github opsmill/infrahub infrahub-v1.9.0b1
Infrahub - v1.9.0b1 (beta)
on GitHub

pre-release9 hours ago

Infrahub v1.9.0beta1

This beta is intended for testing purposes only and should not be used in production environments.

Infrahub v1.9.0 introduces new display options for the schema, modular GraphQL fragments, artifact content composition, syslog support, and improvements across automation, IPAM, Git integration, and webhooks.

Major Features

New display options for attributes & relationships

Schema definitions now support a display property on attributes and relationships. Setting display: extra marks a field as secondary — hidden from list views and collapsed behind a toggle in detail views by default. Create/edit forms always show all fields. API and GraphQL access is unchanged; display is purely a UI hint. The property propagates from generics to inheriting nodes.

Modular GraphQL Queries

Reusable GraphQL fragment definitions can now be stored in Infrahub and referenced across multiple transforms and artifacts. Fragments are declared in .infrahub.yml alongside queries, synced from Git repositories, and resolved automatically at execution time. This eliminates query duplication in multi-artifact pipelines and is a building block for the artifact composition features below.

Artifact Content Composition

Jinja2 transforms gain a new artifact_content filter that accepts a storage_id and returns the rendered content of another artifact as a string. A matching file_object_content filter works the same way for file objects. Combined with the existing from_json / from_yaml filters, this enables composite artifacts that include sections from other artifacts without duplicating template logic. Python transforms can use the existing object_store.get() SDK method for the same purpose. In addition, Jinja2 filters usage restriction is now enforced for templates producing artifacts. This means that some Jinja2 filters may not be usable. You can refer to our Python SDK template documentation to learn about available Jinja2 filters and the contexts in which they can be used.

Computed Attributes — Local Execution

Jinja2-based computed attributes that depend on fields of the same node are now recomputed inline within the originating mutation rather than dispatched as separate background tasks via Prefect. Changes are visible immediately without a page refresh, bulk imports no longer spawn large numbers of redundant background tasks, and users receive a single consolidated event per change rather than two separate notifications.

Delete Branch After Merge

A new global configuration option enables automatic deletion of branches after they are merged — via a regular branch merge or a Proposed Change. When configured, the deletion can also propagate to the linked Git repository. A manual delete button with Git propagation option is also available for individual branches.

Login/Logout Activity Events

Two new event types — infrahub.account.logged_in and infrahub.account.logged_out — are now emitted by the authentication endpoints. Each event captures account ID, username, authentication method, session ID, groups, roles, client IP, and user agent. These events are admin-visible only and serve as the prerequisite for the syslog integration below.

Custom Headers for Webhooks

Webhooks now support custom HTTP headers. Headers can be defined as plain-text values or as environment variable references resolved at send time, enabling sensitive values such as API keys and bearer tokens to be injected via Kubernetes secrets or external secret managers without storing them in Infrahub. Header definitions are reusable across multiple webhooks.

Syslog Support (Enterprise)

Infrahub now supports native syslog export of activity events to external SIEM systems such as Splunk, Datadog, and ELK. Configuration is via the Infrahub configuration file and supports multiple destinations, TCP/UDP transport, optional TLS, and RFC 5424 / RFC 3164 formats. The MSG field of each syslog entry carries the JSON representation of the Infrahub event. This feature requires login/logout activity events (above) and is designed to meet enterprise security and compliance requirements (SOC2, ISO 27001).

IPAM — Closest Prefix Match

Searching for an IP address that does not exist in IPAM now returns the closest matching prefix rather than an empty result, making it easier to navigate the prefix hierarchy when investigating address allocation.

Restrict Generic Namespaces

Generics now support an restricted_namespaces property that limits which schema node namespaces may inherit from them. This prevents users from inadvertently creating non-functional node kinds based on internal Infrahub generics such as CoreGenericRepository or CoreWebhook. Violations are rejected at schema load time.

Any existing extentions to CoreGenericRepository or CoreWebhook will need to be removed prior to the upgrade.

Schema Visualization

The interactive schema graph, previously only available in the VS Code extension, is now accessible directly from the Infrahub UI. The view renders schema nodes and relationships as an interactive graph and persists the last session state between visits.

New Filter Picker & Object Metadata Filtering

Added a unified filter picker for object list views and support for node metadata filtering:

  • New: Added a unified Filter menu that displays available filters for attributes, relationships and metadata
  • New: Added metadata filters (Created at, Created by, Updated at, Updated by)
  • New: Click an active filter tag to edit it or remove via the inline X
  • Improved: Active filter tags are now editable: click a tag to change its value without removing it
  • Improved: Filter tags now display human-readable conditions (contains, is any of, is empty, before, after etc...)

Role management UI

Role Management got a major consistency pass. Every table now shares the same experience, bringing infinite scroll, bulk selection, standardized filters, and a unified row actions menu to pages that were previously missing them

Breaking changes

Because of the introduction of the restricted namespeces on generics as described above from 1.9.0 it is no longer possible to have custom node kinds that inherit from CoreGenericRepository or CoreWebhook. Any such node kinds needs to be removed prior to the upgrade.

Full Changelog

Removed

  • Remove proposed change comments created_at and created_by attribute and relationship in favor of already existing node metadata created_by and created_at
  • Removed deprecated GraphQL queries and mutations IPAddressGetNextAvailable, IPPrefixGetNextAvailable, IPPrefixPoolGetResource, IPAddressPoolGetResource, use their Infrahub prefixed equivalents
  • Removed previously deprecated "_updated_at" field within GraphQL queries. Use "updated_at" within the node_metadata instead.

