pulumi-cloudflare-kotlin/com.pulumi.cloudflare.kotlin/ZeroTrustDeviceCustomProfile

ZeroTrustDeviceCustomProfile

class ZeroTrustDeviceCustomProfile : KotlinCustomResource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";
const exampleZeroTrustDeviceCustomProfile = new cloudflare.ZeroTrustDeviceCustomProfile("example_zero_trust_device_custom_profile", {
    accountId: "699d98642c564d2e855e9661899b7252",
    match: "user.identity == \"test@cloudflare.com\"",
    name: "Allow Developers",
    precedence: 100,
    allowModeSwitch: true,
    allowUpdates: true,
    allowedToLeave: true,
    autoConnect: 0,
    captivePortal: 180,
    description: "Policy for test teams.",
    disableAutoFallback: true,
    enabled: true,
    excludes: [{
        address: "192.0.2.0/24",
        description: "Exclude testing domains from the tunnel",
        host: "*.example.com",
    }],
    excludeOfficeIps: true,
    includes: [{
        address: "192.0.2.0/24",
        description: "Exclude testing domains from the tunnel",
        host: "*.example.com",
    }],
    lanAllowMinutes: 30,
    lanAllowSubnetSize: 24,
    registerInterfaceIpWithDns: true,
    serviceModeV2: {
        mode: "proxy",
        port: 3000,
    },
    supportUrl: "https://1.1.1.1/help",
    switchLocked: true,
    tunnelProtocol: "wireguard",
});
Content copied to clipboard
import pulumi
import pulumi_cloudflare as cloudflare
example_zero_trust_device_custom_profile = cloudflare.ZeroTrustDeviceCustomProfile("example_zero_trust_device_custom_profile",
    account_id="699d98642c564d2e855e9661899b7252",
    match="user.identity == \"test@cloudflare.com\"",
    name="Allow Developers",
    precedence=100,
    allow_mode_switch=True,
    allow_updates=True,
    allowed_to_leave=True,
    auto_connect=0,
    captive_portal=180,
    description="Policy for test teams.",
    disable_auto_fallback=True,
    enabled=True,
    excludes=[{
        "address": "192.0.2.0/24",
        "description": "Exclude testing domains from the tunnel",
        "host": "*.example.com",
    }],
    exclude_office_ips=True,
    includes=[{
        "address": "192.0.2.0/24",
        "description": "Exclude testing domains from the tunnel",
        "host": "*.example.com",
    }],
    lan_allow_minutes=30,
    lan_allow_subnet_size=24,
    register_interface_ip_with_dns=True,
    service_mode_v2={
        "mode": "proxy",
        "port": 3000,
    },
    support_url="https://1.1.1.1/help",
    switch_locked=True,
    tunnel_protocol="wireguard")
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;
return await Deployment.RunAsync(() =>
{
    var exampleZeroTrustDeviceCustomProfile = new Cloudflare.ZeroTrustDeviceCustomProfile("example_zero_trust_device_custom_profile", new()
    {
        AccountId = "699d98642c564d2e855e9661899b7252",
        Match = "user.identity == \"test@cloudflare.com\"",
        Name = "Allow Developers",
        Precedence = 100,
        AllowModeSwitch = true,
        AllowUpdates = true,
        AllowedToLeave = true,
        AutoConnect = 0,
        CaptivePortal = 180,
        Description = "Policy for test teams.",
        DisableAutoFallback = true,
        Enabled = true,
        Excludes = new[]
        {
            new Cloudflare.Inputs.ZeroTrustDeviceCustomProfileExcludeArgs
            {
                Address = "192.0.2.0/24",
                Description = "Exclude testing domains from the tunnel",
                Host = "*.example.com",
            },
        },
        ExcludeOfficeIps = true,
        Includes = new[]
        {
            new Cloudflare.Inputs.ZeroTrustDeviceCustomProfileIncludeArgs
            {
                Address = "192.0.2.0/24",
                Description = "Exclude testing domains from the tunnel",
                Host = "*.example.com",
            },
        },
        LanAllowMinutes = 30,
        LanAllowSubnetSize = 24,
        RegisterInterfaceIpWithDns = true,
        ServiceModeV2 = new Cloudflare.Inputs.ZeroTrustDeviceCustomProfileServiceModeV2Args
        {
            Mode = "proxy",
            Port = 3000,
        },
        SupportUrl = "https://1.1.1.1/help",
        SwitchLocked = true,
        TunnelProtocol = "wireguard",
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-cloudflare/sdk/v6/go/cloudflare"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cloudflare.NewZeroTrustDeviceCustomProfile(ctx, "example_zero_trust_device_custom_profile", &cloudflare.ZeroTrustDeviceCustomProfileArgs{
			AccountId:           pulumi.String("699d98642c564d2e855e9661899b7252"),
			Match:               pulumi.String("user.identity == \"test@cloudflare.com\""),
			Name:                pulumi.String("Allow Developers"),
