Merge pull request #50 from MaterializeInc/add-auth-support

jubrad · web-flow · commit cc4f29a7e5ed · 2025-06-24T00:13:13.000-05:00
Add password auth support
diff --git a/README.md b/README.md
@@ -195,7 +195,7 @@ No resources.
 | <a name="input_install_materialize_operator"></a> [install\_materialize\_operator](#input\_install\_materialize\_operator) | Whether to install the Materialize operator | `bool` | `true` | no |
 | <a name="input_install_metrics_server"></a> [install\_metrics\_server](#input\_install\_metrics\_server) | Whether to install the metrics-server for the Materialize Console. Defaults to false since GKE installs one by default in the kube-system namespace. Only set to true if the GKE cluster was deployed with [monitoring explicitly turned off](https://cloud.google.com/kubernetes-engine/docs/how-to/configure-metrics#:~:text=To%20disable%20system%20metric%20collection,for%20the%20%2D%2Dmonitoring%20flag). Refer to the [GKE docs](https://cloud.google.com/kubernetes-engine/docs/how-to/configure-metrics#:~:text=To%20disable%20system%20metric%20collection,for%20the%20%2D%2Dmonitoring%20flag) for more information, including impact to GKE customer support efforts. | `bool` | `false` | no |
 | <a name="input_labels"></a> [labels](#input\_labels) | Labels to apply to all resources | `map(string)` | `{}` | no |
-| <a name="input_materialize_instances"></a> [materialize\_instances](#input\_materialize\_instances) | Configuration for Materialize instances | <pre>list(object({<br/>    name                    = string<br/>    namespace               = optional(string)<br/>    database_name           = string<br/>    create_database         = optional(bool, true)<br/>    create_load_balancer    = optional(bool, true)<br/>    internal_load_balancer  = optional(bool, true)<br/>    environmentd_version    = optional(string)<br/>    cpu_request             = optional(string, "1")<br/>    memory_request          = optional(string, "1Gi")<br/>    memory_limit            = optional(string, "1Gi")<br/>    in_place_rollout        = optional(bool, false)<br/>    request_rollout         = optional(string)<br/>    force_rollout           = optional(string)<br/>    balancer_memory_request = optional(string, "256Mi")<br/>    balancer_memory_limit   = optional(string, "256Mi")<br/>    balancer_cpu_request    = optional(string, "100m")<br/>    license_key             = optional(string)<br/>    environmentd_extra_args = optional(list(string), [])<br/>  }))</pre> | `[]` | no |
+| <a name="input_materialize_instances"></a> [materialize\_instances](#input\_materialize\_instances) | Configuration for Materialize instances | <pre>list(object({<br/>    name                              = string<br/>    namespace                         = optional(string)<br/>    database_name                     = string<br/>    create_database                   = optional(bool, true)<br/>    create_load_balancer              = optional(bool, true)<br/>    internal_load_balancer            = optional(bool, true)<br/>    environmentd_version              = optional(string)<br/>    cpu_request                       = optional(string, "1")<br/>    memory_request                    = optional(string, "1Gi")<br/>    memory_limit                      = optional(string, "1Gi")<br/>    in_place_rollout                  = optional(bool, false)<br/>    request_rollout                   = optional(string)<br/>    force_rollout                     = optional(string)<br/>    balancer_memory_request           = optional(string, "256Mi")<br/>    balancer_memory_limit             = optional(string, "256Mi")<br/>    balancer_cpu_request              = optional(string, "100m")<br/>    license_key                       = optional(string)<br/>    authenticator_kind                = optional(string, "None")<br/>    external_login_password_mz_system = optional(string)<br/>    environmentd_extra_args           = optional(list(string), [])<br/>  }))</pre> | `[]` | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | Kubernetes namespace for Materialize | `string` | `"materialize"` | no |
 | <a name="input_network_config"></a> [network\_config](#input\_network\_config) | Network configuration for the GKE cluster | <pre>object({<br/>    subnet_cidr   = string<br/>    pods_cidr     = string<br/>    services_cidr = string<br/>  })</pre> | n/a | yes |
 | <a name="input_operator_namespace"></a> [operator\_namespace](#input\_operator\_namespace) | Namespace for the Materialize operator | `string` | `"materialize"` | no |
diff --git a/examples/simple/main.tf b/examples/simple/main.tf
@@ -110,6 +110,11 @@ resource "random_password" "pass" {
   special = false
 }
 
