Infrahub v1.8.0rc0

Infrahub v1.8.0rc0 - Release Notes

⚠️ !!! WARNING This first release candidate of Infrahub v1.8.0 is supposed to be used for testing purposes only.

This release introduces a file objects feature, adds stronger branch life-cycle controls with automatic freeze-on-merge, and adds support for resource pools in object templates. The Infrahub Backup tool now fully supports Kubernetes deployments.

Main changes

File Object: Upload and attach files to Infrahub objects

Infrahub can now store files -- Text files, PDFs, images, spreadsheets, KMZ files, and any other format -- directly as objects in the database. With the new CoreFileObject generic, you can define custom file types in your schema. Object files behave as all other objects in Infrahub, you can fully customize the schema and relate (or attach) them to other objects.

The contents of the file will be rendered in Infrahub's web interface, if the file has one of the following file types:

• application/json
• application/yaml
• application/x-yaml
• application/hcl
• application/graphql
• application/pdf
• image/svg+xml
• text/plain
• text/markdown
• application/xml
• text/csv;
• image/png
• image/jpeg
• image/gif
• image/webp
• image/bmp
• image/x-icon

To use this feature, create a schema node that inherits from CoreFileObject:

nodes:
  - name: ContractDocument
    namespace: Custom
    inherit_from:
      - CoreFileObject
    attributes:
      - name: contract_number
        kind: Text

The CoreFileObject generic automatically provides read-only attributes for file metadata: file_name, checksum (SHA-1), file_size, file_type (MIME type), and storage_id.

Upload files through GraphQL mutations -- a file argument is automatically added to Create, Update, and Upsert mutations for any node inheriting from CoreFileObject.

Download files through the UI or these REST API endpoints:

• /api/files/{node_id} -- by node UUID
• /api/files/by-hfid/{kind} -- by human-friendly ID
• /api/files/by-storage-id/{storage_id} -- by internal storage ID

The maximum file size defaults to 50 MB and is configurable via the INFRAHUB_STORAGE_MAX_FILE_SIZE environment variable.

Freeze branch after merge

When a branch is merged -- either through a direct branch merge or via a Proposed Change -- it now transitions to a frozen state where no further mutations are allowed. This prevents a class of data integrity issues that could occur when a branch was modified or merged a second time after its initial merge.

Both the backend API and the frontend UI enforce this freeze:

• GraphQL mutations (Create, Upsert, Update, Delete) are blocked on merged branches
• The UI disables editing controls and shows a visual indication that the branch is frozen
• Creating a new Proposed Change for an already-merged branch is prevented

Resource pool references in object templates

Object templates can now reference resource pools (IP Address, IP Prefix, and Number pools). Previously, adding a resource pool to a template would allocate a resource to the template itself -- not the intended behavior. In 1.8, pool references on templates are stored as metadata. When an object is created from the template, the resource is allocated from the specified pool at creation time.

This applies to all pool types:

• IP Address pools
• IP Prefix pools
• Number pools

The feature introduces a new relationship_properties field in the GraphQL schema for template relationships, which stores the pool source reference alongside the standard edges field. Template inheritance (subtemplates) correctly propagates pool references.

A database migration is included to convert any existing template-IP relationships that incorrectly have pool sources into the new _from_resource_pool relationship format.

Consult the diff of a proposed change after branch deletion

The data and schema diff of a Proposed Change is now preserved and accessible even after the associated branch has been deleted. This is essential for audit and compliance workflows -- during incident investigation or regulatory review, users need to inspect what changes were made, by whom, and when, regardless of whether the source branch still exists.

The diff data is now tied to the Proposed Change itself rather than solely to the branch. The Files and Artifacts tabs on a Proposed Change also handle deleted branches gracefully, showing a user-friendly message instead of an error.

This feature is a prerequisite for a future capability to automatically delete branches after merge, which will help prevent stale branches that can cause Git synchronization issues.

