From dc915d0f93845ae58dcf90b3fb78be01d6745d96 Mon Sep 17 00:00:00 2001
From: Bobby Iliev <bobby@bobbyiliev.com>
Date: Thu, 21 Nov 2024 11:30:05 +0200
Subject: [PATCH] Update changelog for v0.8.11 (#670)

* Update changelog for v0.8.11

* Add a note for the default network policy
---
 CHANGELOG.md                                  | 74 +++++++++++++++++++
 docs/resources/network_policy.md              |  9 +++
 .../materialize_network_policy/resource.tf    |  9 +++
 3 files changed, 92 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c30f8bd7..234aac59 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,79 @@
 # Changelog
 
+## 0.8.11 - 2024-11-13
+
+## Features
+
+* Adding a new `materialize_network_policy` resource and data source [#669](https://github.com/MaterializeInc/terraform-provider-materialize/pull/669).
+
+  A network policy allows you to manage access to the system through IP-based rules.
+
+  * Example `materialize_network_policy` resource:
+
+    ```hcl
+    resource "materialize_network_policy" "office_policy" {
+      name = "office_access_policy"
+
+      rule {
+        name      = "new_york"
+        action    = "allow"
+        direction = "ingress"
+        address   = "8.2.3.4/28"
+      }
+
+      rule {
+        name      = "minnesota"
+        action    = "allow"
+        direction = "ingress"
+        address   = "2.3.4.5/32"
+      }
+
+      comment = "Network policy for office locations"
+    }
+    ```
+
+  * Example `materialize_network_policy` data source:
+
+    ```hcl
+    data "materialize_network_policy" "all" {}
+    ```
+
+  * Added support for the new `CREATENETWORKPOLICY` system privilege:
+
+    ```hcl
+    resource "materialize_role" "test" {
+      name = "test_role"
+    }
+
+    resource "materialize_grant_system_privilege" "role_createnetworkpolicy" {
+      role_name = materialize_role.test.name
+      privilege = "CREATENETWORKPOLICY"
+    }
+    ```
+
+  * An initial `default` network policy will be created.
+    This policy allows open access to the environment and can be altered by a `superuser`.
+    Use the `ALTER SYSTEM SET network_policy TO 'office_access_policy'` command
+    or the `materialize_system_parameter` resource to update the default network policy.
+
+    ```hcl
+    resource "materialize_system_parameter" "system_parameter" {
+      name  = "network_policy"
+      value = "office_access_policy"
+    }
+    ```
+
+## Bug Fixes
+
+* Updated the cluster and cluster replica query builders to skip `DISK` property for `cc` and `C` clusters as this is enabled by default for those sizes [#671](https://github.com/MaterializeInc/terraform-provider-materialize/pull/671)
+
+## Misc
+
+* Upgrade from `pgx` v3 to v4 [#663](https://github.com/MaterializeInc/terraform-provider-materialize/pull/663)
+* Routine dependency updates: [#668](https://github.com/MaterializeInc/terraform-provider-materialize/pull/668), [#667](https://github.com/MaterializeInc/terraform-provider-materialize/pull/667)
+* Upgraded Go version from `1.22.0` to `1.22.7` for improved performance and security fixes [#669](https://github.com/MaterializeInc/terraform-provider-materialize/pull/669)
+* Added `--bootstrap-builtin-analytics-cluster-replica-size` to the Docker compose file to fix failing tests [#671](https://github.com/MaterializeInc/terraform-provider-materialize/pull/671)
+
 ## 0.8.10 - 2024-10-7
 
 ## Features
diff --git a/docs/resources/network_policy.md b/docs/resources/network_policy.md
index ad9009e7..89a5e2ae 100644
--- a/docs/resources/network_policy.md
+++ b/docs/resources/network_policy.md
@@ -32,6 +32,15 @@ resource "materialize_network_policy" "office_policy" {
 
   comment = "Network policy for office locations"
 }
+
+# An initial `default` network policy will be created.
+# This policy allows open access to the environment and can be altered by a `superuser`.
+# Use the `ALTER SYSTEM SET network_policy TO 'office_access_policy'` command.
+# Or the `materialize_system_parameter` resource to set the default network policy.
+resource "materialize_system_parameter" "system_parameter" {
+  name  = "network_policy"
+  value = "office_access_policy"
+}
 ```
 
 <!-- schema generated by tfplugindocs -->
diff --git a/examples/resources/materialize_network_policy/resource.tf b/examples/resources/materialize_network_policy/resource.tf
index 141533bc..b4044e10 100644
--- a/examples/resources/materialize_network_policy/resource.tf
+++ b/examples/resources/materialize_network_policy/resource.tf
@@ -17,3 +17,12 @@ resource "materialize_network_policy" "office_policy" {
 
   comment = "Network policy for office locations"
 }
+
+# An initial `default` network policy will be created.
+# This policy allows open access to the environment and can be altered by a `superuser`.
+# Use the `ALTER SYSTEM SET network_policy TO 'office_access_policy'` command.
+# Or the `materialize_system_parameter` resource to set the default network policy.
+resource "materialize_system_parameter" "system_parameter" {
+  name  = "network_policy"
+  value = "office_access_policy"
+}