			Precedence:          pulumi.Float64(100),
			AllowModeSwitch:     pulumi.Bool(true),
			AllowUpdates:        pulumi.Bool(true),
			AllowedToLeave:      pulumi.Bool(true),
			AutoConnect:         pulumi.Float64(0),
			CaptivePortal:       pulumi.Float64(180),
			Description:         pulumi.String("Policy for test teams."),
			DisableAutoFallback: pulumi.Bool(true),
			Enabled:             pulumi.Bool(true),
			Excludes: cloudflare.ZeroTrustDeviceCustomProfileExcludeArray{
				&cloudflare.ZeroTrustDeviceCustomProfileExcludeArgs{
					Address:     pulumi.String("192.0.2.0/24"),
					Description: pulumi.String("Exclude testing domains from the tunnel"),
					Host:        pulumi.String("*.example.com"),
				},
			},
			ExcludeOfficeIps: pulumi.Bool(true),
			Includes: cloudflare.ZeroTrustDeviceCustomProfileIncludeArray{
				&cloudflare.ZeroTrustDeviceCustomProfileIncludeArgs{
					Address:     pulumi.String("192.0.2.0/24"),
					Description: pulumi.String("Exclude testing domains from the tunnel"),
					Host:        pulumi.String("*.example.com"),
				},
			},
			LanAllowMinutes:            pulumi.Float64(30),
			LanAllowSubnetSize:         pulumi.Float64(24),
			RegisterInterfaceIpWithDns: pulumi.Bool(true),
			ServiceModeV2: &cloudflare.ZeroTrustDeviceCustomProfileServiceModeV2Args{
				Mode: pulumi.String("proxy"),
				Port: pulumi.Float64(3000),
			},
			SupportUrl:     pulumi.String("https://1.1.1.1/help"),
			SwitchLocked:   pulumi.Bool(true),
			TunnelProtocol: pulumi.String("wireguard"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.ZeroTrustDeviceCustomProfile;
import com.pulumi.cloudflare.ZeroTrustDeviceCustomProfileArgs;
import com.pulumi.cloudflare.inputs.ZeroTrustDeviceCustomProfileExcludeArgs;
import com.pulumi.cloudflare.inputs.ZeroTrustDeviceCustomProfileIncludeArgs;
import com.pulumi.cloudflare.inputs.ZeroTrustDeviceCustomProfileServiceModeV2Args;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleZeroTrustDeviceCustomProfile = new ZeroTrustDeviceCustomProfile("exampleZeroTrustDeviceCustomProfile", ZeroTrustDeviceCustomProfileArgs.builder()
            .accountId("699d98642c564d2e855e9661899b7252")
            .match("user.identity == \"test@cloudflare.com\"")
            .name("Allow Developers")
            .precedence(100.0)
            .allowModeSwitch(true)
            .allowUpdates(true)
            .allowedToLeave(true)
            .autoConnect(0.0)
            .captivePortal(180.0)
            .description("Policy for test teams.")
            .disableAutoFallback(true)
            .enabled(true)
            .excludes(ZeroTrustDeviceCustomProfileExcludeArgs.builder()
                .address("192.0.2.0/24")
                .description("Exclude testing domains from the tunnel")
                .host("*.example.com")
                .build())
            .excludeOfficeIps(true)
            .includes(ZeroTrustDeviceCustomProfileIncludeArgs.builder()
                .address("192.0.2.0/24")
                .description("Exclude testing domains from the tunnel")
                .host("*.example.com")
                .build())
            .lanAllowMinutes(30.0)
            .lanAllowSubnetSize(24.0)
            .registerInterfaceIpWithDns(true)
            .serviceModeV2(ZeroTrustDeviceCustomProfileServiceModeV2Args.builder()
                .mode("proxy")
                .port(3000.0)
                .build())
            .supportUrl("https://1.1.1.1/help")
            .switchLocked(true)
            .tunnelProtocol("wireguard")
            .build());
    }
}
Content copied to clipboard
resources:
  exampleZeroTrustDeviceCustomProfile:
    type: cloudflare:ZeroTrustDeviceCustomProfile
    name: example_zero_trust_device_custom_profile
    properties:
      accountId: 699d98642c564d2e855e9661899b7252
      match: user.identity == "test@cloudflare.com"
      name: Allow Developers
      precedence: 100
      allowModeSwitch: true
      allowUpdates: true
      allowedToLeave: true
      autoConnect: 0
      captivePortal: 180
      description: Policy for test teams.
      disableAutoFallback: true
      enabled: true
      excludes:
        - address: 192.0.2.0/24
          description: Exclude testing domains from the tunnel
          host: '*.example.com'
      excludeOfficeIps: true
      includes:
        - address: 192.0.2.0/24
          description: Exclude testing domains from the tunnel
          host: '*.example.com'
      lanAllowMinutes: 30
      lanAllowSubnetSize: 24
      registerInterfaceIpWithDns: true
      serviceModeV2:
        mode: proxy
        port: 3000
      supportUrl: https://1.1.1.1/help
      switchLocked: true
      tunnelProtocol: wireguard
Content copied to clipboard

