Release/0.10.0 (#90)

* Feat: event gateway policies with oneof split (#89)

* OpenAPI changes

* Generated provider and docs

* Update tests

* OpenAPI changes to policy names

* Generated provider, docs and examples

* tests: fix smoke test configs for cluster policy

* Update CHANGELOG.md

* chore: prep for release

Author: harshadixit12

.speakeasy/gen.lock

@@ -1,5 +1,11 @@
 # Changelog
 
+## 0.10.0
+> Released on 2025/10/08
+
+### Features
+* Add support for inbound fault injection configuration in `konnect_mesh_fault_injection` resource
+
 ## 0.9.0
 > Released on 2025/10/02
 

CHANGELOG.md

@@ -17,7 +17,7 @@ terraform {
   required_providers {
     konnect-beta = {
       source  = "kong/konnect-beta"
-      version = "0.9.0"
+      version = "0.10.0"
     }
   }
 }

docs/index.md

@@ -0,0 +1,114 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "konnect_event_gateway_cluster_policy_acls Resource - terraform-provider-konnect-beta"
+subcategory: ""
+description: |-
+  EventGatewayClusterPolicyAcls Resource
+---
+
+# konnect_event_gateway_cluster_policy_acls (Resource)
+
+EventGatewayClusterPolicyAcls Resource
+
+## Example Usage
+
+```terraform
+resource "konnect_event_gateway_cluster_policy_acls" "my_eventgatewayclusterpolicyacls" {
+  provider = konnect-beta
+  condition = "context.topic.name.endsWith('my_suffix')"
+  config = {
+    rules = [
+      {
+        action = "deny"
+        operations = [
+          {
+            name = "idempotent_write"
+          }
+        ]
+        resource_names = [
+          {
+            match = "...my_match..."
+          }
+        ]
+        resource_type = "transactional_id"
+      }
+    ]
+  }
+  description = "...my_description..."
+  enabled     = false
+  gateway_id  = "9524ec7d-36d9-465d-a8c5-83a3c9390458"
+  labels = {
+    key = "value"
+  }
+  name               = "...my_name..."
+  parent_policy_id   = "528824ff-4d3e-47af-9e16-af5bb53cc0fa"
+  virtual_cluster_id = "4a444990-e7d1-4dfb-b2bf-2d8e113d1b6e"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `config` (Attributes) Apply ACLs to virtual cluster traffic. (see [below for nested schema](#nestedatt--config))
+- `gateway_id` (String) The UUID of your Gateway.
+- `virtual_cluster_id` (String) The ID of the Virtual Cluster.
+
+### Optional
+
+- `condition` (String) A string containing the boolean expression that determines whether the policy is applied.
+- `description` (String) A human-readable description of the policy.
+- `enabled` (Boolean) Whether the policy is enabled. Default: true
+- `labels` (Map of String) Labels store metadata of an entity that can be used for filtering an entity list or for searching across entity types. 
+
+Keys must be of length 1-63 characters, and cannot start with "kong", "konnect", "mesh", "kic", or "_".
+- `name` (String) A unique user-defined name of the policy.
+- `parent_policy_id` (String) When specified, it sets the ID of the parent policy. Requires replacement if changed.
+
+### Read-Only
+
+- `created_at` (String) An ISO-8601 timestamp representation of entity creation date.
+- `id` (String) The unique identifier of the policy.
+- `updated_at` (String) An ISO-8601 timestamp representation of entity update date.
+
+<a id="nestedatt--config"></a>
+### Nested Schema for `config`
+
+Required:
+
+- `rules` (Attributes List) Every ACL rule in this list applies independently. (see [below for nested schema](#nestedatt--config--rules))
+
+<a id="nestedatt--config--rules"></a>
+### Nested Schema for `config.rules`
+
+Required:
+
+- `action` (String) How to handle the request if the rule matches. must be one of ["allow", "deny"]
+- `operations` (Attributes List) Types of Kafka operations to match against. Note that not every operation can apply to every resource type. (see [below for nested schema](#nestedatt--config--rules--operations))
+- `resource_names` (Attributes List) If any of these entries match, the resource name matches for this rule. (see [below for nested schema](#nestedatt--config--rules--resource_names))
+- `resource_type` (String) This rule applies to access only for type of resource. must be one of ["topic", "group", "transactional_id"]
+
+<a id="nestedatt--config--rules--operations"></a>
+### Nested Schema for `config.rules.operations`
+
+Required:
+
+- `name` (String) must be one of ["alter", "alter_configs", "create", "delete", "describe", "describe_configs", "idempotent_write", "read", "write"]
+
+
+<a id="nestedatt--config--rules--resource_names"></a>
+### Nested Schema for `config.rules.resource_names`
+
+Required:
+
+- `match` (String) Currently supported are exact matches and globs.
+All `*` characters are interpreted as globs, i.e. they match zero or more of any character.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import konnect_event_gateway_cluster_policy_acls.my_konnect_event_gateway_cluster_policy_acls '{"gateway_id": "9524ec7d-36d9-465d-a8c5-83a3c9390458", "id": "9524ec7d-36d9-465d-a8c5-83a3c9390458", "virtual_cluster_id": ""}'
+```

docs/resources/event_gateway_cluster_policy_acls.md

@@ -0,0 +1,130 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "konnect_event_gateway_consume_policy_decrypt Resource - terraform-provider-konnect-beta"
+subcategory: ""
+description: |-
+  EventGatewayConsumePolicyDecrypt Resource
+---
+
+# konnect_event_gateway_consume_policy_decrypt (Resource)
+
+EventGatewayConsumePolicyDecrypt Resource
+
+## Example Usage
+
+```terraform
+resource "konnect_event_gateway_consume_policy_decrypt" "my_eventgatewayconsumepolicydecrypt" {
+  provider = konnect-beta
+  condition = "context.topic.name.endsWith('my_suffix')"
+  config = {
+    decrypt = [
+      {
+        part_of_record = "key"
+      }
+    ]
+    failure_mode = "passthrough"
+    key_sources = [
+      {
+        aws = {
+          # ...
+        }
+      }
+    ]
+  }
+  description = "...my_description..."
+  enabled     = false
+  gateway_id  = "9524ec7d-36d9-465d-a8c5-83a3c9390458"
+  labels = {
+    key = "value"
+  }
+  name               = "...my_name..."
+  parent_policy_id   = "969447b3-1e41-42d8-a020-1ebc4e88a916"
+  virtual_cluster_id = "05c6c607-3c42-45e9-a9e8-3e6338120724"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `gateway_id` (String) The UUID of your Gateway.
+- `virtual_cluster_id` (String) The ID of the Virtual Cluster.
+
+### Optional
+
+- `condition` (String) A string containing the boolean expression that determines whether the policy is applied.
+- `config` (Attributes) The configuration of the decrypt policy. (see [below for nested schema](#nestedatt--config))
+- `description` (String) A human-readable description of the policy.
+- `enabled` (Boolean) Whether the policy is enabled. Default: true
+- `labels` (Map of String) Labels store metadata of an entity that can be used for filtering an entity list or for searching across entity types. 
+
+Keys must be of length 1-63 characters, and cannot start with "kong", "konnect", "mesh", "kic", or "_".
+- `name` (String) A unique user-defined name of the policy.
+- `parent_policy_id` (String) When specified, it sets the ID of the parent policy. Requires replacement if changed.
+
+### Read-Only
+
+- `created_at` (String) An ISO-8601 timestamp representation of entity creation date.
+- `id` (String) The unique identifier of the policy.
+- `updated_at` (String) An ISO-8601 timestamp representation of entity update date.
+
+<a id="nestedatt--config"></a>
+### Nested Schema for `config`
+
+Required:
+
+- `decrypt` (Attributes List) Describes what parts of a record to decrypt. (see [below for nested schema](#nestedatt--config--decrypt))
+- `failure_mode` (String) Describes how to handle failing encryption or decryption.
+Use `error` if the record should be rejected if encryption or decryption fails.
+Use `passthrough` to ignore encryption or decryption failure and continue proxying the record.
+must be one of ["error", "passthrough"]
+- `key_sources` (Attributes List) Describes how to find a symmetric key for decryption. (see [below for nested schema](#nestedatt--config--key_sources))
+
+<a id="nestedatt--config--decrypt"></a>
+### Nested Schema for `config.decrypt`
+
+Required:
+
+- `part_of_record` (String) * key - decrypt the record key
+* value - decrypt the record value
+must be one of ["key", "value"]
+
+
+<a id="nestedatt--config--key_sources"></a>
+### Nested Schema for `config.key_sources`
+
+Optional:
+
+- `aws` (Attributes) A key source that uses an AWS KMS to find a symmetric key. Load KMS credentials from the environment.
+
+See [aws docs](https://docs.aws.amazon.com/sdk-for-rust/latest/dg/credproviders.html#credproviders-default-credentials-provider-chain)
+for more information about how credential retrieval. (see [below for nested schema](#nestedatt--config--key_sources--aws))
+- `static` (Attributes) A key source that uses a static symmetric key. The key is provided as a base64-encoded string. (see [below for nested schema](#nestedatt--config--key_sources--static))
+
+<a id="nestedatt--config--key_sources--aws"></a>
+### Nested Schema for `config.key_sources.aws`
+
+
+<a id="nestedatt--config--key_sources--static"></a>
+### Nested Schema for `config.key_sources.static`
+
+Required:
+
+- `keys` (Attributes List) A list of static, user-provided keys. Each one must be 128 bits long. (see [below for nested schema](#nestedatt--config--key_sources--static--keys))
+
+<a id="nestedatt--config--key_sources--static--keys"></a>
+### Nested Schema for `config.key_sources.static.keys`
+
+Required:
+
+- `id` (String) The unique identifier of the key.
+- `key` (String) A template string expression containing a reference to a secret
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import konnect_event_gateway_consume_policy_decrypt.my_konnect_event_gateway_consume_policy_decrypt '{"gateway_id": "9524ec7d-36d9-465d-a8c5-83a3c9390458", "id": "9524ec7d-36d9-465d-a8c5-83a3c9390458", "virtual_cluster_id": ""}'
+```