+resource "random_password" "analytics_mz_system" {
+  length  = 20
+  special = true
+}
+
 output "gke_cluster" {
   description = "GKE cluster details"
   value       = module.materialize.gke_cluster
@@ -152,24 +157,26 @@ variable "orchestratord_version" {
 variable "materialize_instances" {
   description = "List of Materialize instances to be created."
   type = list(object({
-    name                    = string
-    namespace               = optional(string)
-    database_name           = string
-    create_database         = optional(bool, true)
-    create_load_balancer    = optional(bool, true)
-    internal_load_balancer  = optional(bool, true)
-    environmentd_version    = optional(string)
-    cpu_request             = optional(string, "1")
-    memory_request          = optional(string, "1Gi")
-    memory_limit            = optional(string, "1Gi")
-    in_place_rollout        = optional(bool, false)
-    request_rollout         = optional(string)
-    force_rollout           = optional(string)
-    balancer_memory_request = optional(string, "256Mi")
-    balancer_memory_limit   = optional(string, "256Mi")
-    balancer_cpu_request    = optional(string, "100m")
-    license_key             = optional(string)
-    environmentd_extra_args = optional(list(string), [])
+    name                              = string
+    namespace                         = optional(string)
+    database_name                     = string
+    create_database                   = optional(bool, true)
+    create_load_balancer              = optional(bool, true)
+    internal_load_balancer            = optional(bool, true)
+    environmentd_version              = optional(string)
+    cpu_request                       = optional(string, "1")
+    memory_request                    = optional(string, "1Gi")
+    memory_limit                      = optional(string, "1Gi")
+    in_place_rollout                  = optional(bool, false)
+    request_rollout                   = optional(string)
+    force_rollout                     = optional(string)
+    balancer_memory_request           = optional(string, "256Mi")
+    balancer_memory_limit             = optional(string, "256Mi")
+    balancer_cpu_request              = optional(string, "100m")
+    license_key                       = optional(string)
+    external_login_password_mz_system = optional(string, null)
+    authenticator_kind                = optional(string, "None")
+    environmentd_extra_args           = optional(list(string), [])
   }))
   default = []
 }
diff --git a/examples/simple/terraform.tfvars.example b/examples/simple/terraform.tfvars.example
@@ -14,12 +14,14 @@ network_config = {
 
 # materialize_instances = [
 #   {
-#     name           = "analytics"
-#     namespace      = "materialize-environment"
-#     database_name  = "analytics_db"
-#     cpu_request    = "2"
-#     memory_request = "4Gi"
-#     memory_limit   = "4Gi"
+#     name                              = "analytics"
+#     namespace                         = "materialize-environment"
+#     database_name                     = "analytics_db"
+#     cpu_request                       = "2"
+#     memory_request                    = "4Gi"
+#     memory_limit                      = "4Gi"
+#     authenticator_kind                = "Password"
+#     external_login_password_mz_system = random_password.analytics_mz_system.result
 #   },
 #   {
 #     name           = "demo"
diff --git a/main.tf b/main.tf
@@ -255,6 +255,10 @@ locals {
 
       license_key = instance.license_key
 
+      authenticator_kind = instance.authenticator_kind
+
+      external_login_password_mz_system = instance.external_login_password_mz_system != null ? instance.external_login_password_mz_system : null
+
       cpu_request    = instance.cpu_request
       memory_request = instance.memory_request
       memory_limit   = instance.memory_limit
diff --git a/variables.tf b/variables.tf
@@ -104,24 +104,26 @@ variable "orchestratord_version" {
 variable "materialize_instances" {
   description = "Configuration for Materialize instances"
   type = list(object({
-    name                    = string
-    namespace               = optional(string)
-    database_name           = string
-    create_database         = optional(bool, true)
-    create_load_balancer    = optional(bool, true)
-    internal_load_balancer  = optional(bool, true)
-    environmentd_version    = optional(string)
-    cpu_request             = optional(string, "1")
-    memory_request          = optional(string, "1Gi")
-    memory_limit            = optional(string, "1Gi")
-    in_place_rollout        = optional(bool, false)
-    request_rollout         = optional(string)
-    force_rollout           = optional(string)
-    balancer_memory_request = optional(string, "256Mi")
-    balancer_memory_limit   = optional(string, "256Mi")
-    balancer_cpu_request    = optional(string, "100m")
-    license_key             = optional(string)
-    environmentd_extra_args = optional(list(string), [])
+    name                              = string
+    namespace                         = optional(string)
+    database_name                     = string
+    create_database                   = optional(bool, true)
+    create_load_balancer              = optional(bool, true)
+    internal_load_balancer            = optional(bool, true)
+    environmentd_version              = optional(string)
+    cpu_request                       = optional(string, "1")
+    memory_request                    = optional(string, "1Gi")
+    memory_limit                      = optional(string, "1Gi")
+    in_place_rollout                  = optional(bool, false)
+    request_rollout                   = optional(string)
+    force_rollout                     = optional(string)
+    balancer_memory_request           = optional(string, "256Mi")
+    balancer_memory_limit             = optional(string, "256Mi")
+    balancer_cpu_request              = optional(string, "100m")
+    license_key                       = optional(string)
+    authenticator_kind                = optional(string, "None")
+    external_login_password_mz_system = optional(string)
+    environmentd_extra_args           = optional(list(string), [])
   }))
   default = []
 
