From d84047eea399b4afcd5e354c2e26ddbf0e10bc0c Mon Sep 17 00:00:00 2001
From: Elena Xin <39109137+sinbai@users.noreply.github.com>
Date: Fri, 20 Sep 2024 13:01:53 +0800
Subject: [PATCH] New Data Source : `azurerm_vpn_server_configuration` (#27054)

* support new data source data.azurerm_vpn_server_configuration

* update code
---
 internal/services/network/registration.go     |   1 +
 ...rver_configuration_data_source_resource.go | 502 ++++++++++++++++++
 ...configuration_data_source_resource_test.go | 280 ++++++++++
 .../d/vpn_server_configuration.html.markdown  | 154 ++++++
 4 files changed, 937 insertions(+)
 create mode 100644 internal/services/network/vpn_server_configuration_data_source_resource.go
 create mode 100644 internal/services/network/vpn_server_configuration_data_source_resource_test.go
 create mode 100644 website/docs/d/vpn_server_configuration.html.markdown

diff --git a/internal/services/network/registration.go b/internal/services/network/registration.go
index 02205df6e24f..e3b217bfb4e1 100644
--- a/internal/services/network/registration.go
+++ b/internal/services/network/registration.go
@@ -36,6 +36,7 @@ func (r Registration) DataSources() []sdk.DataSource {
 		ManagerDataSource{},
 		ManagerNetworkGroupDataSource{},
 		ManagerConnectivityConfigurationDataSource{},
+		VPNServerConfigurationDataSource{},
 	}
 }
 
diff --git a/internal/services/network/vpn_server_configuration_data_source_resource.go b/internal/services/network/vpn_server_configuration_data_source_resource.go
new file mode 100644
index 000000000000..01eb177be82e
--- /dev/null
+++ b/internal/services/network/vpn_server_configuration_data_source_resource.go
@@ -0,0 +1,502 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package network
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/hashicorp/go-azure-helpers/lang/pointer"
+	"github.com/hashicorp/go-azure-helpers/lang/response"
+	"github.com/hashicorp/go-azure-helpers/resourcemanager/commonschema"
+	"github.com/hashicorp/go-azure-sdk/resource-manager/network/2023-11-01/virtualwans"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/sdk"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
+)
+
+type VPNServerConfigurationDataSource struct{}
+
+var _ sdk.DataSource = VPNServerConfigurationDataSource{}
+
+type VPNServerConfigurationDataSourceModel struct {
+	Name                               string                                    `tfschema:"name"`
+	ResourceGroup                      string                                    `tfschema:"resource_group_name"`
+	Location                           string                                    `tfschema:"location"`
+	VpnAuthenticationTypes             []string                                  `tfschema:"vpn_authentication_types"`
+	AzureActiveDirectoryAuthentication []AzureActiveDirectoryAuthenticationModel `tfschema:"azure_active_directory_authentication"`
+	ClientRevokedCertificate           []ClientRevokedCertificateModel           `tfschema:"client_revoked_certificate"`
+	ClientRootCertificate              []ClientRootCertificateModel              `tfschema:"client_root_certificate"`
+	IpsecPolicy                        []IpsecPolicyModel                        `tfschema:"ipsec_policy"`
+	Radius                             []RadiusModel                             `tfschema:"radius"`
+	VpnProtocols                       []string                                  `tfschema:"vpn_protocols"`
+	Tags                               map[string]string                         `tfschema:"tags"`
+}
+
+type AzureActiveDirectoryAuthenticationModel struct {
+	Audience string `tfschema:"audience"`
+	Issuer   string `tfschema:"issuer"`
+	Tenant   string `tfschema:"tenant"`
+}
+
+type ClientRevokedCertificateModel struct {
+	Name       string `tfschema:"name"`
+	Thumbprint string `tfschema:"thumbprint"`
+}
+
+type ClientRootCertificateModel struct {
+	Name           string `tfschema:"name"`
+	PublicCertData string `tfschema:"public_cert_data"`
+}
+
+type IpsecPolicyModel struct {
+	DhGroup             string `tfschema:"dh_group"`
+	IkeEncryption       string `tfschema:"ike_encryption"`
+	IkeIntegrity        string `tfschema:"ike_integrity"`
+	IpsecEncryption     string `tfschema:"ipsec_encryption"`
+	IpsecIntegrity      string `tfschema:"ipsec_integrity"`
+	PfsGroup            string `tfschema:"pfs_group"`
