custom device profile

Author: ranbel

src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles.mdx

@@ -5,7 +5,7 @@ sidebar:
   order: 2
 ---
 
-import { Render, TabItem, Tabs } from "~/components";
+import { Render, TabItem, Tabs, APIRequest } from "~/components";
 
 <Render file="warp/device-profiles-intro" />
 
@@ -32,34 +32,70 @@ Your profile will appear in the **Profile settings** list. You can rearrange the
 
 <TabItem label="API">
 
-Send a `POST` request to the [Devices endpoint](/api/resources/zero_trust/subresources/devices/subresources/policies/subresources/custom/methods/create/):
-
-```bash
-curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/devices/policy \
---header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
---header "Content-Type: application/json" \
---data '{
-  "allow_mode_switch": false,
-  "allow_updates": false,
-  "allowed_to_leave": false,
-  "auto_connect": 900,
-  "captive_portal": 180,
-  "description": "Cloudflare'\''s basic device settings profile, recommended in the implementation documentation. For details, refer to https://developers.cloudflare.com/learning-paths/replace-vpn/configure-device-agent/device-profiles/",
-  "disable_auto_fallback": true,
-  "enabled": true,
-  "exclude_office_ips": false,
-  "match": "identity.email == \"[email protected]\"",
-  "name": "Cloudflare basic device profile",
-  "precedence": 101,
-  "service_mode_v2": {
-    "mode": "warp"
-  },
-  "support_url": "https://it.company.com/help",
-  "switch_locked": true
-}'
+Send a `POST` request to the [Devices API](/api/resources/zero_trust/subresources/devices/subresources/policies/subresources/custom/methods/create/):
+
+<APIRequest
+  path="/accounts/{account_id}/devices/policy"
+  method="POST"
+  json={{
+    "allow_mode_switch": false,
+		"allow_updates": false,
+		"allowed_to_leave": false,
+		"auto_connect": 600,
+		"captive_portal": 180,
+		"description": "Example device profile recommended in the implementation documentation. For details, refer to https://developers.cloudflare.com/learning-paths/replace-vpn/configure-device-agent/device-profiles/",
+		"disable_auto_fallback": true,
+		"enabled": true,
+		"exclude_office_ips": false,
+		"match": "identity.email in {\"[email protected]\"} or any(identity.groups.name[*] in {\"developers\" \"admin\"}) and os.name == \"windows\"",
+		"name": "Example device profile",
+		"precedence": 101,
+		"service_mode_v2": {
+			"mode": "warp"
+		},
+		"support_url": "https://support.example.com",
+		"switch_locked": true
+  }}
+/>
+
+</TabItem>
+<TabItem label="Terraform (v5)">
+
+1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/api_token):
+	- `Zero Trust Write`
+
+2. Create a new profile using the [`cloudflare_zero_trust_device_custom_profile`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/zero_trust_device_custom_profile) resource:
+
+```tf
+resource "cloudflare_zero_trust_device_custom_profile" "example" {
+  account_id            = var.cloudflare_account_id
+  name                  = "Example device profile"
+  description           = "Example device profile recommended in the implementation documentation. For details, refer to https://developers.cloudflare.com/learning-paths/replace-vpn/configure-device-agent/device-profiles/"
+  allow_mode_switch     = false
+  allow_updates         = false
+  allowed_to_leave      = false
+  auto_connect          = 600
+  captive_portal        = 180
+  disable_auto_fallback = true
+  enabled               = true
+  exclude_office_ips    = false
+  precedence            = 101
+  service_mode_v2       = {mode = "warp"}
+  support_url           = "https://support.example.com"
+  switch_locked         = true
+  tunnel_protocol       = "wireguard"
+
+  match = trimspace(replace(<<-EOT
+    identity.email in {"[email protected]"}
+    or any(identity.groups.name[*] in {"developers" "admin"})
+    and os.name == "windows"
+  EOT
+  , "\n", " "))
+}
 ```
 
-</TabItem> </Tabs>
+</TabItem>
+</Tabs>
 
 ## Edit profile settings