Last required release: v202207-2 (642)
- When you assign a team the
manage-workspacespermission through the API the team is also explicitly granted the
read-workspacespermission, which provides a subset of the functionality. However, using the API to revoke just the
manage-workspacepermission does not revoke the
read-workspacespermission. This means that existing automation (including the
tfeprovider) for revoking the
manage-workspacespermission will leave the team with the
read-workspacespermission, whereas previously the team would be left with no workspace access at the organization level. This will be resolved in upcoming versions of Terraform Enterprise and the
- The sub claim for workload identity tokens now contains project information. You must update the trust relationship on your cloud provider to expect project information in this claim.
Deprecations and End of Support
The following operating systems are no longer supported:
- Debian 8, 9
- Ubuntu 14.04, 16.04
- Amazon Linux 2014.03, 2014.09, 2015.03, 2015.09, 2016.03, 2016.09, 2017.03, 2017.09, 2018.03
The following PostgreSQL server versions are no longer supported:
Terraform Build Workers are deprecated and will be removed in Terraform Enterprise v202305-1. The base image responsible for executing Terraform runs is now
hashicorp/tfc-agent. If you are using an alternative worker image, you must migrate to a new image using
hashicorp/tfc-agent as its base image before Terraform Enterprise v202305-1. If you are not using an alternative worker image then you will automatically migrate to the new base image and no futher action is required. For more information, refer to the Custom Agent Image migration guide.
- Three components of the run pipeline,
tfe-rabbitmq, have been replaced with
tfe-task-worker, a local implementation of tfc-agent. If you are using an alternative worker image, you will need to migrate to a new image before enabling the new run pipeline. If you are not using an alternative worker image then you will automatically migrate to the new run pipeline. The new run pipeline can be manually enabled by setting the
run_pipeline_modeconfiguration setting to
agentor disabled by setting the
run_pipeline_modeconfiguration setting to
legacy. Monitoring integrations may need to be updated if you are monitoring
- Workspaces can now be grouped into projects. Projects help users organize and centrally manage their workspaces at scale while providing more granular permissions to a subset of workspaces. Each project has a separate permissions set that you can use to grant teams access to all workspaces in the project. This blog post covers projects in more detail.
- The GitHub App Integration is now available for Terraform Enterprise. Connect your Workspaces, Policy Sets, & Registry Modules without creating an Organization OAuth Client. Requires site-admin access to setup.
- Red Hat Enterprise Linux 8.7 is now supported.
- Docker Engine 23.0 is now supported.
- Sentinel Policy Checks now run Sentinel 0.19.5, introducing support for static imports, allowing supporting data to be imported into a policy.
- Organization owners can now assign teams read access to workspaces and projects within a particular organization.
- Added Terraform versions 1.3.8 and 1.4.0-beta1.
- Structured run output is enabled for CLI-driven workspaces when using Terraform CLI version 1.4.0-beta1 or later.
- The VCS Events page is now available for Terraform Enterprise. The page displays VCS-related messages such as when processing fails due to a duplicate webhook.
tfe-admin support-bundlewill now upload support bundles to object storage for both external services and active/active installations.
- The name of the VCS repository is now included in 400 request errors when an error occurs while creating a VCS workspace.
- When a webhook is received that contains the same commit SHA of a previously processed webhook that created a non-speculative run, it will no longer be processed and a message will be logged to the VCS Events page.
- Previously, a bug was introduced which changed the flash message design. The design bug is now fixed.
- The sidebar items of the workspace overview page are now displayed with proper height when the workspace has a long README.
- The workspace overview page now displays its sidebar component visibly in small screens.
- Terraform plans no longer error when generating Sentinel mock files.
- The endpoint used for confirming a user’s email address now has a tighter rate limit to reduce risk of email spam attacks.
- The endpoint used for sending “Forgot Password” emails now has a rate limit to reduce risk of email spam attacks.