Added

  • Added display field to AttributeSchema and RelationshipSchema with enum values default and extra, defaulting to default. This controls where attributes and relationships are displayed in the UI — default shows in the main view, extra in an expanded/secondary section.
  • Added a delete branch modal with the option to also delete the branch from Git
  • Added ability to automatically delete branches after a successful merge. When INFRAHUB_DELETE_BRANCH_AFTER_MERGE is enabled (default: False), the Infrahub branch is deleted. Optionally, when INFRAHUB_GIT_DELETE_GIT_BRANCH_AFTER_MERGE is also enabled (requires the first setting), the corresponding Git branch is deleted from synced repositories. The BranchDelete GraphQL mutation accepts a delete_from_git parameter to override the Git deletion setting per request.
  • Added an "Extra" toggle button in the object details card to reveal fields marked with display "extra", which are now hidden by default
  • Added login and logout activity events (infrahub.account.logged_in and infrahub.account.logged_out). Successful authentication attempts via password, OAuth2, and OIDC, as well as explicit logouts, are now queryable via the activity event feed.
  • Added namespace restriction parameter into generic schemas
  • Added parent prefix lookup to the search anywhere dialog (Cmd+K). When searching for a valid IP address or CIDR prefix, containing parent prefixes are now displayed in a dedicated "Parent Prefixes" section, ordered from most specific to least specific, across all namespaces. Supports both IPv4 and IPv6.
  • Added schema graph visualizer plugin allowing users to view schemas as an interactive graph
  • Added support for graphql_fragments in .infrahub.yml. Repositories can now declare reusable .gql fragment files and reference them with standard fragment spread syntax (...FragmentName) in query files. Fragment definitions are resolved (including transitive dependencies) and inlined at repository sync time, so the stored query is a self-contained document. The same rendering applies when running queries locally with infrahubctl.
  • Added support for artifact content composition via Jinja2 filters. Templates running on Prefect workers can now use artifact_content, file_object_content, from_json, and from_yaml filters to inline and parse content from other artifacts and file objects. These filters are blocked in computed attributes for security.
  • Added support for custom HTTP headers on webhooks. Users can create reusable key-value pairs (static or environment-variable-based) and associate them with webhooks.
  • Schema selector search bar is now sticky at the top, with new collapse all and expand all buttons to quickly toggle every namespace section.
  • Unified IPAM detail pages with the standard object details card, adding field metadata, extra fields toggle, edit metadata, and profiles & groups
  • When delete_branch_after_merge is enabled, merging a branch now redirects to the branches list view and switches to the main branch if the deleted branch was the active one. Merging a proposed change stays on the detail page but switches to the main branch if the source branch was the active one.

Changed

  • Accounts, Groups, Roles, and Global Permissions tables in Role Manager now use the same updated design and features as other object tables across the application
  • Consistent headers across object list and detail pages. Object list pages now share the same header style as detail pages, with easy access to schema, docs, and refresh actions.
  • Jinja2 computed attributes are now recalculated immediately when their dependent attributes or relationships change on the same node, eliminating background task overhead for local changes.
  • Telemetry snapshots are now always stored locally in the database regardless of the telemetry opt-out setting, ensuring air-gapped and opted-out deployments retain usage data for support and auditing. New CLI commands infrahubctl telemetry list and infrahubctl telemetry export allow administrators to view and export stored telemetry data. A REST API endpoint GET /api/telemetry/snapshots provides programmatic access with READ_TELEMETRY permission enforcement.
  • infrahub.branch.deleted and infrahub.branch.merged events now expose the associated proposed change (when applicable) as the event's primary node instead of a related node. Consumers filtering on primaryNodeIds will match these events for a proposed change; filters relying on the proposed change appearing under relatedNodes must be updated.
  • hides the internal attributes of CoreFileObject in the UI

Fixed

  • Ensure that changes to a password attribute counts as a mutation event for a node. (#6909)
  • Add distributed lock around branch creation to prevent race condition (#8368)
  • Fix diff update logic that runs after merge and rebase operations to ignore diffs for merged and deleted branches. Add a new environment variable, "INFRAHUB_DIFF_UPDATE_AFTER_MERGE", that allows skipping the automatic diff updates following a merge. (#8507)
  • Correct the display label on events sent from the mutations to update computed attributes and HFIDs when the display label contains attributes from related nodes. (#8837)
  • Fix false-positive conflict detection during git sync caused by naive string matching of conflict markers in file content. (#8848)
  • Prevent non-idempotent behavior when loading a schema that involves generic inheritance, HFIDs, uniqueness constraints, and unique attributes. In certain circumstances these elements could interact to cause unexpected schema drift when an attribute was identified as unique from a single-item uniqueness constraint on a node or generic schema. The schema loading logic is updated to ensure all of these elements are idempotent going forward. (#8897)
  • Fixed git sync not importing objects after repository re-clone from a missing local directory (#8930)
  • Fixed Jinja2 computed attributes, display labels, and human-friendly IDs failing when referencing attributes on a hierarchical relationship's concrete peer type (#8943)
  • Fix bug in schema remove migration that could cause removed instances of the schema to be excluded from the diff. Would not cause a functional issue because the schema remove migration would run on the default branch when merged.
  • Fixed possible empty display labels by removing legacy display_labels processing
  • Object table now refreshes automatically after adding or removing objects from groups in bulk
  • Support non-UTC timezones in filters for GraphQL queries
Check out latest releases or
releases around opsmill/infrahub infrahub-v1.9.0b1

Don't miss a new infrahub release

NewReleases is sending notifications on new releases.

Get notifications