Merge pull request #72 from MaterializeInc/add-auth-support

jubrad · web-flow · commit 681c9fc17465 · 2025-06-24T00:12:57.000-05:00
Add password auth support
diff --git a/README.md b/README.md
@@ -188,7 +188,7 @@ These flags configure default limits for clusters, connections, and tables. You
 | <a name="input_install_metrics_server"></a> [install\_metrics\_server](#input\_install\_metrics\_server) | Whether to install the metrics-server for the Materialize Console | `bool` | `true` | no |
 | <a name="input_kubernetes_namespace"></a> [kubernetes\_namespace](#input\_kubernetes\_namespace) | The Kubernetes namespace for the Materialize resources | `string` | `"materialize-environment"` | no |
 | <a name="input_log_group_name_prefix"></a> [log\_group\_name\_prefix](#input\_log\_group\_name\_prefix) | Prefix for the CloudWatch log group name (will be combined with environment name) | `string` | `"materialize"` | no |
-| <a name="input_materialize_instances"></a> [materialize\_instances](#input\_materialize\_instances) | Configuration for Materialize instances. Due to limitations in Terraform, `materialize_instances` cannot be defined on the first `terraform apply`. | <pre>list(object({<br/>    name                             = string<br/>    namespace                        = optional(string)<br/>    database_name                    = string<br/>    environmentd_version             = optional(string)<br/>    cpu_request                      = optional(string, "1")<br/>    memory_request                   = optional(string, "1Gi")<br/>    memory_limit                     = optional(string, "1Gi")<br/>    create_database                  = optional(bool, true)<br/>    create_nlb                       = optional(bool, true)<br/>    internal_nlb                     = optional(bool, true)<br/>    enable_cross_zone_load_balancing = optional(bool, true)<br/>    in_place_rollout                 = optional(bool, false)<br/>    request_rollout                  = optional(string)<br/>    force_rollout                    = optional(string)<br/>    balancer_memory_request          = optional(string, "256Mi")<br/>    balancer_memory_limit            = optional(string, "256Mi")<br/>    balancer_cpu_request             = optional(string, "100m")<br/>    license_key                      = optional(string)<br/>    environmentd_extra_args          = optional(list(string), [])<br/>  }))</pre> | `[]` | no |
+| <a name="input_materialize_instances"></a> [materialize\_instances](#input\_materialize\_instances) | Configuration for Materialize instances. Due to limitations in Terraform, `materialize_instances` cannot be defined on the first `terraform apply`. | <pre>list(object({<br/>    name                              = string<br/>    namespace                         = optional(string)<br/>    database_name                     = string<br/>    environmentd_version              = optional(string)<br/>    cpu_request                       = optional(string, "1")<br/>    memory_request                    = optional(string, "1Gi")<br/>    memory_limit                      = optional(string, "1Gi")<br/>    create_database                   = optional(bool, true)<br/>    create_nlb                        = optional(bool, true)<br/>    internal_nlb                      = optional(bool, true)<br/>    enable_cross_zone_load_balancing  = optional(bool, true)<br/>    in_place_rollout                  = optional(bool, false)<br/>    request_rollout                   = optional(string)<br/>    force_rollout                     = optional(string)<br/>    balancer_memory_request           = optional(string, "256Mi")<br/>    balancer_memory_limit             = optional(string, "256Mi")<br/>    balancer_cpu_request              = optional(string, "100m")<br/>    license_key                       = optional(string)<br/>    authenticator_kind                = optional(string, "None")<br/>    external_login_password_mz_system = optional(string)<br/>    environmentd_extra_args           = optional(list(string), [])<br/>  }))</pre> | `[]` | no |
 | <a name="input_metrics_retention_days"></a> [metrics\_retention\_days](#input\_metrics\_retention\_days) | Number of days to retain CloudWatch metrics | `number` | `7` | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | Namespace for all resources, usually the organization or project name | `string` | n/a | yes |
 | <a name="input_network_id"></a> [network\_id](#input\_network\_id) | The ID of the VPC in which resources will be deployed. Only used if create\_vpc is false. | `string` | `""` | no |
diff --git a/examples/simple/main.tf b/examples/simple/main.tf
@@ -105,6 +105,10 @@ resource "random_password" "pass" {
   special = false
 }
 
+resource "random_password" "analytics_mz_system" {
+  length  = 20
+  special = true
+}
 
