From f56bf5edeb21f74cf51b9cf785421e8fdc307ed7 Mon Sep 17 00:00:00 2001
From: Bobby Iliev <bobby@bobbyiliev.com>
Date: Thu, 28 Nov 2024 18:20:23 +0200
Subject: [PATCH] Document self-hosted Materialize authentication

---
 docs/index.md                         | 10 +++
 examples/provider/provider.tf         | 10 +++
 integration/self_hosted/connection.tf | 89 ---------------------------
 3 files changed, 20 insertions(+), 89 deletions(-)

diff --git a/docs/index.md b/docs/index.md
index 23a6e8ce..1b667a8d 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -17,6 +17,16 @@ provider "materialize" {
   password       = var.materialize_password # optionally use MZ_PASSWORD env var
   default_region = "aws/us-east-1"          # optionally use MZ_REGION env var
 }
+
+# Self-hosted Materialize authentication
+provider "materialize" {
+  host     = "materialized" # optionally use MZ_HOST env var
+  port     = 6877           # optionally use MZ_PORT env var
+  username = "mz_system"    # optionally use MZ_USER env var
+  database = "materialize"  # optionally use MZ_DATABASE env var
+  password = ""             # optionally use MZ_PASSWORD env var
+  sslmode  = "disable"      # optionally use MZ_SSLMODE env var
+}
 ```
 
 ## Schema
diff --git a/examples/provider/provider.tf b/examples/provider/provider.tf
index d37ea23c..76d960cf 100644
--- a/examples/provider/provider.tf
+++ b/examples/provider/provider.tf
@@ -3,3 +3,13 @@ provider "materialize" {
   password       = var.materialize_password # optionally use MZ_PASSWORD env var
   default_region = "aws/us-east-1"          # optionally use MZ_REGION env var
 }
+
+# Self-hosted Materialize authentication
+provider "materialize" {
+  host     = "materialized" # optionally use MZ_HOST env var
+  port     = 6877           # optionally use MZ_PORT env var
+  username = "mz_system"    # optionally use MZ_USER env var
+  database = "materialize"  # optionally use MZ_DATABASE env var
+  password = ""             # optionally use MZ_PASSWORD env var
+  sslmode  = "disable"      # optionally use MZ_SSLMODE env var
+}
diff --git a/integration/self_hosted/connection.tf b/integration/self_hosted/connection.tf
index c545f454..51a946a5 100644
--- a/integration/self_hosted/connection.tf
+++ b/integration/self_hosted/connection.tf
@@ -109,49 +109,6 @@ resource "materialize_connection_kafka" "kafka_conn_multiple_brokers" {
   validate                          = false
 }
 
-resource "materialize_connection_kafka" "kafka_top_level_privatelink" {
-  name = "kafka_top_level_privatelink"
-  # The Privatelink connection is created during the docker compose setup
-  # As if you were to drop the privatelink connection, the container would crash
-  aws_privatelink {
-    privatelink_connection {
-      name          = "privatelink_conn"
-      database_name = "materialize"
-      schema_name   = "public"
-    }
-    privatelink_connection_port = 9092
-  }
-
-  security_protocol = "SASL_SSL"
-  sasl_mechanisms   = "SCRAM-SHA-256"
-
-  sasl_username {
-    text = "sasl_username"
-  }
-
-  sasl_password {
-    name          = materialize_secret.kafka_password.name
-    database_name = materialize_secret.kafka_password.database_name
-    schema_name   = materialize_secret.kafka_password.schema_name
-  }
-
-  ssl_certificate {
-    text = "ssl_certificate_content"
-  }
-
-  ssl_key {
-    name          = materialize_secret.kafka_password.name
-    database_name = materialize_secret.kafka_password.database_name
-    schema_name   = materialize_secret.kafka_password.schema_name
-  }
-
-  ssl_certificate_authority {
-    text = "ssl_ca_content"
-  }
-
-  validate = false
-}
-
 resource "materialize_connection_confluent_schema_registry" "schema_registry" {
   name    = "schema_registry_connection"
   comment = "connection schema registry comment"
@@ -176,29 +133,6 @@ resource "materialize_connection_confluent_schema_registry" "csr_with_basic_auth
   validate = false
 }
 
-resource "materialize_connection_confluent_schema_registry" "csr_with_aws_privatelink" {
-  name = "csr_with_aws_privatelink"
-  url  = "http://redpanda:8081"
-
-  username {
-    text = "username"
-  }
-
-  password {
-    name          = materialize_secret.kafka_password.name
-    database_name = materialize_secret.kafka_password.database_name
-    schema_name   = materialize_secret.kafka_password.schema_name
-  }
-
-  aws_privatelink {
-    name          = "privatelink_conn"
-    database_name = "materialize"
-    schema_name   = "public"
-  }
-
-  validate = false
-}
-
 resource "materialize_connection_confluent_schema_registry" "schema_registry_basic_auth_ssl" {
   name = "schema_registry_basic_auth_ssl"
   url  = "http://redpanda:8081"
@@ -382,29 +316,6 @@ resource "materialize_connection_mysql" "mysql_connection" {
   }
 }
 
-resource "materialize_connection_mysql" "mysql_connection_aws_pl" {
-  name    = "mysql_connection_aws_pl"
-  comment = "connection mysql comment with aws privatelink"
-
-  host = "mysql"
-  port = 3306
-  user {
-    text = "repluser"
-  }
-  password {
-    name          = materialize_secret.mysql_password.name
-    database_name = materialize_secret.mysql_password.database_name
-    schema_name   = materialize_secret.mysql_password.schema_name
-  }
-
-  aws_privatelink {
-    name          = "privatelink_conn"
-    database_name = "materialize"
-    schema_name   = "public"
-  }
-  validate = false
-}
-
 resource "materialize_connection_mysql" "mysql_connection_with_secret" {
   name = "mysql-connection-with-secret"
   host = "mysql"