diff --git a/azurerm/data_source_virtual_network_gateway.go b/azurerm/data_source_virtual_network_gateway.go
new file mode 100644
index 000000000000..64145c1f2f5f
--- /dev/null
+++ b/azurerm/data_source_virtual_network_gateway.go
@@ -0,0 +1,219 @@
+package azurerm
+
+import (
+ "fmt"
+
+ "github.com/hashicorp/terraform/helper/schema"
+ "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
+)
+
+func dataSourceArmVirtualNetworkGateway() *schema.Resource {
+ return &schema.Resource{
+ Read: dataSourceArmVirtualNetworkGatewayRead,
+
+ Schema: map[string]*schema.Schema{
+ "name": {
+ Type: schema.TypeString,
+ Required: true,
+ },
+
+ "resource_group_name": resourceGroupNameForDataSourceSchema(),
+
+ "location": locationForDataSourceSchema(),
+
+ "type": {
+ Type: schema.TypeString,
+ Computed: true,
+ },
+
+ "vpn_type": {
+ Type: schema.TypeString,
+ Computed: true,
+ },
+
+ "enable_bgp": {
+ Type: schema.TypeBool,
+ Computed: true,
+ },
+
+ "active_active": {
+ Type: schema.TypeBool,
+ Computed: true,
+ },
+
+ "sku": {
+ Type: schema.TypeString,
+ Computed: true,
+ },
+
+ "ip_configuration": {
+ Type: schema.TypeList,
+ Computed: true,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "name": {
+ Type: schema.TypeString,
+ Computed: true,
+ },
+ "private_ip_address_allocation": {
+ Type: schema.TypeString,
+ Computed: true,
+ },
+ "subnet_id": {
+ Type: schema.TypeString,
+ Computed: true,
+ },
+ "public_ip_address_id": {
+ Type: schema.TypeString,
+ Computed: true,
+ },
+ },
+ },
+ },
+
+ "vpn_client_configuration": {
+ Type: schema.TypeList,
+ Computed: true,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "address_space": {
+ Type: schema.TypeList,
+ Computed: true,
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ },
+ },
+ "root_certificate": {
+ Type: schema.TypeSet,
+ Computed: true,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "name": {
+ Type: schema.TypeString,
+ Computed: true,
+ },
+ "public_cert_data": {
+ Type: schema.TypeString,
+ Computed: true,
+ },
+ },
+ },
+ Set: hashVirtualNetworkGatewayRootCert,
+ },
+ "revoked_certificate": {
+ Type: schema.TypeSet,
+ Computed: true,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "name": {
+ Type: schema.TypeString,
+ Computed: true,
+ },
+ "thumbprint": {
+ Type: schema.TypeString,
+ Computed: true,
+ },
+ },
+ },
+ Set: hashVirtualNetworkGatewayRevokedCert,
+ },
+ },
+ },
+ },
+
+ "bgp_settings": {
+ Type: schema.TypeList,
+ Computed: true,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "asn": {
+ Type: schema.TypeInt,
+ Computed: true,
+ },
+ "peering_address": {
+ Type: schema.TypeString,
+ Computed: true,
+ },
+ "peer_weight": {
+ Type: schema.TypeInt,
+ Computed: true,
+ },
+ },
+ },
+ },
+
+ "default_local_network_gateway_id": {
+ Type: schema.TypeString,
+ Computed: true,
+ },
+
+ "tags": tagsForDataSourceSchema(),
+ },
+ }
+}
+
+func dataSourceArmVirtualNetworkGatewayRead(d *schema.ResourceData, meta interface{}) error {
+ client := meta.(*ArmClient).vnetGatewayClient
+ ctx := meta.(*ArmClient).StopContext
+
+ name := d.Get("name").(string)
+ resGroup := d.Get("resource_group_name").(string)
+
+ resp, err := client.Get(ctx, resGroup, name)
+ if err != nil {
+ if utils.ResponseWasNotFound(resp.Response) {
+ return fmt.Errorf("Virtual Network Gateway %q (Resource Group %q) was not found!", name, resGroup)
+ }
+
+ return fmt.Errorf("Error making Read request on AzureRM Virtual Network Gateway %q (Resource Group %q): %+v", name, resGroup, err)
+ }
+
+ d.SetId(*resp.ID)
+
+ d.Set("name", resp.Name)
+ d.Set("resource_group_name", resGroup)
+
+ if location := resp.Location; location != nil {
+ d.Set("location", azureRMNormalizeLocation(*location))
+ }
+
+ if resp.VirtualNetworkGatewayPropertiesFormat != nil {
+ gw := *resp.VirtualNetworkGatewayPropertiesFormat
+
+ d.Set("type", string(gw.GatewayType))
+ d.Set("enable_bgp", gw.EnableBgp)
+ d.Set("active_active", gw.ActiveActive)
+
+ if string(gw.VpnType) != "" {
+ d.Set("vpn_type", string(gw.VpnType))
+ }
+
+ if gw.GatewayDefaultSite != nil {
+ d.Set("default_local_network_gateway_id", gw.GatewayDefaultSite.ID)
+ }
+
+ if gw.Sku != nil {
+ d.Set("sku", string(gw.Sku.Name))
+ }
+
+ d.Set("ip_configuration", flattenArmVirtualNetworkGatewayIPConfigurations(gw.IPConfigurations))
+
+ if gw.VpnClientConfiguration != nil {
