Dov/auth-doc-upgrade #32657

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Closed

DAlperin wants to merge 167 commits into MaterializeInc:self-managed-docs/v25.2 from DAlperin:dov/auth-doc-upgrade

+8,557 −12,174

Member

DAlperin commented Jun 4, 2025

Motivation

Tips for reviewer

Checklist

This PR has adequate test coverage / QA involvement has been duly considered. (trigger-ci for additional test/nightly runs)
This PR has an associated up-to-date design doc, is a design doc (template), or is sufficiently small to not require a design.
If this PR evolves an existing $T ⇔ Proto$T mapping (possibly in a backwards-incompatible way), then it is tagged with a T-proto label.
If this PR will require changes to cloud orchestration or tests, there is a companion cloud PR to account for those changes that is tagged with the release-blocker label (example).
If this PR includes major user-facing behavior changes, I have pinged the relevant PM to schedule a changelog post.

kay-kim and others added 30 commits

January 14, 2025 23:51


          docs: self-managed v2025.01 initial structure

3fe6f27


          rm shortcodes logic from website.sh

244fc27


          Support deploying self-hosted docs

10940b8

Context: https://materializeinc.slack.com/archives/C07PN7KSB0T/p1736830571054569


          docs: selector needs to filter out /docs from /docs/self-managed

8b06eca


          Merge pull request MaterializeInc#31059 from kay-kim/docs-selector-en…

8cef591

…able-logic-self-managed-branch

docs: selector needs to filter out /docs from /docs/self-managed


          docs: Fix version selector for self-managed versions

5655bf6

Fall back to local versions.json when global one is missing.

Concatenate paths for links correctly


          ci: Enable docs linting and preview

2a0a3b4


          docs: Fixed size of version selector

ba0c2c3


          docs: tweak fallback versions.json path

005ba15


          Merge pull request MaterializeInc#31068 from kay-kim/docs-self-manage…

82fc7a7

…d-versions-file-path-tweak

docs: tweak fallback versions.json path


          docs: change environmentd.yaml to materialize.yaml (MaterializeInc#31069

d67de03


          Temporarily Revert "docs: change environmentd.yaml to materialize.yam… (

5cd6460

MaterializeInc#31076)

…l (MaterializeInc#31069)"

This reverts commit d67de03. Revert as
the name change is an upcoming change (i.e., not yet available)


          docs: update readme baseURL value (MaterializeInc#31078)

7bb96a4


          Docs self managed use lts-v0.130 branch (MaterializeInc#31089)

c061b2b


          docs: self-managed change requirements-list shortcode file name (Mate…

25b7fe0

…rializeInc#31091)


          fix the select. (MaterializeInc#31090) (MaterializeInc#31092)

7fbee4a

Authored-by: Nisar Hassan Naqvi <[email protected]>


          Docs self managed update local installs (MaterializeInc#31095)

284e4fb


          docs: install cloud use v0.130.0 (MaterializeInc#31105)

41a46a9


          docs: update self-managed install-on-aws to use terraform for everyth…

0f16040

…ing (MaterializeInc#31093)


          docs: update local install to use published helm charts (MaterializeI…

c85acba

…nc#31129)

In prep for release, using `v25.1.0` instead of `v25.1.0-beta.1`


          docs: set region to minikube during install (MaterializeInc#31133)

8c1e3ba


          docs: update self-managed install-on-gcp to use terraform for everyth…

c2f922d

…ing (MaterializeInc#31151)


          docs: self-managed tweaks (MaterializeInc#31154)

2f2a5a8


          docs-self-mged: remove most releases files and move to cloud_releases/ (

2f86070

MaterializeInc#31162)


          docs: Add callouts to emulator and cloud (MaterializeInc#31165)

7b10235


          self-managed-docs: installation updates (MaterializeInc#31168)

9bbf6f3


          docs: self-managed access control (MaterializeInc#31153)

d1934d5


          Docs tweak console self managed (MaterializeInc#31170)

bc19805


          docs: add rel-notes placeholder (MaterializeInc#31175)

e6acc11


          docs: update self-managed console section (MaterializeInc#31187)

