Terraform Enterprise 1.1.0 is available

The Terraform Enterprise team would like to announce the release 1.1.0 is now available.

Some key highlights and important bits from the release notes:

Deprecations:

1. PostgreSQL 13 is reaching end-of-life in November. We are deprecating support for PostgreSQL 13 in this release, and we will remove support in the 1.2.0 release.
2. Admins can no longer generate tokens while impersonating a user.
3. The deprecation period for Redis 6.0 has ended and it will no longer be supported with Terraform Enterprise. Customers running Redis on Azure will need to update their configuration to use a second Redis database due to changes to the Azure Redis offering.

Highlights:

1. PostgreSQL 17, Google Cloud AlloyDB 16, and EnterpriseDB Postgres Advanced Server 16 and 17 databases are now officially supported.
2. You can now use AWS Identity and Access Management (IAM) to authenticate to Amazon RDS for PostgreSQL.
3. You can now use Google Default Credentials to authenticate to Cloud SQL.
4. You can now use AWS Identity and Access Management (IAM) to authenticate to Redis instance.
5. You can now use the Terraform Enterprise Admin Console and API to manage support bundles, product usage bundles, and retrieve node information.

Features:

1. You can now create multiple authentication tokens for a single team.
2. Organization owners can now disable the use of user API tokens for an organization.
3. Customers using the Docker driver can retrieve run pipeline agent images stored in a private registry using basic authentication.
4. Generating an API token for the system API now also generates a link to the admin console if enabled.
5. The admin API now retrieves audit logs. You can now call the API to review login and logout events.
6. The system API now determine rate limits according to the token bucket algorithm. As a result, the API can now handle traffic bursts.

Improvements:

1. Terraform Enterprise now attempts to read and write from blob storage as a startup check prior to running database migrations.
2. Terraform Enterprise’s database access in automated product usage reporting has been optimized.
3. The list SSH keys API now returns a Not Found response instead of an empty response when accessed using an organization token.
4. The Project name link in the Workspace Explorer now directs you to the Project overview page. Previously, it would bring you to a list of workspaces within the project.
5. Checking for and updating the state of Terraform agents that have not reported their status now happens as a background job, improving performance of these updates.
6. Terraform Enterprise now limits how many resources are deleted concurrently when their parent resource is deleted, which reduces the impact on the database. For example, when you delete an organization instructs Terraform Enterprise to delete all projects it contains, as well as all jobs within those projects. Previously, Terraform Enterprise deleted all artifacts as quickly as possible, resulting in potentially large amounts of write activity on the database. These deletions are now rate-limited, reducing the impact.
7. Improved performance of API queries that lookup workspaces by their name.
8. Improved performance of the FailedJobWorker process when finding and reaping failed PolicyCheck jobs.
9. The redis-server version has been upgraded to 7.4.6.
10. You can now update an OAuth client’s PAT directly through the API.
11. Improved performance of user management in the organization settings page. This page renders faster on initial page load, especially for an organization with many teams. Searching for an organization user and switching between pages requires less network activity .
12. You can now enable an option in the UI that lets a workspace share its state with all other workspaces in the same project.
13. The operation runs filter label has been renamed to type. This change includes the labels for the toggle and the Filter by drop-down menu.
14. The Filter by action label has been renamed to Filter by operation on the Runs page
15. Terraform Enterprise will return current version via new X-TFE-Current-Version header, additionally X-TFE-Version will continue to return monthly release version for backward compatibility.

Bug Fixes:

1. Fixed SSO user creation collision issue where users with the same email local part, such as first.name@example.com and first.name@admin.example.com, couldn’t both exist due to duplicate username generation. To prevent this, Terraform Enterprise now appends a random 4-byte hex suffix to usernames with conflicts. For example, first.name3b9da8c7.
2. Users reported that deleting an organization that has an authentication token returned an error, even though the organization was deleted successfully. This bug has been resolved and deleting an organization with an authentication token should return a successful response.
3. You can no longer disable auto-destroy plans by disabling the Allow destroy plan option in the workspace settings. The previous behavior where the workspace setting blocked auto-destroy plans from running was unintended. This fix includes a validation that requires the Allow destroy plan to be enabled when a project or workspace auto-destroy plan exists. It also validates that migrations to fix any invalid workspace settings. When Allow destroy plan is disabled for a workspace that is in a project with an auto-destroy plan, the auto-destroy now runs against the workspace. To preserve such workspaces, move them to a project without an auto-destroy plan.
4. You can no longer change the Allow destroy plan setting for a workspace in a project that contains an auto-destroy plan. Instead, the UI shows an alert message stating that the project plan prevents access to the setting.
5. Session timeout now has a minimum limit of 5 minutes to prevent premature logouts during active sessions.
6. Due to an issue where paginating by last-seen-at results in inconsistent pagination we are giving users an option to sort agents by created-at.

Security:

1. New users are now required to have more secure passwords. New users must have a password that is at least 8 characters long and contain at least three of the following features: lowercase letters (a-z), uppercase letters (A-Z), numbers (0-9), and special characters (!@#$%^&*).
2. To improve security and prevent possible attacks, a bug that allowed some external redirects to be specified post-login through the URL has been fixed.

To review the full release note, please visit here. As always, please contact support with any issues, and your account team with any feedback or feature requests.