Skip to content
This repository has been archived by the owner on Feb 8, 2023. It is now read-only.

Latest commit

 

History

History
94 lines (76 loc) · 7.94 KB

v202103-2.md

File metadata and controls

94 lines (76 loc) · 7.94 KB

TFE Release v202103-2 (520)

BUG FIXES SINCE v202103-1:

Fixed an issue where runs would fail to plan when using Terraform 0.13.x versions created with terraform-bundle.

APPLICATION LEVEL BREAKING CHANGES:

  1. The internally-managed PostgreSQL server has been upgraded from PostgreSQL 9.5 to PostgreSQL 12. Operators should back up their Terraform Enterprise data before upgrading to v202103-1. This change only affects mounted disk and proof of concept installations. Please refer to the "PostgreSQL Upgrade" section for more information.
  2. Changed organization name requirements to not be ambiguous with organization ID format. Although very unlikely, if an existing organization name matches a pattern org-<16 base58 chars>, it must be renamed.

UPCOMING DEPRECATION NOTIFICATIONS:

  1. The Admin API endpoint to list an organization's module consumers has been deprecated, and will be removed in Terraform Enterprise v202106-1. Clients should transition to the new JSON:API compliant endpoint: List Module Consumers for an Organization.
  2. The Admin API endpoint to update an organization's module consumers has been deprecated, and will be removed in Terraform Enterprise v202106-1. Clients should transition to the new JSON:API compliant endpoint: Update an Organization's Module Consumers

APPLICATION LEVEL FEATURES:

  1. Added support for PostgreSQL SCRAM-SHA-256 password authentication.
  2. Added db-backup-poc, db-restore-poc, and db-reindex-poc admin commands to allow proof of concept installations to backup, restore, and reindex the PostgreSQL database.
  3. Changes how TBW handles initialization during the apply phase, removing the -backend=false reinitialization in favor of persisting the entire filesystem between plan and apply.
  4. Adds Sensitive Variable Override File, which will mark TFE sensitive variables as sensitive in Terraform during runs.
  5. Support IMDSv2 when configuring object storage with S3 and Use Instance Profile for Access.
  6. Update the base OS image to Ubuntu Bionic (18.04) for the default Terraform worker image.
  7. Add support for forcing TLS via HSTS response headers and Secure cookie flags.
  8. Added a link to an example Terraform config repo when creating a VCS workspace.
  9. Added the hostname argument to example commands in the UI where applicable
  10. Added Terraform CLI versions up through 0.15.0-beta1 to Terraform Enterprise.
  11. Added run relationship to policy-checks API responses.
  12. Added ability to rename organizations in organization settings.
  13. Added the ability to filter JSON results in select places where JSON data is available (such as the state viewer). The filter language is a jq subset; see the documentation for more details.
  14. Added the ability to see the JSON response for policy checks within the run viewer, along with a shortcut to quickly see the results for all "main" rules within a policy check.
  15. Added the workspace name to the page title
  16. Fixed streamed log undefined waiting text
  17. Fixed log viewer printing "undefined" for empty logs
  18. Added Additional VCS Info to Workspace API Response
  19. Added ability to view module submodules in the private registry
  20. Added ability to view module examples in the private registry.
  21. Added JSON:API compliant endpoint to fetch an organization's module consumers.
  22. Added JSON:API compliant endpoint to update an organization's module consumers.
  23. Added ability to filter module producing organizations to the admin/organizations API endpoint.
  24. Added the ability to include the related run and workspace to the policy checks API endpoint.
  25. Changed team access API to only use pagination when requested.

APPLICATION LEVEL BUG FIXES:

  1. Upgrades go-isolation to pick up bug fix for directories with spaces in the name.
  2. Adjust container permissions to support running tfe-admin commands in environments where SELinux operates in enforcing mode.
  3. Fix a race condition in Active/Active deployments that would potentially result in transient Vault authentication failures when using an internal Vault deployment.
  4. Fixed an issue where the footer did not display for logged-in users.
  5. Fixed a bug where a workspace would think it had a working configuration version after someone ran terraform plan, but it wouldn't be able to queue new runs.
  6. Fixed keyboard accessibility for modules in the private registry
  7. Changed admin organizations api returns 422 if global_module_sharing: null passed in
  8. Fixed an issue with the reliability of copying text from log output in the Google Chrome browser
  9. Fixed an inconsistency of icon colors within certain button types.
  10. Fixed alignment and icon issues on Notifications page
  11. Added ability to keyboard-navigate into streamed logs on a run and provisioning instructions on a module
  12. Fixed pagination params for page size and number for audit trail endpoint
  13. Fixed sourceable run trigger dropdown when there are more than 50 workspaces available
  14. Changed instructions to add a new GitHub.com (custom) provider to align with a change to the GitHub UI/UX
  15. Fixed email logos not rendering if ASSET_HOST is not set in a TFE instance
  16. Fixed GitHub icon rendering in Firefox
  17. Added keyboard-only navigation to workspace heading links
  18. Added keyboard-only navigation for accordion elements such as run phase expanding boxes.
  19. Fixed accessibility of heading order for screen readers
  20. Fixed price error for certain AWS Elasticache node types during Cost Estimation.
  21. Fixed a potential issue where some cost estimates might be off by 1-2%
  22. Fixed the user invitation modal list of teams, ensuring teams are correctly paginated to include all of them.
  23. Fixed an issue where working directories were having their leading and trailing slashes stripped during updating.
  24. Fixed Modules ingress for Bitbucket Webhook events containing multiple changes.
  25. Fixed an issue where custom CA certificates were not being passed to the telegraf container.
  26. Fixed API issue where includable resource parameters were required to be underscored, even as the API is generally hyphenated.
  27. Fixed workspace variables API to require the correct workspace in URL
  28. Fixed issue not showing all teams when adding team access to a workspace.

APPLICATION LEVEL SECURITY FIXES:

  1. Enforce organization-level setting that requires users within an organization to have two-factor authentication enabled (CVE-2021-3153).
  2. Reduce exposure by proactively revoking per-run tokens on run completion.
  3. Update go-slug to v0.5.0 to pick up security fixes for maliciously crafted tarballs.
  4. Update Rails to 6.0.3.5, addressing security vulnerabilities.
  5. Ongoing container updates to address reported vulnerabilities in underlying packages / dependencies.

PostgreSQL Upgrade:

The PostgreSQL versioning policy states that PostgreSQL 9.5 had its final release on February 11, 2021. As such, the internally-managed PostgreSQL server has been upgraded from PostgreSQL 9.5 to PostgreSQL 12. This change only affects mounted disk and proof of concept installations. It does not affect external services installations.

The first time a Terraform Enterprise installation is upgraded to v202103-1, a program will be executed that will upgrade the PostgreSQL 9.5 data to PostgreSQL 12. This program takes a backup of the PostgreSQL data before upgrading. Regardless, operators should back up their Terraform Enterprise data before upgrading to Terraform Enterprise v202103-1.

Additionally, operators should familiarize themselves with the following knowledge base articles.