2b60e29

kay-kim and others added 18 commits

April 28, 2025 14:53


          docs: add orchestratord to local install (temporary) (MaterializeInc#…

270f2e4

…32371)


          docs: Bump latest versions

849448e


          Merge pull request MaterializeInc#32419 from def-/pr-latest-versions

64b9b44

docs: Bump latest versions


          docs: lgalloc for azure terraform (MaterializeInc#32425)

1ec86b1


          self-managed docs: Bump terraform versions too

689b4e2


          Merge pull request MaterializeInc#32432 from def-/pr-self-managed-ter…

1803b4d

…raform

self-managed docs: Bump terraform versions too


          ci: Add env variable and comment for how to switch to AWS

291d782


          ci: Fix typos in AWS agents, bump number of agents before considering…

386610c

… Hetzner overloaded


          Nav update: use the full Materilaize Logo linking to the homepage (#3… (

MaterializeInc#32452)

Co-authored-by: Nisar Hassan Naqvi <[email protected]>


          docs: azure group resource declaration (MaterializeInc#32481)

9a10e83


          docs: update versions (MaterializeInc#32485)

27dbb54


          docs: add in-progress note w.r.t. supporting upstream table schema ch… (

22230f4

MaterializeInc#32494)

…… (MaterializeInc#32436)

…anges


          docs: Bump to helm-chart v25.1.12, environmentd v0.130.13, orchestrat…

a4caa80

…ord v0.144.0


          create guide/recomendation for custom cluster sizes (MaterializeInc#3…

491d238

…2444)

---------

Co-authored-by: kay-kim <[email protected]>


          docs: tweak sinks and hydration (MaterializeInc#32516) (MaterializeIn…

1f5829e

…c#32517)


          Snapshot FAQ update (MaterializeInc#32557) (MaterializeInc#32596)

d20e250

Co-authored-by: Nate <[email protected]>


          docs: tweak prepare + execute page (MaterializeInc#32566) (Materializ…

68cd32d

…eInc#32639)


          Update auth SQL docs

33f2851

DAlperin requested a review from a team as a code owner

June 4, 2025 19:24


          No more railroad

e416002

DAlperin force-pushed the dov/auth-doc-upgrade branch from 79c033a to e416002 Compare

June 4, 2025 19:34

kay-kim changed the base branch from self-managed-docs/v25.1 to self-managed-docs/v25.2

June 4, 2025 19:49

kay-kim reviewed

View reviewed changes

doc/user/content/sql/create-role.md

Comment on lines +14 to +16

		```mzsql

		```

Contributor

kay-kim Jun 4, 2025

heh ... remove?

