Skip to content

v0.42.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 24 Jun 08:12
· 2 commits to main since this release
v0.42.0
0482a9e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Terrapod is a free, open-source platform replacement for Terraform Enterprise. This release adds the Service Catalog — no-code self-service provisioning over the private module registry.

Highlights

  • Service Catalog — a catalog item blesses a private registry module for self-service. Provisioning creates an ordinary agent-mode workspace running a server-generated, value-free wrapper (module call + provider templates + output re-export); supplied inputs become ordinary workspace variables delivered via the per-run Secret. On by default (api.config.catalog.enabled); the catalog_permission RBAC axis is opt-in, so enabling grants no access until a role is assigned.
  • Curated inputs & fixed variables — catalog authors can constrain an input to an allowed set of options, mark inputs sensitive (write-only), or pin a fixed variable (hidden + default, removed from the form). Options are enforced server-side at provision and reconfigure.
  • Provider templates — admin-managed, parameterised provider configurations whose parameters become Terraform variables, rendered into the wrapper's providers.tf.
  • Safe teardown — destroy, never silently orphan — a catalog instance is destroyed (reclaim infra → archive the workspace on a successful destroy), not deleted-and-orphaned. Plain workspace delete is blocked (409) on a catalog instance; an explicit, admin-only, audit-logged orphan escape hatch exists for the rare abandon-infra case.
  • Destroy auto-retry — terraform destroys can fail transiently; failed platform-initiated lifecycle destroys (catalog + autodiscovery) are re-queued up to runners.lifecycleDestroyRetries times with backoff. Archive only ever happens on a successful destroy, so retries never lose data.
  • Full consumer coveragego-terrapod SDK, terraform-provider-terrapod (terrapod_provider_template / catalog_item / catalog_instance + terrapod_catalog_instances data source), and a web UI (/catalog browse + provision wizard, instance management, /admin/catalog, /admin/provider-templates).

Bug Fixes

  • Runner registry discovery over HTTP-internal API — the runner's host "<public>" { services → API } registry-discovery redirect is now emitted regardless of the internal API's scheme (previously gated on HTTPS, silently skipped for the default single-cluster http://<release>-api:8000). This makes private-registry-module consumption (including catalog wrappers) work in HTTP-internal, airgapped, and split-network deployments. Two-HTTPS-address (cluster-to-cluster + users) deployments are unchanged.

Status

Beta — the catalog provision→apply→reconfigure→destroy→archive lifecycle was live-smoke-verified end-to-end against a real runner.

Full Changelog: v0.41.0...v0.42.0

Assets 32
Loading