From 8272694360b7eefa8e3f5efafa64c72c731897ef Mon Sep 17 00:00:00 2001
From: Simone Ruffilli <sruffilli@google.com>
Date: Fri, 4 Feb 2022 07:42:56 +0100
Subject: [PATCH] 02-net-nva: README.md updates

---
 fast/README.md                      |  4 ++--
 fast/stages/00-bootstrap/README.md  |  8 ++++++--
 fast/stages/00-bootstrap/outputs.tf |  6 ++++++
 fast/stages/01-resman/outputs.tf    | 19 ++++++++++++++-----
 fast/stages/README.md               |  4 ++--
 5 files changed, 30 insertions(+), 11 deletions(-)

diff --git a/fast/README.md b/fast/README.md
index be35c36a..7108c04a 100644
--- a/fast/README.md
+++ b/fast/README.md
@@ -47,8 +47,8 @@ As mentioned before, fast relies on multiple stages to progressively bring up yo
 
 - [Security](stages/02-security/README.md)<br/>
   Manages centralized security configurations in a separate stage, typically owned by the security team. This stage implements VPC Security Controls via separate perimeters for environments and central services, and creates projects to host centralized KMS keys used by the whole organization. It's intentionally easy to extend to include other security-related resources, like Secret Manager.
-- [Networking](stages/02-networking/README.md)<br/>
-  Manages centralized network resources in a separate stage, and is typically owned by the networking team. This stage implements a hub-and-spoke design, includes connectivity via VPN to on-premises, and YAML-based factories for firewall rules (hierarchical and VPC-level) and subnets.
+- Networking ([VPN](02-networking/README.md)/[NVA](02-networking-nva/README.md))  
+  Manages centralized network resources in a separate stage, and is typically owned by the networking team. This stage implements a hub-and-spoke design, and includes connectivity via VPN to on-premises, and YAML-based factories for firewall rules (hierarchical and VPC-level) and subnets. It's currently available in two versions: [spokes connected via VPN](02-networking/README.md), [and spokes connected via appliances](02-networking-nva/README.md).
 
 ### Environment-level resources (03)
 
diff --git a/fast/stages/00-bootstrap/README.md b/fast/stages/00-bootstrap/README.md
index 994d67a9..06ee9986 100644
--- a/fast/stages/00-bootstrap/README.md
+++ b/fast/stages/00-bootstrap/README.md
@@ -177,11 +177,15 @@ Below is the outline of the output files generated by this stage:
 │   ├── providers.tf
 │   ├── terraform-bootstrap.auto.tfvars.json
 ├── 02-networking
-│   ├── providers.tf
+│   ├── terraform-bootstrap.auto.tfvars.json
+├── 02-networking-nva
 │   ├── terraform-bootstrap.auto.tfvars.json
 ├── 02-security
-│   ├── providers.tf
 │   ├── terraform-bootstrap.auto.tfvars.json
+├── 03-gke-multitenant-dev
+│   └── terraform-bootstrap.auto.tfvars.json
+├── 03-gke-multitenant-prod
+│   └── terraform-bootstrap.auto.tfvars.json
 ├── 03-project-factory-dev
 │   └── terraform-bootstrap.auto.tfvars.json
 ├── 03-project-factory-prod
diff --git a/fast/stages/00-bootstrap/outputs.tf b/fast/stages/00-bootstrap/outputs.tf
index 8912fb87..d07fdf19 100644
--- a/fast/stages/00-bootstrap/outputs.tf
+++ b/fast/stages/00-bootstrap/outputs.tf
@@ -42,6 +42,12 @@ locals {
       organization       = var.organization
       prefix             = var.prefix
     })
+    "02-networking-nva" = jsonencode({
+      billing_account_id = var.billing_account.id
+      custom_roles       = module.organization.custom_role_id
+      organization       = var.organization
+      prefix             = var.prefix
+    })
     "02-security" = jsonencode({
       billing_account_id = var.billing_account.id
       organization       = var.organization
diff --git a/fast/stages/01-resman/outputs.tf b/fast/stages/01-resman/outputs.tf
index 67fce0bc..9edaf64f 100644
--- a/fast/stages/01-resman/outputs.tf
+++ b/fast/stages/01-resman/outputs.tf
@@ -25,16 +25,16 @@ locals {
       name   = "networking"
       sa     = module.branch-network-sa.email
     })
+    "02-networking-nva" = templatefile("${path.module}/../../assets/templates/providers.tpl", {
+      bucket = module.branch-network-gcs.name
+      name   = "networking-nva"
+      sa     = module.branch-network-sa.email
+    })
     "02-security" = templatefile("${path.module}/../../assets/templates/providers.tpl", {
       bucket = module.branch-security-gcs.name
       name   = "security"
       sa     = module.branch-security-sa.email
     })
-    "99-sandbox" = templatefile("${path.module}/../../assets/templates/providers.tpl", {
-      bucket = module.branch-sandbox-gcs.name
-      name   = "sandbox"
-      sa     = module.branch-sandbox-sa.email
-    })
     "03-project-factory-dev" = templatefile("${path.module}/../../assets/templates/providers.tpl", {
       bucket = module.branch-teams-dev-projectfactory-gcs.name
       name   = "team-dev"
@@ -45,12 +45,21 @@ locals {
       name   = "team-prod"
       sa     = module.branch-teams-prod-projectfactory-sa.email
     })
+    "99-sandbox" = templatefile("${path.module}/../../assets/templates/providers.tpl", {
+      bucket = module.branch-sandbox-gcs.name
+      name   = "sandbox"
+      sa     = module.branch-sandbox-sa.email
+    })
   }
   tfvars = {
     "02-networking" = jsonencode({
       folder_id          = module.branch-network-folder.id
       project_factory_sa = local._project_factory_sas
     })
+    "02-networkin-nva" = jsonencode({
+      folder_id          = module.branch-network-folder.id
+      project_factory_sa = local._project_factory_sas
+    })
     "02-security" = jsonencode({
       folder_id = module.branch-security-folder.id
       kms_restricted_admins = {
diff --git a/fast/stages/README.md b/fast/stages/README.md
index df9d5bef..1c5a8144 100644
--- a/fast/stages/README.md
+++ b/fast/stages/README.md
@@ -17,8 +17,8 @@ Refer to each stage's documentation for a detailed description of its purpose, t
 
 - [Security](02-security/README.md)  
   Manages centralized security configurations in a separate stage, and is typically owned by the security team. This stage implements VPC Security Controls via separate perimeters for environments and central services, and creates projects to host centralized KMS keys used by the whole organization. It's meant to be easily extended to include other security-related resources which are required, like Secret Manager.
-- [Networking](02-networking/README.md)  
-  Manages centralized network resources in a separate stage, and is typically owned by the networking team. This stage implements a hub-and-spoke design, and includes connectivity via VPN to on-premises, and YAML-based factories for firewall rules (hierarchical and VPC-level) and subnets.
+- Networking ([VPN](02-networking/README.md)/[NVA](02-networking-nva/README.md))  
+  Manages centralized network resources in a separate stage, and is typically owned by the networking team. This stage implements a hub-and-spoke design, and includes connectivity via VPN to on-premises, and YAML-based factories for firewall rules (hierarchical and VPC-level) and subnets. It's currently available in two versions: [spokes connected via VPN](02-networking/README.md), [and spokes connected via appliances](02-networking-nva/README.md).
 
 ## Environment-level resources (03)