@pulumi/gcp
Version:
A Pulumi package for creating and managing Google Cloud Platform resources.
420 lines • 19.2 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
* Creates a new Google SQL User on a Google SQL User Instance. For more information, see the [official documentation](https://cloud.google.com/sql/), or the [JSON API](https://cloud.google.com/sql/docs/admin-api/v1beta4/users).
*
* Read more about sensitive data in state. Passwords will not be retrieved when running
* "terraform import".
*
* > **Note:** Write-Only argument `passwordWo` is available to use in place of `password`. Write-Only arguments are supported in HashiCorp Terraform 1.11.0 and later. Learn more.
*
* ## Example Usage
*
* Example creating a SQL User.
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* import * as random from "@pulumi/random";
*
* const dbNameSuffix = new random.index.Id("db_name_suffix", {byteLength: 4});
* const main = new gcp.sql.DatabaseInstance("main", {
* name: `main-instance-${dbNameSuffix.hex}`,
* databaseVersion: "MYSQL_5_7",
* settings: {
* tier: "db-f1-micro",
* },
* });
* const users = new gcp.sql.User("users", {
* name: "me",
* instance: main.name,
* host: "me.com",
* password: "changeme",
* });
* ```
*
* Example creating a SQL User with database roles(applicable for Postgres/MySQL
* only).
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* import * as random from "@pulumi/random";
*
* const dbNameSuffix = new random.index.Id("db_name_suffix", {byteLength: 4});
* const main = new gcp.sql.DatabaseInstance("main", {
* name: `main-instance-${dbNameSuffix.hex}`,
* databaseVersion: "POSTGRES_15",
* settings: {
* tier: "db-f1-micro",
* },
* });
* const users = new gcp.sql.User("users", {
* name: "me",
* instance: main.name,
* host: "me.com",
* password: "changeme",
* databaseRoles: ["cloudsqlsuperuser"],
* });
* ```
*
* Example using [Cloud SQL IAM database authentication](https://cloud.google.com/sql/docs/mysql/authentication).
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* import * as random from "@pulumi/random";
* import * as std from "@pulumi/std";
*
* const dbNameSuffix = new random.index.Id("db_name_suffix", {byteLength: 4});
* const main = new gcp.sql.DatabaseInstance("main", {
* name: `main-instance-${dbNameSuffix.hex}`,
* databaseVersion: "POSTGRES_15",
* settings: {
* tier: "db-f1-micro",
* databaseFlags: [{
* name: "cloudsql.iam_authentication",
* value: "on",
* }],
* },
* });
* const iamUser = new gcp.sql.User("iam_user", {
* name: "me@example.com",
* instance: main.name,
* type: "CLOUD_IAM_USER",
* });
* const iamServiceAccountUser = new gcp.sql.User("iam_service_account_user", {
* name: std.trimsuffix({
* input: serviceAccount.email,
* suffix: ".gserviceaccount.com",
* }).then(invoke => invoke.result),
* instance: main.name,
* type: "CLOUD_IAM_SERVICE_ACCOUNT",
* });
* ```
*
* Example using [Cloud SQL IAM Group authentication](https://cloud.google.com/sql/docs/mysql/iam-authentication#iam-group-auth).
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* import * as random from "@pulumi/random";
*
* const dbNameSuffix = new random.index.Id("db_name_suffix", {byteLength: 4});
* const main = new gcp.sql.DatabaseInstance("main", {
* name: `main-instance-${dbNameSuffix.hex}`,
* databaseVersion: "MYSQL_8_0",
* settings: {
* tier: "db-f1-micro",
* databaseFlags: [{
* name: "cloudsql_iam_authentication",
* value: "on",
* }],
* },
* });
* const iamGroupUser = new gcp.sql.User("iam_group_user", {
* name: "iam_group@example.com",
* instance: main.name,
* type: "CLOUD_IAM_GROUP",
* });
* ```
*
* ## Import
*
* SQL users for MySQL databases can be imported using the `project`, `instance`, `host` and `name`, e.g.