Read-only repository: Update to Latest button

Managing read-only Git repositories is now simpler. A new "Update to Latest" button fetches and imports the latest commit from the tracked branch directly from the UI. Previously, users had to manually copy and paste commit hashes from an external source to update what Infrahub was tracking. The existing reimport action has been renamed to "Reimport Current Commit" to clearly distinguish between re-processing the current commit and pulling the latest.

Repositories now also support providing a Git Tag as the reference (ref) to track for a repository.

Infrahub Backup: Kubernetes support

The infrahub-backup CLI tool now fully supports Kubernetes deployments for both backup and restore operations. The tool automatically detects whether Infrahub is running on Docker Compose or Kubernetes and adjusts its behavior accordingly.

For Kubernetes deployments we can now install infrahub-backup using the Infrahub Helm Chart. This is now the recommended installation method for Kubernetes deployments.
See the installation instructions for more details

Key new capabilities:

• infrahub-backup create --k8s-namespace <namespace> -- creates a backup archive containing Neo4j and PostgreSQL database dumps
• infrahub-backup restore <backup_file> --k8s-namespace <namespace> -- restores from an archive, handling service stop/start, cache/queue cleanup, database restore, and service restart automatically
• Supports Neo4j Enterprise Edition online backups
• Backup archives include metadata with Infrahub version, Neo4j edition, components backed up, and timestamps

Display artifact count in proposed changes

The Proposed Changes detail view now displays item counts on all tabs, giving you immediate visibility into how many changes exist in each category:

• Data -- count of added, updated, and removed nodes
• Files -- total count of changed files across repositories
• Artifacts -- count of changed artifacts (excludes unchanged)
• Schema -- count of schema changes
• Checks -- count of validators
• Tasks -- count of related tasks

Branch list page improvements

The branch list page continues to evolve with richer information and better usability:

• Created By column shows who created each branch (available for branches created after 1.7)
• Proposed Changes column links directly to associated proposed changes
• Status column shows branch state with warning indicators (e.g., "Rebase needed")
• Schema Changes indicator shows whether the branch includes schema modifications
• Last Rebase timestamp for sync tracking
• Merged badge clearly identifies branches that have been merged
• Merged branches are filtered from the proposed change creation form

General UI improvements

Several smaller improvements enhance the day-to-day experience:

• Schema field shortcuts -- clicking an attribute or relationship label in the object detail view opens the schema viewer modal, scrolling directly to the relevant field definition
• Field type icons -- icons next to field names indicate the attribute type (text, number, boolean) and relationship schema
• Diff status badges -- file and artifact diffs now show badges indicating the type of change (added, removed, updated)
• Branch artifacts tab -- view artifact changes directly from the branch details view
• Refresh button -- task list and details views now include a manual refresh button with a tooltip showing the last data refresh time
• Consistent focus outlines -- improved visual accessibility across all interactive elements

Infrahub Python SDK

Infrahub v1.8.0rc0 requires the usage of infrahub-sdk v1.19.0rc0, please update the infrahub-sdk package accordingly.

Notable SDK changes in this release:

• Added support for the File Object feature
• Fixed an issue where the SDK tracking feature would fail when deleting a parent node with component relationships (e.g., a device with interfaces). The SDK now correctly handles cascade deletions where component nodes are automatically removed when their parent is deleted, preventing "Unable to find the node" errors in generator workflows.

Full changelog

Added

• Added CoreFileObject generic for storing files as node attributes with branch-aware versioning. Nodes inheriting from CoreFileObject support file upload via GraphQL mutations and download via REST API endpoints.
• Added the ability to also fetch tags from git (#8078)
• Added Builtin to the list of restricted namespaces
• Added counts to proposed change tabs
• Added ability to view artifact changes from the branch details view
• Added status badges to file and artifact diffs showing the type of change (added, removed, updated)
• Added icons next to field names in the object details view to indicate field types (e.g., text, number, boolean) and relationship schemas
• Added a shortcut in the object details view: clicking an attribute or relationship label open...

