Skip to main content

devices_policy

Creates, updates, deletes, gets or lists a devices_policy resource.

Overview

Namedevices_policy
TypeResource
Idcloudflare.zero_trust.devices_policy

Fields

The following fields are returned by SELECT queries:

Get device settings profile by ID response.

NameDatatypeDescription
namestringThe name of the device settings profile. (example: Allow Developers)
gateway_unique_idstring (example: 699d98642c564d2e855e9661899b7252)
policy_idstring (example: f174e90a-fafe-4643-bbbc-4a0ed4fc8415)
allow_mode_switchbooleanWhether to allow the user to switch WARP between modes.
allow_updatesbooleanWhether to receive update notifications when a new version of the client is available.
allowed_to_leavebooleanWhether to allow devices to leave the organization.
auto_connectnumberThe amount of time in seconds to reconnect after having been disabled.
captive_portalnumberTurn on the captive portal after the specified amount of time.
defaultbooleanWhether the policy is the default policy for an account.
descriptionstringA description of the policy. (example: Policy for test teams.)
disable_auto_fallbackbooleanIf the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.
enabledbooleanWhether the policy will be applied to matching devices.
excludearrayList of routes excluded in the WARP client's tunnel.
exclude_office_ipsbooleanWhether to add Microsoft IPs to Split Tunnel exclusions.
fallback_domainsarray
includearrayList of routes included in the WARP client's tunnel.
lan_allow_minutesnumberThe amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset.
lan_allow_subnet_sizenumberThe size of the subnet for the local access network. Note that this field is omitted from the response if null or unset.
matchstringThe wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". (example: identity.email == "test@cloudflare.com")
precedencenumberThe precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field.
register_interface_ip_with_dnsbooleanDetermines if the operating system will register WARP's local interface IP with your on-premises DNS server.
sccm_vpn_boundary_supportbooleanDetermines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only).
service_mode_v2object (x-stainless-terraform-configurability: computed_optional)
support_urlstringThe URL to launch when the Send Feedback button is clicked. (default: , example: https://1.1.1.1/help)
switch_lockedbooleanWhether to allow the user to turn off the WARP switch and disconnect the client.
target_testsarray
tunnel_protocolstringDetermines which tunnel protocol to use. (default: , example: wireguard)
virtual_networksobjectVirtual network access settings for the device.

Methods

The following methods are available for this resource:

NameAccessible byRequired ParamsOptional ParamsDescription
get_by_accountselectpolicy_id, account_idFetches a device settings profile by ID.
createinsertaccount_id, name, precedence, matchCreates a device settings profile to be applied to certain devices matching the criteria.

Parameters

Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.

NameDatatypeDescription
account_idstringThe Cloudflare account ID.
policy_idstringThe Access policy ID.

SELECT examples

Fetches a device settings profile by ID.

SELECT
name,
gateway_unique_id,
policy_id,
allow_mode_switch,
allow_updates,
allowed_to_leave,
auto_connect,
captive_portal,
default,
description,
disable_auto_fallback,
enabled,
exclude,
exclude_office_ips,
fallback_domains,
include,
lan_allow_minutes,
lan_allow_subnet_size,
match,
precedence,
register_interface_ip_with_dns,
sccm_vpn_boundary_support,
service_mode_v2,
support_url,
switch_locked,
target_tests,
tunnel_protocol,
virtual_networks
FROM cloudflare.zero_trust.devices_policy
WHERE policy_id = '{{ policy_id }}' -- required
AND account_id = '{{ account_id }}' -- required
;

INSERT examples

Creates a device settings profile to be applied to certain devices matching the criteria.

INSERT INTO cloudflare.zero_trust.devices_policy (
allow_mode_switch,
allow_updates,
allowed_to_leave,
auto_connect,
captive_portal,
description,
disable_auto_fallback,
enabled,
exclude,
exclude_office_ips,
include,
lan_allow_minutes,
lan_allow_subnet_size,
match,
name,
precedence,
register_interface_ip_with_dns,
sccm_vpn_boundary_support,
service_mode_v2,
support_url,
switch_locked,
tunnel_protocol,
virtual_networks,
account_id
)
SELECT 
{{ allow_mode_switch }},
{{ allow_updates }},
{{ allowed_to_leave }},
{{ auto_connect }},
{{ captive_portal }},
'{{ description }}',
{{ disable_auto_fallback }},
{{ enabled }},
'{{ exclude }}',
{{ exclude_office_ips }},
'{{ include }}',
{{ lan_allow_minutes }},
{{ lan_allow_subnet_size }},
'{{ match }}' /* required */,
'{{ name }}' /* required */,
{{ precedence }} /* required */,
{{ register_interface_ip_with_dns }},
{{ sccm_vpn_boundary_support }},
'{{ service_mode_v2 }}',
'{{ support_url }}',
{{ switch_locked }},
'{{ tunnel_protocol }}',
'{{ virtual_networks }}',
'{{ account_id }}'
RETURNING
errors,
messages,
result,
success
;