hashicorp · tombuildsstuff · Dec 18, 2019 · Dec 17, 2019 · Dec 17, 2019 · Dec 17, 2019
diff --git a/azurerm/data_source_virtual_network_gateway.go b/azurerm/data_source_virtual_network_gateway.go
@@ -57,6 +57,11 @@ func dataSourceArmVirtualNetworkGateway() *schema.Resource {
 				Computed: true,
 			},
 
+			"generation": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
 			"ip_configuration": {
 				Type:     schema.TypeList,
 				Computed: true,
@@ -224,6 +229,10 @@ func dataSourceArmVirtualNetworkGatewayRead(d *schema.ResourceData, meta interfa
 			d.Set("vpn_type", string(gw.VpnType))
 		}
 
+		if string(gw.VpnGatewayGeneration) != "" {
+			d.Set("generation", string(gw.VpnGatewayGeneration))
+		}
+
 		if gw.GatewayDefaultSite != nil {
 			d.Set("default_local_network_gateway_id", gw.GatewayDefaultSite.ID)
 		}

diff --git a/azurerm/resource_arm_virtual_network_gateway.go b/azurerm/resource_arm_virtual_network_gateway.go
@@ -102,6 +102,19 @@ func resourceArmVirtualNetworkGateway() *schema.Resource {
 				),
 			},
 
+			"generation": {
+				Type:     schema.TypeString,
+				Default:  network.VpnGatewayGenerationGeneration1,
+				Optional: true,
+				ForceNew: true,
+				ValidateFunc: validation.StringInSlice([]string{
+					string(network.VpnGatewayGenerationGeneration1),
+					string(network.VpnGatewayGenerationGeneration2),
+					string(network.VpnGatewayGenerationNone),
+				}, false),
+				DiffSuppressFunc: suppress.CaseDifference,
+			},
+
 			"ip_configuration": {
 				Type:     schema.TypeList,
 				Required: true,
@@ -369,6 +382,10 @@ func resourceArmVirtualNetworkGatewayRead(d *schema.ResourceData, meta interface
 			d.Set("vpn_type", string(gw.VpnType))
 		}
 
+		if string(gw.VpnGatewayGeneration) != "" {
+			d.Set("generation", string(gw.VpnGatewayGeneration))
+		}
+
 		if gw.GatewayDefaultSite != nil {
 			d.Set("default_local_network_gateway_id", gw.GatewayDefaultSite.ID)
 		}
@@ -420,14 +437,16 @@ func getArmVirtualNetworkGatewayProperties(d *schema.ResourceData) (*network.Vir
 	vpnType := network.VpnType(d.Get("vpn_type").(string))
 	enableBgp := d.Get("enable_bgp").(bool)
 	activeActive := d.Get("active_active").(bool)
+	generation := network.VpnGatewayGeneration(d.Get("generation").(string))
 
 	props := &network.VirtualNetworkGatewayPropertiesFormat{
-		GatewayType:      gatewayType,
-		VpnType:          vpnType,
-		EnableBgp:        &enableBgp,
-		ActiveActive:     &activeActive,
-		Sku:              expandArmVirtualNetworkGatewaySku(d),
-		IPConfigurations: expandArmVirtualNetworkGatewayIPConfigurations(d),
+		GatewayType:          gatewayType,
+		VpnType:              vpnType,
+		EnableBgp:            &enableBgp,
+		ActiveActive:         &activeActive,
+		VpnGatewayGeneration: generation,
+		Sku:                  expandArmVirtualNetworkGatewaySku(d),
+		IPConfigurations:     expandArmVirtualNetworkGatewayIPConfigurations(d),
 	}
 
 	if gatewayDefaultSiteID := d.Get("default_local_network_gateway_id").(string); gatewayDefaultSiteID != "" {

diff --git a/azurerm/resource_arm_virtual_network_gateway_test.go b/azurerm/resource_arm_virtual_network_gateway_test.go
@@ -193,6 +193,27 @@ func TestAccAzureRMVirtualNetworkGateway_vpnGw3(t *testing.T) {
 	})
 }
 
