Google Cloud v8.21.0, Mar 5 25

Google Cloud v8.21.0 published on Wednesday, Mar 5, 2025 by Pulumi

gcp.sql.User

Explore with Pulumi AI

Google Cloud v8.21.0 published on Wednesday, Mar 5, 2025 by Pulumi

pulumi/pulumi-gcp

Example Usage

Example creating a SQL User.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as random from "@pulumi/random";

const dbNameSuffix = new random.RandomId("db_name_suffix", {byteLength: 4});
const main = new gcp.sql.DatabaseInstance("main", {
    name: pulumi.interpolate`main-instance-${dbNameSuffix.hex}`,
    databaseVersion: "MYSQL_5_7",
    settings: {
        tier: "db-f1-micro",
    },
});
const users = new gcp.sql.User("users", {
    name: "me",
    instance: main.name,
    host: "me.com",
    password: "changeme",
});

import pulumi
import pulumi_gcp as gcp
import pulumi_random as random

db_name_suffix = random.RandomId("db_name_suffix", byte_length=4)
main = gcp.sql.DatabaseInstance("main",
    name=db_name_suffix.hex.apply(lambda hex: f"main-instance-{hex}"),
    database_version="MYSQL_5_7",
    settings={
        "tier": "db-f1-micro",
    })
users = gcp.sql.User("users",
    name="me",
    instance=main.name,
    host="me.com",
    password="changeme")

package main

import (
	"fmt"

	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql"
	"github.com/pulumi/pulumi-random/sdk/v4/go/random"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		dbNameSuffix, err := random.NewRandomId(ctx, "db_name_suffix", &random.RandomIdArgs{
			ByteLength: pulumi.Int(4),
		})
		if err != nil {
			return err
		}
		main, err := sql.NewDatabaseInstance(ctx, "main", &sql.DatabaseInstanceArgs{
			Name: dbNameSuffix.Hex.ApplyT(func(hex string) (string, error) {
				return fmt.Sprintf("main-instance-%v", hex), nil
			}).(pulumi.StringOutput),
			DatabaseVersion: pulumi.String("MYSQL_5_7"),
			Settings: &sql.DatabaseInstanceSettingsArgs{
				Tier: pulumi.String("db-f1-micro"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sql.NewUser(ctx, "users", &sql.UserArgs{
			Name:     pulumi.String("me"),
			Instance: main.Name,
			Host:     pulumi.String("me.com"),
			Password: pulumi.String("changeme"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Random = Pulumi.Random;

return await Deployment.RunAsync(() => 
{
    var dbNameSuffix = new Random.RandomId("db_name_suffix", new()
    {
        ByteLength = 4,
    });

    var main = new Gcp.Sql.DatabaseInstance("main", new()
    {
        Name = dbNameSuffix.Hex.Apply(hex => $"main-instance-{hex}"),
        DatabaseVersion = "MYSQL_5_7",
        Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs
        {
            Tier = "db-f1-micro",
        },
    });

    var users = new Gcp.Sql.User("users", new()
    {
        Name = "me",
        Instance = main.Name,
        Host = "me.com",
        Password = "changeme",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.random.RandomId;
import com.pulumi.random.RandomIdArgs;
import com.pulumi.gcp.sql.DatabaseInstance;
import com.pulumi.gcp.sql.DatabaseInstanceArgs;
import com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;
import com.pulumi.gcp.sql.User;
import com.pulumi.gcp.sql.UserArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var dbNameSuffix = new RandomId("dbNameSuffix", RandomIdArgs.builder()
            .byteLength(4)
            .build());

        var main = new DatabaseInstance("main", DatabaseInstanceArgs.builder()
            .name(dbNameSuffix.hex().applyValue(hex -> String.format("main-instance-%s", hex)))
            .databaseVersion("MYSQL_5_7")
            .settings(DatabaseInstanceSettingsArgs.builder()
                .tier("db-f1-micro")
                .build())
            .build());

        var users = new User("users", UserArgs.builder()
            .name("me")
            .instance(main.name())
            .host("me.com")
            .password("changeme")
            .build());

    }
}

resources:
  dbNameSuffix:
    type: random:RandomId
    name: db_name_suffix
    properties:
      byteLength: 4
  main:
    type: gcp:sql:DatabaseInstance
    properties:
      name: main-instance-${dbNameSuffix.hex}
      databaseVersion: MYSQL_5_7
      settings:
        tier: db-f1-micro
  users:
    type: gcp:sql:User
    properties:
      name: me
      instance: ${main.name}
      host: me.com
      password: changeme

Example using Cloud SQL IAM database authentication.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as random from "@pulumi/random";
import * as std from "@pulumi/std";

const dbNameSuffix = new random.RandomId("db_name_suffix", {byteLength: 4});
const main = new gcp.sql.DatabaseInstance("main", {
    name: pulumi.interpolate`main-instance-${dbNameSuffix.hex}`,
    databaseVersion: "POSTGRES_15",
    settings: {
        tier: "db-f1-micro",
        databaseFlags: [{
            name: "cloudsql.iam_authentication",
            value: "on",
        }],
    },
});
const iamUser = new gcp.sql.User("iam_user", {
    name: "me@example.com",
    instance: main.name,
    type: "CLOUD_IAM_USER",
});
const iamServiceAccountUser = new gcp.sql.User("iam_service_account_user", {
    name: std.trimsuffix({
        input: serviceAccount.email,
        suffix: ".gserviceaccount.com",
    }).then(invoke => invoke.result),
    instance: main.name,
    type: "CLOUD_IAM_SERVICE_ACCOUNT",
});

import pulumi
import pulumi_gcp as gcp
import pulumi_random as random
import pulumi_std as std

db_name_suffix = random.RandomId("db_name_suffix", byte_length=4)
main = gcp.sql.DatabaseInstance("main",
    name=db_name_suffix.hex.apply(lambda hex: f"main-instance-{hex}"),
    database_version="POSTGRES_15",
    settings={
        "tier": "db-f1-micro",
        "database_flags": [{
            "name": "cloudsql.iam_authentication",
            "value": "on",
        }],
    })
iam_user = gcp.sql.User("iam_user",
    name="me@example.com",
    instance=main.name,
    type="CLOUD_IAM_USER")
iam_service_account_user = gcp.sql.User("iam_service_account_user",
    name=std.trimsuffix(input=service_account["email"],
        suffix=".gserviceaccount.com").result,
    instance=main.name,
    type="CLOUD_IAM_SERVICE_ACCOUNT")

package main

import (
	"fmt"

	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql"
	"github.com/pulumi/pulumi-random/sdk/v4/go/random"
	"github.com/pulumi/pulumi-std/sdk/go/std"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		dbNameSuffix, err := random.NewRandomId(ctx, "db_name_suffix", &random.RandomIdArgs{
			ByteLength: pulumi.Int(4),
		})
		if err != nil {
			return err
		}
		main, err := sql.NewDatabaseInstance(ctx, "main", &sql.DatabaseInstanceArgs{
			Name: dbNameSuffix.Hex.ApplyT(func(hex string) (string, error) {
				return fmt.Sprintf("main-instance-%v", hex), nil
			}).(pulumi.StringOutput),
			DatabaseVersion: pulumi.String("POSTGRES_15"),
			Settings: &sql.DatabaseInstanceSettingsArgs{
				Tier: pulumi.String("db-f1-micro"),
				DatabaseFlags: sql.DatabaseInstanceSettingsDatabaseFlagArray{
					&sql.DatabaseInstanceSettingsDatabaseFlagArgs{
						Name:  pulumi.String("cloudsql.iam_authentication"),
						Value: pulumi.String("on"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = sql.NewUser(ctx, "iam_user", &sql.UserArgs{
			Name:     pulumi.String("me@example.com"),
			Instance: main.Name,
			Type:     pulumi.String("CLOUD_IAM_USER"),
		})
		if err != nil {
			return err
		}
		invokeTrimsuffix, err := std.Trimsuffix(ctx, &std.TrimsuffixArgs{
			Input:  serviceAccount.Email,
			Suffix: ".gserviceaccount.com",
		}, nil)
		if err != nil {
			return err
		}
		_, err = sql.NewUser(ctx, "iam_service_account_user", &sql.UserArgs{
			Name:     pulumi.String(invokeTrimsuffix.Result),
			Instance: main.Name,
			Type:     pulumi.String("CLOUD_IAM_SERVICE_ACCOUNT"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Random = Pulumi.Random;
using Std = Pulumi.Std;

return await Deployment.RunAsync(() => 
{
    var dbNameSuffix = new Random.RandomId("db_name_suffix", new()
    {
        ByteLength = 4,
    });

    var main = new Gcp.Sql.DatabaseInstance("main", new()
    {
        Name = dbNameSuffix.Hex.Apply(hex => $"main-instance-{hex}"),
        DatabaseVersion = "POSTGRES_15",
        Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs
        {
            Tier = "db-f1-micro",
            DatabaseFlags = new[]
            {
                new Gcp.Sql.Inputs.DatabaseInstanceSettingsDatabaseFlagArgs
                {
                    Name = "cloudsql.iam_authentication",
                    Value = "on",
                },
            },
        },
    });

    var iamUser = new Gcp.Sql.User("iam_user", new()
    {
        Name = "me@example.com",
        Instance = main.Name,
        Type = "CLOUD_IAM_USER",
    });

    var iamServiceAccountUser = new Gcp.Sql.User("iam_service_account_user", new()
    {
        Name = Std.Trimsuffix.Invoke(new()
        {
            Input = serviceAccount.Email,
            Suffix = ".gserviceaccount.com",
        }).Apply(invoke => invoke.Result),
        Instance = main.Name,
        Type = "CLOUD_IAM_SERVICE_ACCOUNT",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.random.RandomId;
import com.pulumi.random.RandomIdArgs;
import com.pulumi.gcp.sql.DatabaseInstance;
import com.pulumi.gcp.sql.DatabaseInstanceArgs;
import com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;
import com.pulumi.gcp.sql.User;
import com.pulumi.gcp.sql.UserArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var dbNameSuffix = new RandomId("dbNameSuffix", RandomIdArgs.builder()
            .byteLength(4)
            .build());

        var main = new DatabaseInstance("main", DatabaseInstanceArgs.builder()
            .name(dbNameSuffix.hex().applyValue(hex -> String.format("main-instance-%s", hex)))
            .databaseVersion("POSTGRES_15")
            .settings(DatabaseInstanceSettingsArgs.builder()
                .tier("db-f1-micro")
                .databaseFlags(DatabaseInstanceSettingsDatabaseFlagArgs.builder()
                    .name("cloudsql.iam_authentication")
                    .value("on")
                    .build())
                .build())
            .build());

        var iamUser = new User("iamUser", UserArgs.builder()
            .name("me@example.com")
            .instance(main.name())
            .type("CLOUD_IAM_USER")
            .build());

        var iamServiceAccountUser = new User("iamServiceAccountUser", UserArgs.builder()
            .name(StdFunctions.trimsuffix(TrimsuffixArgs.builder()
                .input(serviceAccount.email())
                .suffix(".gserviceaccount.com")
                .build()).result())
            .instance(main.name())
            .type("CLOUD_IAM_SERVICE_ACCOUNT")
            .build());

    }
}

resources:
  dbNameSuffix:
    type: random:RandomId
    name: db_name_suffix
    properties:
      byteLength: 4
  main:
    type: gcp:sql:DatabaseInstance
    properties:
      name: main-instance-${dbNameSuffix.hex}
      databaseVersion: POSTGRES_15
      settings:
        tier: db-f1-micro
        databaseFlags:
          - name: cloudsql.iam_authentication
            value: on
  iamUser:
    type: gcp:sql:User
    name: iam_user
    properties:
      name: me@example.com
      instance: ${main.name}
      type: CLOUD_IAM_USER
  iamServiceAccountUser:
    type: gcp:sql:User
    name: iam_service_account_user
    properties:
      name:
        fn::invoke:
          function: std:trimsuffix
          arguments:
            input: ${serviceAccount.email}
            suffix: .gserviceaccount.com
          return: result
      instance: ${main.name}
      type: CLOUD_IAM_SERVICE_ACCOUNT

Example using Cloud SQL IAM Group authentication.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as random from "@pulumi/random";

const dbNameSuffix = new random.RandomId("db_name_suffix", {byteLength: 4});
const main = new gcp.sql.DatabaseInstance("main", {
    name: pulumi.interpolate`main-instance-${dbNameSuffix.hex}`,
    databaseVersion: "MYSQL_8_0",
    settings: {
        tier: "db-f1-micro",
        databaseFlags: [{
            name: "cloudsql_iam_authentication",
            value: "on",
        }],
    },
});
const iamGroupUser = new gcp.sql.User("iam_group_user", {
    name: "iam_group@example.com",
    instance: main.name,
    type: "CLOUD_IAM_GROUP",
});

import pulumi
import pulumi_gcp as gcp
import pulumi_random as random

db_name_suffix = random.RandomId("db_name_suffix", byte_length=4)
main = gcp.sql.DatabaseInstance("main",
    name=db_name_suffix.hex.apply(lambda hex: f"main-instance-{hex}"),
    database_version="MYSQL_8_0",
    settings={
        "tier": "db-f1-micro",
        "database_flags": [{
            "name": "cloudsql_iam_authentication",
            "value": "on",
        }],
    })
iam_group_user = gcp.sql.User("iam_group_user",
    name="iam_group@example.com",
    instance=main.name,
    type="CLOUD_IAM_GROUP")

package main

import (
	"fmt"

	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql"
	"github.com/pulumi/pulumi-random/sdk/v4/go/random"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		dbNameSuffix, err := random.NewRandomId(ctx, "db_name_suffix", &random.RandomIdArgs{
			ByteLength: pulumi.Int(4),
		})
		if err != nil {
			return err
		}
		main, err := sql.NewDatabaseInstance(ctx, "main", &sql.DatabaseInstanceArgs{
			Name: dbNameSuffix.Hex.ApplyT(func(hex string) (string, error) {
				return fmt.Sprintf("main-instance-%v", hex), nil
			}).(pulumi.StringOutput),
			DatabaseVersion: pulumi.String("MYSQL_8_0"),
			Settings: &sql.DatabaseInstanceSettingsArgs{
				Tier: pulumi.String("db-f1-micro"),
				DatabaseFlags: sql.DatabaseInstanceSettingsDatabaseFlagArray{
					&sql.DatabaseInstanceSettingsDatabaseFlagArgs{
						Name:  pulumi.String("cloudsql_iam_authentication"),
						Value: pulumi.String("on"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = sql.NewUser(ctx, "iam_group_user", &sql.UserArgs{
			Name:     pulumi.String("iam_group@example.com"),
			Instance: main.Name,
			Type:     pulumi.String("CLOUD_IAM_GROUP"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Random = Pulumi.Random;

return await Deployment.RunAsync(() => 
{
    var dbNameSuffix = new Random.RandomId("db_name_suffix", new()
    {
        ByteLength = 4,
    });

    var main = new Gcp.Sql.DatabaseInstance("main", new()
    {
        Name = dbNameSuffix.Hex.Apply(hex => $"main-instance-{hex}"),
        DatabaseVersion = "MYSQL_8_0",
        Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs
        {
            Tier = "db-f1-micro",
            DatabaseFlags = new[]
            {
                new Gcp.Sql.Inputs.DatabaseInstanceSettingsDatabaseFlagArgs
                {
                    Name = "cloudsql_iam_authentication",
                    Value = "on",
                },
            },
        },
    });

    var iamGroupUser = new Gcp.Sql.User("iam_group_user", new()
    {
        Name = "iam_group@example.com",
        Instance = main.Name,
        Type = "CLOUD_IAM_GROUP",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.random.RandomId;
import com.pulumi.random.RandomIdArgs;
import com.pulumi.gcp.sql.DatabaseInstance;
import com.pulumi.gcp.sql.DatabaseInstanceArgs;
import com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;
import com.pulumi.gcp.sql.User;
import com.pulumi.gcp.sql.UserArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var dbNameSuffix = new RandomId("dbNameSuffix", RandomIdArgs.builder()
            .byteLength(4)
            .build());

        var main = new DatabaseInstance("main", DatabaseInstanceArgs.builder()
            .name(dbNameSuffix.hex().applyValue(hex -> String.format("main-instance-%s", hex)))
            .databaseVersion("MYSQL_8_0")
            .settings(DatabaseInstanceSettingsArgs.builder()
                .tier("db-f1-micro")
                .databaseFlags(DatabaseInstanceSettingsDatabaseFlagArgs.builder()
                    .name("cloudsql_iam_authentication")
                    .value("on")
                    .build())
                .build())
            .build());

        var iamGroupUser = new User("iamGroupUser", UserArgs.builder()
            .name("iam_group@example.com")
            .instance(main.name())
            .type("CLOUD_IAM_GROUP")
            .build());

    }
}

resources:
  dbNameSuffix:
    type: random:RandomId
    name: db_name_suffix
    properties:
      byteLength: 4
  main:
    type: gcp:sql:DatabaseInstance
    properties:
      name: main-instance-${dbNameSuffix.hex}
      databaseVersion: MYSQL_8_0
      settings:
        tier: db-f1-micro
        databaseFlags:
          - name: cloudsql_iam_authentication
            value: on
  iamGroupUser:
    type: gcp:sql:User
    name: iam_group_user
    properties:
      name: iam_group@example.com
      instance: ${main.name}
      type: CLOUD_IAM_GROUP

Ephemeral Attributes Reference

The following write-only attributes are supported:

password_wo - (Optional) The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. Don’t set this field for CLOUD_IAM_USER and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance. Note: This property is write-only and will not be read from the API.

Create User Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new User(name: string, args: UserArgs, opts?: CustomResourceOptions);

@overload
def User(resource_name: str,
         args: UserArgs,
         opts: Optional[ResourceOptions] = None)

@overload
def User(resource_name: str,
         opts: Optional[ResourceOptions] = None,
         instance: Optional[str] = None,
         deletion_policy: Optional[str] = None,
         host: Optional[str] = None,
         name: Optional[str] = None,
         password: Optional[str] = None,
         password_policy: Optional[UserPasswordPolicyArgs] = None,
         project: Optional[str] = None,
         type: Optional[str] = None)

func NewUser(ctx *Context, name string, args UserArgs, opts ...ResourceOption) (*User, error)

public User(string name, UserArgs args, CustomResourceOptions? opts = null)

public User(String name, UserArgs args)
public User(String name, UserArgs args, CustomResourceOptions options)

type: gcp:sql:User
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args UserArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args UserArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args UserArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args UserArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args UserArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var gcpUserResource = new Gcp.Sql.User("gcpUserResource", new()
{
    Instance = "string",
    DeletionPolicy = "string",
    Host = "string",
    Name = "string",
    Password = "string",
    PasswordPolicy = new Gcp.Sql.Inputs.UserPasswordPolicyArgs
    {
        AllowedFailedAttempts = 0,
        EnableFailedAttemptsCheck = false,
        EnablePasswordVerification = false,
        PasswordExpirationDuration = "string",
        Statuses = new[]
        {
            new Gcp.Sql.Inputs.UserPasswordPolicyStatusArgs
            {
                Locked = false,
                PasswordExpirationTime = "string",
            },
        },
    },
    Project = "string",
    Type = "string",
});

example, err := sql.NewUser(ctx, "gcpUserResource", &sql.UserArgs{
	Instance:       pulumi.String("string"),
	DeletionPolicy: pulumi.String("string"),
	Host:           pulumi.String("string"),
	Name:           pulumi.String("string"),
	Password:       pulumi.String("string"),
	PasswordPolicy: &sql.UserPasswordPolicyArgs{
		AllowedFailedAttempts:      pulumi.Int(0),
		EnableFailedAttemptsCheck:  pulumi.Bool(false),
		EnablePasswordVerification: pulumi.Bool(false),
		PasswordExpirationDuration: pulumi.String("string"),
		Statuses: sql.UserPasswordPolicyStatusArray{
			&sql.UserPasswordPolicyStatusArgs{
				Locked:                 pulumi.Bool(false),
				PasswordExpirationTime: pulumi.String("string"),
			},
		},
	},
	Project: pulumi.String("string"),
	Type:    pulumi.String("string"),
})

var gcpUserResource = new User("gcpUserResource", UserArgs.builder()
    .instance("string")
    .deletionPolicy("string")
    .host("string")
    .name("string")
    .password("string")
    .passwordPolicy(UserPasswordPolicyArgs.builder()
        .allowedFailedAttempts(0)
        .enableFailedAttemptsCheck(false)
        .enablePasswordVerification(false)
        .passwordExpirationDuration("string")
        .statuses(UserPasswordPolicyStatusArgs.builder()
            .locked(false)
            .passwordExpirationTime("string")
            .build())
        .build())
    .project("string")
    .type("string")
    .build());

gcp_user_resource = gcp.sql.User("gcpUserResource",
    instance="string",
    deletion_policy="string",
    host="string",
    name="string",
    password="string",
    password_policy={
        "allowed_failed_attempts": 0,
        "enable_failed_attempts_check": False,
        "enable_password_verification": False,
        "password_expiration_duration": "string",
        "statuses": [{
            "locked": False,
            "password_expiration_time": "string",
        }],
    },
    project="string",
    type="string")

const gcpUserResource = new gcp.sql.User("gcpUserResource", {
    instance: "string",
    deletionPolicy: "string",
    host: "string",
    name: "string",
    password: "string",
    passwordPolicy: {
        allowedFailedAttempts: 0,
        enableFailedAttemptsCheck: false,
        enablePasswordVerification: false,
        passwordExpirationDuration: "string",
        statuses: [{
            locked: false,
            passwordExpirationTime: "string",
        }],
    },
    project: "string",
    type: "string",
});

type: gcp:sql:User
properties:
    deletionPolicy: string
    host: string
    instance: string
    name: string
    password: string
    passwordPolicy:
        allowedFailedAttempts: 0
        enableFailedAttemptsCheck: false
        enablePasswordVerification: false
        passwordExpirationDuration: string
        statuses:
            - locked: false
              passwordExpirationTime: string
    project: string
    type: string

User Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The User resource accepts the following input properties:

Instance string

The name of the Cloud SQL instance. Changing this forces a new resource to be created.

DeletionPolicy string

The deletion policy for the user. Setting ABANDON allows the resource to be abandoned rather than deleted. This is useful for Postgres, where users cannot be deleted from the API if they have been granted SQL roles.

Possible values are: ABANDON.

Host string

The host the user can connect from. This is only supported for BUILT_IN users in MySQL instances. Don't set this field for PostgreSQL and SQL Server instances. Can be an IP address. Changing this forces a new resource to be created.

Name string

The name of the user. Changing this forces a new resource to be created.

Password string

The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance.

PasswordPolicy UserPasswordPolicy

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

Type string

The user type. It determines the method to authenticate the user during login. The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_SERVICE_ACCOUNT", "CLOUD_IAM_GROUP", "CLOUD_IAM_GROUP_USER" and "CLOUD_IAM_GROUP_SERVICE_ACCOUNT" for Postgres and MySQL.

Instance string

The name of the Cloud SQL instance. Changing this forces a new resource to be created.

DeletionPolicy string

Possible values are: ABANDON.

Host string

Name string

The name of the user. Changing this forces a new resource to be created.

Password string

PasswordPolicy UserPasswordPolicyArgs

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

Type string

instance String

The name of the Cloud SQL instance. Changing this forces a new resource to be created.

deletionPolicy String

Possible values are: ABANDON.

host String

name String

The name of the user. Changing this forces a new resource to be created.

password String

passwordPolicy UserPasswordPolicy

project String

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

type String

instance string

The name of the Cloud SQL instance. Changing this forces a new resource to be created.

deletionPolicy string

Possible values are: ABANDON.

host string

name string

The name of the user. Changing this forces a new resource to be created.

password string

passwordPolicy UserPasswordPolicy

project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

type string

instance str

The name of the Cloud SQL instance. Changing this forces a new resource to be created.

deletion_policy str

Possible values are: ABANDON.

host str

name str

The name of the user. Changing this forces a new resource to be created.

password str

password_policy UserPasswordPolicyArgs

project str

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

type str

instance String

The name of the Cloud SQL instance. Changing this forces a new resource to be created.

deletionPolicy String

Possible values are: ABANDON.

host String

name String

The name of the user. Changing this forces a new resource to be created.

password String

passwordPolicy Property Map

project String

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

type String

Outputs

All input properties are implicitly available as output properties. Additionally, the User resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
SqlServerUserDetails List<UserSqlServerUserDetail>

Id string: The provider-assigned unique ID for this managed resource.
SqlServerUserDetails []UserSqlServerUserDetail

id String: The provider-assigned unique ID for this managed resource.
sqlServerUserDetails List<UserSqlServerUserDetail>

id string: The provider-assigned unique ID for this managed resource.
sqlServerUserDetails UserSqlServerUserDetail[]

id str: The provider-assigned unique ID for this managed resource.
sql_server_user_details Sequence[UserSqlServerUserDetail]

id String: The provider-assigned unique ID for this managed resource.
sqlServerUserDetails List<Property Map>

Look up Existing User Resource

Get an existing User resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: UserState, opts?: CustomResourceOptions): User

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        deletion_policy: Optional[str] = None,
        host: Optional[str] = None,
        instance: Optional[str] = None,
        name: Optional[str] = None,
        password: Optional[str] = None,
        password_policy: Optional[UserPasswordPolicyArgs] = None,
        project: Optional[str] = None,
        sql_server_user_details: Optional[Sequence[UserSqlServerUserDetailArgs]] = None,
        type: Optional[str] = None) -> User

func GetUser(ctx *Context, name string, id IDInput, state *UserState, opts ...ResourceOption) (*User, error)

public static User Get(string name, Input<string> id, UserState? state, CustomResourceOptions? opts = null)

public static User get(String name, Output<String> id, UserState state, CustomResourceOptions options)

resources:  _:    type: gcp:sql:User    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

DeletionPolicy string

Possible values are: ABANDON.

Host string

Instance string

The name of the Cloud SQL instance. Changing this forces a new resource to be created.

Name string

The name of the user. Changing this forces a new resource to be created.

Password string

PasswordPolicy UserPasswordPolicy

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

SqlServerUserDetails List<UserSqlServerUserDetail>

Type string

DeletionPolicy string

Possible values are: ABANDON.

Host string

Instance string

The name of the Cloud SQL instance. Changing this forces a new resource to be created.

Name string

The name of the user. Changing this forces a new resource to be created.

Password string

PasswordPolicy UserPasswordPolicyArgs

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

SqlServerUserDetails []UserSqlServerUserDetailArgs

Type string

deletionPolicy String

Possible values are: ABANDON.

host String

instance String

The name of the Cloud SQL instance. Changing this forces a new resource to be created.

name String

The name of the user. Changing this forces a new resource to be created.

password String

passwordPolicy UserPasswordPolicy

project String

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

sqlServerUserDetails List<UserSqlServerUserDetail>

type String

deletionPolicy string

Possible values are: ABANDON.

host string

instance string

The name of the Cloud SQL instance. Changing this forces a new resource to be created.

name string

The name of the user. Changing this forces a new resource to be created.

password string

passwordPolicy UserPasswordPolicy

project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

sqlServerUserDetails UserSqlServerUserDetail[]

type string

deletion_policy str

Possible values are: ABANDON.

host str

instance str

The name of the Cloud SQL instance. Changing this forces a new resource to be created.

name str

The name of the user. Changing this forces a new resource to be created.

password str

password_policy UserPasswordPolicyArgs

project str

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

sql_server_user_details Sequence[UserSqlServerUserDetailArgs]

type str

deletionPolicy String

Possible values are: ABANDON.

host String

instance String

The name of the Cloud SQL instance. Changing this forces a new resource to be created.

name String

The name of the user. Changing this forces a new resource to be created.

password String

passwordPolicy Property Map

project String

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

sqlServerUserDetails List<Property Map>

type String

Supporting Types

UserPasswordPolicy, UserPasswordPolicyArgs

AllowedFailedAttempts int: Number of failed attempts allowed before the user get locked.
EnableFailedAttemptsCheck bool: If true, the check that will lock user after too many failed login attempts will be enabled.
EnablePasswordVerification bool: If true, the user must specify the current password before changing the password. This flag is supported only for MySQL.
PasswordExpirationDuration string: Password expiration duration with one week grace period.
Statuses List<UserPasswordPolicyStatus>

AllowedFailedAttempts int: Number of failed attempts allowed before the user get locked.
EnableFailedAttemptsCheck bool: If true, the check that will lock user after too many failed login attempts will be enabled.
EnablePasswordVerification bool: If true, the user must specify the current password before changing the password. This flag is supported only for MySQL.
PasswordExpirationDuration string: Password expiration duration with one week grace period.
Statuses []UserPasswordPolicyStatus

allowedFailedAttempts Integer: Number of failed attempts allowed before the user get locked.
enableFailedAttemptsCheck Boolean: If true, the check that will lock user after too many failed login attempts will be enabled.
enablePasswordVerification Boolean: If true, the user must specify the current password before changing the password. This flag is supported only for MySQL.
passwordExpirationDuration String: Password expiration duration with one week grace period.
statuses List<UserPasswordPolicyStatus>

allowedFailedAttempts number: Number of failed attempts allowed before the user get locked.
enableFailedAttemptsCheck boolean: If true, the check that will lock user after too many failed login attempts will be enabled.
enablePasswordVerification boolean: If true, the user must specify the current password before changing the password. This flag is supported only for MySQL.
passwordExpirationDuration string: Password expiration duration with one week grace period.
statuses UserPasswordPolicyStatus[]

allowed_failed_attempts int: Number of failed attempts allowed before the user get locked.
enable_failed_attempts_check bool: If true, the check that will lock user after too many failed login attempts will be enabled.
enable_password_verification bool: If true, the user must specify the current password before changing the password. This flag is supported only for MySQL.
password_expiration_duration str: Password expiration duration with one week grace period.
statuses Sequence[UserPasswordPolicyStatus]

allowedFailedAttempts Number: Number of failed attempts allowed before the user get locked.
enableFailedAttemptsCheck Boolean: If true, the check that will lock user after too many failed login attempts will be enabled.
enablePasswordVerification Boolean: If true, the user must specify the current password before changing the password. This flag is supported only for MySQL.
passwordExpirationDuration String: Password expiration duration with one week grace period.
statuses List<Property Map>

UserPasswordPolicyStatus, UserPasswordPolicyStatusArgs

Locked bool: If true, user does not have login privileges.
PasswordExpirationTime string: Password expiration duration with one week grace period.

Locked bool: If true, user does not have login privileges.
PasswordExpirationTime string: Password expiration duration with one week grace period.

locked Boolean: If true, user does not have login privileges.
passwordExpirationTime String: Password expiration duration with one week grace period.

locked boolean: If true, user does not have login privileges.
passwordExpirationTime string: Password expiration duration with one week grace period.

locked bool: If true, user does not have login privileges.
password_expiration_time str: Password expiration duration with one week grace period.

locked Boolean: If true, user does not have login privileges.
passwordExpirationTime String: Password expiration duration with one week grace period.

UserSqlServerUserDetail, UserSqlServerUserDetailArgs

Disabled bool: If the user has been disabled.
ServerRoles List<string>: The server roles for this user in the database.

Disabled bool: If the user has been disabled.
ServerRoles []string: The server roles for this user in the database.

disabled Boolean: If the user has been disabled.
serverRoles List<String>: The server roles for this user in the database.

disabled boolean: If the user has been disabled.
serverRoles string[]: The server roles for this user in the database.

disabled bool: If the user has been disabled.
server_roles Sequence[str]: The server roles for this user in the database.

disabled Boolean: If the user has been disabled.
serverRoles List<String>: The server roles for this user in the database.

Import

SQL users for MySQL databases can be imported using the project, instance, host and name, e.g.

{{project_id}}/{{instance}}/{{host}}/{{name}}

SQL users for PostgreSQL databases can be imported using the project, instance and name, e.g.

{{project_id}}/{{instance}}/{{name}}

When using the pulumi import command, NAME_HERE can be imported using one of the formats above. For example:

MySQL database

$ pulumi import gcp:sql/user:User default {{project_id}}/{{instance}}/{{host}}/{{name}}

PostgreSQL database

$ pulumi import gcp:sql/user:User default {{project_id}}/{{instance}}/{{name}}

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Google Cloud (GCP) Classic pulumi/pulumi-gcp
License: Apache-2.0
Notes: This Pulumi package is based on the google-beta Terraform Provider.

Google Cloud v8.21.0 published on Wednesday, Mar 5, 2025 by Pulumi

pulumi/pulumi-gcp

gcp.sql.User

On this page

On this page

Example Usage

Ephemeral Attributes Reference

Create User Resource

Constructor syntax

Parameters

Constructor example

User Resource Properties

Inputs

Outputs

Look up Existing User Resource

Supporting Types

UserPasswordPolicy, UserPasswordPolicyArgs

UserPasswordPolicyStatus, UserPasswordPolicyStatusArgs

UserSqlServerUserDetail, UserSqlServerUserDetailArgs

Import

Package Details

On this page

On this page