+ vpnConfigFlat := flattenArmVirtualNetworkGatewayVpnClientConfig(gw.VpnClientConfiguration)
+ if err := d.Set("vpn_client_configuration", vpnConfigFlat); err != nil {
+ return fmt.Errorf("Error setting `vpn_client_configuration`: %+v", err)
+ }
+ }
+
+ if gw.BgpSettings != nil {
+ bgpSettingsFlat := flattenArmVirtualNetworkGatewayBgpSettings(gw.BgpSettings)
+ if err := d.Set("bgp_settings", bgpSettingsFlat); err != nil {
+ return fmt.Errorf("Error setting `bgp_settings`: %+v", err)
+ }
+ }
+ }
+
+ flattenAndSetTags(d, resp.Tags)
+
+ return nil
+}
diff --git a/azurerm/data_source_virtual_network_gateway_test.go b/azurerm/data_source_virtual_network_gateway_test.go
new file mode 100644
index 000000000000..b930d359cfbe
--- /dev/null
+++ b/azurerm/data_source_virtual_network_gateway_test.go
@@ -0,0 +1,79 @@
+package azurerm
+
+import (
+ "fmt"
+ "testing"
+
+ "github.com/hashicorp/terraform/helper/acctest"
+ "github.com/hashicorp/terraform/helper/resource"
+)
+
+func TestAccAzureRMDataSourceVirtualNetworkGateway_basic(t *testing.T) {
+ ri := acctest.RandInt()
+ config := testAccAzureRMDataSourceVirtualNetworkGateway_basic(ri, testLocation())
+
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() { testAccPreCheck(t) },
+ Providers: testAccProviders,
+ CheckDestroy: testCheckAzureRMVirtualNetworkGatewayDestroy,
+ Steps: []resource.TestStep{
+ {
+ Config: config,
+ Check: resource.ComposeTestCheckFunc(
+ testCheckAzureRMVirtualNetworkGatewayExists("data.azurerm_virtual_network_gateway.test"),
+ ),
+ },
+ },
+ })
+}
+
+func testAccAzureRMDataSourceVirtualNetworkGateway_basic(rInt int, location string) string {
+ return fmt.Sprintf(`
+resource "azurerm_resource_group" "test" {
+ name = "acctestRG-%d"
+ location = "%s"
+}
+
+resource "azurerm_virtual_network" "test" {
+ name = "acctestvn-%d"
+ location = "${azurerm_resource_group.test.location}"
+ resource_group_name = "${azurerm_resource_group.test.name}"
+ address_space = ["10.0.0.0/16"]
+}
+
+resource "azurerm_subnet" "test" {
+ name = "GatewaySubnet"
+ resource_group_name = "${azurerm_resource_group.test.name}"
+ virtual_network_name = "${azurerm_virtual_network.test.name}"
+ address_prefix = "10.0.1.0/24"
+}
+
+resource "azurerm_public_ip" "test" {
+ name = "acctestpip-%d"
+ location = "${azurerm_resource_group.test.location}"
+ resource_group_name = "${azurerm_resource_group.test.name}"
+ public_ip_address_allocation = "Dynamic"
+}
+
+resource "azurerm_virtual_network_gateway" "test" {
+ name = "acctestvng-%d"
+ location = "${azurerm_resource_group.test.location}"
+ resource_group_name = "${azurerm_resource_group.test.name}"
+
+ type = "Vpn"
+ vpn_type = "RouteBased"
+ sku = "Basic"
+
+ ip_configuration {
+ public_ip_address_id = "${azurerm_public_ip.test.id}"
+ private_ip_address_allocation = "Dynamic"
+ subnet_id = "${azurerm_subnet.test.id}"
+ }
+}
+
+data "azurerm_virtual_network_gateway" "test" {
+ name = "${azurerm_virtual_network_gateway.test.name}"
+ resource_group_name = "${azurerm_virtual_network_gateway.test.resource_group_name}"
+}
+`, rInt, location, rInt, rInt, rInt)
+}
diff --git a/azurerm/provider.go b/azurerm/provider.go
index c3a86303384b..7529e6e6b0e6 100644
--- a/azurerm/provider.go
+++ b/azurerm/provider.go
@@ -83,6 +83,7 @@ func Provider() terraform.ResourceProvider {
"azurerm_subnet": dataSourceArmSubnet(),
"azurerm_subscription": dataSourceArmSubscription(),
"azurerm_virtual_network": dataSourceArmVirtualNetwork(),
+ "azurerm_virtual_network_gateway": dataSourceArmVirtualNetworkGateway(),
},
ResourcesMap: map[string]*schema.Resource{
diff --git a/website/azurerm.erb b/website/azurerm.erb
index dc5415355a19..77b1aab2e6ec 100644
--- a/website/azurerm.erb
+++ b/website/azurerm.erb
@@ -79,10 +79,14 @@
azurerm_subscription
- >
+ >
azurerm_virtual_network
+ >
+ azurerm_virtual_network_gateway
+
+
diff --git a/website/docs/d/virtual_network.html.markdown b/website/docs/d/virtual_network.html.markdown
index 52839c398dfd..d586df977976 100644
--- a/website/docs/d/virtual_network.html.markdown
+++ b/website/docs/d/virtual_network.html.markdown
@@ -1,7 +1,7 @@
---
layout: "azurerm"
page_title: "Azure Resource Manager: azurerm_virtual_network"
-sidebar_current: "docs-azurerm-datasource-virtual-network"
+sidebar_current: "docs-azurerm-datasource-virtual-network-x"
description: |-
Get information about the specified Virtual Network.