Infrahub - v1.7.6

Fixed

• Pass order weights into Profile schema fields to prevent reordering causing a hash mismatch
• Update schema validation and processing to be completely idempotent to prevent incorrect hash errors when retrieving schemas

Infrahub - v1.7.5

Removed

• Removed unused enable configuration toggle from broker, cache, and workflow settings

Fixed

• Add migration to handle setting duplicated schemas on the default branch to be deleted, keeping the one with the latest update (#8221)
• Handle deleted parent relationship schemas when combining diffs without crashing (#8388)
• Prevent saving generated "profiles" and "object_template" schema relationships to the database. Includes a migration to clean up any already on the database. (#8426)
• Fixed regression (introduced in Infrahub 1.5) regarding merge performance. (#8438)
• Add full support for updating existing Template instances via schema migrations when the associated node or generic schema is updated in a manner that would add or remove attributes to or from the Template's schema.
• Adds automatic retries to database queries during a branch merge to handle transient errors
• Allow generating Template schemas for both a generic schema and a node inheriting from that generic. Previously, schema validation would raise a validation error and prevent this.
• Fixed an issue where Infrahub was calculating the wrong authentication signature caused by HTTPX v0.28.0 switching to compact JSON payload encoding.
• Fixed issue where system user showed as the last user changing a proposed change after merge

New Contributors

• @robinchrist made their first contribution in #8340
• @polmichel made their first contribution in #8365

Full Changelog: infrahub-v1.7.4...infrahub-v1.7.5

Infrahub - v1.8.0b0 (beta)

Infrahub v1.8.0b0 - Release Notes

⚠️ !!! WARNING This first beta version of Infrahub v1.8.0 is supposed to be used for testing purposes only.

We're excited to announce the first beta release of Infrahub v1.8.0! This release focuses on strengthening Git integration workflows, improving operational tooling, and expanding template capabilities.

Version 1.8 introduces file attachments on objects, enables resource pool references in templates, and delivers key Git workflow improvements including the ability to view proposed change diffs after branch deletion and automatic branch freezing after merge. We've also added full Kubernetes-native backup support and several usability improvements across the platform.

Main changes

File attachments

Infrahub now supports attaching files directly to objects, enabling users to store and reference documents such as contracts, configuration files, or diagrams alongside their infrastructure data.

Files are managed through the UI and API, providing a centralized location for documentation that is directly associated with the relevant infrastructure objects.

Resource pool references in object templates

Object templates can now reference resource pools, enabling automatic resource allocation when creating objects from templates.

Previously, templates could define static attribute values and relationships, but any resource allocation (IP addresses, ASNs, VLANs, etc.) had to be done manually after object creation. Now you can:

• Reference resource pools directly within a template definition
• Automatically allocate resources when creating objects from templates
• Enforce consistent, policy-driven allocations across teams and environments
• Reduce manual steps and eliminate late-stage CI/generator failures caused by missing allocations

This reduces operational overhead, minimizes human error, and makes common provisioning workflows work end-to-end from a single template.

View proposed change diff after branch deletion

Users can now consult the diff and changes of a proposed change even after the source branch has been deleted from Infrahub.

Previously, deleting a branch would make it impossible to review the changes that were part of that proposed change.

This capability is also a prerequisite for automatic branch cleanup after merge.

Freeze branch after merge

Branches are now automatically frozen after being merged via a proposed change, preventing accidental modifications to already-merged branches. This ensures the integrity of your change management workflow and eliminates a class of errors where users would inadvertently push changes to a branch that had already been merged.