+func TestAccAzureRMVirtualNetworkGateway_generation(t *testing.T) {
+	resourceName := "azurerm_virtual_network_gateway.test"
+	ri := tf.AccRandTimeInt()
+	config := testAccAzureRMVirtualNetworkGateway_generation(ri, testLocation(), "Generation2")
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testCheckAzureRMVirtualNetworkGatewayDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMVirtualNetworkGatewayExists(resourceName),
+					resource.TestCheckResourceAttr(resourceName, "generation", "Generation2"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccAzureRMVirtualNetworkGateway_vpnClientConfig(t *testing.T) {
 	ri := tf.AccRandTimeInt()
 	resourceName := "azurerm_virtual_network_gateway.test"
@@ -808,3 +829,50 @@ resource "azurerm_virtual_network_gateway" "test" {
 }
 `, rInt, location, rInt, rInt, rInt)
 }
+
+func testAccAzureRMVirtualNetworkGateway_generation(rInt int, location string, generation string) string {
+	return fmt.Sprintf(`
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-%d"
+  location = "%s"
+}
+
+resource "azurerm_virtual_network" "test" {
+  name                = "acctestvn-%d"
+  location            = "${azurerm_resource_group.test.location}"
+  resource_group_name = "${azurerm_resource_group.test.name}"
+  address_space       = ["10.0.0.0/16"]
+}
+
+resource "azurerm_subnet" "test" {
+  name                 = "GatewaySubnet"
+  resource_group_name  = "${azurerm_resource_group.test.name}"
+  virtual_network_name = "${azurerm_virtual_network.test.name}"
+  address_prefix       = "10.0.1.0/24"
+}
+
+resource "azurerm_public_ip" "test" {
+  name                = "acctestpip-%d"
+  location            = "${azurerm_resource_group.test.location}"
+  resource_group_name = "${azurerm_resource_group.test.name}"
+  allocation_method   = "Dynamic"
+}
+
+resource "azurerm_virtual_network_gateway" "test" {
+  name                = "acctestvng-%d"
+  location            = "${azurerm_resource_group.test.location}"
+  resource_group_name = "${azurerm_resource_group.test.name}"
+
+  type       = "Vpn"
+  vpn_type   = "RouteBased"
+  sku        = "VpnGw2"
+  generation = "%s"
+
+  ip_configuration {
+    public_ip_address_id          = "${azurerm_public_ip.test.id}"
+    private_ip_address_allocation = "Dynamic"
+    subnet_id                     = "${azurerm_subnet.test.id}"
+  }
+}
+`, rInt, location, rInt, rInt, rInt, generation)
+}
diff --git a/website/docs/d/virtual_network_gateway.html.markdown b/website/docs/d/virtual_network_gateway.html.markdown
@@ -51,6 +51,8 @@ output "virtual_network_gateway_id" {
 
 * `sku` - Configuration of the size and capacity of the Virtual Network Gateway.
 
+* `generation` - Generation of the Virtual Network Gateway.
+
 * `ip_configuration` - One or two `ip_configuration` blocks documented below.
 
 * `vpn_client_configuration` - A `vpn_client_configuration` block which is documented below.

diff --git a/website/docs/r/virtual_network_gateway.html.markdown b/website/docs/r/virtual_network_gateway.html.markdown
@@ -143,6 +143,10 @@ The following arguments are supported:
 
 ~> **NOTE:** To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be sku "Basic" not "Standard"
 
+* `generation` - (Optional) Configuration of the generation if the virtual network
+    gateway. Valid options are `Generation1`, `Generation2` and `None` and depend on
+    the `type` and `sku` arguments. Setting `generation` is only supported for 
+    `type` `Vpn`. `Generation2` is only valid for `sku` larger than `VpnGw2` or `VpnGw2AZ`.
 
 * `ip_configuration` (Required) One or two `ip_configuration` blocks documented below.
     An active-standby gateway requires exactly one `ip_configuration` block whereas