+	SaLifetimeSeconds   int64  `tfschema:"sa_lifetime_seconds"`
+	SaDataSizeKilobytes int64  `tfschema:"sa_data_size_kilobytes"`
+}
+
+type RadiusModel struct {
+	Server                []ServerModel                      `tfschema:"server"`
+	ClientRootCertificate []RadiusClientRootCertificateModel `tfschema:"client_root_certificate"`
+	ServerRootCertificate []ClientRootCertificateModel       `tfschema:"server_root_certificate"`
+}
+
+type ServerModel struct {
+	Address string `tfschema:"address"`
+	Secret  string `tfschema:"secret"`
+	Score   int64  `tfschema:"score"`
+}
+
+type RadiusClientRootCertificateModel struct {
+	Name       string `tfschema:"name"`
+	Thumbprint string `tfschema:"thumbprint"`
+}
+
+func (d VPNServerConfigurationDataSource) Arguments() map[string]*pluginsdk.Schema {
+	return map[string]*pluginsdk.Schema{
+		"name": {
+			Type:     pluginsdk.TypeString,
+			Required: true,
+		},
+
+		"resource_group_name": commonschema.ResourceGroupNameForDataSource(),
+	}
+}
+
+func (d VPNServerConfigurationDataSource) ModelObject() interface{} {
+	return &VPNServerConfigurationDataSource{}
+}
+
+func (d VPNServerConfigurationDataSource) ResourceType() string {
+	return "azurerm_vpn_server_configuration"
+}
+
+func (d VPNServerConfigurationDataSource) Attributes() map[string]*pluginsdk.Schema {
+	return map[string]*pluginsdk.Schema{
+		"location": commonschema.LocationComputed(),
+
+		"vpn_authentication_types": {
+			Type:     pluginsdk.TypeList,
+			Computed: true,
+			Elem: &pluginsdk.Schema{
+				Type: pluginsdk.TypeString,
+			},
+		},
+
+		"azure_active_directory_authentication": {
+			Type:     pluginsdk.TypeList,
+			Computed: true,
+			Elem: &pluginsdk.Resource{
+				Schema: map[string]*pluginsdk.Schema{
+					"audience": {
+						Type:     pluginsdk.TypeString,
+						Computed: true,
+					},
+
+					"issuer": {
+						Type:     pluginsdk.TypeString,
+						Computed: true,
+					},
+
+					"tenant": {
+						Type:     pluginsdk.TypeString,
+						Computed: true,
+					},
+				},
+			},
+		},
+
+		"client_revoked_certificate": {
+			Type:     pluginsdk.TypeSet,
+			Computed: true,
+			Elem: &pluginsdk.Resource{
+				Schema: map[string]*pluginsdk.Schema{
+					"name": {
+						Type:     pluginsdk.TypeString,
+						Computed: true,
+					},
+
+					"thumbprint": {
+						Type:     pluginsdk.TypeString,
+						Computed: true,
+					},
+				},
+			},
+		},
+
+		"client_root_certificate": {
+			Type:     pluginsdk.TypeSet,
+			Computed: true,
+			Elem: &pluginsdk.Resource{
+				Schema: map[string]*pluginsdk.Schema{
+					"name": {
+						Type:     pluginsdk.TypeString,
+						Computed: true,
+					},
+
+					"public_cert_data": {
+						Type:     pluginsdk.TypeString,
+						Computed: true,
+					},
+				},
+			},
+		},
+
+		"ipsec_policy": {
+			Type:     pluginsdk.TypeList,
+			Computed: true,
+			Elem: &pluginsdk.Resource{
+				Schema: map[string]*pluginsdk.Schema{
+					"dh_group": {
+						Type:     pluginsdk.TypeString,
+						Computed: true,
+					},
+
+					"ike_encryption": {
+						Type:     pluginsdk.TypeString,
+						Computed: true,
+					},
+
+					"ike_integrity": {
+						Type:     pluginsdk.TypeString,
+						Computed: true,
+					},
+
+					"ipsec_encryption": {
+						Type:     pluginsdk.TypeString,
+						Computed: true,
+					},
+
+					"ipsec_integrity": {
+						Type:     pluginsdk.TypeString,
+						Computed: true,
+					},
+
+					"pfs_group": {
+						Type:     pluginsdk.TypeString,
+						Computed: true,
+					},
+
+					"sa_lifetime_seconds": {
+						Type:     pluginsdk.TypeInt,
+						Computed: true,
+					},
+
+					"sa_data_size_kilobytes": {
+						Type:     pluginsdk.TypeInt,
+						Computed: true,
+					},
+				},
+			},
+		},
+
+		"radius": {
+			Type:     pluginsdk.TypeList,
+			Computed: true,
+			Elem: &pluginsdk.Resource{
+				Schema: map[string]*pluginsdk.Schema{
+					"server": {
+						Type:     pluginsdk.TypeList,
+						Computed: true,
+						Elem: &pluginsdk.Resource{
+							Schema: map[string]*pluginsdk.Schema{
+								"address": {
+									Type:     pluginsdk.TypeString,
+									Computed: true,
+								},
+
+								"secret": {
+									Type:     pluginsdk.TypeString,
+									Computed: true,
+								},
+
+								"score": {
+									Type:     pluginsdk.TypeInt,
+									Computed: true,
+								},
