feat: (IAC-1312) Update Dependencies to Resolve Security Warnings

[jarpat]

Changes

Updates 3rd party dependencies in this project to resolve security findings from our scanning tool. Consumers of the Dockerfile will automatically have these updated dependencies installed, and users who directly run this project on this host will need to update the dependencies themselves. A note in the release notes will be made about this.

Version Updates

Here is a summary of version updates as well as code changes that needed to be made as result of the update.

Binaries

• Terraform 1.4.5 -> 1.7.0
• gcloud CLI 440.0.0 -> 460.0.0

Providers

hashicorp/google & hashicorp/google-beta

• Versions:
  • Initial Version: 4.63.1
  • Final Version: 5.12.0
    • Notes:
      • Required as of hashicorp/google v5.12.0 when using google_service_networking_connection in conjunction with CloudSQL instances in order to cleanly delete resources we need to set deletion_policy = "ABANDON"
      • https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_networking_connection
• Change Log: https://github.com/hashicorp/terraform-provider-google/blob/main/CHANGELOG.md

hashicorp/kubernetes

• Versions:
  • Initial Version: 2.20.0
  • Final Version: ~> 2.25.2
    • Notes:
      • No notable breaking changes or deprecations observed that would affect us, mostly the addition of new features.
• Change Log: https://github.com/hashicorp/terraform-provider-kubernetes/blob/main/CHANGELOG.md

hashicorp/null

• Versions:
  • Initial Version: 3.2.1
  • Final Version: ~> 3.2.2
    • Notes:
      • No notable breaking changes or deprecations observed that would affect us
• Change Log: https://github.com/hashicorp/terraform-provider-null/blob/main/CHANGELOG.md

hashicorp/random

• Versions:
  • Initial Version: 3.5.1
  • Final Version: ~> 3.6.0
    • Notes:
      • No notable breaking changes or deprecations observed that would affect us
• Change Log: https://github.com/hashicorp/terraform-provider-random/blob/main/CHANGELOG.md

hashicorp/local

• Versions:
  • Initial Version: 2.4.0
  • Final Version: ~> 2.4.1
    • Notes:
      • No notable breaking changes or deprecations observed that would affect us
• Change Log: https://github.com/hashicorp/terraform-provider-local/blob/main/CHANGELOG.md

hashicorp/external

• Versions:
  • Initial Version: 2.3.1
  • Final Version: ~> 2.3.2
    • Notes:
      • No notable breaking changes or deprecations observed that would affect us
• Change Log: https://github.com/hashicorp/terraform-provider-external/blob/main/CHANGELOG.md

hashicorp/time

• Versions:
  • Initial Version: 0.9.1
  • Final Version: ~> 0.10.0
    • Notes:
      • No notable breaking changes or deprecations observed that would affect us
• Change Log: https://github.com/hashicorp/terraform-provider-time/blob/main/CHANGELOG.md

Modules

terraform-google-modules/kubernetes-engine/google//modules/private-cluster

• Versions:
  • Initial Version: 25.0.0
  • Final Version: ~> 29.0.0
    • Notes:
      • New version needs TPGv5
      • A new variable deletion_protection is set to true by default, need to set this to false so that we can destroy the cluster.
• Change Log: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/blob/master/CHANGELOG.md
• Upgrade Notes v26: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/blob/master/docs/upgrading_to_v26.0.md
• Upgrade Notes v29: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/blob/master/docs/upgrading_to_v29.0.md

GoogleCloudPlatform/sql-db/google//modules/postgresql

• Versions:
  • Initial Version: 15.0.0
  • Final Version: ~> 18.2.0
    • Notes:
      • No notable breaking changes or deprecations observed that would affect us. New version needs TPG >= v4.80
• Change Log: https://github.com/terraform-google-modules/terraform-google-sql-db/blob/v18.2.0/CHANGELOG.md
• Upgrade Notes v17: https://github.com/terraform-google-modules/terraform-google-sql-db/blob/master/docs/upgrading_to_sql_db_17.0.0.md

terraform-google-modules/service-accounts/google

• Versions:
  • Initial Version: 4.2.1
  • Final Version: ~> 4.2.2
    • Notes:
      • No notable breaking changes or deprecations observed that would affect us. New version needs TPGv5
• Change Log: https://github.com/terraform-google-modules/terraform-google-service-accounts/blob/master/CHANGELOG.md

terraform-google-modules/address/google

• Versions:
  • Initial Version: 3.1.2
  • Final Version: ~> 3.2.0
    • Notes:
      • No notable breaking changes or deprecations observed that would affect us. New version needs TPGv5
• Change Log: https://github.com/terraform-google-modules/terraform-google-address/blob/master/CHANGELOG.md

terraform-google-modules/cloud-nat/google

• Versions:
  • Initial Version: 3.0.0
  • Final Version: ~> 5.0.0
    • Notes:
      • New version needs TPGv5
      • enable_endpoint_independent_mapping now defaults to false, explicitly setting it to true to retain previous behavior.
• Change Log: https://github.com/terraform-google-modules/terraform-google-cloud-nat/blob/master/CHANGELOG.md
• Upgrade Notes: https://github.com/terraform-google-modules/terraform-google-cloud-nat/blob/master/docs/upgrading_to_v5.0.md

Note: Although the versions have been bumped up, there are no breaking changes. A user could still modify their infrastructure they created with viya4-iac-gcp:5.0.0 with this latest release provided that they update their deps with terraform init -upgrade (a note will be included in the release notes)

Tests

Scenario	Provider	kubernetes_version	order	cadence	notes
1	GCP	v1.27.9-gke.1092000	******	fast:2020	OOTB deployment
2	GCP	v1.27.9-gke.1092000	N/A	N/A	Initial infra create with 5.0.0 and modification with PR code
3	GCP	v1.27.9-gke.1092000	******	fast:2020	Initial infra create with 5.0.0 and Viya deployment, stop Viya deployment, node adjustment with PR code, and resume Viya deployment

[thpang]

Looking for information on my comment.

[thpang]

LGTM - IAC/DAC team should discuss version standards across providers