From dae6d09495b063374067e29171b6b1467357af23 Mon Sep 17 00:00:00 2001
From: Steve Steiner <ssteiner@paloaltonetworks.com>
Date: Thu, 15 Aug 2024 13:27:36 -0400
Subject: [PATCH 1/3] update gwlb deregistration behavior

Signed-off-by: Steve Steiner <ssteiner@paloaltonetworks.com>
---
 modules/gwlb/main.tf      |  5 +++++
 modules/gwlb/variables.tf | 12 ++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/modules/gwlb/main.tf b/modules/gwlb/main.tf
index 198494e..438a1d0 100644
--- a/modules/gwlb/main.tf
+++ b/modules/gwlb/main.tf
@@ -60,6 +60,11 @@ resource "aws_lb_target_group" "this" {
   #
   # tags = merge(var.global_tags, { Name = var.name }, var.lb_target_group_tags)
   tags = var.lb_target_group_tags
+  target_failover {
+    on_deregistration = var.on_deregistration
+    on_unhealthy = var.on_unhealthy
+  }
+  
 
   health_check {
     enabled             = var.health_check_enabled
diff --git a/modules/gwlb/variables.tf b/modules/gwlb/variables.tf
index 3469afd..c24356d 100644
--- a/modules/gwlb/variables.tf
+++ b/modules/gwlb/variables.tf
@@ -117,6 +117,18 @@ variable "unhealthy_threshold" {
   type        = number
 }
 
+variable "on_deregistration" {
+  description = "Indicates how the GWLB handles existing flows when a target is deregistered. Possible values are `rebalance` and `no_rebalance`. Must match the attribute value set for `on_unhealthy`. Default: `no_rebalance`"
+  default = "no_rebalance"
+  type = string
+}
+
+variable "on_unhealthy" {
+  description = "Indicates how the GWLB handles existing flows when a target is unhealthy. Possible values are `rebalance` and `no_rebalance`. Must match the attribute value set for `on_deregistration`. Default: `no_rebalance`"
+  default = "no_rebalance"
+  type = string
+}
+
 variable "stickiness_type" {
   description = <<-EOF
   If `stickiness_type` is `null`, then attribute `enabled` is set to `false` in stickiness configuration block,

From bc0a64136f552ec2a2e9bd17201441c6840170ee Mon Sep 17 00:00:00 2001
From: Steve Steiner <ssteiner@paloaltonetworks.com>
Date: Thu, 15 Aug 2024 14:01:47 -0400
Subject: [PATCH 2/3] precommit

Signed-off-by: Steve Steiner <ssteiner@paloaltonetworks.com>
---
 modules/gwlb/README.md    | 2 ++
 modules/gwlb/main.tf      | 4 ++--
 modules/gwlb/variables.tf | 8 ++++----
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/modules/gwlb/README.md b/modules/gwlb/README.md
index f24dabb..7fbd32a 100644
--- a/modules/gwlb/README.md
+++ b/modules/gwlb/README.md
@@ -68,6 +68,8 @@ No modules.
 | <a name="input_lb_tags"></a> [lb\_tags](#input\_lb\_tags) | Map of AWS tags to apply to the created Load Balancer object. These tags are applied after the `global_tags`. | `map(string)` | `{}` | no |
 | <a name="input_lb_target_group_tags"></a> [lb\_target\_group\_tags](#input\_lb\_target\_group\_tags) | Map of AWS tags to apply to the created GWLB Target Group. These tags are applied after the `global_tags`. | `map(string)` | `{}` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name of the created GWLB. Must be unique per AWS region per AWS account. | `string` | n/a | yes |
+| <a name="input_on_deregistration"></a> [on\_deregistration](#input\_on\_deregistration) | Indicates how the GWLB handles existing flows when a target is deregistered. Possible values are `rebalance` and `no_rebalance`. Must match the attribute value set for `on_unhealthy`. Default: `no_rebalance` | `string` | `"no_rebalance"` | no |
+| <a name="input_on_unhealthy"></a> [on\_unhealthy](#input\_on\_unhealthy) | Indicates how the GWLB handles existing flows when a target is unhealthy. Possible values are `rebalance` and `no_rebalance`. Must match the attribute value set for `on_deregistration`. Default: `no_rebalance` | `string` | `"no_rebalance"` | no |
 | <a name="input_stickiness_type"></a> [stickiness\_type](#input\_stickiness\_type) | If `stickiness_type` is `null`, then attribute `enabled` is set to `false` in stickiness configuration block,<br>value provided in `type` is ignored and by default the Gateway Load Balancer uses 5-tuple to maintain flow stickiness to a specific target appliance.<br>If `stickiness_type` is not `null`, then attribute `enabled` is set to `true` in stickiness configuration block<br>and the stickiness `type` can be then customized by using value:<br>- `source_ip_dest_ip_proto` for 3-tuple (Source IP, Destination IP and Transport Protocol)<br>- `source_ip_dest_ip` for 2-tuple (Source IP and Destination IP)<pre></pre> | `string` | `null` | no |
 | <a name="input_subnets"></a> [subnets](#input\_subnets) | Map of subnets where to create the GWLB. Each map's key is the availability zone name and each map's object has an attribute<br>`id` identifying AWS subnet.<br>Example for users of module `subnet_set`:<pre>subnets = module.subnet_set.subnets</pre>Example:<pre>subnets = {<br>  "us-east-1a" = { id = "snet-123007" }<br>  "us-east-1b" = { id = "snet-123008" }<br>}</pre> | <pre>map(object({<br>    id = string<br>  }))</pre> | n/a | yes |
 | <a name="input_target_instances"></a> [target\_instances](#input\_target\_instances) | Map of instances to attach to the GWLB Target Group. | <pre>map(object({<br>    id = string<br>  }))</pre> | `{}` | no |
diff --git a/modules/gwlb/main.tf b/modules/gwlb/main.tf
index 438a1d0..fdeef9c 100644
--- a/modules/gwlb/main.tf
+++ b/modules/gwlb/main.tf
@@ -62,9 +62,9 @@ resource "aws_lb_target_group" "this" {
   tags = var.lb_target_group_tags
   target_failover {
     on_deregistration = var.on_deregistration
-    on_unhealthy = var.on_unhealthy
+    on_unhealthy      = var.on_unhealthy
   }
-  
+
 
