Terraform Enterprise v202305-1 (703)

Last required release: v202207-2 (642)

Deprecations

  1. Terraform Build Workers are deprecated and will be removed in Terraform Enterprise v202306-1. The base image responsible for executing Terraform runs is now hashicorp/tfc-agent. If you are using an alternative worker image you must migrate to a new image, using hashicorp/tfc-agent as the base image before Terraform Enterprise v202306-1. If you are not using an alternative worker image, then you will automatically migrate to the new base image and no futher action is required. For more information, refer to the Custom Agent Image migration guide.

Features

  1. Users can now apply variable sets to specified projects. Applying a variable set to a project(s) means that the variable set is accessible to all existing and future workspaces within that project(s). Users can apply variable sets to projects through:
  1. You can now specify a base64 encoded PEM format CA certificate for usage when connecting with Vault for dynamic or Vault-backed credentials via the TFC_VAULT_ENCODED_CACERT environment variable.
  2. When creating authentication tokens for users, teams, and organizations, you can now set an expiration date and time for that token. You can no longer authenticate with tokens past their expiration date and time.
  3. Dynamic Provider Credentials now support generating credentials with Vault Dynamic Secrets Engines for AWS, Azure, and Google Cloud.
  4. A TTL can now be set on a user token through the user settings of the user interface.
  5. Added automated license utilization reporting, which sends minimal product-license metering data to HashiCorp without requiring you to manually collect and report them.

Improvements

  1. Optimize workspace variable overwrite creation to speed up varset creation. Requests to create variable sets should not time out now.
  2. Fixed date/timestamp on workspace resource table in Terraform Cloud’s user interface.
  3. Octokit now logs an error when there is a problem editing the settings of a workspace.
  4. Updated the variable sets user interface to use the new Helios design system components.
  5. Updated the project user interface to use the new Helios design system PowerSelect style override.
  6. Improve the user interface for organization, team, and user API tokens, by updating the tokens’ icon and last used text.
  7. OPA tool versions are now added automatically, no longer requiring manual effort.
  8. Team management at the workspace level is paginated.
  9. Team management at the workspace level is searchable.
  10. Workspace settings now use a fluid page layout, matching Organization settings.
  11. All headings and subheadings now use the new Helios design system typography, font weight, and color to create consistency in page styling and information hierarchy for users.

Bug Fixes

  1. Granting a team the manage-workspaces or manage-projects organization permissions would prevent a team from accessing some resources granted by their read-only equivalents, read-workspaces and read-projects. For example, the manage permissions were not providing access to non-global variable sets, even though read permissions grant this access at the same level.
  2. TFE now supports the node-drain command when running in agent run pipeline mode.
  3. The gcs_credentials setting can now be set to {} to configure Terraform Enterprise to authenticate to Google Cloud Storage using the attached service account.

Security

  1. Updated the Nokogiri Gem, which can now resolve multiple CVEs with libxml
  2. Container updates address reported vulnerabilities (CVEs) in underlying packages and dependencies.