Cloudflare v6.1.2, Apr 28 25

Cloudflare v6.1.2 published on Monday, Apr 28, 2025 by Pulumi

cloudflare.ZeroTrustDeviceDefaultProfile

Explore with Pulumi AI

Cloudflare v6.1.2 published on Monday, Apr 28, 2025 by Pulumi

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const exampleZeroTrustDeviceDefaultProfile = new cloudflare.ZeroTrustDeviceDefaultProfile("example_zero_trust_device_default_profile", {
    accountId: "699d98642c564d2e855e9661899b7252",
    allowModeSwitch: true,
    allowUpdates: true,
    allowedToLeave: true,
    autoConnect: 0,
    captivePortal: 180,
    disableAutoFallback: true,
    excludes: [{
        address: "192.0.2.0/24",
        description: "Exclude testing domains from the tunnel",
    }],
    excludeOfficeIps: true,
    includes: [{
        address: "192.0.2.0/24",
        description: "Include testing domains in the tunnel",
    }],
    registerInterfaceIpWithDns: true,
    serviceModeV2: {
        mode: "proxy",
        port: 3000,
    },
    supportUrl: "https://1.1.1.1/help",
    switchLocked: true,
    tunnelProtocol: "wireguard",
});

import pulumi
import pulumi_cloudflare as cloudflare

example_zero_trust_device_default_profile = cloudflare.ZeroTrustDeviceDefaultProfile("example_zero_trust_device_default_profile",
    account_id="699d98642c564d2e855e9661899b7252",
    allow_mode_switch=True,
    allow_updates=True,
    allowed_to_leave=True,
    auto_connect=0,
    captive_portal=180,
    disable_auto_fallback=True,
    excludes=[{
        "address": "192.0.2.0/24",
        "description": "Exclude testing domains from the tunnel",
    }],
    exclude_office_ips=True,
    includes=[{
        "address": "192.0.2.0/24",
        "description": "Include testing domains in the tunnel",
    }],
    register_interface_ip_with_dns=True,
    service_mode_v2={
        "mode": "proxy",
        "port": 3000,
    },
    support_url="https://1.1.1.1/help",
    switch_locked=True,
    tunnel_protocol="wireguard")

package main

import (
	"github.com/pulumi/pulumi-cloudflare/sdk/v6/go/cloudflare"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cloudflare.NewZeroTrustDeviceDefaultProfile(ctx, "example_zero_trust_device_default_profile", &cloudflare.ZeroTrustDeviceDefaultProfileArgs{
			AccountId:           pulumi.String("699d98642c564d2e855e9661899b7252"),
			AllowModeSwitch:     pulumi.Bool(true),
			AllowUpdates:        pulumi.Bool(true),
			AllowedToLeave:      pulumi.Bool(true),
			AutoConnect:         pulumi.Float64(0),
			CaptivePortal:       pulumi.Float64(180),
			DisableAutoFallback: pulumi.Bool(true),
			Excludes: cloudflare.ZeroTrustDeviceDefaultProfileExcludeArray{
				&cloudflare.ZeroTrustDeviceDefaultProfileExcludeArgs{
					Address:     pulumi.String("192.0.2.0/24"),
					Description: pulumi.String("Exclude testing domains from the tunnel"),
				},
			},
			ExcludeOfficeIps: pulumi.Bool(true),
			Includes: cloudflare.ZeroTrustDeviceDefaultProfileIncludeArray{
				&cloudflare.ZeroTrustDeviceDefaultProfileIncludeArgs{
					Address:     pulumi.String("192.0.2.0/24"),
					Description: pulumi.String("Include testing domains in the tunnel"),
				},
			},
			RegisterInterfaceIpWithDns: pulumi.Bool(true),
			ServiceModeV2: &cloudflare.ZeroTrustDeviceDefaultProfileServiceModeV2Args{
				Mode: pulumi.String("proxy"),
				Port: pulumi.Float64(3000),
			},
			SupportUrl:     pulumi.String("https://1.1.1.1/help"),
			SwitchLocked:   pulumi.Bool(true),
			TunnelProtocol: pulumi.String("wireguard"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;