*
* * `{{project_id}}/{{instance}}/{{host}}/{{name}}`
*
* SQL users for PostgreSQL databases can be imported using the `project`, `instance` and `name`, e.g.
*
* * `{{project_id}}/{{instance}}/{{name}}`
*
* When using the `pulumi import` command, NAME_HERE can be imported using one of the formats above. For example:
*
* MySQL database
*
* ```sh
* $ pulumi import gcp:sql/user:User default {{project_id}}/{{instance}}/{{host}}/{{name}}
* ```
*
* PostgreSQL database
*
* ```sh
* $ pulumi import gcp:sql/user:User default {{project_id}}/{{instance}}/{{name}}
* ```
*/
export declare class User extends pulumi.CustomResource {
/**
* Get an existing User resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserState, opts?: pulumi.CustomResourceOptions): User;
/**
* Returns true if the given object is an instance of User. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is User;
/**
* A list of database roles to be assigned to the user.
* This option is only available for MySQL 8+ and PostgreSQL instances. You
* can include predefined Cloud SQL roles, like cloudsqlsuperuser, or your
* own custom roles. Custom roles must be created in the database before
* you can assign them. You can create roles using the CREATE ROLE
* statement for both MySQL and PostgreSQL.
* **Note**: This property is write-only and will not be read from the API.
* **Caution**: Existing database roles will be overwriten with new values from this field.
*/
readonly databaseRoles: pulumi.Output<string[] | undefined>;
/**
* Whether Terraform will be prevented from destroying the resource. Defaults to "DELETE".
* When a 'terraform destroy' or 'pulumi up' would delete the resource,
* the command will fail if this field is set to "PREVENT" in Terraform state.
* When set to "ABANDON", the command will remove the resource from Terraform
* management without updating or deleting the resource in the API. This is useful
* for Postgres, where users cannot be deleted from the API if they have been granted SQL roles.
*
* When set to "DELETE", deleting the resource is allowed.
*
* - - -
*/
readonly deletionPolicy: pulumi.Output<string>;
/**
* The host the user can connect from. This is only supported
* for BUILT_IN users in MySQL instances. Don't set this field for PostgreSQL and SQL Server instances.
* Can be an IP address. Changing this forces a new resource to be created.
*/
readonly host: pulumi.Output<string>;
/**
* IAM email address for MySQL IAM database users.
*/
readonly iamEmail: pulumi.Output<string>;
/**
* The name of the Cloud SQL instance. Changing this
* forces a new resource to be created.
*/
readonly instance: pulumi.Output<string>;
/**
* The name of the user. Changing this forces a new resource
* to be created.
*/
readonly name: pulumi.Output<string>;
/**
* The password for the user. Can be updated. For Postgres
* instances this is a Required field, unless type is set to either CLOUD_IAM_USER
* or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER
* and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance.
*/
readonly password: pulumi.Output<string | undefined>;
readonly passwordPolicy: pulumi.Output<outputs.sql.UserPasswordPolicy | undefined>;
/**
* **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
* The password for the user. Can be updated. For Postgres
* instances this is a Required field, unless type is set to either CLOUD_IAM_USER
* or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER
* and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance.
*
* * > **Note:** One of `value` or `valueWo` can only be set.
*/
readonly passwordWo: pulumi.Output<string | undefined>;
/**
* An integer value used to trigger an update for `passwordWo`. This property should be incremented when updating `passwordWo`. For more info see [updating write-only arguments](https://www.terraform.io/docs/providers/google/guides/using_write_only_attributes.html#updating-write-only-attributes).
*/
readonly passwordWoVersion: pulumi.Output<number | undefined>;
/**
* The ID of the project in which the resource belongs. If it
* is not provided, the provider project is used.