Full changelog

Added

• Added the ability to also fetch tags from git (#8078)
• Added Builtin to the list of restricted namespaces
• Added CoreFileObject generic for storing files as node attributes with branch-aware versioning. Nodes inheriting from CoreFileObject support file upload via GraphQL mutations and download via REST API endpoints.
• Added a refresh button to the task list and details view with a tooltip showing the last data refresh time
• Added a shortcut in the object details view: clicking an attribute or relationship label opens the schema viewer modal, directly showing and scrolling to the relevant field definition
• Added ability to view artifact changes from the branch details view
• Added consistent focus outline color across all interactive elements for improved visual accessibility
• Added counts to proposed change tabs
• Added icons next to field names in the object details view to indicate field types (e.g., text, number, boolean) and relationship schemas
• Added status badges to file and artifact diffs showing the type of change (added, removed, updated)
• Added tooltip over action buttons (download/copy) on artifact details view.

Changed

• Improved consistency of GraphQL Query details page with other object views
• Remove "Task Overview" title from embedded task tabs (object that inherit from CoreTaskTarget)
• Simplified default branch view by hiding inapplicable actions and tabs
• Use Jinja2 templates to compute display labels of permission objects, also mark identifier as deprecated

Fixed

• Handle schema updates and associated data migrations as a single item so that an unexpected failure during a schema migration does not leave the schema and data in incompatible states. This applies to loading a schema, merging a branch, and rebasing a branch. (#6948)
• Allow List attributes to use the regex parameter for validating list item values (#7717)
• Shift-click range selection now anchors to the last clicked row, with added e2e coverage for range toggling. (#8229)
• Fixed error reporting on invalid Jinja2 templates for display_labels (#8311)
• Add full support for updating existing Template instances via schema migrations when the associated node or generic schema is updated in a manner that would add or remove attributes to or from the Template's schema.
• Allow generating Template schemas for both a generic schema and a node inheriting from that generic. Previously, schema validation would raise a validation error and prevent this.
• Data tables now display error messages when API requests fail due to permission or other errors.
• Fix task view showing "Name not found" for related nodes that exist only on a branch by querying the correct branch and time context.
• Fixed adding a relationship from a resource pool within relationship tabs in the object detail view
• Fixed an issue where Infrahub was calculating the wrong authentication signature caused by HTTPX v0.28.0 switching to compact JSON payload encoding.
• Fixed issue where system user showed as the last user changing a proposed change after merge

Infrahub - v1.7.4

Removed

• Removed references to the deprecated is_visible metadata property from documentation.

Fixed

• Fix bug in computed attribute calculation that prevented having a computed attribute on a branch if there were no computed attributes on the default branch (#8270)
• Add migration to allow rebasing branches created before (#8221) was fixed so that the uniqueness constraint on SchemaNode.name and SchemaGeneric.name is removed
• Fixed branch merge failing to include relationships to AGNOSTIC nodes (e.g., CoreIPAddressPool) by including the global branch in the peer node lookup query.
• Fixed confusing issue when "off" was converted to boolean 'false' due to issues with Yaml. The bug was that if "off" or something that Yaml parses as a boolean was used as the name of a Dropdown the incorrect attribute was highlighted in the schema error. When this happened troubleshooting was harder due to misleading errors pointing to another attribute.

New Contributors

• @ryanmerolle made their first contribution in #8226

Full Changelog: infrahub-v1.7.3...infrahub-v1.7.4

Infrahub - v1.7.3

Security

• Update system dependencies: OpenSSL patch for CVE-2025-15467

Fixed

• Single line breaks in text fields are now rendered correctly.

Full Changelog: infrahub-v1.7.2...infrahub-v1.7.3

Infrahub - v1.7.2

Added

• Added "parallel mode" plugin to the GraphQL web sandbox.
• GraphQL query parsing and validation is now leveraging a cache to improve performance and CPU consumption.