docs/resources/event_gateway_consume_policy_decrypt.md

@@ -0,0 +1,106 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "konnect_event_gateway_consume_policy_modify_headers Resource - terraform-provider-konnect-beta"
+subcategory: ""
+description: |-
+  EventGatewayConsumePolicyModifyHeaders Resource
+---
+
+# konnect_event_gateway_consume_policy_modify_headers (Resource)
+
+EventGatewayConsumePolicyModifyHeaders Resource
+
+## Example Usage
+
+```terraform
+resource "konnect_event_gateway_consume_policy_modify_headers" "my_eventgatewayconsumepolicymodifyheaders" {
+  provider = konnect-beta
+  condition = "context.topic.name.endsWith('my_suffix')"
+  config = {
+    actions = [
+      {
+        remove = {
+          key = "...my_key..."
+        }
+      }
+    ]
+  }
+  description = "...my_description..."
+  enabled     = true
+  gateway_id  = "9524ec7d-36d9-465d-a8c5-83a3c9390458"
+  labels = {
+    key = "value"
+  }
+  name               = "...my_name..."
+  parent_policy_id   = "45b2f9d6-c646-4faa-8c5f-7d1ebf8687c1"
+  virtual_cluster_id = "58221d12-f9c8-4032-9ae2-54155e337f04"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `config` (Attributes) The configuration of the modify headers policy. (see [below for nested schema](#nestedatt--config))
+- `gateway_id` (String) The UUID of your Gateway.
+- `virtual_cluster_id` (String) The ID of the Virtual Cluster.
+
+### Optional
+
+- `condition` (String) A string containing the boolean expression that determines whether the policy is applied.
+
+When the policy is applied as a child policy of schema_validation, the expression can also reference
+`record.value` fields.
+- `description` (String) A human-readable description of the policy.
+- `enabled` (Boolean) Whether the policy is enabled. Default: true
+- `labels` (Map of String) Labels store metadata of an entity that can be used for filtering an entity list or for searching across entity types. 
+
+Keys must be of length 1-63 characters, and cannot start with "kong", "konnect", "mesh", "kic", or "_".
+- `name` (String) A unique user-defined name of the policy.
+- `parent_policy_id` (String) When specified, it sets the ID of the parent policy. Requires replacement if changed.
+
+### Read-Only
+
+- `created_at` (String) An ISO-8601 timestamp representation of entity creation date.
+- `id` (String) The unique identifier of the policy.
+- `updated_at` (String) An ISO-8601 timestamp representation of entity update date.
+
+<a id="nestedatt--config"></a>
+### Nested Schema for `config`
+
+Optional:
+
+- `actions` (Attributes List) Actions are run in sequential order and act on individual headers. (see [below for nested schema](#nestedatt--config--actions))
+
+<a id="nestedatt--config--actions"></a>
+### Nested Schema for `config.actions`
+
+Optional:
+
+- `remove` (Attributes) An action that removes a header by key. (see [below for nested schema](#nestedatt--config--actions--remove))
+- `set` (Attributes) An action that sets a header key and value. (see [below for nested schema](#nestedatt--config--actions--set))
+
+<a id="nestedatt--config--actions--remove"></a>
+### Nested Schema for `config.actions.remove`
+
+Required:
+
+- `key` (String) The key of the header to remove.
+
+
+<a id="nestedatt--config--actions--set"></a>
+### Nested Schema for `config.actions.set`
+
+Required:
+
+- `key` (String) The key of the header to set.
+- `value` (String) The value of the header to set.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import konnect_event_gateway_consume_policy_modify_headers.my_konnect_event_gateway_consume_policy_modify_headers '{"gateway_id": "9524ec7d-36d9-465d-a8c5-83a3c9390458", "id": "9524ec7d-36d9-465d-a8c5-83a3c9390458", "virtual_cluster_id": ""}'
+```