return await Deployment.RunAsync(() => 
{
    var exampleZeroTrustDeviceDefaultProfile = new Cloudflare.ZeroTrustDeviceDefaultProfile("example_zero_trust_device_default_profile", new()
    {
        AccountId = "699d98642c564d2e855e9661899b7252",
        AllowModeSwitch = true,
        AllowUpdates = true,
        AllowedToLeave = true,
        AutoConnect = 0,
        CaptivePortal = 180,
        DisableAutoFallback = true,
        Excludes = new[]
        {
            new Cloudflare.Inputs.ZeroTrustDeviceDefaultProfileExcludeArgs
            {
                Address = "192.0.2.0/24",
                Description = "Exclude testing domains from the tunnel",
            },
        },
        ExcludeOfficeIps = true,
        Includes = new[]
        {
            new Cloudflare.Inputs.ZeroTrustDeviceDefaultProfileIncludeArgs
            {
                Address = "192.0.2.0/24",
                Description = "Include testing domains in the tunnel",
            },
        },
        RegisterInterfaceIpWithDns = true,
        ServiceModeV2 = new Cloudflare.Inputs.ZeroTrustDeviceDefaultProfileServiceModeV2Args
        {
            Mode = "proxy",
            Port = 3000,
        },
        SupportUrl = "https://1.1.1.1/help",
        SwitchLocked = true,
        TunnelProtocol = "wireguard",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.ZeroTrustDeviceDefaultProfile;
import com.pulumi.cloudflare.ZeroTrustDeviceDefaultProfileArgs;
import com.pulumi.cloudflare.inputs.ZeroTrustDeviceDefaultProfileExcludeArgs;
import com.pulumi.cloudflare.inputs.ZeroTrustDeviceDefaultProfileIncludeArgs;
import com.pulumi.cloudflare.inputs.ZeroTrustDeviceDefaultProfileServiceModeV2Args;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleZeroTrustDeviceDefaultProfile = new ZeroTrustDeviceDefaultProfile("exampleZeroTrustDeviceDefaultProfile", ZeroTrustDeviceDefaultProfileArgs.builder()
            .accountId("699d98642c564d2e855e9661899b7252")
            .allowModeSwitch(true)
            .allowUpdates(true)
            .allowedToLeave(true)
            .autoConnect(0.0)
            .captivePortal(180.0)
            .disableAutoFallback(true)
            .excludes(ZeroTrustDeviceDefaultProfileExcludeArgs.builder()
                .address("192.0.2.0/24")
                .description("Exclude testing domains from the tunnel")
                .build())
            .excludeOfficeIps(true)
            .includes(ZeroTrustDeviceDefaultProfileIncludeArgs.builder()
                .address("192.0.2.0/24")
                .description("Include testing domains in the tunnel")
                .build())
            .registerInterfaceIpWithDns(true)
            .serviceModeV2(ZeroTrustDeviceDefaultProfileServiceModeV2Args.builder()
                .mode("proxy")
                .port(3000.0)
                .build())
            .supportUrl("https://1.1.1.1/help")
            .switchLocked(true)
            .tunnelProtocol("wireguard")
            .build());

    }
}

resources:
  exampleZeroTrustDeviceDefaultProfile:
    type: cloudflare:ZeroTrustDeviceDefaultProfile
    name: example_zero_trust_device_default_profile
    properties:
      accountId: 699d98642c564d2e855e9661899b7252
      allowModeSwitch: true
      allowUpdates: true
      allowedToLeave: true
      autoConnect: 0
      captivePortal: 180
      disableAutoFallback: true
      excludes:
        - address: 192.0.2.0/24
          description: Exclude testing domains from the tunnel
      excludeOfficeIps: true
      includes:
        - address: 192.0.2.0/24
          description: Include testing domains in the tunnel
      registerInterfaceIpWithDns: true
      serviceModeV2:
        mode: proxy
        port: 3000
      supportUrl: https://1.1.1.1/help
      switchLocked: true
      tunnelProtocol: wireguard

Create ZeroTrustDeviceDefaultProfile Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new ZeroTrustDeviceDefaultProfile(name: string, args: ZeroTrustDeviceDefaultProfileArgs, opts?: CustomResourceOptions);

@overload
def ZeroTrustDeviceDefaultProfile(resource_name: str,
                                  args: ZeroTrustDeviceDefaultProfileArgs,
                                  opts: Optional[ResourceOptions] = None)

@overload
def ZeroTrustDeviceDefaultProfile(resource_name: str,
                                  opts: Optional[ResourceOptions] = None,
                                  account_id: Optional[str] = None,
                                  allow_mode_switch: Optional[bool] = None,
                                  allow_updates: Optional[bool] = None,
                                  allowed_to_leave: Optional[bool] = None,
                                  auto_connect: Optional[float] = None,
                                  captive_portal: Optional[float] = None,
                                  disable_auto_fallback: Optional[bool] = None,
                                  exclude_office_ips: Optional[bool] = None,
                                  excludes: Optional[Sequence[ZeroTrustDeviceDefaultProfileExcludeArgs]] = None,
                                  includes: Optional[Sequence[ZeroTrustDeviceDefaultProfileIncludeArgs]] = None,
                                  register_interface_ip_with_dns: Optional[bool] = None,
                                  service_mode_v2: Optional[ZeroTrustDeviceDefaultProfileServiceModeV2Args] = None,
                                  support_url: Optional[str] = None,
                                  switch_locked: Optional[bool] = None,
                                  tunnel_protocol: Optional[str] = None)

func NewZeroTrustDeviceDefaultProfile(ctx *Context, name string, args ZeroTrustDeviceDefaultProfileArgs, opts ...ResourceOption) (*ZeroTrustDeviceDefaultProfile, error)

public ZeroTrustDeviceDefaultProfile(string name, ZeroTrustDeviceDefaultProfileArgs args, CustomResourceOptions? opts = null)

public ZeroTrustDeviceDefaultProfile(String name, ZeroTrustDeviceDefaultProfileArgs args)
public ZeroTrustDeviceDefaultProfile(String name, ZeroTrustDeviceDefaultProfileArgs args, CustomResourceOptions options)

