TFE Release v202208-1 (647)

Last required release: v202207-2 (642)

»Known Issues

  1. Database migrations will fail during startup when using PostgreSQL 10 and 11. This is fixed in v202208-2.

»Features

  1. You can enable workload identity at either the workspace level or the variable set level by specifying a value for the TFC_WORKLOAD_IDENTITY_AUDIENCE environment variable. Enabling workload identity generates a token, stored in the TFC_WORKLOAD_IDENTITY_TOKEN variable in your run environment. You can use the token to authenticate cloud providers instead of relying on long-lived credentials in Terraform Enterprise. Contact your HashiCorp representative for details and setup instructions.

»Improvements

  1. Terraform bundles now attempt to determine the version of the terraform binary to more efficiently extract Terraform plugins.
  2. When you create a VCS-backed workspace and configure variables in the UI, Terraform Enterprise now validates variable values for the correct type (boolean, string, number, map, list). If the type is incorrect, Terraform Enterprise displays an error message. This helps you configure the required variables for the first run.
  3. When generating Sentinel mocks, the full_name field will now be included in provider configuration blocks. The value of this field is the entire fully-qualified provider name including hostname and namespace, providing alignment with Terraform CLI json output.

»Bug Fixes

  1. The Run UI now renders one-line errors in plans or applies correctly, so you do not need to download raw text logs to review the output.
  2. The Module Registry Protocol endpoint /v1/modules/{namespace}/{name}/{provider}/versions no longer errors when handling modules with a large number of versions.

»Security

  1. Reading outputs through the Workspaces API’s includable relationships now requires permission to read the state version outputs of the workspace.
  2. Terraform Enterprise updated rails to 6.1.6. This change addresses reported vulnerabilities (CVEs).
  3. Container updates address reported vulnerabilities (CVEs) in underlying packages and dependencies.