Changed

• Infinite scrolling now fetches more entries per page when having a lot of objects. (#8057)

Fixed

• Fixed issue around the use of the validate_certificates attribute on webhooks. This change also modifies this attribute so that it no longer has a default value, instead the Infrahub default configuration for HTTP is used and the attribute is only to override the default. (#6308)
• Fixed a bug that caused branch-agnostic attributes on branch-aware objects to be deleted globally when the object was deleted. Now branch-agnostic attributes on branch-aware objects are only deleted on the branch where the object was deleted. (#7513)
• Figure number and IPAM resources to allocate from a pool by using Cypher queries instead of iterating logic, this should fix timeout observed when allocating resources within large pools (#7897)
• Fixed an issue where parallel create or update operations would attach multiple peers to a cardinality one relationship. (#7972)
• Search anywhere bar now scale with the number of objects within Infrahub.
  Cardinality many relationships are now ignored and not shown in search results. (#8059)
• Prevent opening a proposed change if there is already an open proposed change for the branch. (#8123)
• Fix bug in node create logic that could cause edges to be added to the database with the wrong hierarchy level on the global branch. Includes a migration to fix existing problem edges. (#8158)
• Fix bug in node create logic that could cause branch-local edges to be added to the database with the wrong hierarchy level. Includes a migration to fix existing problem edges. (#8159)
• Fix diff update logic to prevent crash when copying a diff with recursive relationships (#8165)
• Update branch delete logic to correctly delete branch-agnostic attributes from objects being deleted with the branch. Includes a migration to clean up any orphaned objects with branch-agnostic attributes left in the database. (#8211)
• Prevent creating duplicate schemas on branches and merging them into the default branch (#8221)
• Fixed an issue where unexpected restarts of tasks workers would result in tasks being in "Running" state forever.
  As a side effect, this would block Git repositories sync tasks to be launched. (#8227)
• Fixed an issue causing overfetching in IPAM tree

Full Changelog: infrahub-v1.7.1...infrahub-v1.7.2

Infrahub - v1.7.1

Added

• Added option to use username/password authentication on Redis connections (#7994)

Fixed

• Fix failing execution of unit tests within a proposed change pipeline. (#8075)

Full Changelog: infrahub-v1.7.0...infrahub-v1.7.1

infrahub - v1.7.0

Infrahub v1.7.0

We're excited to announce the release of Infrahub, v1.7.0! This release focuses on enhancing data governance and strengthening the platform foundation for enterprise deployments.

Version 1.7 introduces comprehensive audit capabilities with immutable metadata tracking, expands profile functionality to support relationships. Under the hood, we've upgraded critical backend dependencies to ensure optimal performance, security, and long-term maintainability.

Main changes

Object level meta data

Infrahub now automatically tracks who created and last modified every object in your infrastructure data. This foundational capability enables complete audit trails and accountability across your entire automation stack.

Every object now includes:

• Created by and updated by — user attribution for all changes
• Created at and updated at — precise timestamps for data lifecycle tracking

This metadata is available through the UI, GraphQL API and Python SDK, enabling you to determine who created or updated an object and at which time.

The metadata is read-only and survives across branch operations, ensuring you have a reliable audit trail even in complex version control workflows.

This positions Infrahub as enterprise-ready for organizations requiring detailed data provenance and accountability.

The created_at and updated_at metadata will be set for all objects, even those that were create before this feature.
The created_by and updated_by metadata will be set for objects that have been created or updated after this release, existing objects will not be backfilled.

Relationships in Profiles

Profiles now support relationships in addition to attributes, enabling you to define complete, reusable templates for entire classes of objects.

Previously, profiles could only set attribute values, limiting their usefulness and adoption. Now you can:

• Define relationships within a profile alongside attributes
• Create comprehensive templates that capture both data and connections
• Enforce data consistency across large inventories with less manual work
• Apply complete object configurations at scale

Additionally profiles now support required attributes and relationships, as long as they are not part of a uniqueness constraint.

For example, you can now create a "Production Server Interface" profile that captures configurations, such as the speed and MTU and mode, but also automatically connect it to a specific VLAN.

This reduces manual configuration, minimizes errors when scaling automation projects, and ensures that relationships are consistently applied across your infrastructure data model.

