From 89779c0d0e4c68d35b060fe546eac660543b3ded Mon Sep 17 00:00:00 2001
From: Ben Swenka <bswenka@gmail.com>
Date: Fri, 9 Feb 2024 04:41:14 -0600
Subject: [PATCH] Bswenka/psc glb and armor subnet fix (#2058)

* Updated ilb-subnetwork issue

* Fixed Terraform formatting issue

* Fixing merge issue

* Fixing merge issue in producer.tf

* Fixed linting issues

---------

Co-authored-by: Julio Castillo <jccb@google.com>
---
 .../networking/psc-glb-and-armor/README.md    |  2 +-
 .../networking/psc-glb-and-armor/producer.tf  | 22 ++++++++++++++-----
 2 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/blueprints/networking/psc-glb-and-armor/README.md b/blueprints/networking/psc-glb-and-armor/README.md
index 785dc008..a0af8850 100644
--- a/blueprints/networking/psc-glb-and-armor/README.md
+++ b/blueprints/networking/psc-glb-and-armor/README.md
@@ -123,5 +123,5 @@ module "psc-glb-and-armor-test" {
   consumer_project_id = "project-1"
   producer_project_id = "project-2"
 }
-# tftest modules=3 resources=31
+# tftest modules=3 resources=32
 ```
diff --git a/blueprints/networking/psc-glb-and-armor/producer.tf b/blueprints/networking/psc-glb-and-armor/producer.tf
index 5755aff1..0297bec1 100644
--- a/blueprints/networking/psc-glb-and-armor/producer.tf
+++ b/blueprints/networking/psc-glb-and-armor/producer.tf
@@ -71,10 +71,10 @@ resource "google_compute_region_network_endpoint_group" "neg" {
 }
 
 resource "google_compute_forwarding_rule" "psc_ilb_target_service" {
-  name    = "producer-forwarding-rule"
-  region  = var.region
-  project = module.producer_project.project_id
-
+  name                  = "producer-forwarding-rule"
+  region                = var.region
+  project               = module.producer_project.project_id
+  depends_on            = [google_compute_subnetwork.proxy_subnet]
   load_balancing_scheme = "INTERNAL_MANAGED"
   port_range            = "443"
   allow_global_access   = true
@@ -156,11 +156,21 @@ resource "google_compute_subnetwork" "ilb_subnetwork" {
   project = module.producer_project.project_id
 
   network       = google_compute_network.psc_ilb_network.id
-  ip_cidr_range = "10.0.0.0/16"
-  purpose       = "INTERNAL_HTTPS_LOAD_BALANCER"
+  ip_cidr_range = "10.0.0.0/24"
   role          = "ACTIVE"
 }
 
+resource "google_compute_subnetwork" "proxy_subnet" {
+  name          = "l7-ilb-proxy-subnet"
+  provider      = google-beta
+  ip_cidr_range = "10.0.1.0/24"
+  region        = var.region
+  project       = module.producer_project.project_id
+  purpose       = "REGIONAL_MANAGED_PROXY"
+  role          = "ACTIVE"
+  network       = google_compute_network.psc_ilb_network.id
+}
+
 resource "google_compute_subnetwork" "psc_private_subnetwork" {
   name    = "psc-private-subnetwork"
   region  = var.region