 variable "namespace" {
   description = "Namespace for the resources. Used to prefix the names of the resources"
@@ -133,24 +137,26 @@ variable "orchestratord_version" {
 variable "materialize_instances" {
   description = "List of Materialize instances to be created."
   type = list(object({
-    name                    = string
-    namespace               = string
-    database_name           = string
-    environmentd_version    = optional(string)
-    cpu_request             = string
-    memory_request          = string
-    memory_limit            = string
-    create_database         = optional(bool)
-    create_nlb              = optional(bool)
-    internal_nlb            = optional(bool)
-    in_place_rollout        = optional(bool, false)
-    request_rollout         = optional(string)
-    force_rollout           = optional(string)
-    balancer_memory_request = optional(string, "256Mi")
-    balancer_memory_limit   = optional(string, "256Mi")
-    balancer_cpu_request    = optional(string, "100m")
-    license_key             = optional(string)
-    environmentd_extra_args = optional(list(string), [])
+    name                              = string
+    namespace                         = string
+    database_name                     = string
+    environmentd_version              = optional(string)
+    cpu_request                       = string
+    memory_request                    = string
+    memory_limit                      = string
+    create_database                   = optional(bool)
+    create_nlb                        = optional(bool)
+    internal_nlb                      = optional(bool)
+    in_place_rollout                  = optional(bool, false)
+    request_rollout                   = optional(string)
+    force_rollout                     = optional(string)
+    balancer_memory_request           = optional(string, "256Mi")
+    balancer_memory_limit             = optional(string, "256Mi")
+    balancer_cpu_request              = optional(string, "100m")
+    license_key                       = optional(string)
+    authenticator_kind                = optional(string, "None")
+    external_login_password_mz_system = optional(string)
+    environmentd_extra_args           = optional(list(string), [])
   }))
   default = []
 }
diff --git a/examples/simple/terraform.tfvars.example b/examples/simple/terraform.tfvars.example
@@ -6,19 +6,21 @@ environment = "dev"   // maximum 8 characters, lowercase alphanumeric only (e.g.
 
 # materialize_instances = [
 #   {
-#     name           = "analytics"
-#     namespace      = "materialize-environment"
-#     database_name  = "analytics_db"
-#     cpu_request    = "2"
-#     memory_request = "4Gi"
-#     memory_limit   = "4Gi"
+#     name                              = "analytics"
+#     namespace                         = "materialize-environment"
+#     database_name                     = "analytics_db"
+#     cpu_request                       = "2"
+#     memory_request                    = "4Gi"
+#     memory_limit                      = "4Gi"
+#     authenticator_kind                = "Password"
+#     external_login_password_mz_system = random_password.analytics_mz_system.result
 #   },
 #   {
-#     name           = "demo"
-#     namespace      = "materialize-environment"
-#     database_name  = "demo_db"
-#     cpu_request    = "2"
-#     memory_request = "4Gi"
-#     memory_limit   = "4Gi"
+#     name                = "demo"
+#     namespace           = "materialize-environment"
+#     database_name       = "demo_db"
+#     cpu_request         = "2"
+#     memory_request      = "4Gi"
+#     memory_limit        = "4Gi"
 #   }
 # ]
diff --git a/main.tf b/main.tf
@@ -288,6 +288,10 @@ locals {
 
       license_key = instance.license_key
 
+      authenticator_kind = instance.authenticator_kind
+
+      external_login_password_mz_system = instance.external_login_password_mz_system != null ? instance.external_login_password_mz_system : null
+
       cpu_request    = instance.cpu_request
       memory_request = instance.memory_request
       memory_limit   = instance.memory_limit
diff --git a/variables.tf b/variables.tf
@@ -349,25 +349,27 @@ variable "helm_values" {
 variable "materialize_instances" {
   description = "Configuration for Materialize instances. Due to limitations in Terraform, `materialize_instances` cannot be defined on the first `terraform apply`."
   type = list(object({
-    name                             = string
-    namespace                        = optional(string)
-    database_name                    = string
-    environmentd_version             = optional(string)
-    cpu_request                      = optional(string, "1")
-    memory_request                   = optional(string, "1Gi")
-    memory_limit                     = optional(string, "1Gi")
-    create_database                  = optional(bool, true)
-    create_nlb                       = optional(bool, true)
-    internal_nlb                     = optional(bool, true)
-    enable_cross_zone_load_balancing = optional(bool, true)
-    in_place_rollout                 = optional(bool, false)
-    request_rollout                  = optional(string)
-    force_rollout                    = optional(string)
-    balancer_memory_request          = optional(string, "256Mi")
-    balancer_memory_limit            = optional(string, "256Mi")
-    balancer_cpu_request             = optional(string, "100m")
-    license_key                      = optional(string)
-    environmentd_extra_args          = optional(list(string), [])
+    name                              = string
+    namespace                         = optional(string)
+    database_name                     = string
+    environmentd_version              = optional(string)
+    cpu_request                       = optional(string, "1")
+    memory_request                    = optional(string, "1Gi")
+    memory_limit                      = optional(string, "1Gi")
+    create_database                   = optional(bool, true)
+    create_nlb                        = optional(bool, true)
+    internal_nlb                      = optional(bool, true)
+    enable_cross_zone_load_balancing  = optional(bool, true)
+    in_place_rollout                  = optional(bool, false)
+    request_rollout                   = optional(string)
+    force_rollout                     = optional(string)
+    balancer_memory_request           = optional(string, "256Mi")
+    balancer_memory_limit             = optional(string, "256Mi")
+    balancer_cpu_request              = optional(string, "100m")
+    license_key                       = optional(string)
+    authenticator_kind                = optional(string, "None")
+    external_login_password_mz_system = optional(string)
+    environmentd_extra_args           = optional(list(string), [])
   }))
   default = []
 