type: cloudflare:ZeroTrustDeviceDefaultProfile
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args ZeroTrustDeviceDefaultProfileArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ZeroTrustDeviceDefaultProfileArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ZeroTrustDeviceDefaultProfileArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ZeroTrustDeviceDefaultProfileArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ZeroTrustDeviceDefaultProfileArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var zeroTrustDeviceDefaultProfileResource = new Cloudflare.ZeroTrustDeviceDefaultProfile("zeroTrustDeviceDefaultProfileResource", new()
{
    AccountId = "string",
    AllowModeSwitch = false,
    AllowUpdates = false,
    AllowedToLeave = false,
    AutoConnect = 0,
    CaptivePortal = 0,
    DisableAutoFallback = false,
    ExcludeOfficeIps = false,
    Excludes = new[]
    {
        new Cloudflare.Inputs.ZeroTrustDeviceDefaultProfileExcludeArgs
        {
            Address = "string",
            Description = "string",
            Host = "string",
        },
    },
    Includes = new[]
    {
        new Cloudflare.Inputs.ZeroTrustDeviceDefaultProfileIncludeArgs
        {
            Address = "string",
            Description = "string",
            Host = "string",
        },
    },
    RegisterInterfaceIpWithDns = false,
    ServiceModeV2 = new Cloudflare.Inputs.ZeroTrustDeviceDefaultProfileServiceModeV2Args
    {
        Mode = "string",
        Port = 0,
    },
    SupportUrl = "string",
    SwitchLocked = false,
    TunnelProtocol = "string",
});

example, err := cloudflare.NewZeroTrustDeviceDefaultProfile(ctx, "zeroTrustDeviceDefaultProfileResource", &cloudflare.ZeroTrustDeviceDefaultProfileArgs{
	AccountId:           pulumi.String("string"),
	AllowModeSwitch:     pulumi.Bool(false),
	AllowUpdates:        pulumi.Bool(false),
	AllowedToLeave:      pulumi.Bool(false),
	AutoConnect:         pulumi.Float64(0),
	CaptivePortal:       pulumi.Float64(0),
	DisableAutoFallback: pulumi.Bool(false),
	ExcludeOfficeIps:    pulumi.Bool(false),
	Excludes: cloudflare.ZeroTrustDeviceDefaultProfileExcludeArray{
		&cloudflare.ZeroTrustDeviceDefaultProfileExcludeArgs{
			Address:     pulumi.String("string"),
			Description: pulumi.String("string"),
			Host:        pulumi.String("string"),
		},
	},
	Includes: cloudflare.ZeroTrustDeviceDefaultProfileIncludeArray{
		&cloudflare.ZeroTrustDeviceDefaultProfileIncludeArgs{
			Address:     pulumi.String("string"),
			Description: pulumi.String("string"),
			Host:        pulumi.String("string"),
		},
	},
	RegisterInterfaceIpWithDns: pulumi.Bool(false),
	ServiceModeV2: &cloudflare.ZeroTrustDeviceDefaultProfileServiceModeV2Args{
		Mode: pulumi.String("string"),
		Port: pulumi.Float64(0),
	},
	SupportUrl:     pulumi.String("string"),
	SwitchLocked:   pulumi.Bool(false),
	TunnelProtocol: pulumi.String("string"),
})

var zeroTrustDeviceDefaultProfileResource = new ZeroTrustDeviceDefaultProfile("zeroTrustDeviceDefaultProfileResource", ZeroTrustDeviceDefaultProfileArgs.builder()
    .accountId("string")
    .allowModeSwitch(false)
    .allowUpdates(false)
    .allowedToLeave(false)
    .autoConnect(0)
    .captivePortal(0)
    .disableAutoFallback(false)
    .excludeOfficeIps(false)
    .excludes(ZeroTrustDeviceDefaultProfileExcludeArgs.builder()
        .address("string")
        .description("string")
        .host("string")
        .build())
    .includes(ZeroTrustDeviceDefaultProfileIncludeArgs.builder()
        .address("string")
        .description("string")
        .host("string")
        .build())
    .registerInterfaceIpWithDns(false)
    .serviceModeV2(ZeroTrustDeviceDefaultProfileServiceModeV2Args.builder()
        .mode("string")
        .port(0)
        .build())
    .supportUrl("string")
    .switchLocked(false)
    .tunnelProtocol("string")
    .build());

zero_trust_device_default_profile_resource = cloudflare.ZeroTrustDeviceDefaultProfile("zeroTrustDeviceDefaultProfileResource",
    account_id="string",
    allow_mode_switch=False,
    allow_updates=False,
    allowed_to_leave=False,
    auto_connect=0,
    captive_portal=0,
    disable_auto_fallback=False,
    exclude_office_ips=False,
    excludes=[{
        "address": "string",
        "description": "string",
        "host": "string",
    }],
    includes=[{
        "address": "string",
        "description": "string",
        "host": "string",
    }],
    register_interface_ip_with_dns=False,
    service_mode_v2={
        "mode": "string",
        "port": 0,
    },
    support_url="string",
    switch_locked=False,
    tunnel_protocol="string")