Import

$ pulumi import cloudflare:index/zeroTrustDeviceCustomProfile:ZeroTrustDeviceCustomProfile example '<account_id>/<policy_id>'
Content copied to clipboard

Properties

Link copied to clipboard
val accountId: Output<String>
Link copied to clipboard
val allowedToLeave: Output<Boolean>?

Whether to allow devices to leave the organization.

Link copied to clipboard
val allowModeSwitch: Output<Boolean>?

Whether to allow the user to switch WARP between modes.

Link copied to clipboard
val allowUpdates: Output<Boolean>?

Whether to receive update notifications when a new version of the client is available.

Link copied to clipboard
val autoConnect: Output<Double>?

The amount of time in seconds to reconnect after having been disabled.

Link copied to clipboard
val captivePortal: Output<Double>?

Turn on the captive portal after the specified amount of time.

Link copied to clipboard
val default: Output<Boolean>

Whether the policy is the default policy for an account.

Link copied to clipboard
val description: Output<String>?

A description of the policy.

Link copied to clipboard
val disableAutoFallback: Output<Boolean>?

If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.

Link copied to clipboard
val enabled: Output<Boolean>?

Whether the policy will be applied to matching devices.

Link copied to clipboard
val excludeOfficeIps: Output<Boolean>?

Whether to add Microsoft IPs to Split Tunnel exclusions.

Link copied to clipboard
val excludes: Output<List<ZeroTrustDeviceCustomProfileExclude>>

List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.

Link copied to clipboard
Link copied to clipboard
val gatewayUniqueId: Output<String>
Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val includes: Output<List<ZeroTrustDeviceCustomProfileInclude>>

List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.

Link copied to clipboard
val lanAllowMinutes: Output<Double>?

The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset.

Link copied to clipboard
val lanAllowSubnetSize: Output<Double>?

The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset.

Link copied to clipboard
val match: Output<String>

The wirefilter expression to match devices.

Link copied to clipboard
val name: Output<String>

The name of the device settings profile.

Link copied to clipboard
val policyId: Output<String>

Device ID.

Link copied to clipboard
val precedence: Output<Double>

The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field.

Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val registerInterfaceIpWithDns: Output<Boolean>?

Determines if the operating system will register WARP's local interface IP with your on-premises DNS server.

Link copied to clipboard
Link copied to clipboard
val supportUrl: Output<String>?

The URL to launch when the Send Feedback button is clicked.

Link copied to clipboard
val switchLocked: Output<Boolean>?

Whether to allow the user to turn off the WARP switch and disconnect the client.

Link copied to clipboard
Link copied to clipboard
val tunnelProtocol: Output<String>?

Determines which tunnel protocol to use.

Link copied to clipboard
val urn: Output<String>