devices_policies
Creates, updates, deletes, gets or lists a devices_policies resource.
Overview
| Name | devices_policies |
| Type | Resource |
| Id | cloudflare.zero_trust.devices_policies |
Fields
The following fields are returned by SELECT queries:
- list
List device settings profiles response.
| Name | Datatype | Description |
|---|---|---|
name | string | The name of the device settings profile. (example: Allow Developers) |
gateway_unique_id | string | (example: 699d98642c564d2e855e9661899b7252) |
policy_id | string | (example: f174e90a-fafe-4643-bbbc-4a0ed4fc8415) |
allow_mode_switch | boolean | Whether to allow the user to switch WARP between modes. |
allow_updates | boolean | Whether to receive update notifications when a new version of the client is available. |
allowed_to_leave | boolean | Whether to allow devices to leave the organization. |
auto_connect | number | The amount of time in seconds to reconnect after having been disabled. |
captive_portal | number | Turn on the captive portal after the specified amount of time. |
default | boolean | Whether the policy is the default policy for an account. |
description | string | A description of the policy. (example: Policy for test teams.) |
disable_auto_fallback | boolean | If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true. |
enabled | boolean | Whether the policy will be applied to matching devices. |
exclude | array | List of routes excluded in the WARP client's tunnel. |
exclude_office_ips | boolean | Whether to add Microsoft IPs to Split Tunnel exclusions. |
fallback_domains | array | |
include | array | List of routes included in the WARP client's tunnel. |
lan_allow_minutes | number | The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. |
lan_allow_subnet_size | number | The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. |
match | string | The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". (example: identity.email == "test@cloudflare.com") |
precedence | number | The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. |
register_interface_ip_with_dns | boolean | Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. |
sccm_vpn_boundary_support | boolean | Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). |
service_mode_v2 | object | (x-stainless-terraform-configurability: computed_optional) |
support_url | string | The URL to launch when the Send Feedback button is clicked. (default: , example: https://1.1.1.1/help) |
switch_locked | boolean | Whether to allow the user to turn off the WARP switch and disconnect the client. |
target_tests | array | |
tunnel_protocol | string | Determines which tunnel protocol to use. (default: , example: wireguard) |
virtual_networks | object | Virtual network access settings for the device. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list | select | account_id | Fetches a list of the device settings profiles for an account. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
account_id | string | The Cloudflare account ID. |
SELECT examples
- list
Fetches a list of the device settings profiles for an account.
SELECT
name,
gateway_unique_id,
policy_id,
allow_mode_switch,
allow_updates,
allowed_to_leave,
auto_connect,
captive_portal,
default,
description,
disable_auto_fallback,
enabled,
exclude,
exclude_office_ips,
fallback_domains,
include,
lan_allow_minutes,
lan_allow_subnet_size,
match,
precedence,
register_interface_ip_with_dns,
sccm_vpn_boundary_support,
service_mode_v2,
support_url,
switch_locked,
target_tests,
tunnel_protocol,
virtual_networks
FROM cloudflare.zero_trust.devices_policies
WHERE account_id = '{{ account_id }}' -- required
;