FEATURES:
- Add support for Terraform v1.0 [GH-333]
BUG FIXES:
- Fix missing event when task was enabled and executed using the CLI enable sub command [GH-318, GH-319]
- Fix disabled tasks to trigger after re-enabling [GH-320]
BREAKING CHANGES:
- Change task source for local modules to expect path based on directory where CTS is run instead of task directory. [GH-264, GH-283]
- Change the empty
namespacevalue forvar.servicesfromnullto empty string"". This effects CTS when used with Consul OSS, and no changes when used with Consul Enterprise where the default namespace value is"default". [GH-303]
FEATURES:
- Add support for Terraform v0.15 [GH-277]
- Add support to only trigger a task on service registration (on first instance of a service registering) or on service deregistration (on last instance of a service deregistering) [GH-307]
- Add support for filtering service nodes using a filter expression. Deprecate
tagin favor offilter, wheretagwill be removed in CTS v0.4.0. [GH-295] - Execute Terraform validate after tasks are initialized [GH-306]
BUG FIXES:
- Add support for relative paths for task variable files [GH-279, GH-288]
- Fix Terraform installation issue when path is set to an empty string [GH-212, GH-297]
- Fix missing event when task was enabled and executed using the CLI enable sub command [GH-318, GH-319]
SECURITY:
- Update
tfinstallto verify downloaded versions of Terraform with the rotated HashiCorp PGP signing key (HCSEC-2021-12) [GH-263] - Update Docker release process with rotated HashiCorp signing key (HCSEC-2021-12) [GH-270]
- Update the fallback version of Terraform to download to v0.13.7 which was released with the rotated HashiCorp signing key (HCSEC-2021-12) [GH-271]
BUG FIXES:
- Fix issue where CTS does not reconnect with Consul if it stops and restarts by adding retries for up to 8-12 minutes and then exiting if retries are unsuccessful. [GH-233, GH-242]
- Fix issue with services template being generated before data on all services is ready. [GH-239, GH-257]
BUG FIXES:
- Fix Task Status API response which was incorrectly returning empty providers and services information when requesting a task with no event data. [GH-219]
- Fix service filtering with tag containing
=. [GH-222] - Fix Docker image to pass in configuration when running in daemon-mode. [GH-221]
- Mitigate task execution on partial data when monitoring a large number of services. [GH-232]
- Fix tasks that are watching the same services from going stale after a couple executions. [GH-234, GH-237]
- Fix exponential backoff retry, which was incorrectly implementing x^2 instead of 2^x. Used to retry PANOS commit and Terraform. [GH-235]
- Fix
-versionflag output to include the binary name. [GH-238]
BREAKING CHANGES:
- Remove support for
providerblock name (deprecated v0.1.0-techpreview2). Useterraform_providerblock name instead. [GH-169] - Change version output from stderr to stdout. [GH-199]
- Change API error structure from string to object for future flexibility. [GH-201]
- Change Overall Status API response payload's
task_summaryfrom a map of status values to counts to a map of objects in order to allow returning other types of summary information. [GH-203]
FEATURES:
- Add
cts_user_defined_metaoption to theserviceconfiguration block for appending user-defined metadata grouped by services to be used by Terraform modules. [GH-166] - Add support for querying service by namespace for Consul Enterprise. [GH-175]
- Add
enabledboolean field to task configuration which configures a task to run or not. [GH-188, GH-189] - Add a Disable Task CLI which will stop a task from running and updating resources until re-enabled. [GH-194]
- Add an Enable Task CLI which will start a task so that it runs and updates resources. [GH-198]
- Add support for a CLI
-portflag to set the API port that the CLI should use if not default port 8558. [GH-197] - Add an Update Task API to support patch updating a task's enabled state. [GH-191, GH-214]
- Add a run parameter to Update Task API which can dry-run a task with updates and return an inspect plan (?run=inspect) or update a task run it immediately as opposed to run at the natural CTS cadence (?run=now). [GH-196]
- Configurable PAN-OS out-of-band commits [GH-170]
- PAN-OS commit retry with exponential backoff [GH-178]
- Add support for CTS to communicate with the local Consul agent over HTTP/2 to improve the efficiency of TCP connections for monitoring the Consul catalog [GH-146, GH-207].
- Official docker image [GH-215]
IMPROVEMENTS:
- Changed default
consul.transportoptions used for the Consul client to improve TCP connection reuse. [GH-164] - Mark generated provider variables as sensitive for Terraform 0.14+ [GH-181]
- Separate provider-related variables into a different file from services [GH-182, GH-183]
- Update the Overall Status API response to return count of enabled and disabled tasks and to return count of tasks with no event data as status value 'unknown'. [GH-203]
- Update the Task Status API response to include a new 'enabled' boolean field to indicate if task is enabled or disabled. [GH-202]
- Include service kind in module input [GH-168, GH-174]
BUG FIXES:
- Avoid appending duplicate
terraformsuffix to the KV path for Consul backend. [GH-165] - Fix edge case where multiple tasks have identical
terraform.tfvars.tmplfiles causing Consul Terraform Sync to indefinitely hang. [GH-167] - Handle case where provider configuration used nested blocks, which was causing an unsupported argument error. [GH-173]
- Fix
task_envconfig validation causing the feature to be unusable. [GH-184] - Fix how CTS configures the Consul KV backend for Terraform remote state store to default with configuration from the Consul block. [GH-213]
BREAKING CHANGES:
- Deprecate
providerblock name in this release forterraform_providerblock name, andproviderwill be removed in the following release [GH-140] - Fix PAN-OS out-of-band commits to use partial commits based on the configured admin user (required when using the PAN-OS provider) instead of committing all queued changes from any user [GH-137].
FEATURES:
- Add inspect mode to view proposed state changes for tasks [GH-124]
- Expand usage of Terraform backends for state store [GH-101, GH-129]
- azurerm, cos, gcs, kubernetes, local, manta, pg, s3
- Add configuration option to select Terraform version to install and run [GH-131]
- Add support to run Terraform version 0.14
- Add status api to view status information about task execution. Served by default at port 8558 [GH-158]
- Task-status api for status of each task [GH-138, GH-144, GH-148, GH-159, GH-160]
- Overall-status api for the overall status across tasks [GH-142, GH-161]
- Support configuring
porton which the api is served [GH-141] - Support
include=eventsparameter for task-status api to include in the response payload the information of task execution events [GH-145] - Support
status=<health-status>parameter for task-status api to only return statuses of tasks of a specified health status [GH-147]
- Add support to dynamically load Terraform provider arguments within the
terraform_providerblocks from env, Consul KV, and Vault using template syntax [GH-143]- Add Vault config option [GH-139]
- Add support to set Terraform provider environment variables using the meta-argument
task_envblock to avoid rendering sensitive arguments in plain-text or to re-map environment variable names [GH-157]
IMPROVEMENTS:
- Enable 2 retries on task execution errors when running in daemon mode [GH-72, GH-121, GH-155]
- Update out-of-band commits to execute only when a related task is successful [GH-122]
BUG FIXES:
- Fix indefinite retries connecting to Consul on DNS errors [GH-133]
- Fix Terraform workspace selection error [GH-134]
- Initial release