*/
readonly project: pulumi.Output<string>;
readonly sqlServerUserDetails: pulumi.Output<outputs.sql.UserSqlServerUserDetail[]>;
/**
* The user type. It determines the method to authenticate the
* user during login. The default is the database's built-in user type. Flags
* include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_SERVICE_ACCOUNT", "CLOUD_IAM_GROUP",
* "CLOUD_IAM_GROUP_USER" and "CLOUD_IAM_GROUP_SERVICE_ACCOUNT" for
* [Postgres](https://cloud.google.com/sql/docs/postgres/admin-api/rest/v1beta4/users#sqlusertype)
* and [MySQL](https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1beta4/users#sqlusertype).
*/
readonly type: pulumi.Output<string | undefined>;
/**
* Create a User resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: UserArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering User resources.
*/
export interface UserState {
/**
* A list of database roles to be assigned to the user.
* This option is only available for MySQL 8+ and PostgreSQL instances. You
* can include predefined Cloud SQL roles, like cloudsqlsuperuser, or your
* own custom roles. Custom roles must be created in the database before
* you can assign them. You can create roles using the CREATE ROLE
* statement for both MySQL and PostgreSQL.
* **Note**: This property is write-only and will not be read from the API.
* **Caution**: Existing database roles will be overwriten with new values from this field.
*/
databaseRoles?: pulumi.Input<pulumi.Input<string>[] | undefined>;
/**
* Whether Terraform will be prevented from destroying the resource. Defaults to "DELETE".
* When a 'terraform destroy' or 'pulumi up' would delete the resource,
* the command will fail if this field is set to "PREVENT" in Terraform state.
* When set to "ABANDON", the command will remove the resource from Terraform
* management without updating or deleting the resource in the API. This is useful
* for Postgres, where users cannot be deleted from the API if they have been granted SQL roles.
*
* When set to "DELETE", deleting the resource is allowed.
*
* - - -
*/
deletionPolicy?: pulumi.Input<string | undefined>;
/**
* The host the user can connect from. This is only supported
* for BUILT_IN users in MySQL instances. Don't set this field for PostgreSQL and SQL Server instances.
* Can be an IP address. Changing this forces a new resource to be created.
*/
host?: pulumi.Input<string | undefined>;
/**
* IAM email address for MySQL IAM database users.
*/
iamEmail?: pulumi.Input<string | undefined>;
/**
* The name of the Cloud SQL instance. Changing this
* forces a new resource to be created.
*/
instance?: pulumi.Input<string | undefined>;
/**
* The name of the user. Changing this forces a new resource
* to be created.
*/
name?: pulumi.Input<string | undefined>;
/**
* The password for the user. Can be updated. For Postgres
* instances this is a Required field, unless type is set to either CLOUD_IAM_USER
* or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER
* and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance.
*/
password?: pulumi.Input<string | undefined>;
passwordPolicy?: pulumi.Input<inputs.sql.UserPasswordPolicy | undefined>;
/**
* **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
* The password for the user. Can be updated. For Postgres
* instances this is a Required field, unless type is set to either CLOUD_IAM_USER
* or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER
* and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance.
*
* * > **Note:** One of `value` or `valueWo` can only be set.
*/
passwordWo?: pulumi.Input<string | undefined>;
/**
* An integer value used to trigger an update for `passwordWo`. This property should be incremented when updating `passwordWo`. For more info see [updating write-only arguments](https://www.terraform.io/docs/providers/google/guides/using_write_only_attributes.html#updating-write-only-attributes).
*/
passwordWoVersion?: pulumi.Input<number | undefined>;
/**
* The ID of the project in which the resource belongs. If it
* is not provided, the provider project is used.
