperate sections for public providers and private providers.
- We have adjusted the way we detect and report drift. These changes are targeted toward reducing noise within drift reports.
Bug Fixes
- Errors parsing state (HandleParseStateJob) were incorrectly marked as successful. This has been fixed and failures will now properly return
Success == false
. - Workspace deletion will no longer be potentially blocked by an attached Run Task.
- OPA policies evaluations now have more robust handling for unexpected response formats.
- TFE FDO and Replicated installs with
consolidated_services_enabled
set to enabled now support using a service account when authenticating to GCP object storage. Previously an error would be reported on start -{"component":"terraform-enterprise","log":"2023-10-06T04:13:52.167Z [ERROR] terraform-enterprise: check failed: name=config duration=\"34.838µs\" err=\"google storage bucket, credentials, and project must be set\""}
.
Security
- Addressed HTTP/2 "Rapid Reset" (CVE-2023-44487, CVE-2023-39325) with adoption of new Go releases and associated dependencies.
- Container and binary updates address reported vulnerabilities (CVEs) in underlying base images, packages, and dependencies.