const zeroTrustDeviceDefaultProfileResource = new cloudflare.ZeroTrustDeviceDefaultProfile("zeroTrustDeviceDefaultProfileResource", {
    accountId: "string",
    allowModeSwitch: false,
    allowUpdates: false,
    allowedToLeave: false,
    autoConnect: 0,
    captivePortal: 0,
    disableAutoFallback: false,
    excludeOfficeIps: false,
    excludes: [{
        address: "string",
        description: "string",
        host: "string",
    }],
    includes: [{
        address: "string",
        description: "string",
        host: "string",
    }],
    registerInterfaceIpWithDns: false,
    serviceModeV2: {
        mode: "string",
        port: 0,
    },
    supportUrl: "string",
    switchLocked: false,
    tunnelProtocol: "string",
});

type: cloudflare:ZeroTrustDeviceDefaultProfile
properties:
    accountId: string
    allowModeSwitch: false
    allowUpdates: false
    allowedToLeave: false
    autoConnect: 0
    captivePortal: 0
    disableAutoFallback: false
    excludeOfficeIps: false
    excludes:
        - address: string
          description: string
          host: string
    includes:
        - address: string
          description: string
          host: string
    registerInterfaceIpWithDns: false
    serviceModeV2:
        mode: string
        port: 0
    supportUrl: string
    switchLocked: false
    tunnelProtocol: string

ZeroTrustDeviceDefaultProfile Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The ZeroTrustDeviceDefaultProfile resource accepts the following input properties:

AccountId string
AllowModeSwitch bool: Whether to allow the user to switch WARP between modes.
AllowUpdates bool: Whether to receive update notifications when a new version of the client is available.
AllowedToLeave bool: Whether to allow devices to leave the organization.
AutoConnect double: The amount of time in seconds to reconnect after having been disabled.
CaptivePortal double: Turn on the captive portal after the specified amount of time.
DisableAutoFallback bool: If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.
ExcludeOfficeIps bool: Whether to add Microsoft IPs to Split Tunnel exclusions.
Excludes List<ZeroTrustDeviceDefaultProfileExclude>: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
Includes List<ZeroTrustDeviceDefaultProfileInclude>: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
RegisterInterfaceIpWithDns bool: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server.
ServiceModeV2 ZeroTrustDeviceDefaultProfileServiceModeV2
SupportUrl string: The URL to launch when the Send Feedback button is clicked.
SwitchLocked bool: Whether to allow the user to turn off the WARP switch and disconnect the client.
TunnelProtocol string: Determines which tunnel protocol to use.

AccountId string
AllowModeSwitch bool: Whether to allow the user to switch WARP between modes.
AllowUpdates bool: Whether to receive update notifications when a new version of the client is available.
AllowedToLeave bool: Whether to allow devices to leave the organization.
AutoConnect float64: The amount of time in seconds to reconnect after having been disabled.
CaptivePortal float64: Turn on the captive portal after the specified amount of time.
DisableAutoFallback bool: If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.
ExcludeOfficeIps bool: Whether to add Microsoft IPs to Split Tunnel exclusions.
Excludes []ZeroTrustDeviceDefaultProfileExcludeArgs: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
Includes []ZeroTrustDeviceDefaultProfileIncludeArgs: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
RegisterInterfaceIpWithDns bool: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server.
ServiceModeV2 ZeroTrustDeviceDefaultProfileServiceModeV2Args
SupportUrl string: The URL to launch when the Send Feedback button is clicked.
SwitchLocked bool: Whether to allow the user to turn off the WARP switch and disconnect the client.
TunnelProtocol string: Determines which tunnel protocol to use.

accountId String
allowModeSwitch Boolean: Whether to allow the user to switch WARP between modes.
allowUpdates Boolean: Whether to receive update notifications when a new version of the client is available.
allowedToLeave Boolean: Whether to allow devices to leave the organization.
autoConnect Double: The amount of time in seconds to reconnect after having been disabled.
captivePortal Double: Turn on the captive portal after the specified amount of time.
disableAutoFallback Boolean: If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.
excludeOfficeIps Boolean: Whether to add Microsoft IPs to Split Tunnel exclusions.
excludes List<ZeroTrustDeviceDefaultProfileExclude>: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
includes List<ZeroTrustDeviceDefaultProfileInclude>: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
registerInterfaceIpWithDns Boolean: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server.
serviceModeV2 ZeroTrustDeviceDefaultProfileServiceModeV2
supportUrl String: The URL to launch when the Send Feedback button is clicked.
switchLocked Boolean: Whether to allow the user to turn off the WARP switch and disconnect the client.
tunnelProtocol String: Determines which tunnel protocol to use.

