Add Terraform policy warning

maxvp · maxvp · commit 0aa6318add7b · 2025-03-06T16:07:50.000-06:00
diff --git a/src/content/docs/cloudflare-one/policies/gateway/dns-policies/index.mdx b/src/content/docs/cloudflare-one/policies/gateway/dns-policies/index.mdx
@@ -24,6 +24,8 @@ When creating a DNS policy, you can select as many security risk categories and
 	params={{ type: "query", example: "Source IP", example2: "Resolved IP" }}
 />
 
+<Render file="gateway/terraform-precedence-warning" product="cloudflare-one" />
+
 ## Actions
 
 Just like actions in HTTP policies, actions in DNS policies allow you to choose what to do with a given set of elements. You can assign one action per policy.
diff --git a/src/content/docs/cloudflare-one/policies/gateway/egress-policies/index.mdx b/src/content/docs/cloudflare-one/policies/gateway/egress-policies/index.mdx
@@ -18,6 +18,8 @@ Egress policies allow you to control which dedicated egress IP is used and when,
 
 Cloudflare does not publish WARP egress IP ranges. WARP egress IPs are not documented at [Cloudflare's IP Ranges](https://cloudflare.com/ips). To obtain a dedicated WARP egress IP, contact your account team.
 
+<Render file="gateway/terraform-precedence-warning" product="cloudflare-one" />
+
 ## Force IP version
 
 To control whether only IPv4 or IPv6 is used to egress, ensure you are [filtering DNS traffic](/cloudflare-one/policies/gateway/initial-setup/dns/), then create a DNS policy to [block AAAA or A records](/cloudflare-one/policies/gateway/dns-policies/common-policies/#control-ip-version).
diff --git a/src/content/docs/cloudflare-one/policies/gateway/http-policies/index.mdx b/src/content/docs/cloudflare-one/policies/gateway/http-policies/index.mdx
@@ -26,6 +26,8 @@ An HTTP policy consists of an **Action** as well as a logical expression that de
 	params={{ type: "query", example: "Source IP", example2: "Resolved IP" }}
 />
 
+<Render file="gateway/terraform-precedence-warning" product="cloudflare-one" />
+
 ## Actions
 
 Actions in HTTP policies allow you to choose what to do with a given set of elements (domains, IP addresses, file types, and so on). You can assign one action per policy.
diff --git a/src/content/docs/cloudflare-one/policies/gateway/network-policies/index.mdx b/src/content/docs/cloudflare-one/policies/gateway/network-policies/index.mdx
@@ -26,6 +26,8 @@ A network policy consists of an **Action** as well as a logical expression that
 	params={{ type: "query", example: "Source IP", example2: "Resolved IP" }}
 />
 
+<Render file="gateway/terraform-precedence-warning" product="cloudflare-one" />
+
 ## Actions
 
 Like actions in DNS and HTTP policies, actions in network policies define which decision you want to apply to a given set of elements. You can assign one action per policy.
diff --git a/src/content/docs/cloudflare-one/policies/gateway/resolver-policies.mdx b/src/content/docs/cloudflare-one/policies/gateway/resolver-policies.mdx
@@ -79,6 +79,8 @@ Gateway will filter, resolve, and log your queries regardless of endpoint.
 
 For more information on creating a DNS policy, refer to [DNS policies](/cloudflare-one/policies/gateway/dns-policies/).
 
+<Render file="gateway/terraform-precedence-warning" product="cloudflare-one" />
+
 ## Selectors
 
 ### Content Categories
diff --git a/src/content/partials/cloudflare-one/gateway/create-resolver-policy.mdx b/src/content/partials/cloudflare-one/gateway/create-resolver-policy.mdx
@@ -14,7 +14,7 @@
 
 4. In **Select DNS resolver**, choose _Configure custom DNS resolvers_.
 5. Enter the IP addresses of your custom DNS resolver.
-   :::tip[Search virtual networks]
+   :::note[Search virtual networks]
    As you enter an IP address, Gateway will search through your [virtual networks](/cloudflare-one/connections/connect-networks/private-net/cloudflared/tunnel-virtual-networks/) configured in Zero Trust.
    :::
 6. In **Network**, choose whether to route queries publicly (to the Internet) or privately (to a private network service).
diff --git a/src/content/partials/cloudflare-one/gateway/order-of-enforcement.mdx b/src/content/partials/cloudflare-one/gateway/order-of-enforcement.mdx
@@ -142,9 +142,7 @@ When [resolver policies](/cloudflare-one/policies/gateway/resolver-policies/) ar
 	params={{ one: "DNS, network, or HTTP" }}
 />
 
-:::caution[Terraform precedence limitation]
-To avoid conflicts, Terraform applies a hash calculation to policy precedence. For example, a precedence of `1000` may become `1000901`. This can cause errors when reordering policies. To avoid this issue, manually set the precedence of your policies with the [Update a Zero Trust Gateway rule](/api/resources/zero_trust/subresources/gateway/subresources/rules/methods/update/) endpoint.
-:::
+<Render file="gateway/terraform-precedence-warning" product="cloudflare-one" />
 
 ## Example
 
diff --git a/src/content/partials/cloudflare-one/gateway/terraform-precedence-warning.mdx b/src/content/partials/cloudflare-one/gateway/terraform-precedence-warning.mdx
@@ -0,0 +1,7 @@
+---
+{}
+---
+
+:::caution[Terraform precedence limitation]
+To avoid conflicts, Terraform applies a hash calculation to policy precedence. For example, a precedence of `1000` may become `1000901`. This can cause errors when reordering policies. To avoid this issue, manually set the precedence of policies created with Terraform using the [Update a Zero Trust Gateway rule](/api/resources/zero_trust/subresources/gateway/subresources/rules/methods/update/) endpoint.
+:::

-Original file line number
+Diff line change
@@ @@ -0,0 +1,7 @@ @@
 +---
 +{}
 +---
++
 +:::caution[Terraform precedence limitation]
 +To avoid conflicts, Terraform applies a hash calculation to policy precedence. For example, a precedence of `1000` may become `1000901`. This can cause errors when reordering policies. To avoid this issue, manually set the precedence of policies created with Terraform using the [Update a Zero Trust Gateway rule](/api/resources/zero_trust/subresources/gateway/subresources/rules/methods/update/) endpoint.
 +:::