   health_check {
     enabled             = var.health_check_enabled
diff --git a/modules/gwlb/variables.tf b/modules/gwlb/variables.tf
index c24356d..44c613c 100644
--- a/modules/gwlb/variables.tf
+++ b/modules/gwlb/variables.tf
@@ -119,14 +119,14 @@ variable "unhealthy_threshold" {
 
 variable "on_deregistration" {
   description = "Indicates how the GWLB handles existing flows when a target is deregistered. Possible values are `rebalance` and `no_rebalance`. Must match the attribute value set for `on_unhealthy`. Default: `no_rebalance`"
-  default = "no_rebalance"
-  type = string
+  default     = "no_rebalance"
+  type        = string
 }
 
 variable "on_unhealthy" {
   description = "Indicates how the GWLB handles existing flows when a target is unhealthy. Possible values are `rebalance` and `no_rebalance`. Must match the attribute value set for `on_deregistration`. Default: `no_rebalance`"
-  default = "no_rebalance"
-  type = string
+  default     = "no_rebalance"
+  type        = string
 }
 
 variable "stickiness_type" {

From 740491603e868b0be277daa0a3d186931ba34cfa Mon Sep 17 00:00:00 2001
From: Steve Steiner <ssteiner@paloaltonetworks.com>
Date: Mon, 19 Aug 2024 10:26:09 -0400
Subject: [PATCH 3/3] Adding the ability to adjust the target deregistration
 behavior

Signed-off-by: Steve Steiner <ssteiner@paloaltonetworks.com>
---
 modules/gwlb/main.tf      |  1 +
 modules/gwlb/variables.tf | 12 ++++++++++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/modules/gwlb/main.tf b/modules/gwlb/main.tf
index fdeef9c..0dde693 100644
--- a/modules/gwlb/main.tf
+++ b/modules/gwlb/main.tf
@@ -60,6 +60,7 @@ resource "aws_lb_target_group" "this" {
   #
   # tags = merge(var.global_tags, { Name = var.name }, var.lb_target_group_tags)
   tags = var.lb_target_group_tags
+
   target_failover {
     on_deregistration = var.on_deregistration
     on_unhealthy      = var.on_unhealthy
diff --git a/modules/gwlb/variables.tf b/modules/gwlb/variables.tf
index 44c613c..16ce2cc 100644
--- a/modules/gwlb/variables.tf
+++ b/modules/gwlb/variables.tf
@@ -120,13 +120,21 @@ variable "unhealthy_threshold" {
 variable "on_deregistration" {
   description = "Indicates how the GWLB handles existing flows when a target is deregistered. Possible values are `rebalance` and `no_rebalance`. Must match the attribute value set for `on_unhealthy`. Default: `no_rebalance`"
   default     = "no_rebalance"
-  type        = string
+  validation {
+    condition     = var.on_unhealthy == var.on_deregistration
+    error_message = "Variable on_deregistration must be the same as variable on_unhealthy"
+  }
+  type = string
 }
 
 variable "on_unhealthy" {
   description = "Indicates how the GWLB handles existing flows when a target is unhealthy. Possible values are `rebalance` and `no_rebalance`. Must match the attribute value set for `on_deregistration`. Default: `no_rebalance`"
   default     = "no_rebalance"
-  type        = string
+  validation {
+    condition     = var.on_deregistration == var.on_unhealthy
+    error_message = "Variable on_unhealthy must be the same as variable on_deregistration"
+  }
+  type = string
 }
 
 variable "stickiness_type" {