accountId string
allowModeSwitch boolean: Whether to allow the user to switch WARP between modes.
allowUpdates boolean: Whether to receive update notifications when a new version of the client is available.
allowedToLeave boolean: Whether to allow devices to leave the organization.
autoConnect number: The amount of time in seconds to reconnect after having been disabled.
captivePortal number: Turn on the captive portal after the specified amount of time.
disableAutoFallback boolean: If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.
excludeOfficeIps boolean: Whether to add Microsoft IPs to Split Tunnel exclusions.
excludes ZeroTrustDeviceDefaultProfileExclude[]: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
includes ZeroTrustDeviceDefaultProfileInclude[]: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
registerInterfaceIpWithDns boolean: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server.
serviceModeV2 ZeroTrustDeviceDefaultProfileServiceModeV2
supportUrl string: The URL to launch when the Send Feedback button is clicked.
switchLocked boolean: Whether to allow the user to turn off the WARP switch and disconnect the client.
tunnelProtocol string: Determines which tunnel protocol to use.

account_id str
allow_mode_switch bool: Whether to allow the user to switch WARP between modes.
allow_updates bool: Whether to receive update notifications when a new version of the client is available.
allowed_to_leave bool: Whether to allow devices to leave the organization.
auto_connect float: The amount of time in seconds to reconnect after having been disabled.
captive_portal float: Turn on the captive portal after the specified amount of time.
disable_auto_fallback bool: If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.
exclude_office_ips bool: Whether to add Microsoft IPs to Split Tunnel exclusions.
excludes Sequence[ZeroTrustDeviceDefaultProfileExcludeArgs]: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
includes Sequence[ZeroTrustDeviceDefaultProfileIncludeArgs]: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
register_interface_ip_with_dns bool: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server.
service_mode_v2 ZeroTrustDeviceDefaultProfileServiceModeV2Args
support_url str: The URL to launch when the Send Feedback button is clicked.
switch_locked bool: Whether to allow the user to turn off the WARP switch and disconnect the client.
tunnel_protocol str: Determines which tunnel protocol to use.

accountId String
allowModeSwitch Boolean: Whether to allow the user to switch WARP between modes.
allowUpdates Boolean: Whether to receive update notifications when a new version of the client is available.
allowedToLeave Boolean: Whether to allow devices to leave the organization.
autoConnect Number: The amount of time in seconds to reconnect after having been disabled.
captivePortal Number: Turn on the captive portal after the specified amount of time.
disableAutoFallback Boolean: If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.
excludeOfficeIps Boolean: Whether to add Microsoft IPs to Split Tunnel exclusions.
excludes List<Property Map>: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
includes List<Property Map>: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
registerInterfaceIpWithDns Boolean: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server.
serviceModeV2 Property Map
supportUrl String: The URL to launch when the Send Feedback button is clicked.
switchLocked Boolean: Whether to allow the user to turn off the WARP switch and disconnect the client.
tunnelProtocol String: Determines which tunnel protocol to use.

Outputs

All input properties are implicitly available as output properties. Additionally, the ZeroTrustDeviceDefaultProfile resource produces the following output properties:

Default bool: Whether the policy will be applied to matching devices.
Enabled bool: Whether the policy will be applied to matching devices.
FallbackDomains List<ZeroTrustDeviceDefaultProfileFallbackDomain>
GatewayUniqueId string
Id string: The provider-assigned unique ID for this managed resource.

Default bool: Whether the policy will be applied to matching devices.
Enabled bool: Whether the policy will be applied to matching devices.
FallbackDomains []ZeroTrustDeviceDefaultProfileFallbackDomain
GatewayUniqueId string
Id string: The provider-assigned unique ID for this managed resource.

default_ Boolean: Whether the policy will be applied to matching devices.
enabled Boolean: Whether the policy will be applied to matching devices.
fallbackDomains List<ZeroTrustDeviceDefaultProfileFallbackDomain>
gatewayUniqueId String
id String: The provider-assigned unique ID for this managed resource.

default boolean: Whether the policy will be applied to matching devices.
enabled boolean: Whether the policy will be applied to matching devices.
fallbackDomains ZeroTrustDeviceDefaultProfileFallbackDomain[]
gatewayUniqueId string
id string: The provider-assigned unique ID for this managed resource.

default bool: Whether the policy will be applied to matching devices.
enabled bool: Whether the policy will be applied to matching devices.
fallback_domains Sequence[ZeroTrustDeviceDefaultProfileFallbackDomain]
gateway_unique_id str
id str: The provider-assigned unique ID for this managed resource.

default Boolean: Whether the policy will be applied to matching devices.
enabled Boolean: Whether the policy will be applied to matching devices.
fallbackDomains List<Property Map>
gatewayUniqueId String
id String: The provider-assigned unique ID for this managed resource.

