From 3c827425c8077b2fe44bc003efeb600658a47bbe Mon Sep 17 00:00:00 2001 From: Bobby Iliev Date: Thu, 12 Jun 2025 18:10:33 +0300 Subject: [PATCH 1/3] Add password auth support --- README.md | 2 +- examples/simple/main.tf | 37 +++++++++++++++++++------------------ main.tf | 2 ++ variables.tf | 39 ++++++++++++++++++++------------------- 4 files changed, 42 insertions(+), 38 deletions(-) diff --git a/README.md b/README.md index 64892e7..db856ef 100644 --- a/README.md +++ b/README.md @@ -188,7 +188,7 @@ These flags configure default limits for clusters, connections, and tables. You | [install\_metrics\_server](#input\_install\_metrics\_server) | Whether to install the metrics-server for the Materialize Console | `bool` | `true` | no | | [kubernetes\_namespace](#input\_kubernetes\_namespace) | The Kubernetes namespace for the Materialize resources | `string` | `"materialize-environment"` | no | | [log\_group\_name\_prefix](#input\_log\_group\_name\_prefix) | Prefix for the CloudWatch log group name (will be combined with environment name) | `string` | `"materialize"` | no | -| [materialize\_instances](#input\_materialize\_instances) | Configuration for Materialize instances. Due to limitations in Terraform, `materialize_instances` cannot be defined on the first `terraform apply`. | 
list(object({
    name                             = string
    namespace                        = optional(string)
    database_name                    = string
    environmentd_version             = optional(string)
    cpu_request                      = optional(string, "1")
    memory_request                   = optional(string, "1Gi")
    memory_limit                     = optional(string, "1Gi")
    create_database                  = optional(bool, true)
    create_nlb                       = optional(bool, true)
    internal_nlb                     = optional(bool, true)
    enable_cross_zone_load_balancing = optional(bool, true)
    in_place_rollout                 = optional(bool, false)
    request_rollout                  = optional(string)
    force_rollout                    = optional(string)
    balancer_memory_request          = optional(string, "256Mi")
    balancer_memory_limit            = optional(string, "256Mi")
    balancer_cpu_request             = optional(string, "100m")
    license_key                      = optional(string)
    environmentd_extra_args          = optional(list(string), [])
  }))
| `[]` | no | +| [materialize\_instances](#input\_materialize\_instances) | Configuration for Materialize instances. Due to limitations in Terraform, `materialize_instances` cannot be defined on the first `terraform apply`. | 
list(object({
    name                              = string
    namespace                         = optional(string)
    database_name                     = string
    environmentd_version              = optional(string)
    cpu_request                       = optional(string, "1")
    memory_request                    = optional(string, "1Gi")
    memory_limit                      = optional(string, "1Gi")
    create_database                   = optional(bool, true)
    create_nlb                        = optional(bool, true)
    internal_nlb                      = optional(bool, true)
    enable_cross_zone_load_balancing  = optional(bool, true)
    in_place_rollout                  = optional(bool, false)
    request_rollout                   = optional(string)
    force_rollout                     = optional(string)
    balancer_memory_request           = optional(string, "256Mi")
    balancer_memory_limit             = optional(string, "256Mi")
    balancer_cpu_request              = optional(string, "100m")
    license_key                       = optional(string)
    external_login_password_mz_system = optional(string)
    environmentd_extra_args           = optional(list(string), [])
  }))
| `[]` | no | | [metrics\_retention\_days](#input\_metrics\_retention\_days) | Number of days to retain CloudWatch metrics | `number` | `7` | no | | [namespace](#input\_namespace) | Namespace for all resources, usually the organization or project name | `string` | n/a | yes | | [network\_id](#input\_network\_id) | The ID of the VPC in which resources will be deployed. Only used if create\_vpc is false. | `string` | `""` | no | diff --git a/examples/simple/main.tf b/examples/simple/main.tf index 1c8454d..5925a87 100644 --- a/examples/simple/main.tf +++ b/examples/simple/main.tf @@ -133,24 +133,25 @@ variable "orchestratord_version" { variable "materialize_instances" { description = "List of Materialize instances to be created." type = list(object({ - name = string - namespace = string - database_name = string - environmentd_version = optional(string) - cpu_request = string - memory_request = string - memory_limit = string - create_database = optional(bool) - create_nlb = optional(bool) - internal_nlb = optional(bool) - in_place_rollout = optional(bool, false) - request_rollout = optional(string) - force_rollout = optional(string) - balancer_memory_request = optional(string, "256Mi") - balancer_memory_limit = optional(string, "256Mi") - balancer_cpu_request = optional(string, "100m") - license_key = optional(string) - environmentd_extra_args = optional(list(string), []) + name = string + namespace = string + database_name = string + environmentd_version = optional(string) + cpu_request = string + memory_request = string + memory_limit = string + create_database = optional(bool) + create_nlb = optional(bool) + internal_nlb = optional(bool) + in_place_rollout = optional(bool, false) + request_rollout = optional(string) + force_rollout = optional(string) + balancer_memory_request = optional(string, "256Mi") + balancer_memory_limit = optional(string, "256Mi") + balancer_cpu_request = optional(string, "100m") + license_key = optional(string) + external_login_password_mz_system = optional(string) + environmentd_extra_args = optional(list(string), []) })) default = [] } diff --git a/main.tf b/main.tf index 31a3ce6..2aa5f5b 100644 --- a/main.tf +++ b/main.tf @@ -288,6 +288,8 @@ locals { license_key = instance.license_key + external_login_password_mz_system = instance.external_login_password_mz_system != null ? instance.external_login_password_mz_system : null + cpu_request = instance.cpu_request memory_request = instance.memory_request memory_limit = instance.memory_limit diff --git a/variables.tf b/variables.tf index 91c1d6e..f0417c7 100644 --- a/variables.tf +++ b/variables.tf @@ -349,25 +349,26 @@ variable "helm_values" { variable "materialize_instances" { description = "Configuration for Materialize instances. Due to limitations in Terraform, `materialize_instances` cannot be defined on the first `terraform apply`." type = list(object({ - name = string - namespace = optional(string) - database_name = string - environmentd_version = optional(string) - cpu_request = optional(string, "1") - memory_request = optional(string, "1Gi") - memory_limit = optional(string, "1Gi") - create_database = optional(bool, true) - create_nlb = optional(bool, true) - internal_nlb = optional(bool, true) - enable_cross_zone_load_balancing = optional(bool, true) - in_place_rollout = optional(bool, false) - request_rollout = optional(string) - force_rollout = optional(string) - balancer_memory_request = optional(string, "256Mi") - balancer_memory_limit = optional(string, "256Mi") - balancer_cpu_request = optional(string, "100m") - license_key = optional(string) - environmentd_extra_args = optional(list(string), []) + name = string + namespace = optional(string) + database_name = string + environmentd_version = optional(string) + cpu_request = optional(string, "1") + memory_request = optional(string, "1Gi") + memory_limit = optional(string, "1Gi") + create_database = optional(bool, true) + create_nlb = optional(bool, true) + internal_nlb = optional(bool, true) + enable_cross_zone_load_balancing = optional(bool, true) + in_place_rollout = optional(bool, false) + request_rollout = optional(string) + force_rollout = optional(string) + balancer_memory_request = optional(string, "256Mi") + balancer_memory_limit = optional(string, "256Mi") + balancer_cpu_request = optional(string, "100m") + license_key = optional(string) + external_login_password_mz_system = optional(string) + environmentd_extra_args = optional(list(string), []) })) default = [] From 21525c91d2e6aec12a7a0787c485b448861b0435 Mon Sep 17 00:00:00 2001 From: Bobby Iliev Date: Fri, 13 Jun 2025 22:42:17 +0300 Subject: [PATCH 2/3] Introduce the authenticator_kind var --- README.md | 2 +- examples/simple/main.tf | 1 + examples/simple/terraform.tfvars.example | 26 +++++++++++++----------- main.tf | 2 ++ variables.tf | 1 + 5 files changed, 19 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index db856ef..91b50cd 100644 --- a/README.md +++ b/README.md @@ -188,7 +188,7 @@ These flags configure default limits for clusters, connections, and tables. You | [install\_metrics\_server](#input\_install\_metrics\_server) | Whether to install the metrics-server for the Materialize Console | `bool` | `true` | no | | [kubernetes\_namespace](#input\_kubernetes\_namespace) | The Kubernetes namespace for the Materialize resources | `string` | `"materialize-environment"` | no | | [log\_group\_name\_prefix](#input\_log\_group\_name\_prefix) | Prefix for the CloudWatch log group name (will be combined with environment name) | `string` | `"materialize"` | no | -| [materialize\_instances](#input\_materialize\_instances) | Configuration for Materialize instances. Due to limitations in Terraform, `materialize_instances` cannot be defined on the first `terraform apply`. | 
list(object({
    name                              = string
    namespace                         = optional(string)
    database_name                     = string
    environmentd_version              = optional(string)
    cpu_request                       = optional(string, "1")
    memory_request                    = optional(string, "1Gi")
    memory_limit                      = optional(string, "1Gi")
    create_database                   = optional(bool, true)
    create_nlb                        = optional(bool, true)
    internal_nlb                      = optional(bool, true)
    enable_cross_zone_load_balancing  = optional(bool, true)
    in_place_rollout                  = optional(bool, false)
    request_rollout                   = optional(string)
    force_rollout                     = optional(string)
    balancer_memory_request           = optional(string, "256Mi")
    balancer_memory_limit             = optional(string, "256Mi")
    balancer_cpu_request              = optional(string, "100m")
    license_key                       = optional(string)
    external_login_password_mz_system = optional(string)
    environmentd_extra_args           = optional(list(string), [])
  }))
| `[]` | no | +| [materialize\_instances](#input\_materialize\_instances) | Configuration for Materialize instances. Due to limitations in Terraform, `materialize_instances` cannot be defined on the first `terraform apply`. | 