+							},
+						},
+					},
+
+					"client_root_certificate": {
+						Type:     pluginsdk.TypeSet,
+						Computed: true,
+						Elem: &pluginsdk.Resource{
+							Schema: map[string]*pluginsdk.Schema{
+								"name": {
+									Type:     pluginsdk.TypeString,
+									Computed: true,
+								},
+
+								"thumbprint": {
+									Type:     pluginsdk.TypeString,
+									Computed: true,
+								},
+							},
+						},
+					},
+
+					"server_root_certificate": {
+						Type:     pluginsdk.TypeSet,
+						Computed: true,
+						Elem: &pluginsdk.Resource{
+							Schema: map[string]*pluginsdk.Schema{
+								"name": {
+									Type:     pluginsdk.TypeString,
+									Computed: true,
+								},
+
+								"public_cert_data": {
+									Type:     pluginsdk.TypeString,
+									Computed: true,
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+
+		"vpn_protocols": {
+			Type:     pluginsdk.TypeSet,
+			Computed: true,
+			Elem: &pluginsdk.Schema{
+				Type: pluginsdk.TypeString,
+			},
+		},
+
+		"tags": commonschema.TagsDataSource(),
+	}
+}
+
+func (d VPNServerConfigurationDataSource) Read() sdk.ResourceFunc {
+	return sdk.ResourceFunc{
+		Timeout: 5 * time.Minute,
+		Func: func(ctx context.Context, metadata sdk.ResourceMetaData) error {
+			client := metadata.Client.Network.VirtualWANs
+			subscriptionId := metadata.Client.Account.SubscriptionId
+
+			var model VPNServerConfigurationDataSourceModel
+			if err := metadata.Decode(&model); err != nil {
+				return err
+			}
+
+			id := virtualwans.NewVpnServerConfigurationID(subscriptionId, model.ResourceGroup, model.Name)
+
+			resp, err := client.VpnServerConfigurationsGet(ctx, id)
+			if err != nil {
+				if response.WasNotFound(resp.HttpResponse) {
+					return fmt.Errorf("%s was not found", id)
+				}
+
+				return fmt.Errorf("retrieving %s: %+v", id, err)
+			}
+
+			m := VPNServerConfigurationDataSourceModel{
+				Name:          id.VpnServerConfigurationName,
+				ResourceGroup: id.ResourceGroupName,
+			}
+
+			if model := resp.Model; model != nil {
+				m.Location = pointer.ToString(model.Location)
+				if tags := model.Tags; tags != nil {
+					m.Tags = pointer.ToMapOfStringStrings(tags)
+				}
+
+				if props := resp.Model.Properties; props != nil {
+					m.AzureActiveDirectoryAuthentication = dataSourceFlattenVpnServerConfigurationAADAuthentication(props.AadAuthenticationParameters)
+					m.ClientRootCertificate = dataSourceFlattenVpnServerConfigurationClientRootCertificates(props.VpnClientRootCertificates)
+					m.ClientRevokedCertificate = dataSourceFlattenVpnServerConfigurationClientRevokedCertificates(props.VpnClientRevokedCertificates)
+					m.IpsecPolicy = dataSourceFlattenVpnServerConfigurationIPSecPolicies(props.VpnClientIPsecPolicies)
+					m.Radius = dataSourceFlattenVpnServerConfigurationRadius(props)
+					m.VpnAuthenticationTypes = dataSourceFlattenVpnServerConfigurationVpnAuthenticationTypes(props.VpnAuthenticationTypes)
+					m.VpnProtocols = dataSourceFlattenVpnServerConfigurationVPNProtocols(props.VpnProtocols)
+				}
+			}
+
+			metadata.SetID(id)
+
+			return metadata.Encode(&m)
+		},
+	}
+}
+
+func dataSourceFlattenVpnServerConfigurationAADAuthentication(input *virtualwans.AadAuthenticationParameters) []AzureActiveDirectoryAuthenticationModel {
+	if input == nil {
+		return []AzureActiveDirectoryAuthenticationModel{}
+	}
+
+	return []AzureActiveDirectoryAuthenticationModel{
+		{
+			Audience: pointer.ToString(input.AadAudience),
+			Issuer:   pointer.ToString(input.AadIssuer),
+			Tenant:   pointer.ToString(input.AadTenant),
+		},
+	}
+}
+
+func dataSourceFlattenVpnServerConfigurationClientRootCertificates(input *[]virtualwans.VpnServerConfigVpnClientRootCertificate) []ClientRootCertificateModel {
+	if input == nil {
+		return []ClientRootCertificateModel{}
+	}
+
+	output := make([]ClientRootCertificateModel, 0)
+
+	for _, v := range *input {
+		if v.Name == nil {
+			continue
+		}
+		output = append(output, ClientRootCertificateModel{
+			Name:           pointer.ToString(v.Name),
+			PublicCertData: pointer.ToString(v.PublicCertData),
+		})
+	}
+
+	return output
+}
+
+func dataSourceFlattenVpnServerConfigurationClientRevokedCertificates(input *[]virtualwans.VpnServerConfigVpnClientRevokedCertificate) []ClientRevokedCertificateModel {
+	if input == nil {