Look up Existing ZeroTrustDeviceDefaultProfile Resource

Get an existing ZeroTrustDeviceDefaultProfile resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ZeroTrustDeviceDefaultProfileState, opts?: CustomResourceOptions): ZeroTrustDeviceDefaultProfile

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        account_id: Optional[str] = None,
        allow_mode_switch: Optional[bool] = None,
        allow_updates: Optional[bool] = None,
        allowed_to_leave: Optional[bool] = None,
        auto_connect: Optional[float] = None,
        captive_portal: Optional[float] = None,
        default: Optional[bool] = None,
        disable_auto_fallback: Optional[bool] = None,
        enabled: Optional[bool] = None,
        exclude_office_ips: Optional[bool] = None,
        excludes: Optional[Sequence[ZeroTrustDeviceDefaultProfileExcludeArgs]] = None,
        fallback_domains: Optional[Sequence[ZeroTrustDeviceDefaultProfileFallbackDomainArgs]] = None,
        gateway_unique_id: Optional[str] = None,
        includes: Optional[Sequence[ZeroTrustDeviceDefaultProfileIncludeArgs]] = None,
        register_interface_ip_with_dns: Optional[bool] = None,
        service_mode_v2: Optional[ZeroTrustDeviceDefaultProfileServiceModeV2Args] = None,
        support_url: Optional[str] = None,
        switch_locked: Optional[bool] = None,
        tunnel_protocol: Optional[str] = None) -> ZeroTrustDeviceDefaultProfile

func GetZeroTrustDeviceDefaultProfile(ctx *Context, name string, id IDInput, state *ZeroTrustDeviceDefaultProfileState, opts ...ResourceOption) (*ZeroTrustDeviceDefaultProfile, error)

public static ZeroTrustDeviceDefaultProfile Get(string name, Input<string> id, ZeroTrustDeviceDefaultProfileState? state, CustomResourceOptions? opts = null)

public static ZeroTrustDeviceDefaultProfile get(String name, Output<String> id, ZeroTrustDeviceDefaultProfileState state, CustomResourceOptions options)

resources:  _:    type: cloudflare:ZeroTrustDeviceDefaultProfile    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccountId string
AllowModeSwitch bool: Whether to allow the user to switch WARP between modes.
AllowUpdates bool: Whether to receive update notifications when a new version of the client is available.
AllowedToLeave bool: Whether to allow devices to leave the organization.
AutoConnect double: The amount of time in seconds to reconnect after having been disabled.
CaptivePortal double: Turn on the captive portal after the specified amount of time.
Default bool: Whether the policy will be applied to matching devices.
DisableAutoFallback bool: If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.
Enabled bool: Whether the policy will be applied to matching devices.
ExcludeOfficeIps bool: Whether to add Microsoft IPs to Split Tunnel exclusions.
Excludes List<ZeroTrustDeviceDefaultProfileExclude>: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
FallbackDomains List<ZeroTrustDeviceDefaultProfileFallbackDomain>
GatewayUniqueId string
Includes List<ZeroTrustDeviceDefaultProfileInclude>: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
RegisterInterfaceIpWithDns bool: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server.
ServiceModeV2 ZeroTrustDeviceDefaultProfileServiceModeV2
SupportUrl string: The URL to launch when the Send Feedback button is clicked.
SwitchLocked bool: Whether to allow the user to turn off the WARP switch and disconnect the client.
TunnelProtocol string: Determines which tunnel protocol to use.

AccountId string
AllowModeSwitch bool: Whether to allow the user to switch WARP between modes.
AllowUpdates bool: Whether to receive update notifications when a new version of the client is available.
AllowedToLeave bool: Whether to allow devices to leave the organization.
AutoConnect float64: The amount of time in seconds to reconnect after having been disabled.
CaptivePortal float64: Turn on the captive portal after the specified amount of time.
Default bool: Whether the policy will be applied to matching devices.
DisableAutoFallback bool: If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.
Enabled bool: Whether the policy will be applied to matching devices.
ExcludeOfficeIps bool: Whether to add Microsoft IPs to Split Tunnel exclusions.
Excludes []ZeroTrustDeviceDefaultProfileExcludeArgs: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
FallbackDomains []ZeroTrustDeviceDefaultProfileFallbackDomainArgs
GatewayUniqueId string
Includes []ZeroTrustDeviceDefaultProfileIncludeArgs: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
RegisterInterfaceIpWithDns bool: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server.
ServiceModeV2 ZeroTrustDeviceDefaultProfileServiceModeV2Args
SupportUrl string: The URL to launch when the Send Feedback button is clicked.
SwitchLocked bool: Whether to allow the user to turn off the WARP switch and disconnect the client.
TunnelProtocol string: Determines which tunnel protocol to use.

accountId String
allowModeSwitch Boolean: Whether to allow the user to switch WARP between modes.
allowUpdates Boolean: Whether to receive update notifications when a new version of the client is available.
allowedToLeave Boolean: Whether to allow devices to leave the organization.
autoConnect Double: The amount of time in seconds to reconnect after having been disabled.
captivePortal Double: Turn on the captive portal after the specified amount of time.
default_ Boolean: Whether the policy will be applied to matching devices.
disableAutoFallback Boolean: If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.
enabled Boolean: Whether the policy will be applied to matching devices.
excludeOfficeIps Boolean: Whether to add Microsoft IPs to Split Tunnel exclusions.
excludes List<ZeroTrustDeviceDefaultProfileExclude>: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
fallbackDomains List<ZeroTrustDeviceDefaultProfileFallbackDomain>
gatewayUniqueId String
includes List<ZeroTrustDeviceDefaultProfileInclude>: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
registerInterfaceIpWithDns Boolean: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server.
serviceModeV2 ZeroTrustDeviceDefaultProfileServiceModeV2
supportUrl String: The URL to launch when the Send Feedback button is clicked.
switchLocked Boolean: Whether to allow the user to turn off the WARP switch and disconnect the client.
tunnelProtocol String: Determines which tunnel protocol to use.

