feat!: (IAC-997) (IAC-995) Update viya4-iac-gcp Providers, Modules, & Dependencies and Patch Security Issues

[jarpat]

Changes

Update the viya4-iac-gcp Providers, Modules, & Dependencies and Patch Security Issues

Below is notes and changes that I made as I upgraded the modules/providers.

Providers

hashicorp/google & hashicorp/google-beta

• Versions:
  • Initial Version: 4.38.0
  • Final Version: 4.63.1
  • Notes:
    • No notable breaking changes or deprecations observed that would affect us, mostly the addition of new features.
• Change Log: https://github.com/hashicorp/terraform-provider-google/blob/main/CHANGELOG.md

  hashicorp/kubernetes

• Versions:
  • Initial Version: 2.14.0
  • Final Version: 2.20.0
  • Notes:
    • No notable breaking changes or deprecations observed that would affect us, mostly the addition of new resources.
• Change Log: https://github.com/hashicorp/terraform-provider-kubernetes/blob/main/CHANGELOG.md

  hashicorp/local

• Versions:
  • Initial Version: 2.2.3
  • Final Version: 2.4.0
  • Notes:
    • No notable breaking changes or deprecations observed that would affect us
• Change Log: https://github.com/hashicorp/terraform-provider-local/blob/main/CHANGELOG.md

  hashicorp/template

• Versions:
  • Initial Version: 2.2.3
  • Final Version: Removed
  • Notes:
    • This provider has been deprecated in favor of the templatefile function since 2020, now would be a good time to make the swap before it's officially removed.
    • templatefile is already used in the OSS repo, so use that a reference
• Deprecation Notice: https://github.com/hashicorp/terraform-provider-template/issues/85

  hashicorp/random

• Versions:
  • Initial Version: 3.1.0
  • Final Version: 3.5.1
  • Notes:
    • No notable breaking changes or deprecations observed that would affect us
• Change Log: https://github.com/hashicorp/terraform-provider-random/blob/main/CHANGELOG.md

  hashicorp/null

• Versions:
  • Initial Version: 3.1.0
  • Final Version: 3.2.1
  • Notes:
    • No notable breaking changes or deprecations observed that would affect us
• Change Log: https://github.com/hashicorp/terraform-provider-null/blob/main/CHANGELOG.md

  hashicorp/external

• Versions:
  • Initial Version: 2.2.2
  • Final Version: 2.3.1
  • Notes:
    • No notable breaking changes or deprecations observed that would affect us
• Change Log: https://github.com/hashicorp/terraform-provider-external/blob/main/CHANGELOG.md

  hashicorp/time

• Versions:
  • Initial Version: 0.8.0
  • Final Version: 0.9.1
  • Notes:
    • No notable breaking changes or deprecations observed that would affect us
• Change Log: https://github.com/hashicorp/terraform-provider-time/blob/main/CHANGELOG.md

Modules

module.gke

• Source: terraform-google-modules/kubernetes-engine/google//modules/private-cluster
• Versions:
  • Initial Version: 23.1.0
  • Final Version: 25.0.0
  • Notes:
    • enable auto repair and upgrade with cluster autoscaling #1530
    • Small update will need to be made to the cluster_autoscaling line here in main.tf. It now requires the attributes auto_repair & auto_upgrade and their values, similarly to how we added a default for gpu_resources during the last module update
    • The default of these additions should be either true or false. We actually set those values in the node_pools map already based off whether the user set var.kubernetes_channel here, so we can adopt the same behavior for cluster_autoscaling
• Change Log: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/blob/v25.0.0/CHANGELOG.md

  module.postgresql

• Source: GoogleCloudPlatform/sql-db/google//modules/postgresql
• Versions:
  • Initial Version: 12.0.0
  • Final Version: 15.0.0
  • Notes:
    • from 13.0.0 - deps: update terraform null to ~> 3.2.0
    • from 14.0.0 - Requires Terraform >= 1.3.0
• Change Log: https://github.com/terraform-google-modules/terraform-google-sql-db/blob/master/CHANGELOG.md

  module.sql_proxy_sa

• Source: terraform-google-modules/service-accounts/google
• Versions:
  • Initial Version: 4.1.1
  • Final Version: 4.2.1
  • Notes:
    • No notable breaking changes or deprecations observed that would affect us
• Change Log: https://github.com/terraform-google-modules/terraform-google-service-accounts/blob/master/CHANGELOG.md

  module.nat_address

• Source: terraform-google-modules/address/google
• Versions:
  • Initial Version: 3.1.1
  • Final Version: 3.1.2
  • Notes:
    • No notable breaking changes or deprecations observed that would affect us
• Change Log: https://github.com/terraform-google-modules/terraform-google-address/blob/master/CHANGELOG.md

  module.cloud_nat

• Source: terraform-google-modules/cloud-nat/google
• Versions:
  • Initial Version: 2.2.1
  • Final Version: 3.0.0
  • Notes:
    • from 3.0.0 - Increased minimum Google Provider version to 4.51
• Change Log: https://github.com/terraform-google-modules/terraform-google-cloud-nat/blob/master/CHANGELOG.md

As part of updating the modules we are also going to set

  user_deletion_policy     = "ABANDON"
  database_deletion_policy = "ABANDON"

When creating a postgres instances so we will no longer be blocked by pgadmin & the SharedServices database when trying to delete the Postgres resource. Fixes https://github.com/sassoftware/viya4-iac-gcp/issues/47

Tests

See internal ticket for additional details and security report.

Scenario	Provider	commit	kubernetes_version	Deployment Method	Order	Cadance	Notes
1	GCP	6ec6b01	1.26 (v1.26.3-gke.1000)	Docker	**	fast:2020	external postgres
2	GCP	d18955d	1.25 (v1.25.9-gke.400)	Docker	**	fast:2020	external postgres, rebase retest & verify jump user-data
3	GCP	6186aaf	1.25 (v1.25.9-gke.400)	Docker	**	fast:2020	external postgres verify updated DB deletion, enable_cluster_autoscaling verify auto-provisioning values,  create_nfs_public_ip verify user-data
4	GCP	6186aaf	1.26 (v1.26.4-gke.500)	Docker	**	fast:2020	internal postgres
5	GCP	fc09007	1.26 (v1.26.4-gke.500)	Docker	**	fast:2020	external postgres
6	GCP	5eb5078	1.26 (v1.26.4-gke.500)	Docker	**	fast:2020	external postgres