VirtualNetworkGatewayConnection using key vault for authentication.

specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/examples/VirtualNetworkGatewayConnectionCreate.json

@@ -83,7 +83,16 @@
         "usePolicyBasedTrafficSelectors": false,
         "ipsecPolicies": [],
         "trafficSelectorPolicies": [],
-        "connectionMode": "Default"
+        "connectionMode": "Default",
+        "authenticationType": "Certificate",
+        "certificateAuthentication": {
+          "outboundAuthCertificate": "https://customerKv.vault.azure.net/Certificates/outBoundcert/Version",
+          "inboundAuthCertificateChain": [
+            "MIIC+TCCAeGgAwIBAgIQFOJUqDaxV5xJcKpTKO...",
+            "MIIC+TCCAeGgAwIBAgIQPJerInitNblK7yBgkqh..."
+          ],
+          "inboundAuthCertificateSubjectName": "CN=rootCert.com"
+        }
       },
       "location": "centralus"
     }
@@ -128,7 +137,16 @@
           "ipsecPolicies": [],
           "ingressBytesTransferred": 0,
           "egressBytesTransferred": 0,
-          "connectionMode": "Default"
+          "connectionMode": "Default",
+          "authenticationType": "Certificate",
+          "certificateAuthentication": {
+            "outboundAuthCertificate": "https://customerKv.vault.azure.net/Certificates/outBoundcert/Version",
+            "inboundAuthCertificateChain": [
+              "MIIC+TCCAeGgAwIBAgIQFOJUqDaxV5xJcKpTKO...",
+              "MIIC+TCCAeGgAwIBAgIQPJerInitNblK7yBgkqh..."
+            ],
+            "inboundAuthCertificateSubjectName": "CN=rootCert.com"
+          }
         }
       }
     },
@@ -181,7 +199,16 @@
           "ipsecPolicies": [],
           "ingressBytesTransferred": 0,
           "egressBytesTransferred": 0,
-          "connectionMode": "Default"
+          "connectionMode": "Default",
+          "authenticationType": "Certificate",
+          "certificateAuthentication": {
+            "outboundAuthCertificate": "https://customerKv.vault.azure.net/Certificates/outBoundcert/Version",
+            "inboundAuthCertificateChain": [
+              "MIIC+TCCAeGgAwIBAgIQFOJUqDaxV5xJcKpTKO...",
+              "MIIC+TCCAeGgAwIBAgIQPJerInitNblK7yBgkqh..."
+            ],
+            "inboundAuthCertificateSubjectName": "CN=rootCert.com"
+          }
         }
       }
     }

specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/examples/VirtualNetworkGatewayConnectionGet.json

@@ -57,7 +57,16 @@
           "connectionStatus": "Connecting",
           "ingressBytesTransferred": 0,
           "egressBytesTransferred": 0,
-          "connectionMode": "Default"
+          "connectionMode": "Default",
+          "authenticationType": "Certificate",
+          "certificateAuthentication": {
+            "outboundAuthCertificate": "https://customerKv.vault.azure.net/Certificates/outBoundcert/Version",
+            "inboundAuthCertificateChain": [
+              "MIIC+TCCAeGgAwIBAgIQFOJUqDaxV5xJcKpTKO...",
+              "MIIC+TCCAeGgAwIBAgIQPJerInitNblK7yBgkqh..."
+            ],
+            "inboundAuthCertificateSubjectName": "CN=rootCert.com"
+          }
         }
       }
     }

specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/examples/VirtualNetworkGatewayGet.json

@@ -13,6 +13,12 @@
         "etag": "W/\"00000000-0000-0000-0000-000000000000\"",
         "type": "Microsoft.Network/virtualNetworkGateways",
         "location": "centralus",
+        "identity": {
+          "type": "UserAssigned",
+          "userAssignedIdentities": {
+            "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
+          }
+        },
         "properties": {
           "provisioningState": "Succeeded",
           "resourceGuid": "00000000-0000-0000-0000-000000000000",

specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/examples/VirtualNetworkGatewayUpdate.json

@@ -5,6 +5,12 @@
     "resourceGroupName": "rg1",
     "virtualNetworkGatewayName": "vpngw",
     "parameters": {
+      "identity": {
+        "type": "UserAssigned",
+        "userAssignedIdentities": {
+          "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
+        }
+      },
       "properties": {
         "ipConfigurations": [
           {
@@ -109,6 +115,12 @@
         "etag": "W/\"00000000-0000-0000-0000-000000000000\"",
         "type": "Microsoft.Network/virtualNetworkGateways",
         "location": "centralus",
+        "identity": {
+          "type": "UserAssigned",
+          "userAssignedIdentities": {
+            "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
+          }
+        },
         "properties": {
           "provisioningState": "Succeeded",
           "resourceGuid": "00000000-0000-0000-0000-000000000000",
@@ -232,6 +244,12 @@
         "etag": "W/\"00000000-0000-0000-0000-000000000000\"",
         "type": "Microsoft.Network/virtualNetworkGateways",
         "location": "centralus",
+        "identity": {
+          "type": "UserAssigned",
+          "userAssignedIdentities": {
+            "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
+          }
+        },
         "properties": {
           "provisioningState": "Succeeded",
           "resourceGuid": "00000000-0000-0000-0000-000000000000",

specification/network/resource-manager/Microsoft.Network/stable/2024-01-01/virtualNetworkGateway.json

@@ -3292,6 +3292,10 @@
           "readOnly": true,
           "type": "string",
           "description": "A unique read-only string that changes whenever the resource is updated."
+        },
+        "identity": {
+          "$ref": "../../../../../common-types/resource-management/v5/managedidentity.json#/definitions/ManagedServiceIdentity",
+          "description": "The identity of the virtual network gateway, if configured."
         }
       },
       "allOf": [
@@ -3563,6 +3567,14 @@
         "enablePrivateLinkFastPath": {
           "type": "boolean",
           "description": "Bypass the ExpressRoute gateway when accessing private-links. ExpressRoute FastPath (expressRouteGatewayBypass) must be enabled."
+        },
+        "authenticationType": {
+          "$ref": "#/definitions/ConnectionAuthenticationType",
+          "description": "Gateway connection authentication type."
+        },
+        "certificateAuthentication": {
+          "$ref": "#/definitions/CertificateAuthentication",
+          "description": "Certificate Authentication information for a certificate based authentication connection."
         }
       },
       "required": [
@@ -4480,6 +4492,40 @@
         "customBgpIpAddress"
       ],
       "description": "GatewayCustomBgpIpAddressIpConfiguration for a virtual network gateway connection."
+    },
+    "ConnectionAuthenticationType": {
+      "type": "string",
+      "description": "Gateway connection authentication type.",
+      "enum": [
+        "PSK",
+        "Certificate"
+      ],
+      "x-ms-enum": {
+        "name": "ConnectionAuthenticationType",
+        "modelAsString": true
+      }
+    },
+    "CertificateAuthentication": {
+      "type": "object",
+      "properties": {
+        "outboundAuthCertificate": {
+          "type": "string",
+          "format": "uri",
+          "description": "Keyvault secret ID for outbound authentication certificate."
+        },
+        "inboundAuthCertificateSubjectName": {
+          "type": "string",
+          "description": "Inbound authentication certificate subject name."
+        },
+        "inboundAuthCertificateChain": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          },
+          "description": "Inbound authentication certificate public keys."
+        }
+      },
+      "description": "Certificate Authentication information for a certificate based authentication connection."
     }
   }
 }