+		return []ClientRevokedCertificateModel{}
+	}
+
+	output := make([]ClientRevokedCertificateModel, 0)
+	for _, v := range *input {
+		if v.Name == nil {
+			continue
+		}
+
+		output = append(output, ClientRevokedCertificateModel{
+			Name:       pointer.ToString(v.Name),
+			Thumbprint: pointer.ToString(v.Thumbprint),
+		})
+	}
+	return output
+}
+
+func dataSourceFlattenVpnServerConfigurationIPSecPolicies(input *[]virtualwans.IPsecPolicy) []IpsecPolicyModel {
+	if input == nil {
+		return []IpsecPolicyModel{}
+	}
+
+	output := make([]IpsecPolicyModel, 0)
+	for _, v := range *input {
+		output = append(output, IpsecPolicyModel{
+			DhGroup:             string(v.DhGroup),
+			IkeEncryption:       string(v.IPsecEncryption),
+			IkeIntegrity:        string(v.IPsecIntegrity),
+			IpsecEncryption:     string(v.IkeEncryption),
+			IpsecIntegrity:      string(v.IkeIntegrity),
+			PfsGroup:            string(v.PfsGroup),
+			SaLifetimeSeconds:   v.SaDataSizeKilobytes,
+			SaDataSizeKilobytes: v.SaLifeTimeSeconds,
+		})
+	}
+	return output
+}
+
+func dataSourceFlattenVpnServerConfigurationRadius(input *virtualwans.VpnServerConfigurationProperties) []RadiusModel {
+	if input == nil || (input.RadiusServerAddress == nil && (input.RadiusServers == nil || len(*input.RadiusServers) == 0)) {
+		return []RadiusModel{}
+	}
+
+	clientRootCertificates := make([]RadiusClientRootCertificateModel, 0)
+	if input.RadiusClientRootCertificates != nil {
+		for _, v := range *input.RadiusClientRootCertificates {
+			if v.Name == nil {
+				continue
+			}
+			clientRootCertificates = append(clientRootCertificates, RadiusClientRootCertificateModel{
+				Name:       pointer.ToString(v.Name),
+				Thumbprint: pointer.ToString(v.Thumbprint),
+			})
+		}
+	}
+
+	serverRootCertificates := make([]ClientRootCertificateModel, 0)
+	if input.RadiusServerRootCertificates != nil {
+		for _, v := range *input.RadiusServerRootCertificates {
+			if v.Name == nil {
+				continue
+			}
+
+			serverRootCertificates = append(serverRootCertificates, ClientRootCertificateModel{
+				Name:           pointer.ToString(v.Name),
+				PublicCertData: pointer.ToString(v.PublicCertData),
+			})
+		}
+	}
+
+	servers := make([]ServerModel, 0)
+	if input.RadiusServers != nil && len(*input.RadiusServers) > 0 {
+		for _, v := range *input.RadiusServers {
+			servers = append(servers, ServerModel{
+				Address: v.RadiusServerAddress,
+				Secret:  pointer.ToString(v.RadiusServerSecret),
+				Score:   pointer.ToInt64(v.RadiusServerScore),
+			})
+		}
+	}
+
+	return []RadiusModel{
+		{
+			Server:                servers,
+			ClientRootCertificate: clientRootCertificates,
+			ServerRootCertificate: serverRootCertificates,
+		},
+	}
+}
+
+func dataSourceFlattenVpnServerConfigurationVpnAuthenticationTypes(input *[]virtualwans.VpnAuthenticationType) []string {
+	if input == nil {
+		return []string{}
+	}
+
+	output := make([]string, 0)
+
+	for _, v := range *input {
+		output = append(output, string(v))
+	}
+
+	return output
+}
+
+func dataSourceFlattenVpnServerConfigurationVPNProtocols(input *[]virtualwans.VpnGatewayTunnelingProtocol) []string {
+	if input == nil {
+		return []string{}
+	}
+
+	output := make([]string, 0)
+
+	for _, v := range *input {
+		output = append(output, string(v))
+	}
+
+	return output
+}
diff --git a/internal/services/network/vpn_server_configuration_data_source_resource_test.go b/internal/services/network/vpn_server_configuration_data_source_resource_test.go
new file mode 100644
index 000000000000..0204bb371d1b
--- /dev/null
+++ b/internal/services/network/vpn_server_configuration_data_source_resource_test.go
@@ -0,0 +1,280 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package network_test
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check"
+)
+
+type VPNServerConfigurationDataSource struct{}
+
+func TestAccVPNServerConfigurationDataSource_azureAD(t *testing.T) {
+	data := acceptance.BuildTestData(t, "data.azurerm_vpn_server_configuration", "test")
+	r := VPNServerConfigurationDataSource{}
+
+	data.DataSourceTest(t, []acceptance.TestStep{
+		{
+			Config: r.azureAD(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).Key("azure_active_directory_authentication.0.audience").HasValue("00000000-abcd-abcd-abcd-999999999999"),
+				check.That(data.ResourceName).Key("vpn_authentication_types.0").HasValue("AAD"),