*/
project?: pulumi.Input<string | undefined>;
sqlServerUserDetails?: pulumi.Input<pulumi.Input<inputs.sql.UserSqlServerUserDetail>[] | undefined>;
/**
* The user type. It determines the method to authenticate the
* user during login. The default is the database's built-in user type. Flags
* include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_SERVICE_ACCOUNT", "CLOUD_IAM_GROUP",
* "CLOUD_IAM_GROUP_USER" and "CLOUD_IAM_GROUP_SERVICE_ACCOUNT" for
* [Postgres](https://cloud.google.com/sql/docs/postgres/admin-api/rest/v1beta4/users#sqlusertype)
* and [MySQL](https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1beta4/users#sqlusertype).
*/
type?: pulumi.Input<string | undefined>;
}
/**
* The set of arguments for constructing a User resource.
*/
export interface UserArgs {
/**
* A list of database roles to be assigned to the user.
* This option is only available for MySQL 8+ and PostgreSQL instances. You
* can include predefined Cloud SQL roles, like cloudsqlsuperuser, or your
* own custom roles. Custom roles must be created in the database before
* you can assign them. You can create roles using the CREATE ROLE
* statement for both MySQL and PostgreSQL.
* **Note**: This property is write-only and will not be read from the API.
* **Caution**: Existing database roles will be overwriten with new values from this field.
*/
databaseRoles?: pulumi.Input<pulumi.Input<string>[] | undefined>;
/**
* Whether Terraform will be prevented from destroying the resource. Defaults to "DELETE".
* When a 'terraform destroy' or 'pulumi up' would delete the resource,
* the command will fail if this field is set to "PREVENT" in Terraform state.
* When set to "ABANDON", the command will remove the resource from Terraform
* management without updating or deleting the resource in the API. This is useful
* for Postgres, where users cannot be deleted from the API if they have been granted SQL roles.
*
* When set to "DELETE", deleting the resource is allowed.
*
* - - -
*/
deletionPolicy?: pulumi.Input<string | undefined>;
/**
* The host the user can connect from. This is only supported
* for BUILT_IN users in MySQL instances. Don't set this field for PostgreSQL and SQL Server instances.
* Can be an IP address. Changing this forces a new resource to be created.
*/
host?: pulumi.Input<string | undefined>;
/**
* The name of the Cloud SQL instance. Changing this
* forces a new resource to be created.
*/
instance: pulumi.Input<string>;
/**
* The name of the user. Changing this forces a new resource
* to be created.
*/
name?: pulumi.Input<string | undefined>;
/**
* The password for the user. Can be updated. For Postgres
* instances this is a Required field, unless type is set to either CLOUD_IAM_USER
* or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER
* and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance.
*/
password?: pulumi.Input<string | undefined>;
passwordPolicy?: pulumi.Input<inputs.sql.UserPasswordPolicy | undefined>;
/**
* **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
* The password for the user. Can be updated. For Postgres
* instances this is a Required field, unless type is set to either CLOUD_IAM_USER
* or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER
* and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance.
*
* * > **Note:** One of `value` or `valueWo` can only be set.
*/
passwordWo?: pulumi.Input<string | undefined>;
/**
* An integer value used to trigger an update for `passwordWo`. This property should be incremented when updating `passwordWo`. For more info see [updating write-only arguments](https://www.terraform.io/docs/providers/google/guides/using_write_only_attributes.html#updating-write-only-attributes).
*/
passwordWoVersion?: pulumi.Input<number | undefined>;
/**
* The ID of the project in which the resource belongs. If it
* is not provided, the provider project is used.
*/
project?: pulumi.Input<string | undefined>;
/**
* The user type. It determines the method to authenticate the
* user during login. The default is the database's built-in user type. Flags
* include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_SERVICE_ACCOUNT", "CLOUD_IAM_GROUP",
* "CLOUD_IAM_GROUP_USER" and "CLOUD_IAM_GROUP_SERVICE_ACCOUNT" for
* [Postgres](https://cloud.google.com/sql/docs/postgres/admin-api/rest/v1beta4/users#sqlusertype)
* and [MySQL](https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1beta4/users#sqlusertype).
*/
type?: pulumi.Input<string | undefined>;
}
//# sourceMappingURL=user.d.ts.map