---
diff --git a/website/docs/d/virtual_network_gateway.html.markdown b/website/docs/d/virtual_network_gateway.html.markdown
new file mode 100644
index 000000000000..501bc42e7b3d
--- /dev/null
+++ b/website/docs/d/virtual_network_gateway.html.markdown
@@ -0,0 +1,110 @@
+---
+layout: "azurerm"
+page_title: "Azure Resource Manager: azurerm_virtual_network_gateway"
+sidebar_current: "docs-azurerm-datasource-virtual-network-x"
+description: |-
+ Get information about the specified Virtual Network Gateway.
+---
+
+# Data Source: azurerm_virtual_network_gateway
+
+Use this data source to access the properties of an Azure Virtual Network Gateway.
+
+## Example Usage
+
+```hcl
+data "azurerm_virtual_network_gateway" "test" {
+ name = "production"
+ resource_group_name = "networking"
+}
+
+output "virtual_network_gateway_id" {
+ value = "${data.azurerm_virtual_network_gateway.test.id}"
+}
+```
+
+## Argument Reference
+
+* `name` - (Required) Specifies the name of the Virtual Network Gateway.
+* `resource_group_name` - (Required) Specifies the name of the resource group the Virtual Network Gateway is located in.
+
+## Attributes Reference
+
+* `id` - The ID of the Virtual Network Gateway.
+
+* `location` - The location/region where the Virtual Network Gateway is located.
+
+* `type` - The type of the Virtual Network Gateway.
+
+* `vpn_type` - The routing type of the Virtual Network Gateway.
+
+* `enable_bgp` - Will BGP (Border Gateway Protocol) will be enabled
+ for this Virtual Network Gateway.
+
+* `active_active` - (Optional) Is this an Active-Active Gateway?
+
+* `default_local_network_gateway_id` - The ID of the local network gateway
+ through which outbound Internet traffic from the virtual network in which the
+ gateway is created will be routed (*forced tunneling*). Refer to the
+ [Azure documentation on forced tunneling](https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-forced-tunneling-rm).
+
+* `sku` - Configuration of the size and capacity of the Virtual Network Gateway.
+
+* `ip_configuration` - One or two `ip_configuration` blocks documented below.
+
+* `vpn_client_configuration` - A `vpn_client_configuration` block which is documented below.
+
+* `tags` - A mapping of tags to assign to the resource.
+
+The `ip_configuration` block supports:
+
+* `name` - A user-defined name of the IP configuration.
+
+* `private_ip_address_allocation` - Defines how the private IP address
+ of the gateways virtual interface is assigned.
+
+* `subnet_id` - The ID of the gateway subnet of a virtual network in
+ which the virtual network gateway will be created. It is mandatory that
+ the associated subnet is named `GatewaySubnet`. Therefore, each virtual
+ network can contain at most a single Virtual Network Gateway.
+
+* `public_ip_address_id` - The ID of the Public IP Address associated
+ with the Virtual Network Gateway.
+
+The `vpn_client_configuration` block supports:
+
+* `address_space` - The address space out of which ip addresses for
+ vpn clients will be taken. You can provide more than one address space, e.g.
+ in CIDR notation.
+
+* `root_certificate` - One or more `root_certificate` blocks which are
+ defined below. These root certificates are used to sign the client certificate
+ used by the VPN clients to connect to the gateway.
+
+* `revoked_certificate` - One or more `revoked_certificate` blocks which
+ are defined below.
+
+The `bgp_settings` block supports:
+
+* `asn` - The Autonomous System Number (ASN) to use as part of the BGP.
+
+* `peering_address` - The BGP peer IP address of the virtual network
+ gateway. This address is needed to configure the created gateway as a BGP Peer
+ on the on-premises VPN devices.
+
+* `peer_weight` - The weight added to routes which have been learned
+ through BGP peering.
+
+The `root_certificate` block supports:
+
+* `name` - The user-defined name of the root certificate.
+
+* `public_cert_data` - The public certificate of the root certificate
+ authority. The certificate must be provided in Base-64 encoded X.509 format
+ (PEM).
+
+The `root_revoked_certificate` block supports:
+
+* `name` - The user-defined name of the revoked certificate.
+
+* `public_cert_data` - The SHA1 thumbprint of the certificate to be revoked.