+				check.That(data.ResourceName).Key("azure_active_directory_authentication.0.issuer").Exists(),
+				check.That(data.ResourceName).Key("azure_active_directory_authentication.0.tenant").Exists(),
+			),
+		},
+	})
+}
+
+func TestAccVPNServerConfigurationDataSource_certificate(t *testing.T) {
+	data := acceptance.BuildTestData(t, "data.azurerm_vpn_server_configuration", "test")
+	r := VPNServerConfigurationDataSource{}
+
+	data.DataSourceTest(t, []acceptance.TestStep{
+		{
+			Config: r.certificate(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).Key("client_root_certificate.0.name").HasValue("DigiCert-Federated-ID-Root-CA"),
+				check.That(data.ResourceName).Key("vpn_authentication_types.0").HasValue("Certificate"),
+				check.That(data.ResourceName).Key("client_root_certificate.0.public_cert_data").HasValue("MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg\nUm9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV\nBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp\nY2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j\nQPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8\nzAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf\nGTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d\nGTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8\nDk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2\nDwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV\nHQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW\njKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP\n9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR\nQELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL\nuGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn\nWsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq\nM/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=\n"),
+			),
+		},
+	})
+}
+
+func TestAccVPNServerConfigurationDataSource_radius(t *testing.T) {
+	data := acceptance.BuildTestData(t, "data.azurerm_vpn_server_configuration", "test")
+	r := VPNServerConfigurationDataSource{}
+
+	data.DataSourceTest(t, []acceptance.TestStep{
+		{
+			Config: r.singleRadius(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).Key("vpn_authentication_types.0").HasValue("Radius"),
+				check.That(data.ResourceName).Key("radius.0.server.0.address").HasValue("10.105.1.1"),
+				check.That(data.ResourceName).Key("radius.0.server.0.secret").HasValue("vindicators-the-return-of-worldender"),
+				check.That(data.ResourceName).Key("radius.0.server.0.score").HasValue("15"),
+				check.That(data.ResourceName).Key("radius.0.server_root_certificate.0.name").HasValue("DigiCert-Federated-ID-Root-CA"),
+				check.That(data.ResourceName).Key("radius.0.server_root_certificate.0.public_cert_data").HasValue("MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg\nUm9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV\nBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp\nY2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j\nQPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8\nzAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf\nGTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d\nGTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8\nDk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2\nDwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV\nHQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW\njKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP\n9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR\nQELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL\nuGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn\nWsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq\nM/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=\n"),
+			),
+		},
+	})
+}
+
+func TestAccVPNServerConfigurationDataSource_tags(t *testing.T) {
+	data := acceptance.BuildTestData(t, "data.azurerm_vpn_server_configuration", "test")
+	r := VPNServerConfigurationDataSource{}
+
+	data.DataSourceTest(t, []acceptance.TestStep{
+		{
+			Config: r.tags(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).Key("client_root_certificate.0.name").HasValue("DigiCert-Federated-ID-Root-CA"),
+				check.That(data.ResourceName).Key("vpn_authentication_types.0").HasValue("Certificate"),