accountId string
allowModeSwitch boolean: Whether to allow the user to switch WARP between modes.
allowUpdates boolean: Whether to receive update notifications when a new version of the client is available.
allowedToLeave boolean: Whether to allow devices to leave the organization.
autoConnect number: The amount of time in seconds to reconnect after having been disabled.
captivePortal number: Turn on the captive portal after the specified amount of time.
default boolean: Whether the policy will be applied to matching devices.
disableAutoFallback boolean: If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.
enabled boolean: Whether the policy will be applied to matching devices.
excludeOfficeIps boolean: Whether to add Microsoft IPs to Split Tunnel exclusions.
excludes ZeroTrustDeviceDefaultProfileExclude[]: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
fallbackDomains ZeroTrustDeviceDefaultProfileFallbackDomain[]
gatewayUniqueId string
includes ZeroTrustDeviceDefaultProfileInclude[]: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
registerInterfaceIpWithDns boolean: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server.
serviceModeV2 ZeroTrustDeviceDefaultProfileServiceModeV2
supportUrl string: The URL to launch when the Send Feedback button is clicked.
switchLocked boolean: Whether to allow the user to turn off the WARP switch and disconnect the client.
tunnelProtocol string: Determines which tunnel protocol to use.

account_id str
allow_mode_switch bool: Whether to allow the user to switch WARP between modes.
allow_updates bool: Whether to receive update notifications when a new version of the client is available.
allowed_to_leave bool: Whether to allow devices to leave the organization.
auto_connect float: The amount of time in seconds to reconnect after having been disabled.
captive_portal float: Turn on the captive portal after the specified amount of time.
default bool: Whether the policy will be applied to matching devices.
disable_auto_fallback bool: If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.
enabled bool: Whether the policy will be applied to matching devices.
exclude_office_ips bool: Whether to add Microsoft IPs to Split Tunnel exclusions.
excludes Sequence[ZeroTrustDeviceDefaultProfileExcludeArgs]: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
fallback_domains Sequence[ZeroTrustDeviceDefaultProfileFallbackDomainArgs]
gateway_unique_id str
includes Sequence[ZeroTrustDeviceDefaultProfileIncludeArgs]: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
register_interface_ip_with_dns bool: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server.
service_mode_v2 ZeroTrustDeviceDefaultProfileServiceModeV2Args
support_url str: The URL to launch when the Send Feedback button is clicked.
switch_locked bool: Whether to allow the user to turn off the WARP switch and disconnect the client.
tunnel_protocol str: Determines which tunnel protocol to use.

accountId String
allowModeSwitch Boolean: Whether to allow the user to switch WARP between modes.
allowUpdates Boolean: Whether to receive update notifications when a new version of the client is available.
allowedToLeave Boolean: Whether to allow devices to leave the organization.
autoConnect Number: The amount of time in seconds to reconnect after having been disabled.
captivePortal Number: Turn on the captive portal after the specified amount of time.
default Boolean: Whether the policy will be applied to matching devices.
disableAutoFallback Boolean: If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.
enabled Boolean: Whether the policy will be applied to matching devices.
excludeOfficeIps Boolean: Whether to add Microsoft IPs to Split Tunnel exclusions.
excludes List<Property Map>: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
fallbackDomains List<Property Map>
gatewayUniqueId String
includes List<Property Map>: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request.
registerInterfaceIpWithDns Boolean: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server.
serviceModeV2 Property Map
supportUrl String: The URL to launch when the Send Feedback button is clicked.
switchLocked Boolean: Whether to allow the user to turn off the WARP switch and disconnect the client.
tunnelProtocol String: Determines which tunnel protocol to use.

Supporting Types

ZeroTrustDeviceDefaultProfileExclude, ZeroTrustDeviceDefaultProfileExcludeArgs

Address string: The address in CIDR format to exclude from the tunnel. If address is present, host must not be present.
Description string: A description of the Split Tunnel item, displayed in the client UI.
Host string: The domain name to exclude from the tunnel. If host is present, address must not be present.

Address string: The address in CIDR format to exclude from the tunnel. If address is present, host must not be present.
Description string: A description of the Split Tunnel item, displayed in the client UI.
Host string: The domain name to exclude from the tunnel. If host is present, address must not be present.

address String: The address in CIDR format to exclude from the tunnel. If address is present, host must not be present.
description String: A description of the Split Tunnel item, displayed in the client UI.
host String: The domain name to exclude from the tunnel. If host is present, address must not be present.

address string: The address in CIDR format to exclude from the tunnel. If address is present, host must not be present.
description string: A description of the Split Tunnel item, displayed in the client UI.
host string: The domain name to exclude from the tunnel. If host is present, address must not be present.

address str: The address in CIDR format to exclude from the tunnel. If address is present, host must not be present.
description str: A description of the Split Tunnel item, displayed in the client UI.
host str: The domain name to exclude from the tunnel. If host is present, address must not be present.

address String: The address in CIDR format to exclude from the tunnel. If address is present, host must not be present.
description String: A description of the Split Tunnel item, displayed in the client UI.
host String: The domain name to exclude from the tunnel. If host is present, address must not be present.