Branch list page scaling

Several users of Infrahub, have a requirement to have a large number of branches active at any given time in Infrahub. The branch list page has been updated to provide a better user experience when you have a large number of branches.

The branch list page now uses the previously introduced InfrahubBranch GraphQL query, which provides pagination functionality for the branch query. In this release we have also introduced a partial_match filter, which allows a user to search for a branch by a partial name.

Additionally the branch list page displays the new object level metadata, which allows you to more easily find the branch that you are looking for.

Redesigned object detail view

The object detail page has been significantly improved to provide better access to key information and actions.

Header improvements:

• New info icon provides quick access to the new object-level metadata
• Action button was redesigned and relocated for better accessibility
• New dedicated button to navigate directly to the object's schema definition
• Refreshed button styling

Groups management:

• New dedicated section displays all groups the object belongs to
• Easily add or remove the object from groups without navigating away

Profiles management:

• New section shows all profiles currently applied to the object
• Manage profile assignments directly from the object detail view

These changes make it faster to understand an object's context (its metadata, groups, and profiles) without switching between multiple views.

Upgraded backend dependencies

The platform foundation has been strengthened with major version upgrades across all core backend components:

• Python: 3.12 → 3.13
• Neo4j: 2025.03 → 2025.10/11
• RabbitMQ: 3.13 → 4.2
• Redis: 7.2 → 8.x
• PostgreSQL: 14 → 18

These upgrades deliver:

• Enhanced performance across the platform
• Improved security with the latest patches
• Access to new features in underlying technologies
• Better long-term maintainability and support

The upgrades have been thoroughly tested to ensure compatibility and performance regression has been validated to maintain Infrahub's reliability standards.

Infrahub Python SDK

Infrahub v1.7.0 requires the usage of infrahub-sdk v1.18.1, please update the infrahub-sdk package accordingly.

Full changelog

Deprecated

• Deprecated the '_updated_at' query field for GraphQL queries. The new node metadata field should be used instead. The '_updated_at' field will be completely removed in Infrahub 1.9.

Added

• Add search functionality to the branches list view, allowing users to filter branches by name. (#2107)

• Added ability to enable and disable webhooks (#6761)

• Added option to use username/password authentication on Redis connections (#7994)

• Add display label based GraphQL filters display_label__isnull, display_label__value and display_label__values

• Added metadata display in branch list view showing last rebase, last update, created at, and created by information

• Added partial_match parameter to InfrahubBranch query for case-insensitive substring filtering on branch names

• Display "No task" on branch details when task are empty.

• Improved menu in IPAM details view:

  • Replaced the three-dot menu with a clearly labeled Actions button to open menu
  • Added quick navigation to related tasks
  • Added convert object type action
  • Added icons for all menu items

Changed

• This refactors timestamp handling across query and relationship functions to accept only Timestamp types, updates all dependent code and tests accordingly, refreshes development environment files, and includes no user-facing changes. (#63)
• Improve branches list and details views to use the updated GraphQL API structure. (#2108)
• Upgraded backend dependencies: Neo4j to 2025.10.1, Redis to 8.4.0, RabbitMQ to 4.2.1, PostgreSQL to 18

Fixed

• Fixed issue with creating and deleting webhook automations for installations with a high number of automations in Prefect.
• Fixed relationship fields not being cleared when removing a profile from a node
• Fixed the display order of attributes and relationships in detail views.
• Re-enable running a single migration in infrahub db migrate using the --migration-number option
• Updating your account information now correctly refreshes the visible data, preventing outdated data from being shown.

Infrahub - v1.6.3

Changed

• Changed DiffTreeSummary GraphQL type count fields to be non-optional (#7778)

Fixed

• Stop showing warnings for deprecated attribute schema fields (regex, min_length, max_length) when they are not used (#7995)

Full Changelog: infrahub-v1.6.2...infrahub-v1.6.3