Terraform Enterprise v202410-1 (798)
Last required release: v202406-1 (776)
Flexible Deployment Options terraform-enterprise
container digest: amd64/linux sha256:b27c789bf92e1ee835a5fba9eba26705d71783df0eb73fbd08275ad761fbcbaa
Terraform Enterprise v202410-1
Known Issues
- Updated October 28, 2024. A minor issue with Azure Kubernetes Service (AKS) workload identity authentication may prevent Terraform Enterprise from using the service consistently. To work around this issue, you must set
TFE_OBJECT_STORAGE_AZURE_ACCOUNT_KEY
in youroverrides.yaml
file to a non empty string. You must also set theTFE_OBJECT_STORAGE_AZURE_USE_MSI
setting tofalse
:
TFE_OBJECT_STORAGE_AZURE_ACCOUNT_KEY: a25vd25faXNzdWUK # Set to any non empty string. TFE_OBJECT_STORAGE_AZURE_USE_MSI: false
Features
- Extends Azure's object storage configuration with workload identity fields by providing workload identity credentials authentication for the Azure backend.
- TFE now supports AKS workload identity authentication and authorization.
Improvements
- You can now use a SHA3 certificate for SAML signing validation.
- Teams with admin access on the default project no longer need to specify a project ID when creating a new workspace via the API. If a
project
relationship is not specified in the request, the workspace will be created in the default project as long as the caller has appropriate permission. - A small but constant memory leak has been discovered in the API serialization layer and fixed, which should reduce the overall memory consumption of Puma processes over time.
Bug Fixes
- Fixed a bug where some variable sets weren't visible in the
projects/:project_id/varsets
API endpoint for projects that contain no workspaces. - Fixed a bug where attempted eager loading of a user's teams negatively affected performance.
- When using
tfectl app config --format docker
to generate Docker compose configurations, the output has been enhanced to heighten clarity around generated values and formatting has been corrected of some environment variables. - Fixed unhandled exceptions when malformed filter parameters are used in /api/v2 endpoints.
- Workspaces API unlock action will now return a 400 status instead of 503 when the latest state version is still pending, but only for Terraform CLI 1.10+ clients.
- Users had reported the workspace-variables page returning 404/429 responses and/or rate limiting errors when the workspace is scoped to many projects/variables. This bug has been resolved and the performance of that page has improved.
- Services no longer fail to read the CA bundle when PostgreSQL settings are configured to either
verify-ca
orverify-full
- Fixes a known issue with the execution of tfectl node drain, where the task worker would not receive a signal from the command, and the node drain would not work.
Security
- We have resolved a vulnerability in which users were able to copy their session cookie from the browser and continue to use it with the API, even after logging out, when API rate limiting was disabled in their admin settings. Terraform Enterprise always requires the cookie session to be active when making an API request authenticated with a cookie.
- Container and binary updates address reported vulnerabilities (CVEs) in underlying base images, packages, and dependencies.