ZeroTrustDeviceDefaultProfileFallbackDomain, ZeroTrustDeviceDefaultProfileFallbackDomainArgs

Description string: A description of the fallback domain, displayed in the client UI.
DnsServers List<string>: A list of IP addresses to handle domain resolution.
Suffix string: The domain suffix to match when resolving locally.

Description string: A description of the fallback domain, displayed in the client UI.
DnsServers []string: A list of IP addresses to handle domain resolution.
Suffix string: The domain suffix to match when resolving locally.

description String: A description of the fallback domain, displayed in the client UI.
dnsServers List<String>: A list of IP addresses to handle domain resolution.
suffix String: The domain suffix to match when resolving locally.

description string: A description of the fallback domain, displayed in the client UI.
dnsServers string[]: A list of IP addresses to handle domain resolution.
suffix string: The domain suffix to match when resolving locally.

description str: A description of the fallback domain, displayed in the client UI.
dns_servers Sequence[str]: A list of IP addresses to handle domain resolution.
suffix str: The domain suffix to match when resolving locally.

description String: A description of the fallback domain, displayed in the client UI.
dnsServers List<String>: A list of IP addresses to handle domain resolution.
suffix String: The domain suffix to match when resolving locally.

ZeroTrustDeviceDefaultProfileInclude, ZeroTrustDeviceDefaultProfileIncludeArgs

Address string: The address in CIDR format to include in the tunnel. If address is present, host must not be present.
Description string: A description of the Split Tunnel item, displayed in the client UI.
Host string: The domain name to include in the tunnel. If host is present, address must not be present.

Address string: The address in CIDR format to include in the tunnel. If address is present, host must not be present.
Description string: A description of the Split Tunnel item, displayed in the client UI.
Host string: The domain name to include in the tunnel. If host is present, address must not be present.

address String: The address in CIDR format to include in the tunnel. If address is present, host must not be present.
description String: A description of the Split Tunnel item, displayed in the client UI.
host String: The domain name to include in the tunnel. If host is present, address must not be present.

address string: The address in CIDR format to include in the tunnel. If address is present, host must not be present.
description string: A description of the Split Tunnel item, displayed in the client UI.
host string: The domain name to include in the tunnel. If host is present, address must not be present.

address str: The address in CIDR format to include in the tunnel. If address is present, host must not be present.
description str: A description of the Split Tunnel item, displayed in the client UI.
host str: The domain name to include in the tunnel. If host is present, address must not be present.

address String: The address in CIDR format to include in the tunnel. If address is present, host must not be present.
description String: A description of the Split Tunnel item, displayed in the client UI.
host String: The domain name to include in the tunnel. If host is present, address must not be present.

ZeroTrustDeviceDefaultProfileServiceModeV2, ZeroTrustDeviceDefaultProfileServiceModeV2Args

Mode string: The mode to run the WARP client under.
Port double: The port number when used with proxy mode.

Mode string: The mode to run the WARP client under.
Port float64: The port number when used with proxy mode.

mode String: The mode to run the WARP client under.
port Double: The port number when used with proxy mode.

mode string: The mode to run the WARP client under.
port number: The port number when used with proxy mode.

mode str: The mode to run the WARP client under.
port float: The port number when used with proxy mode.

mode String: The mode to run the WARP client under.
port Number: The port number when used with proxy mode.

Import

$ pulumi import cloudflare:index/zeroTrustDeviceDefaultProfile:ZeroTrustDeviceDefaultProfile example '<account_id>'

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Cloudflare pulumi/pulumi-cloudflare
License: Apache-2.0
Notes: This Pulumi package is based on the cloudflare Terraform Provider.

Cloudflare v6.1.2 published on Monday, Apr 28, 2025 by Pulumi

pulumi/pulumi-cloudflare

cloudflare.ZeroTrustDeviceDefaultProfile

On this page

On this page

Example Usage

Create ZeroTrustDeviceDefaultProfile Resource

Constructor syntax

Parameters

Constructor example

ZeroTrustDeviceDefaultProfile Resource Properties

Inputs

Outputs

Look up Existing ZeroTrustDeviceDefaultProfile Resource

Supporting Types

ZeroTrustDeviceDefaultProfileExclude, ZeroTrustDeviceDefaultProfileExcludeArgs

ZeroTrustDeviceDefaultProfileFallbackDomain, ZeroTrustDeviceDefaultProfileFallbackDomainArgs

ZeroTrustDeviceDefaultProfileInclude, ZeroTrustDeviceDefaultProfileIncludeArgs

ZeroTrustDeviceDefaultProfileServiceModeV2, ZeroTrustDeviceDefaultProfileServiceModeV2Args

Import

Package Details

On this page

On this page