list(object({
    name                              = string
    namespace                         = optional(string)
    database_name                     = string
    environmentd_version              = optional(string)
    cpu_request                       = optional(string, "1")
    memory_request                    = optional(string, "1Gi")
    memory_limit                      = optional(string, "1Gi")
    create_database                   = optional(bool, true)
    create_nlb                        = optional(bool, true)
    internal_nlb                      = optional(bool, true)
    enable_cross_zone_load_balancing  = optional(bool, true)
    in_place_rollout                  = optional(bool, false)
    request_rollout                   = optional(string)
    force_rollout                     = optional(string)
    balancer_memory_request           = optional(string, "256Mi")
    balancer_memory_limit             = optional(string, "256Mi")
    balancer_cpu_request              = optional(string, "100m")
    license_key                       = optional(string)
    authenticator_kind                = optional(string, "None")
    external_login_password_mz_system = optional(string)
    environmentd_extra_args           = optional(list(string), [])
  }))
| `[]` | no | | [metrics\_retention\_days](#input\_metrics\_retention\_days) | Number of days to retain CloudWatch metrics | `number` | `7` | no | | [namespace](#input\_namespace) | Namespace for all resources, usually the organization or project name | `string` | n/a | yes | | [network\_id](#input\_network\_id) | The ID of the VPC in which resources will be deployed. Only used if create\_vpc is false. | `string` | `""` | no | diff --git a/examples/simple/main.tf b/examples/simple/main.tf index 5925a87..0e0e09a 100644 --- a/examples/simple/main.tf +++ b/examples/simple/main.tf @@ -150,6 +150,7 @@ variable "materialize_instances" { balancer_memory_limit = optional(string, "256Mi") balancer_cpu_request = optional(string, "100m") license_key = optional(string) + authenticator_kind = optional(string, "None") external_login_password_mz_system = optional(string) environmentd_extra_args = optional(list(string), []) })) diff --git a/examples/simple/terraform.tfvars.example b/examples/simple/terraform.tfvars.example index 37b2f6a..2f80f08 100644 --- a/examples/simple/terraform.tfvars.example +++ b/examples/simple/terraform.tfvars.example @@ -6,19 +6,21 @@ environment = "dev" // maximum 8 characters, lowercase alphanumeric only (e.g. # materialize_instances = [ # { -# name = "analytics" -# namespace = "materialize-environment" -# database_name = "analytics_db" -# cpu_request = "2" -# memory_request = "4Gi" -# memory_limit = "4Gi" +# name = "analytics" +# namespace = "materialize-environment" +# database_name = "analytics_db" +# cpu_request = "2" +# memory_request = "4Gi" +# memory_limit = "4Gi" +# authenticator_kind = "Password" +# external_login_password_mz_system = "your-password" # }, # { -# name = "demo" -# namespace = "materialize-environment" -# database_name = "demo_db" -# cpu_request = "2" -# memory_request = "4Gi" -# memory_limit = "4Gi" +# name = "demo" +# namespace = "materialize-environment" +# database_name = "demo_db" +# cpu_request = "2" +# memory_request = "4Gi" +# memory_limit = "4Gi" # } # ] diff --git a/main.tf b/main.tf index 2aa5f5b..5a53df5 100644 --- a/main.tf +++ b/main.tf @@ -288,6 +288,8 @@ locals { license_key = instance.license_key + authenticator_kind = instance.authenticator_kind + external_login_password_mz_system = instance.external_login_password_mz_system != null ? instance.external_login_password_mz_system : null cpu_request = instance.cpu_request diff --git a/variables.tf b/variables.tf index f0417c7..ef90e07 100644 --- a/variables.tf +++ b/variables.tf @@ -367,6 +367,7 @@ variable "materialize_instances" { balancer_memory_limit = optional(string, "256Mi") balancer_cpu_request = optional(string, "100m") license_key = optional(string) + authenticator_kind = optional(string, "None") external_login_password_mz_system = optional(string) environmentd_extra_args = optional(list(string), []) })) From 49457e728270351887b081c9fa172c17703269fb Mon Sep 17 00:00:00 2001 From: Bobby Iliev Date: Thu, 19 Jun 2025 20:20:35 +0300 Subject: [PATCH 3/3] Use random_password in example --- examples/simple/main.tf | 4 ++++ examples/simple/terraform.tfvars.example | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/examples/simple/main.tf b/examples/simple/main.tf index 0e0e09a..bc59520 100644 --- a/examples/simple/main.tf +++ b/examples/simple/main.tf @@ -105,6 +105,10 @@ resource "random_password" "pass" { special = false } +resource "random_password" "analytics_mz_system" { + length = 20 + special = true +} variable "namespace" { description = "Namespace for the resources. Used to prefix the names of the resources" diff --git a/examples/simple/terraform.tfvars.example b/examples/simple/terraform.tfvars.example index 2f80f08..e7e9872 100644 --- a/examples/simple/terraform.tfvars.example +++ b/examples/simple/terraform.tfvars.example @@ -13,7 +13,7 @@ environment = "dev" // maximum 8 characters, lowercase alphanumeric only (e.g. # memory_request = "4Gi" # memory_limit = "4Gi" # authenticator_kind = "Password" -# external_login_password_mz_system = "your-password" +# external_login_password_mz_system = random_password.analytics_mz_system.result # }, # { # name = "demo"