Suggested change

      
            ```mzsql
          
            ```

doc/user/content/sql/create-role.md

+              ```mzsql
+              CREATE ROLE _role_name_ [WITH [SUPERUSER | NOSUPERUSER ]
+                  [ LOGIN | NOLOGIN ]
+                  [ INHERIT | NOINHERIT ]

Contributor

kay-kim Jun 4, 2025

I would remove NOINHERIT here since we don't support it for CREATE ROLE.
Per mention in the SQL meeting, will note that we've remove from the docs in our issue ... so that, later on, after Xmonths have passed, we can just remove it from our code base.

doc/user/content/sql/create-role.md

-              | `SUPERUSER` | Materialize does not support the `SUPERUSER` option for `CREATE ROLE`.<ul><li>Instead, Materialize derives the `SUPERUSER` option for a role during authentication every time that role tries to connect.</li></ul>|
+              | Option        | Description                                                                                                                                              |
+              | ------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- |
+              | `INHERIT`     | Materialize implicitly uses `INHERIT` for the `CREATE ROLE` command. That is, `CREATE ROLE <name>` and `CREATE ROLE <name> WITH INHERIT` are equivalent. |

Contributor

kay-kim Jun 4, 2025

Ah ...
we lost the "Grants the role the ability to inherit privileges of other roles."
I would make this:

Optional. If specified, grants the role the ability to inherit privileges of other roles. (Default)

doc/user/content/sql/create-role.md

+              | Option        | Description                                                                                                                                              |
+              | ------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- |
+              | `INHERIT`     | Materialize implicitly uses `INHERIT` for the `CREATE ROLE` command. That is, `CREATE ROLE <name>` and `CREATE ROLE <name> WITH INHERIT` are equivalent. |
+              | `NOINHERIT`   | Materialize does not support the `NOINHERIT` option for `CREATE ROLE`.                                                                                   |

Contributor

kay-kim Jun 4, 2025

I'd remove

Suggested change

      
            | `NOINHERIT`   | Materialize does not support the `NOINHERIT` option for `CREATE ROLE`.                                                                                   |

doc/user/content/sql/create-role.md

+              | ------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- |
+              | `INHERIT`     | Materialize implicitly uses `INHERIT` for the `CREATE ROLE` command. That is, `CREATE ROLE <name>` and `CREATE ROLE <name> WITH INHERIT` are equivalent. |
+              | `NOINHERIT`   | Materialize does not support the `NOINHERIT` option for `CREATE ROLE`.                                                                                   |
+              | `LOGIN`       | The `LOGIN` attribute allows a role to login via the postgresql or web endpoints                                                                         |

Contributor

kay-kim Jun 4, 2025

Would capitalize PostgreSQL

Optional. If specified, allows

doc/user/content/sql/create-role.md

               ## Examples
               ```mzsql
-              CREATE ROLE db_reader;
+              CREATE ROLE db_reader WITH LOGIN PASSWORD 'password';

Contributor

kay-kim Jun 4, 2025

We could probably annotate these examples with what these are actually doing ... but ... eh.

doc/user/content/sql/alter-role.md

Comment on lines +14 to +17

+              ALTER ROLE _role_name_ [WITH [SUPERUSER | NOSUPERUSER ]
+                  [ LOGIN | NOLOGIN ]
+                  [ INHERIT | NOINHERIT ]
+                  [ PASSWORD <text> ]] [SET _name_ TO _value_]

Contributor

kay-kim Jun 4, 2025

Since our syntax doesn't render italics:

Suggested change

      
            ALTER ROLE _role_name_ [WITH [SUPERUSER | NOSUPERUSER ]
          
                [ LOGIN | NOLOGIN ]
          
                [ INHERIT | NOINHERIT ]
          
                [ PASSWORD <text> ]] [SET _name_ TO _value_]
          
            ALTER ROLE <role_name> [WITH [SUPERUSER | NOSUPERUSER ]
          
                [ LOGIN | NOLOGIN ]
          
                [ INHERIT | NOINHERIT ]
          
                [ PASSWORD <text> ]] [SET <name> TO <value> ]

doc/user/content/sql/alter-role.md

+              ```mzsql
+              ALTER ROLE rj PASSWORD NULL;
+              ```

Contributor

kay-kim Jun 4, 2025

Maybe adda warning

{{< warning >}}
Setting a NULL password removes the password requirement.
{{< /warning >}}

doc/user/content/sql/alter-role.md

+              ##### Making a role a superuser
+              ```mzsql
+              ALTER ROLE rj SUPERUSER;

Contributor

kay-kim Jun 4, 2025

Actually, since we do an example with setting this role password NULL below (even though it's not really sequential), you might change this to NOSUPERUSER instead of SUPERUSER

doc/user/content/sql/alter-role.md

+              | Field         | Use                                                                                                                                              |
+              | ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ |
+              | **INHERIT**   | Grants the role the ability to inherit privileges of other roles.                                                                                |
+              | `LOGIN`       | The `LOGIN` attribute allows a role to login via the postgresql or web endpoints                                                                 |

Contributor

kay-kim Jun 4, 2025

capitalize PostgreSQL?

Also, for my edification, is the web endpoint referring to the http endpoint?

kay-kim force-pushed the self-managed-docs/v25.2 branch from 06659ed to 50b3520 Compare

June 6, 2025 01:53

kay-kim requested a review from a team as a code owner

June 6, 2025 01:53

Contributor

kay-kim commented Jun 6, 2025

Apologies .. you'll need to rebase. I ended up branching off main and replaying the self-managed docs changes on top of that to get everything between v25.1 and v25.2

kay-kim force-pushed the self-managed-docs/v25.2 branch 2 times, most recently from 11a384a to 646ccab Compare

June 9, 2025 15:38

Member Author

DAlperin commented Jun 10, 2025

superseded by #32697

DAlperin closed this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet