1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. sql
  5. User
Google Cloud Classic v7.16.0 published on Wednesday, Mar 27, 2024 by Pulumi

gcp.sql.User

Explore with Pulumi AI

gcp logo
Google Cloud Classic v7.16.0 published on Wednesday, Mar 27, 2024 by Pulumi

    Creates a new Google SQL User on a Google SQL User Instance. For more information, see the official documentation, or the JSON API.

    Example Usage

    Example creating a SQL User.

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    import * as random from "@pulumi/random";
    
    const dbNameSuffix = new random.RandomId("db_name_suffix", {byteLength: 4});
    const main = new gcp.sql.DatabaseInstance("main", {
        name: pulumi.interpolate`main-instance-${dbNameSuffix.hex}`,
        databaseVersion: "MYSQL_5_7",
        settings: {
            tier: "db-f1-micro",
        },
    });
    const users = new gcp.sql.User("users", {
        name: "me",
        instance: main.name,
        host: "me.com",
        password: "changeme",
    });
    
    import pulumi
    import pulumi_gcp as gcp
    import pulumi_random as random
    
    db_name_suffix = random.RandomId("db_name_suffix", byte_length=4)
    main = gcp.sql.DatabaseInstance("main",
        name=db_name_suffix.hex.apply(lambda hex: f"main-instance-{hex}"),
        database_version="MYSQL_5_7",
        settings=gcp.sql.DatabaseInstanceSettingsArgs(
            tier="db-f1-micro",
        ))
    users = gcp.sql.User("users",
        name="me",
        instance=main.name,
        host="me.com",
        password="changeme")
    
    package main
    
    import (
    	"fmt"
    
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/sql"
    	"github.com/pulumi/pulumi-random/sdk/v4/go/random"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		dbNameSuffix, err := random.NewRandomId(ctx, "db_name_suffix", &random.RandomIdArgs{
    			ByteLength: pulumi.Int(4),
    		})
    		if err != nil {
    			return err
    		}
    		main, err := sql.NewDatabaseInstance(ctx, "main", &sql.DatabaseInstanceArgs{
    			Name: dbNameSuffix.Hex.ApplyT(func(hex string) (string, error) {
    				return fmt.Sprintf("main-instance-%v", hex), nil
    			}).(pulumi.StringOutput),
    			DatabaseVersion: pulumi.String("MYSQL_5_7"),
    			Settings: &sql.DatabaseInstanceSettingsArgs{
    				Tier: pulumi.String("db-f1-micro"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = sql.NewUser(ctx, "users", &sql.UserArgs{
    			Name:     pulumi.String("me"),
    			Instance: main.Name,
    			Host:     pulumi.String("me.com"),
    			Password: pulumi.String("changeme"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    using Random = Pulumi.Random;
    
    return await Deployment.RunAsync(() => 
    {
        var dbNameSuffix = new Random.RandomId("db_name_suffix", new()
        {
            ByteLength = 4,
        });
    
        var main = new Gcp.Sql.DatabaseInstance("main", new()
        {
            Name = dbNameSuffix.Hex.Apply(hex => $"main-instance-{hex}"),
            DatabaseVersion = "MYSQL_5_7",
            Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs
            {
                Tier = "db-f1-micro",
            },
        });
    
        var users = new Gcp.Sql.User("users", new()
        {
            Name = "me",
            Instance = main.Name,
            Host = "me.com",
            Password = "changeme",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.random.RandomId;
    import com.pulumi.random.RandomIdArgs;
    import com.pulumi.gcp.sql.DatabaseInstance;
    import com.pulumi.gcp.sql.DatabaseInstanceArgs;
    import com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;
    import com.pulumi.gcp.sql.User;
    import com.pulumi.gcp.sql.UserArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var dbNameSuffix = new RandomId("dbNameSuffix", RandomIdArgs.builder()        
                .byteLength(4)
                .build());
    
            var main = new DatabaseInstance("main", DatabaseInstanceArgs.builder()        
                .name(dbNameSuffix.hex().applyValue(hex -> String.format("main-instance-%s", hex)))
                .databaseVersion("MYSQL_5_7")
                .settings(DatabaseInstanceSettingsArgs.builder()
                    .tier("db-f1-micro")
                    .build())
                .build());
    
            var users = new User("users", UserArgs.builder()        
                .name("me")
                .instance(main.name())
                .host("me.com")
                .password("changeme")
                .build());
    
        }
    }
    
    resources:
      dbNameSuffix:
        type: random:RandomId
        name: db_name_suffix
        properties:
          byteLength: 4
      main:
        type: gcp:sql:DatabaseInstance
        properties:
          name: main-instance-${dbNameSuffix.hex}
          databaseVersion: MYSQL_5_7
          settings:
            tier: db-f1-micro
      users:
        type: gcp:sql:User
        properties:
          name: me
          instance: ${main.name}
          host: me.com
          password: changeme
    

    Example using Cloud SQL IAM database authentication.

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    import * as random from "@pulumi/random";
    import * as std from "@pulumi/std";
    
    const dbNameSuffix = new random.RandomId("db_name_suffix", {byteLength: 4});
    const main = new gcp.sql.DatabaseInstance("main", {
        name: pulumi.interpolate`main-instance-${dbNameSuffix.hex}`,
        databaseVersion: "POSTGRES_15",
        settings: {
            tier: "db-f1-micro",
            databaseFlags: [{
                name: "cloudsql.iam_authentication",
                value: "on",
            }],
        },
    });
    const iamUser = new gcp.sql.User("iam_user", {
        name: "me@example.com",
        instance: main.name,
        type: "CLOUD_IAM_USER",
    });
    const iamServiceAccountUser = new gcp.sql.User("iam_service_account_user", {
        name: std.trimsuffix({
            input: serviceAccount.email,
            suffix: ".gserviceaccount.com",
        }).then(invoke => invoke.result),
        instance: main.name,
        type: "CLOUD_IAM_SERVICE_ACCOUNT",
    });
    
    import pulumi
    import pulumi_gcp as gcp
    import pulumi_random as random
    import pulumi_std as std
    
    db_name_suffix = random.RandomId("db_name_suffix", byte_length=4)
    main = gcp.sql.DatabaseInstance("main",
        name=db_name_suffix.hex.apply(lambda hex: f"main-instance-{hex}"),
        database_version="POSTGRES_15",
        settings=gcp.sql.DatabaseInstanceSettingsArgs(
            tier="db-f1-micro",
            database_flags=[gcp.sql.DatabaseInstanceSettingsDatabaseFlagArgs(
                name="cloudsql.iam_authentication",
                value="on",
            )],
        ))
    iam_user = gcp.sql.User("iam_user",
        name="me@example.com",
        instance=main.name,
        type="CLOUD_IAM_USER")
    iam_service_account_user = gcp.sql.User("iam_service_account_user",
        name=std.trimsuffix(input=service_account["email"],
            suffix=".gserviceaccount.com").result,
        instance=main.name,
        type="CLOUD_IAM_SERVICE_ACCOUNT")
    
    package main
    
    import (
    	"fmt"
    
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/sql"
    	"github.com/pulumi/pulumi-random/sdk/v4/go/random"
    	"github.com/pulumi/pulumi-std/sdk/go/std"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		dbNameSuffix, err := random.NewRandomId(ctx, "db_name_suffix", &random.RandomIdArgs{
    			ByteLength: pulumi.Int(4),
    		})
    		if err != nil {
    			return err
    		}
    		main, err := sql.NewDatabaseInstance(ctx, "main", &sql.DatabaseInstanceArgs{
    			Name: dbNameSuffix.Hex.ApplyT(func(hex string) (string, error) {
    				return fmt.Sprintf("main-instance-%v", hex), nil
    			}).(pulumi.StringOutput),
    			DatabaseVersion: pulumi.String("POSTGRES_15"),
    			Settings: &sql.DatabaseInstanceSettingsArgs{
    				Tier: pulumi.String("db-f1-micro"),
    				DatabaseFlags: sql.DatabaseInstanceSettingsDatabaseFlagArray{
    					&sql.DatabaseInstanceSettingsDatabaseFlagArgs{
    						Name:  pulumi.String("cloudsql.iam_authentication"),
    						Value: pulumi.String("on"),
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = sql.NewUser(ctx, "iam_user", &sql.UserArgs{
    			Name:     pulumi.String("me@example.com"),
    			Instance: main.Name,
    			Type:     pulumi.String("CLOUD_IAM_USER"),
    		})
    		if err != nil {
    			return err
    		}
    		invokeTrimsuffix, err := std.Trimsuffix(ctx, &std.TrimsuffixArgs{
    			Input:  serviceAccount.Email,
    			Suffix: ".gserviceaccount.com",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = sql.NewUser(ctx, "iam_service_account_user", &sql.UserArgs{
    			Name:     invokeTrimsuffix.Result,
    			Instance: main.Name,
    			Type:     pulumi.String("CLOUD_IAM_SERVICE_ACCOUNT"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    using Random = Pulumi.Random;
    using Std = Pulumi.Std;
    
    return await Deployment.RunAsync(() => 
    {
        var dbNameSuffix = new Random.RandomId("db_name_suffix", new()
        {
            ByteLength = 4,
        });
    
        var main = new Gcp.Sql.DatabaseInstance("main", new()
        {
            Name = dbNameSuffix.Hex.Apply(hex => $"main-instance-{hex}"),
            DatabaseVersion = "POSTGRES_15",
            Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs
            {
                Tier = "db-f1-micro",
                DatabaseFlags = new[]
                {
                    new Gcp.Sql.Inputs.DatabaseInstanceSettingsDatabaseFlagArgs
                    {
                        Name = "cloudsql.iam_authentication",
                        Value = "on",
                    },
                },
            },
        });
    
        var iamUser = new Gcp.Sql.User("iam_user", new()
        {
            Name = "me@example.com",
            Instance = main.Name,
            Type = "CLOUD_IAM_USER",
        });
    
        var iamServiceAccountUser = new Gcp.Sql.User("iam_service_account_user", new()
        {
            Name = Std.Trimsuffix.Invoke(new()
            {
                Input = serviceAccount.Email,
                Suffix = ".gserviceaccount.com",
            }).Apply(invoke => invoke.Result),
            Instance = main.Name,
            Type = "CLOUD_IAM_SERVICE_ACCOUNT",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.random.RandomId;
    import com.pulumi.random.RandomIdArgs;
    import com.pulumi.gcp.sql.DatabaseInstance;
    import com.pulumi.gcp.sql.DatabaseInstanceArgs;
    import com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;
    import com.pulumi.gcp.sql.User;
    import com.pulumi.gcp.sql.UserArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var dbNameSuffix = new RandomId("dbNameSuffix", RandomIdArgs.builder()        
                .byteLength(4)
                .build());
    
            var main = new DatabaseInstance("main", DatabaseInstanceArgs.builder()        
                .name(dbNameSuffix.hex().applyValue(hex -> String.format("main-instance-%s", hex)))
                .databaseVersion("POSTGRES_15")
                .settings(DatabaseInstanceSettingsArgs.builder()
                    .tier("db-f1-micro")
                    .databaseFlags(DatabaseInstanceSettingsDatabaseFlagArgs.builder()
                        .name("cloudsql.iam_authentication")
                        .value("on")
                        .build())
                    .build())
                .build());
    
            var iamUser = new User("iamUser", UserArgs.builder()        
                .name("me@example.com")
                .instance(main.name())
                .type("CLOUD_IAM_USER")
                .build());
    
            var iamServiceAccountUser = new User("iamServiceAccountUser", UserArgs.builder()        
                .name(StdFunctions.trimsuffix(TrimsuffixArgs.builder()
                    .input(serviceAccount.email())
                    .suffix(".gserviceaccount.com")
                    .build()).result())
                .instance(main.name())
                .type("CLOUD_IAM_SERVICE_ACCOUNT")
                .build());
    
        }
    }
    
    resources:
      dbNameSuffix:
        type: random:RandomId
        name: db_name_suffix
        properties:
          byteLength: 4
      main:
        type: gcp:sql:DatabaseInstance
        properties:
          name: main-instance-${dbNameSuffix.hex}
          databaseVersion: POSTGRES_15
          settings:
            tier: db-f1-micro
            databaseFlags:
              - name: cloudsql.iam_authentication
                value: on
      iamUser:
        type: gcp:sql:User
        name: iam_user
        properties:
          name: me@example.com
          instance: ${main.name}
          type: CLOUD_IAM_USER
      iamServiceAccountUser:
        type: gcp:sql:User
        name: iam_service_account_user
        properties:
          name:
            fn::invoke:
              Function: std:trimsuffix
              Arguments:
                input: ${serviceAccount.email}
                suffix: .gserviceaccount.com
              Return: result
          instance: ${main.name}
          type: CLOUD_IAM_SERVICE_ACCOUNT
    

    Example using Cloud SQL IAM Group authentication.

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    import * as random from "@pulumi/random";
    
    const dbNameSuffix = new random.RandomId("db_name_suffix", {byteLength: 4});
    const main = new gcp.sql.DatabaseInstance("main", {
        name: pulumi.interpolate`main-instance-${dbNameSuffix.hex}`,
        databaseVersion: "MYSQL_8_0",
        settings: {
            tier: "db-f1-micro",
            databaseFlags: [{
                name: "cloudsql.iam_authentication",
                value: "on",
            }],
        },
    });
    const iamGroupUser = new gcp.sql.User("iam_group_user", {
        name: "iam_group@example.com",
        instance: main.name,
        type: "CLOUD_IAM_GROUP",
    });
    
    import pulumi
    import pulumi_gcp as gcp
    import pulumi_random as random
    
    db_name_suffix = random.RandomId("db_name_suffix", byte_length=4)
    main = gcp.sql.DatabaseInstance("main",
        name=db_name_suffix.hex.apply(lambda hex: f"main-instance-{hex}"),
        database_version="MYSQL_8_0",
        settings=gcp.sql.DatabaseInstanceSettingsArgs(
            tier="db-f1-micro",
            database_flags=[gcp.sql.DatabaseInstanceSettingsDatabaseFlagArgs(
                name="cloudsql.iam_authentication",
                value="on",
            )],
        ))
    iam_group_user = gcp.sql.User("iam_group_user",
        name="iam_group@example.com",
        instance=main.name,
        type="CLOUD_IAM_GROUP")
    
    package main
    
    import (
    	"fmt"
    
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/sql"
    	"github.com/pulumi/pulumi-random/sdk/v4/go/random"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		dbNameSuffix, err := random.NewRandomId(ctx, "db_name_suffix", &random.RandomIdArgs{
    			ByteLength: pulumi.Int(4),
    		})
    		if err != nil {
    			return err
    		}
    		main, err := sql.NewDatabaseInstance(ctx, "main", &sql.DatabaseInstanceArgs{
    			Name: dbNameSuffix.Hex.ApplyT(func(hex string) (string, error) {
    				return fmt.Sprintf("main-instance-%v", hex), nil
    			}).(pulumi.StringOutput),
    			DatabaseVersion: pulumi.String("MYSQL_8_0"),
    			Settings: &sql.DatabaseInstanceSettingsArgs{
    				Tier: pulumi.String("db-f1-micro"),
    				DatabaseFlags: sql.DatabaseInstanceSettingsDatabaseFlagArray{
    					&sql.DatabaseInstanceSettingsDatabaseFlagArgs{
    						Name:  pulumi.String("cloudsql.iam_authentication"),
    						Value: pulumi.String("on"),
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = sql.NewUser(ctx, "iam_group_user", &sql.UserArgs{
    			Name:     pulumi.String("iam_group@example.com"),
    			Instance: main.Name,
    			Type:     pulumi.String("CLOUD_IAM_GROUP"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    using Random = Pulumi.Random;
    
    return await Deployment.RunAsync(() => 
    {
        var dbNameSuffix = new Random.RandomId("db_name_suffix", new()
        {
            ByteLength = 4,
        });
    
        var main = new Gcp.Sql.DatabaseInstance("main", new()
        {
            Name = dbNameSuffix.Hex.Apply(hex => $"main-instance-{hex}"),
            DatabaseVersion = "MYSQL_8_0",
            Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs
            {
                Tier = "db-f1-micro",
                DatabaseFlags = new[]
                {
                    new Gcp.Sql.Inputs.DatabaseInstanceSettingsDatabaseFlagArgs
                    {
                        Name = "cloudsql.iam_authentication",
                        Value = "on",
                    },
                },
            },
        });
    
        var iamGroupUser = new Gcp.Sql.User("iam_group_user", new()
        {
            Name = "iam_group@example.com",
            Instance = main.Name,
            Type = "CLOUD_IAM_GROUP",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.random.RandomId;
    import com.pulumi.random.RandomIdArgs;
    import com.pulumi.gcp.sql.DatabaseInstance;
    import com.pulumi.gcp.sql.DatabaseInstanceArgs;
    import com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;
    import com.pulumi.gcp.sql.User;
    import com.pulumi.gcp.sql.UserArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var dbNameSuffix = new RandomId("dbNameSuffix", RandomIdArgs.builder()        
                .byteLength(4)
                .build());
    
            var main = new DatabaseInstance("main", DatabaseInstanceArgs.builder()        
                .name(dbNameSuffix.hex().applyValue(hex -> String.format("main-instance-%s", hex)))
                .databaseVersion("MYSQL_8_0")
                .settings(DatabaseInstanceSettingsArgs.builder()
                    .tier("db-f1-micro")
                    .databaseFlags(DatabaseInstanceSettingsDatabaseFlagArgs.builder()
                        .name("cloudsql.iam_authentication")
                        .value("on")
                        .build())
                    .build())
                .build());
    
            var iamGroupUser = new User("iamGroupUser", UserArgs.builder()        
                .name("iam_group@example.com")
                .instance(main.name())
                .type("CLOUD_IAM_GROUP")
                .build());
    
        }
    }
    
    resources:
      dbNameSuffix:
        type: random:RandomId
        name: db_name_suffix
        properties:
          byteLength: 4
      main:
        type: gcp:sql:DatabaseInstance
        properties:
          name: main-instance-${dbNameSuffix.hex}
          databaseVersion: MYSQL_8_0
          settings:
            tier: db-f1-micro
            databaseFlags:
              - name: cloudsql.iam_authentication
                value: on
      iamGroupUser:
        type: gcp:sql:User
        name: iam_group_user
        properties:
          name: iam_group@example.com
          instance: ${main.name}
          type: CLOUD_IAM_GROUP
    

    Create User Resource

    new User(name: string, args: UserArgs, opts?: CustomResourceOptions);
    @overload
    def User(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             deletion_policy: Optional[str] = None,
             host: Optional[str] = None,
             instance: Optional[str] = None,
             name: Optional[str] = None,
             password: Optional[str] = None,
             password_policy: Optional[UserPasswordPolicyArgs] = None,
             project: Optional[str] = None,
             type: Optional[str] = None)
    @overload
    def User(resource_name: str,
             args: UserArgs,
             opts: Optional[ResourceOptions] = None)
    func NewUser(ctx *Context, name string, args UserArgs, opts ...ResourceOption) (*User, error)
    public User(string name, UserArgs args, CustomResourceOptions? opts = null)
    public User(String name, UserArgs args)
    public User(String name, UserArgs args, CustomResourceOptions options)
    
    type: gcp:sql:User
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args UserArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args UserArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args UserArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args UserArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args UserArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    User Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The User resource accepts the following input properties:

    Instance string
    The name of the Cloud SQL instance. Changing this forces a new resource to be created.
    DeletionPolicy string

    The deletion policy for the user. Setting ABANDON allows the resource to be abandoned rather than deleted. This is useful for Postgres, where users cannot be deleted from the API if they have been granted SQL roles.

    Possible values are: ABANDON.


    Host string
    The host the user can connect from. This is only supported for BUILT_IN users in MySQL instances. Don't set this field for PostgreSQL and SQL Server instances. Can be an IP address. Changing this forces a new resource to be created.
    Name string
    The name of the user. Changing this forces a new resource to be created.
    Password string
    The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance.
    PasswordPolicy UserPasswordPolicy
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    Type string
    The user type. It determines the method to authenticate the user during login. The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_GROUP" or "CLOUD_IAM_SERVICE_ACCOUNT".
    Instance string
    The name of the Cloud SQL instance. Changing this forces a new resource to be created.
    DeletionPolicy string

    The deletion policy for the user. Setting ABANDON allows the resource to be abandoned rather than deleted. This is useful for Postgres, where users cannot be deleted from the API if they have been granted SQL roles.

    Possible values are: ABANDON.


    Host string
    The host the user can connect from. This is only supported for BUILT_IN users in MySQL instances. Don't set this field for PostgreSQL and SQL Server instances. Can be an IP address. Changing this forces a new resource to be created.
    Name string
    The name of the user. Changing this forces a new resource to be created.
    Password string
    The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance.
    PasswordPolicy UserPasswordPolicyArgs
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    Type string
    The user type. It determines the method to authenticate the user during login. The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_GROUP" or "CLOUD_IAM_SERVICE_ACCOUNT".
    instance String
    The name of the Cloud SQL instance. Changing this forces a new resource to be created.
    deletionPolicy String

    The deletion policy for the user. Setting ABANDON allows the resource to be abandoned rather than deleted. This is useful for Postgres, where users cannot be deleted from the API if they have been granted SQL roles.

    Possible values are: ABANDON.


    host String
    The host the user can connect from. This is only supported for BUILT_IN users in MySQL instances. Don't set this field for PostgreSQL and SQL Server instances. Can be an IP address. Changing this forces a new resource to be created.
    name String
    The name of the user. Changing this forces a new resource to be created.
    password String
    The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance.
    passwordPolicy UserPasswordPolicy
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    type String
    The user type. It determines the method to authenticate the user during login. The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_GROUP" or "CLOUD_IAM_SERVICE_ACCOUNT".
    instance string
    The name of the Cloud SQL instance. Changing this forces a new resource to be created.
    deletionPolicy string

    The deletion policy for the user. Setting ABANDON allows the resource to be abandoned rather than deleted. This is useful for Postgres, where users cannot be deleted from the API if they have been granted SQL roles.

    Possible values are: ABANDON.


    host string
    The host the user can connect from. This is only supported for BUILT_IN users in MySQL instances. Don't set this field for PostgreSQL and SQL Server instances. Can be an IP address. Changing this forces a new resource to be created.
    name string
    The name of the user. Changing this forces a new resource to be created.
    password string
    The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance.
    passwordPolicy UserPasswordPolicy
    project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    type string
    The user type. It determines the method to authenticate the user during login. The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_GROUP" or "CLOUD_IAM_SERVICE_ACCOUNT".
    instance str
    The name of the Cloud SQL instance. Changing this forces a new resource to be created.
    deletion_policy str

    The deletion policy for the user. Setting ABANDON allows the resource to be abandoned rather than deleted. This is useful for Postgres, where users cannot be deleted from the API if they have been granted SQL roles.

    Possible values are: ABANDON.


    host str
    The host the user can connect from. This is only supported for BUILT_IN users in MySQL instances. Don't set this field for PostgreSQL and SQL Server instances. Can be an IP address. Changing this forces a new resource to be created.
    name str
    The name of the user. Changing this forces a new resource to be created.
    password str
    The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance.
    password_policy UserPasswordPolicyArgs
    project str
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    type str
    The user type. It determines the method to authenticate the user during login. The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_GROUP" or "CLOUD_IAM_SERVICE_ACCOUNT".
    instance String
    The name of the Cloud SQL instance. Changing this forces a new resource to be created.
    deletionPolicy String

    The deletion policy for the user. Setting ABANDON allows the resource to be abandoned rather than deleted. This is useful for Postgres, where users cannot be deleted from the API if they have been granted SQL roles.

    Possible values are: ABANDON.


    host String
    The host the user can connect from. This is only supported for BUILT_IN users in MySQL instances. Don't set this field for PostgreSQL and SQL Server instances. Can be an IP address. Changing this forces a new resource to be created.
    name String
    The name of the user. Changing this forces a new resource to be created.
    password String
    The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance.
    passwordPolicy Property Map
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    type String
    The user type. It determines the method to authenticate the user during login. The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_GROUP" or "CLOUD_IAM_SERVICE_ACCOUNT".

    Outputs

    All input properties are implicitly available as output properties. Additionally, the User resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    SqlServerUserDetails List<UserSqlServerUserDetail>
    Id string
    The provider-assigned unique ID for this managed resource.
    SqlServerUserDetails []UserSqlServerUserDetail
    id String
    The provider-assigned unique ID for this managed resource.
    sqlServerUserDetails List<UserSqlServerUserDetail>
    id string
    The provider-assigned unique ID for this managed resource.
    sqlServerUserDetails UserSqlServerUserDetail[]
    id str
    The provider-assigned unique ID for this managed resource.
    sql_server_user_details Sequence[UserSqlServerUserDetail]
    id String
    The provider-assigned unique ID for this managed resource.
    sqlServerUserDetails List<Property Map>

    Look up Existing User Resource

    Get an existing User resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: UserState, opts?: CustomResourceOptions): User
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            deletion_policy: Optional[str] = None,
            host: Optional[str] = None,
            instance: Optional[str] = None,
            name: Optional[str] = None,
            password: Optional[str] = None,
            password_policy: Optional[UserPasswordPolicyArgs] = None,
            project: Optional[str] = None,
            sql_server_user_details: Optional[Sequence[UserSqlServerUserDetailArgs]] = None,
            type: Optional[str] = None) -> User
    func GetUser(ctx *Context, name string, id IDInput, state *UserState, opts ...ResourceOption) (*User, error)
    public static User Get(string name, Input<string> id, UserState? state, CustomResourceOptions? opts = null)
    public static User get(String name, Output<String> id, UserState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    DeletionPolicy string

    The deletion policy for the user. Setting ABANDON allows the resource to be abandoned rather than deleted. This is useful for Postgres, where users cannot be deleted from the API if they have been granted SQL roles.

    Possible values are: ABANDON.


    Host string
    The host the user can connect from. This is only supported for BUILT_IN users in MySQL instances. Don't set this field for PostgreSQL and SQL Server instances. Can be an IP address. Changing this forces a new resource to be created.
    Instance string
    The name of the Cloud SQL instance. Changing this forces a new resource to be created.
    Name string
    The name of the user. Changing this forces a new resource to be created.
    Password string
    The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance.
    PasswordPolicy UserPasswordPolicy
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    SqlServerUserDetails List<UserSqlServerUserDetail>
    Type string
    The user type. It determines the method to authenticate the user during login. The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_GROUP" or "CLOUD_IAM_SERVICE_ACCOUNT".
    DeletionPolicy string

    The deletion policy for the user. Setting ABANDON allows the resource to be abandoned rather than deleted. This is useful for Postgres, where users cannot be deleted from the API if they have been granted SQL roles.

    Possible values are: ABANDON.


    Host string
    The host the user can connect from. This is only supported for BUILT_IN users in MySQL instances. Don't set this field for PostgreSQL and SQL Server instances. Can be an IP address. Changing this forces a new resource to be created.
    Instance string
    The name of the Cloud SQL instance. Changing this forces a new resource to be created.
    Name string
    The name of the user. Changing this forces a new resource to be created.
    Password string
    The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance.
    PasswordPolicy UserPasswordPolicyArgs
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    SqlServerUserDetails []UserSqlServerUserDetailArgs
    Type string
    The user type. It determines the method to authenticate the user during login. The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_GROUP" or "CLOUD_IAM_SERVICE_ACCOUNT".
    deletionPolicy String

    The deletion policy for the user. Setting ABANDON allows the resource to be abandoned rather than deleted. This is useful for Postgres, where users cannot be deleted from the API if they have been granted SQL roles.

    Possible values are: ABANDON.


    host String
    The host the user can connect from. This is only supported for BUILT_IN users in MySQL instances. Don't set this field for PostgreSQL and SQL Server instances. Can be an IP address. Changing this forces a new resource to be created.
    instance String
    The name of the Cloud SQL instance. Changing this forces a new resource to be created.
    name String
    The name of the user. Changing this forces a new resource to be created.
    password String
    The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance.
    passwordPolicy UserPasswordPolicy
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    sqlServerUserDetails List<UserSqlServerUserDetail>
    type String
    The user type. It determines the method to authenticate the user during login. The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_GROUP" or "CLOUD_IAM_SERVICE_ACCOUNT".
    deletionPolicy string

    The deletion policy for the user. Setting ABANDON allows the resource to be abandoned rather than deleted. This is useful for Postgres, where users cannot be deleted from the API if they have been granted SQL roles.

    Possible values are: ABANDON.


    host string
    The host the user can connect from. This is only supported for BUILT_IN users in MySQL instances. Don't set this field for PostgreSQL and SQL Server instances. Can be an IP address. Changing this forces a new resource to be created.
    instance string
    The name of the Cloud SQL instance. Changing this forces a new resource to be created.
    name string
    The name of the user. Changing this forces a new resource to be created.
    password string
    The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance.
    passwordPolicy UserPasswordPolicy
    project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    sqlServerUserDetails UserSqlServerUserDetail[]
    type string
    The user type. It determines the method to authenticate the user during login. The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_GROUP" or "CLOUD_IAM_SERVICE_ACCOUNT".
    deletion_policy str

    The deletion policy for the user. Setting ABANDON allows the resource to be abandoned rather than deleted. This is useful for Postgres, where users cannot be deleted from the API if they have been granted SQL roles.

    Possible values are: ABANDON.


    host str
    The host the user can connect from. This is only supported for BUILT_IN users in MySQL instances. Don't set this field for PostgreSQL and SQL Server instances. Can be an IP address. Changing this forces a new resource to be created.
    instance str
    The name of the Cloud SQL instance. Changing this forces a new resource to be created.
    name str
    The name of the user. Changing this forces a new resource to be created.
    password str
    The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance.
    password_policy UserPasswordPolicyArgs
    project str
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    sql_server_user_details Sequence[UserSqlServerUserDetailArgs]
    type str
    The user type. It determines the method to authenticate the user during login. The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_GROUP" or "CLOUD_IAM_SERVICE_ACCOUNT".
    deletionPolicy String

    The deletion policy for the user. Setting ABANDON allows the resource to be abandoned rather than deleted. This is useful for Postgres, where users cannot be deleted from the API if they have been granted SQL roles.

    Possible values are: ABANDON.


    host String
    The host the user can connect from. This is only supported for BUILT_IN users in MySQL instances. Don't set this field for PostgreSQL and SQL Server instances. Can be an IP address. Changing this forces a new resource to be created.
    instance String
    The name of the Cloud SQL instance. Changing this forces a new resource to be created.
    name String
    The name of the user. Changing this forces a new resource to be created.
    password String
    The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance.
    passwordPolicy Property Map
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    sqlServerUserDetails List<Property Map>
    type String
    The user type. It determines the method to authenticate the user during login. The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_GROUP" or "CLOUD_IAM_SERVICE_ACCOUNT".

    Supporting Types

    UserPasswordPolicy, UserPasswordPolicyArgs

    AllowedFailedAttempts int
    Number of failed attempts allowed before the user get locked.
    EnableFailedAttemptsCheck bool
    If true, the check that will lock user after too many failed login attempts will be enabled.
    EnablePasswordVerification bool
    If true, the user must specify the current password before changing the password. This flag is supported only for MySQL.
    PasswordExpirationDuration string
    Password expiration duration with one week grace period.
    Statuses List<UserPasswordPolicyStatus>
    AllowedFailedAttempts int
    Number of failed attempts allowed before the user get locked.
    EnableFailedAttemptsCheck bool
    If true, the check that will lock user after too many failed login attempts will be enabled.
    EnablePasswordVerification bool
    If true, the user must specify the current password before changing the password. This flag is supported only for MySQL.
    PasswordExpirationDuration string
    Password expiration duration with one week grace period.
    Statuses []UserPasswordPolicyStatus
    allowedFailedAttempts Integer
    Number of failed attempts allowed before the user get locked.
    enableFailedAttemptsCheck Boolean
    If true, the check that will lock user after too many failed login attempts will be enabled.
    enablePasswordVerification Boolean
    If true, the user must specify the current password before changing the password. This flag is supported only for MySQL.
    passwordExpirationDuration String
    Password expiration duration with one week grace period.
    statuses List<UserPasswordPolicyStatus>
    allowedFailedAttempts number
    Number of failed attempts allowed before the user get locked.
    enableFailedAttemptsCheck boolean
    If true, the check that will lock user after too many failed login attempts will be enabled.
    enablePasswordVerification boolean
    If true, the user must specify the current password before changing the password. This flag is supported only for MySQL.
    passwordExpirationDuration string
    Password expiration duration with one week grace period.
    statuses UserPasswordPolicyStatus[]
    allowed_failed_attempts int
    Number of failed attempts allowed before the user get locked.
    enable_failed_attempts_check bool
    If true, the check that will lock user after too many failed login attempts will be enabled.
    enable_password_verification bool
    If true, the user must specify the current password before changing the password. This flag is supported only for MySQL.
    password_expiration_duration str
    Password expiration duration with one week grace period.
    statuses Sequence[UserPasswordPolicyStatus]
    allowedFailedAttempts Number
    Number of failed attempts allowed before the user get locked.
    enableFailedAttemptsCheck Boolean
    If true, the check that will lock user after too many failed login attempts will be enabled.
    enablePasswordVerification Boolean
    If true, the user must specify the current password before changing the password. This flag is supported only for MySQL.
    passwordExpirationDuration String
    Password expiration duration with one week grace period.
    statuses List<Property Map>

    UserPasswordPolicyStatus, UserPasswordPolicyStatusArgs

    Locked bool
    If true, user does not have login privileges.
    PasswordExpirationTime string
    Password expiration duration with one week grace period.
    Locked bool
    If true, user does not have login privileges.
    PasswordExpirationTime string
    Password expiration duration with one week grace period.
    locked Boolean
    If true, user does not have login privileges.
    passwordExpirationTime String
    Password expiration duration with one week grace period.
    locked boolean
    If true, user does not have login privileges.
    passwordExpirationTime string
    Password expiration duration with one week grace period.
    locked bool
    If true, user does not have login privileges.
    password_expiration_time str
    Password expiration duration with one week grace period.
    locked Boolean
    If true, user does not have login privileges.
    passwordExpirationTime String
    Password expiration duration with one week grace period.

    UserSqlServerUserDetail, UserSqlServerUserDetailArgs

    Disabled bool
    If the user has been disabled.
    ServerRoles List<string>
    The server roles for this user in the database.
    Disabled bool
    If the user has been disabled.
    ServerRoles []string
    The server roles for this user in the database.
    disabled Boolean
    If the user has been disabled.
    serverRoles List<String>
    The server roles for this user in the database.
    disabled boolean
    If the user has been disabled.
    serverRoles string[]
    The server roles for this user in the database.
    disabled bool
    If the user has been disabled.
    server_roles Sequence[str]
    The server roles for this user in the database.
    disabled Boolean
    If the user has been disabled.
    serverRoles List<String>
    The server roles for this user in the database.

    Import

    SQL users for MySQL databases can be imported using the project, instance, host and name, e.g.

    • {{project_id}}/{{instance}}/{{host}}/{{name}}

    SQL users for PostgreSQL databases can be imported using the project, instance and name, e.g.

    • {{project_id}}/{{instance}}/{{name}}

    When using the pulumi import command, NAME_HERE can be imported using one of the formats above. For example:

    MySQL database

    $ pulumi import gcp:sql/user:User default {{project_id}}/{{instance}}/{{host}}/{{name}}
    

    PostgreSQL database

    $ pulumi import gcp:sql/user:User default {{project_id}}/{{instance}}/{{name}}
    

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the google-beta Terraform Provider.
    gcp logo
    Google Cloud Classic v7.16.0 published on Wednesday, Mar 27, 2024 by Pulumi