PaloAltoNetworks · ntwrkguru · Aug 27, 2024 · Aug 29, 2024 · Aug 15, 2024 · Aug 15, 2024
@@ -20,7 +20,7 @@ repos:
           --args=--only=terraform_workspace_remote,
         ]
   - repo: https://github.com/bridgecrewio/checkov.git
-    rev: '3.2.159'
+    rev: '3.2.217'
     hooks:
     - id: checkov
       verbose: true

@@ -26,6 +26,9 @@ func CreateTerraformOptions(t *testing.T, varFiles []string) *terraform.Options
 		SetVarsAfterVarFiles: true,
 	})
 
+	terraformOptions.RetryableTerraformErrors[".*The specified key does not exist.*"] = "Solution for problem with listing tags for S3 - HTTPS response error 404 returned while getting S3 object tags"
+	terraformOptions.RetryableTerraformErrors[".*couldn't find resource.*"] = "Solution for problem with reading objects from S3 - couldn't find resource while reading S3 object"
+
 	return terraformOptions
 }
 

@@ -68,8 +68,7 @@ No modules.
 | <a name="input_lb_tags"></a> [lb\_tags](#input\_lb\_tags) | Map of AWS tags to apply to the created Load Balancer object. These tags are applied after the `global_tags`. | `map(string)` | `{}` | no |
 | <a name="input_lb_target_group_tags"></a> [lb\_target\_group\_tags](#input\_lb\_target\_group\_tags) | Map of AWS tags to apply to the created GWLB Target Group. These tags are applied after the `global_tags`. | `map(string)` | `{}` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name of the created GWLB. Must be unique per AWS region per AWS account. | `string` | n/a | yes |
-| <a name="input_on_deregistration"></a> [on\_deregistration](#input\_on\_deregistration) | Indicates how the GWLB handles existing flows when a target is deregistered. Possible values are `rebalance` and `no_rebalance`. Must match the attribute value set for `on_unhealthy`. Default: `no_rebalance` | `string` | `"no_rebalance"` | no |
-| <a name="input_on_unhealthy"></a> [on\_unhealthy](#input\_on\_unhealthy) | Indicates how the GWLB handles existing flows when a target is unhealthy. Possible values are `rebalance` and `no_rebalance`. Must match the attribute value set for `on_deregistration`. Default: `no_rebalance` | `string` | `"no_rebalance"` | no |
+| <a name="input_rebalance_flows"></a> [rebalance\_flows](#input\_rebalance\_flows) | Indicates how the GWLB handles existing flows when a target is deregistered. True is equivalent to `rebalance` and false to `no_rebalance`. | `bool` | `false` | no |
 | <a name="input_stickiness_type"></a> [stickiness\_type](#input\_stickiness\_type) | If `stickiness_type` is `null`, then attribute `enabled` is set to `false` in stickiness configuration block,<br>value provided in `type` is ignored and by default the Gateway Load Balancer uses 5-tuple to maintain flow stickiness to a specific target appliance.<br>If `stickiness_type` is not `null`, then attribute `enabled` is set to `true` in stickiness configuration block<br>and the stickiness `type` can be then customized by using value:<br>- `source_ip_dest_ip_proto` for 3-tuple (Source IP, Destination IP and Transport Protocol)<br>- `source_ip_dest_ip` for 2-tuple (Source IP and Destination IP)<pre></pre> | `string` | `null` | no |
 | <a name="input_subnets"></a> [subnets](#input\_subnets) | Map of subnets where to create the GWLB. Each map's key is the availability zone name and each map's object has an attribute<br>`id` identifying AWS subnet.<br>Example for users of module `subnet_set`:<pre>subnets = module.subnet_set.subnets</pre>Example:<pre>subnets = {<br>  "us-east-1a" = { id = "snet-123007" }<br>  "us-east-1b" = { id = "snet-123008" }<br>}</pre> | <pre>map(object({<br>    id = string<br>  }))</pre> | n/a | yes |
 | <a name="input_target_instances"></a> [target\_instances](#input\_target\_instances) | Map of instances to attach to the GWLB Target Group. | <pre>map(object({<br>    id = string<br>  }))</pre> | `{}` | no |

@@ -62,8 +62,8 @@ resource "aws_lb_target_group" "this" {
   tags = var.lb_target_group_tags
 
   target_failover {
-    on_deregistration = var.on_deregistration
-    on_unhealthy      = var.on_unhealthy
+    on_deregistration = var.rebalance_flows
+    on_unhealthy      = var.rebalance_flows
   }
 
 

@@ -117,24 +117,10 @@ variable "unhealthy_threshold" {
   type        = number
 }
 
-variable "on_deregistration" {
-  description = "Indicates how the GWLB handles existing flows when a target is deregistered. Possible values are `rebalance` and `no_rebalance`. Must match the attribute value set for `on_unhealthy`. Default: `no_rebalance`"
-  default     = "no_rebalance"
-  validation {
-    condition     = var.on_unhealthy == var.on_deregistration
-    error_message = "Variable on_deregistration must be the same as variable on_unhealthy"
-  }
-  type = string
-}
-
-variable "on_unhealthy" {
-  description = "Indicates how the GWLB handles existing flows when a target is unhealthy. Possible values are `rebalance` and `no_rebalance`. Must match the attribute value set for `on_deregistration`. Default: `no_rebalance`"
-  default     = "no_rebalance"
-  validation {
-    condition     = var.on_deregistration == var.on_unhealthy
-    error_message = "Variable on_unhealthy must be the same as variable on_deregistration"
-  }
-  type = string
+variable "rebalance_flows" {
+  description = "Indicates how the GWLB handles existing flows when a target is deregistered. True is equivalent to `rebalance` and false to `no_rebalance`."
+  default     = false
+  type        = bool
 }
 
 variable "stickiness_type" {