@pulumi/gcp

import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Creates a new Google SQL User on a Google SQL User Instance. For more information, see the [official documentation](https://cloud.google.com/sql/), or the [JSON API](https://cloud.google.com/sql/docs/admin-api/v1beta4/users). * * ## Example Usage * * Example creating a SQL User. * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as random from "@pulumi/random"; * * const dbNameSuffix = new random.RandomId("db_name_suffix", {byteLength: 4}); * const main = new gcp.sql.DatabaseInstance("main", { * name: pulumi.interpolate`main-instance-${dbNameSuffix.hex}`, * databaseVersion: "MYSQL_5_7", * settings: { * tier: "db-f1-micro", * }, * }); * const users = new gcp.sql.User("users", { * name: "me", * instance: main.name, * host: "me.com", * password: "changeme", * }); * ``` * * Example using [Cloud SQL IAM database authentication](https://cloud.google.com/sql/docs/mysql/authentication). * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as random from "@pulumi/random"; * import * as std from "@pulumi/std"; * * const dbNameSuffix = new random.RandomId("db_name_suffix", {byteLength: 4}); * const main = new gcp.sql.DatabaseInstance("main", { * name: pulumi.interpolate`main-instance-${dbNameSuffix.hex}`, * databaseVersion: "POSTGRES_15", * settings: { * tier: "db-f1-micro", * databaseFlags: [{ * name: "cloudsql.iam_authentication", * value: "on", * }], * }, * }); * const iamUser = new gcp.sql.User("iam_user", { * name: "me@example.com", * instance: main.name, * type: "CLOUD_IAM_USER", * }); * const iamServiceAccountUser = new gcp.sql.User("iam_service_account_user", { * name: std.trimsuffix({ * input: serviceAccount.email, * suffix: ".gserviceaccount.com", * }).then(invoke => invoke.result), * instance: main.name, * type: "CLOUD_IAM_SERVICE_ACCOUNT", * }); * ``` * * Example using [Cloud SQL IAM Group authentication](https://cloud.google.com/sql/docs/mysql/iam-authentication#iam-group-auth). * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as random from "@pulumi/random"; * * const dbNameSuffix = new random.RandomId("db_name_suffix", {byteLength: 4}); * const main = new gcp.sql.DatabaseInstance("main", { * name: pulumi.interpolate`main-instance-${dbNameSuffix.hex}`, * databaseVersion: "MYSQL_8_0", * settings: { * tier: "db-f1-micro", * databaseFlags: [{ * name: "cloudsql_iam_authentication", * value: "on", * }], * }, * }); * const iamGroupUser = new gcp.sql.User("iam_group_user", { * name: "iam_group@example.com", * instance: main.name, * type: "CLOUD_IAM_GROUP", * }); * ``` * * ## Ephemeral Attributes Reference * * The following write-only attributes are supported: * * * `passwordWo` - (Optional) The password for the user. Can be updated. For Postgres * instances this is a Required field, unless type is set to either CLOUD_IAM_USER * or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER * and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance. * **Note**: This property is write-only and will not be read from the API. * * ## Import * * SQL users for MySQL databases can be imported using the `project`, `instance`, `host` and `name`, e.g. * * * `{{project_id}}/{{instance}}/{{host}}/{{name}}` * * SQL users for PostgreSQL databases can be imported using the `project`, `instance` and `name`, e.g. * * * `{{project_id}}/{{instance}}/{{name}}` * * When using the `pulumi import` command, NAME_HERE can be imported using one of the formats above. For example: * * MySQL database * * ```sh * $ pulumi import gcp:sql/user:User default {{project_id}}/{{instance}}/{{host}}/{{name}} * ``` * * PostgreSQL database * * ```sh * $ pulumi import gcp:sql/user:User default {{project_id}}/{{instance}}/{{name}} * ``` */ export declare class User extends pulumi.CustomResource { /** * Get an existing User resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserState, opts?: pulumi.CustomResourceOptions): User; /** * Returns true if the given object is an instance of User. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is User; /** * The deletion policy for the user. * Setting `ABANDON` allows the resource to be abandoned rather than deleted. This is useful * for Postgres, where users cannot be deleted from the API if they have been granted SQL roles. * * Possible values are: `ABANDON`. */ readonly deletionPolicy: pulumi.Output<string | undefined>; /** * The host the user can connect from. This is only supported * for BUILT_IN users in MySQL instances. Don't set this field for PostgreSQL and SQL Server instances. * Can be an IP address. Changing this forces a new resource to be created. */ readonly host: pulumi.Output<string>; /** * The name of the Cloud SQL instance. Changing this * forces a new resource to be created. */ readonly instance: pulumi.Output<string>; /** * The name of the user. Changing this forces a new resource * to be created. */ readonly name: pulumi.Output<string>; /** * The password for the user. Can be updated. For Postgres * instances this is a Required field, unless type is set to either CLOUD_IAM_USER * or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER * and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance. */ readonly password: pulumi.Output<string | undefined>; readonly passwordPolicy: pulumi.Output<outputs.sql.UserPasswordPolicy | undefined>; /** * The ID of the project in which the resource belongs. If it * is not provided, the provider project is used. */ readonly project: pulumi.Output<string>; readonly sqlServerUserDetails: pulumi.Output<outputs.sql.UserSqlServerUserDetail[]>; /** * The user type. It determines the method to authenticate the * user during login. The default is the database's built-in user type. Flags * include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_SERVICE_ACCOUNT", "CLOUD_IAM_GROUP", * "CLOUD_IAM_GROUP_USER" and "CLOUD_IAM_GROUP_SERVICE_ACCOUNT" for * [Postgres](https://cloud.google.com/sql/docs/postgres/admin-api/rest/v1beta4/users#sqlusertype) * and [MySQL](https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1beta4/users#sqlusertype). */ readonly type: pulumi.Output<string | undefined>; /** * Create a User resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: UserArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering User resources. */ export interface UserState { /** * The deletion policy for the user. * Setting `ABANDON` allows the resource to be abandoned rather than deleted. This is useful * for Postgres, where users cannot be deleted from the API if they have been granted SQL roles. * * Possible values are: `ABANDON`. */ deletionPolicy?: pulumi.Input<string>; /** * The host the user can connect from. This is only supported * for BUILT_IN users in MySQL instances. Don't set this field for PostgreSQL and SQL Server instances. * Can be an IP address. Changing this forces a new resource to be created. */ host?: pulumi.Input<string>; /** * The name of the Cloud SQL instance. Changing this * forces a new resource to be created. */ instance?: pulumi.Input<string>; /** * The name of the user. Changing this forces a new resource * to be created. */ name?: pulumi.Input<string>; /** * The password for the user. Can be updated. For Postgres * instances this is a Required field, unless type is set to either CLOUD_IAM_USER * or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER * and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance. */ password?: pulumi.Input<string>; passwordPolicy?: pulumi.Input<inputs.sql.UserPasswordPolicy>; /** * The ID of the project in which the resource belongs. If it * is not provided, the provider project is used. */ project?: pulumi.Input<string>; sqlServerUserDetails?: pulumi.Input<pulumi.Input<inputs.sql.UserSqlServerUserDetail>[]>; /** * The user type. It determines the method to authenticate the * user during login. The default is the database's built-in user type. Flags * include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_SERVICE_ACCOUNT", "CLOUD_IAM_GROUP", * "CLOUD_IAM_GROUP_USER" and "CLOUD_IAM_GROUP_SERVICE_ACCOUNT" for * [Postgres](https://cloud.google.com/sql/docs/postgres/admin-api/rest/v1beta4/users#sqlusertype) * and [MySQL](https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1beta4/users#sqlusertype). */ type?: pulumi.Input<string>; } /** * The set of arguments for constructing a User resource. */ export interface UserArgs { /** * The deletion policy for the user. * Setting `ABANDON` allows the resource to be abandoned rather than deleted. This is useful * for Postgres, where users cannot be deleted from the API if they have been granted SQL roles. * * Possible values are: `ABANDON`. */ deletionPolicy?: pulumi.Input<string>; /** * The host the user can connect from. This is only supported * for BUILT_IN users in MySQL instances. Don't set this field for PostgreSQL and SQL Server instances. * Can be an IP address. Changing this forces a new resource to be created. */ host?: pulumi.Input<string>; /** * The name of the Cloud SQL instance. Changing this * forces a new resource to be created. */ instance: pulumi.Input<string>; /** * The name of the user. Changing this forces a new resource * to be created. */ name?: pulumi.Input<string>; /** * The password for the user. Can be updated. For Postgres * instances this is a Required field, unless type is set to either CLOUD_IAM_USER * or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER * and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance. */ password?: pulumi.Input<string>; passwordPolicy?: pulumi.Input<inputs.sql.UserPasswordPolicy>; /** * The ID of the project in which the resource belongs. If it * is not provided, the provider project is used. */ project?: pulumi.Input<string>; /** * The user type. It determines the method to authenticate the * user during login. The default is the database's built-in user type. Flags * include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_SERVICE_ACCOUNT", "CLOUD_IAM_GROUP", * "CLOUD_IAM_GROUP_USER" and "CLOUD_IAM_GROUP_SERVICE_ACCOUNT" for * [Postgres](https://cloud.google.com/sql/docs/postgres/admin-api/rest/v1beta4/users#sqlusertype) * and [MySQL](https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1beta4/users#sqlusertype). */ type?: pulumi.Input<string>; }