+				check.That(data.ResourceName).Key("client_root_certificate.0.public_cert_data").HasValue("MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg\nUm9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV\nBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp\nY2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j\nQPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8\nzAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf\nGTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d\nGTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8\nDk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2\nDwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV\nHQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW\njKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP\n9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR\nQELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL\nuGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn\nWsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq\nM/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=\n"),
+				check.That(data.ResourceName).Key("tags.%").HasValue("1"),
+				check.That(data.ResourceName).Key("tags.Hello").HasValue("World"),
+			),
+		},
+	})
+}
+
+func (r VPNServerConfigurationDataSource) azureAD(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+%s
+
+data "azurerm_subscription" "current" {}
+
+resource "azurerm_vpn_server_configuration" "test" {
+  name                     = "acctestVPNSC-%d"
+  resource_group_name      = azurerm_resource_group.test.name
+  location                 = azurerm_resource_group.test.location
+  vpn_authentication_types = ["AAD"]
+
+  azure_active_directory_authentication {
+    audience = "00000000-abcd-abcd-abcd-999999999999"
+    issuer   = "https://sts.windows.net/${data.azurerm_subscription.current.tenant_id}/"
+    tenant   = "https://login.microsoftonline.com/${data.azurerm_subscription.current.tenant_id}"
+  }
+}
+
+data "azurerm_vpn_server_configuration" "test" {
+  name                = azurerm_vpn_server_configuration.test.name
+  resource_group_name = azurerm_resource_group.test.name
+}
+`, r.template(data), data.RandomInteger)
+}
+
+func (r VPNServerConfigurationDataSource) certificate(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+%s
+
+resource "azurerm_vpn_server_configuration" "test" {
+  name                     = "acctestVPNSC-%d"
+  resource_group_name      = azurerm_resource_group.test.name
+  location                 = azurerm_resource_group.test.location
+  vpn_authentication_types = ["Certificate"]
+
+  client_root_certificate {
+    name             = "DigiCert-Federated-ID-Root-CA"
+    public_cert_data = <<EOF
+MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg
+Um9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV
+BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
+Y2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j
+QPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8
+zAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf
+GTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d
+GTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8
+Dk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2
+DwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV
+HQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW
+jKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP
+9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR
+QELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL
+uGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn
+WsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq
+M/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=
+EOF
+  }
+}
+
+data "azurerm_vpn_server_configuration" "test" {
+  name                = azurerm_vpn_server_configuration.test.name
+  resource_group_name = azurerm_resource_group.test.name
+}
+`, r.template(data), data.RandomInteger)
+}
+
+func (r VPNServerConfigurationDataSource) singleRadius(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+%s
+
+resource "azurerm_vpn_server_configuration" "test" {
+  name                     = "acctestVPNSC-%d"
+  resource_group_name      = azurerm_resource_group.test.name
+  location                 = azurerm_resource_group.test.location
+  vpn_authentication_types = ["Radius"]
+
+  radius {
+
+    server {
+      address = "10.105.1.1"
+      secret  = "vindicators-the-return-of-worldender"
+      score   = 15
+    }
+
+    server_root_certificate {
+      name             = "DigiCert-Federated-ID-Root-CA"
+      public_cert_data = <<EOF
+MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg
+Um9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV
+BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
+Y2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j
+QPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8
+zAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf
+GTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d
+GTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8
+Dk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2
+DwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV
+HQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW
+jKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP
+9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR
+QELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL
+uGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn
+WsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq
+M/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=
+EOF
+    }
+  }
+}
+
+data "azurerm_vpn_server_configuration" "test" {
+  name                = azurerm_vpn_server_configuration.test.name
+  resource_group_name = azurerm_resource_group.test.name
+}
+`, r.template(data), data.RandomInteger)
+}
+
+func (r VPNServerConfigurationDataSource) tags(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+%s
+
+resource "azurerm_vpn_server_configuration" "test" {
+  name                     = "acctestVPNSC-%d"
+  resource_group_name      = azurerm_resource_group.test.name
+  location                 = azurerm_resource_group.test.location
+  vpn_authentication_types = ["Certificate"]
+
+  client_root_certificate {
+    name             = "DigiCert-Federated-ID-Root-CA"
+    public_cert_data = <<EOF
+MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg
+Um9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV
+BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
+Y2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j
+QPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8
+zAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf
+GTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d
+GTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8
+Dk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2
+DwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV
+HQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW
+jKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP
+9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR
+QELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL
+uGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn
+WsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq
+M/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=
+EOF
+  }
+
+  tags = {
+    Hello = "World"
+  }
+}
+data "azurerm_vpn_server_configuration" "test" {
+  name                = azurerm_vpn_server_configuration.test.name
+  resource_group_name = azurerm_resource_group.test.name
+}
+`, r.template(data), data.RandomInteger)
+}
+
+func (VPNServerConfigurationDataSource) template(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-%d"
+  location = "%s"
+}
+
+resource "azurerm_virtual_network" "test" {
+  name                = "acctestvn-%d"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+  address_space       = ["10.0.0.0/16"]
+}
+
+resource "azurerm_virtual_wan" "test" {
+  name                = "acctestsvwan-%d"
+  resource_group_name = azurerm_resource_group.test.name
+  location            = azurerm_resource_group.test.location
+}
+`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger)
+}
diff --git a/website/docs/d/vpn_server_configuration.html.markdown b/website/docs/d/vpn_server_configuration.html.markdown
new file mode 100644
index 000000000000..ab160d01a70f
--- /dev/null
+++ b/website/docs/d/vpn_server_configuration.html.markdown
@@ -0,0 +1,154 @@
+---
+subcategory: "Network"
+layout: "azurerm"
+page_title: "Azure Resource Manager: Data Source: azurerm_vpn_server_configuration"
+description: |-
+  Gets information about an existing VPN Server Configuration.
+---
+
+# Data Source: azurerm_vpn_server_configuration
+
+Use this data source to access information about an existing VPN Server Configuration.
+
+## Example Usage
+
+```hcl
+data "azurerm_vpn_server_configuration" "example" {
+  name                = "existing-local-vpn-server-configuration"
+  resource_group_name = "existing-resource-group"
+}
+
+output "azurerm_vpn_server_configuration" {
+  value = data.azurerm_vpn_server_configuration.example.id
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) The Name of the VPN Server Configuration.
+
+* `resource_group_name` - (Required) The name of the Resource Group where the VPN Server Configuration exists.
+
+## Attributes Reference
+
+In addition to the Arguments listed above - the following Attributes are exported:
+
+* `id` - The ID of the VPN Server Configuration.
+
+* `location` - The Azure Region where the VPN Server Configuration exists.
+
+* `vpn_authentication_types` -  The list of Authentication Types applicable for the VPN Server Configuration.
+
+* `ipsec_policy` - The `bgp_settings` block as defined below.
+
+* `vpn_protocols` -  The list of VPN Protocols to use for the VPN Server Configuration.
+
+* `tags` - A mapping of tags to assign to the VPN Server Configuration.
+
+---
+
+When `vpn_authentication_types` contains `AAD` the following arguments are exported:
+
+* `azure_active_directory_authentication` - A `azure_active_directory_authentication` block as defined below.
+
+---
+
+When `vpn_authentication_types` contains `Certificate` the following arguments are supported:
+
+* `client_root_certificate` - One or more `client_root_certificate` blocks as defined below.
+
+* `client_revoked_certificate` - One or more `client_revoked_certificate` blocks as defined below.
+
+---
+
+When `vpn_authentication_types` contains `Radius` the following arguments are exported:
+
+* `radius` - A `radius` block as defined below.
+
+A `azure_active_directory_authentication` block exports the following:
+
+* `audience` - The Audience which should be used for authentication.
+
+* `issuer` - The Issuer which should be used for authentication.
+
+* `tenant` - The Tenant which should be used for authentication.
+
+---
+
+A `client_revoked_certificate` block exports the following:
+
+* `name` - The name used to uniquely identify this certificate.
+
+* `thumbprint` - The Thumbprint of the Certificate.
+
+---
+
+A `client_root_certificate` block at the root of the resource exports the following:
+
+* `name` - The name used to uniquely identify this certificate.
+
+* `public_cert_data` - The Public Key Data associated with the Certificate.
+
+---
+
+A `ipsec_policy` block exports the following:
+
+* `dh_group` - The DH Group, used in IKE Phase 1.
+
+* `ike_encryption` - The IKE encryption algorithm, used for IKE Phase 2.
+
+* `ike_integrity` - The IKE encryption integrity algorithm, used for IKE Phase 2.
+
+* `ipsec_encryption` - The IPSec encryption algorithm, used for IKE phase 1.
+
+* `ipsec_integrity` - The IPSec integrity algorithm, used for IKE phase 1.
+
+* `pfs_group` - The Pfs Group, used in IKE Phase 2.
+
+* `sa_lifetime_seconds` - The IPSec Security Association lifetime in seconds for a Site-to-Site VPN tunnel.
+
+* `sa_data_size_kilobytes` - The IPSec Security Association payload size in KB for a Site-to-Site VPN tunnel.
+
+---
+
+A `radius` block exports the following:
+
+* `server` - One or more `server` blocks as defined below.
+
+* `client_root_certificate` - One or more `client_root_certificate` blocks as defined below.
+
+* `server_root_certificate` - One or more `server_root_certificate` blocks as defined below.
+
+---
+
+A `server` nested within the `radius` block exports the following::
+
+* `address` - The Address of the Radius Server.
+
+* `secret` - The Secret used to communicate with the Radius Server.
+
+* `score` - The Score of the Radius Server determines the priority of the server.
+
+---
+
+A `client_root_certificate` block nested within the `radius` block exports the following:
+
+* `name` - The name used to uniquely identify this certificate.
+
+* `thumbprint` - The Thumbprint of the Certificate.
+
+---
+
+A `server_root_certificate` block exports the following:
+
+* `name` - The name used to uniquely identify this certificate.
+
+* `public_cert_data` - The Public Key Data associated with the Certificate.
+
+## Timeouts
+
+The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/language/resources/syntax#operation-timeouts) for certain actions:
+
+* `read` - (Defaults to 5 minutes) Used when retrieving the VPN Server Configuration.