SQLUser
| Property | Value |
|---|---|
| Google Cloud Service Name | Cloud SQL |
| Google Cloud Service Documentation | /sql/docs/ |
| Google Cloud REST Resource Name | v1beta4.users |
| Google Cloud REST Resource Documentation | /sql/docs/postgres/admin-api/v1beta4/users |
| Config Connector Resource Short Names | gcpsqluser gcpsqlusers sqluser |
| Config Connector Service Name | sqladmin.googleapis.com |
| Config Connector Resource Fully Qualified Name | sqlusers.sql.cnrm.cloud.google.com |
| Can Be Referenced by IAMPolicy/IAMPolicyMember | No |
| Config Connector Default Average Reconcile Interval In Seconds | 600 |
Custom Resource Definition Properties
Annotations
| Fields | |
|---|---|
cnrm.cloud.google.com/project-id |
|
Spec
Schema
host: string
instanceRef:
external: string
name: string
namespace: string
password:
value: string
valueFrom:
secretKeyRef:
key: string
name: string
passwordPolicy:
allowedFailedAttempts: integer
enableFailedAttemptsCheck: boolean
enablePasswordVerification: boolean
passwordExpirationDuration: string
status:
- locked: boolean
passwordExpirationTime: string
resourceID: string
type: string
| Fields | |
|---|---|
|
Optional |
Immutable. The host the user can connect from. This is only supported for MySQL instances. Don't set this field for PostgreSQL instances. Can be an IP address. Changing this forces a new resource to be created. |
|
Required |
|
|
Optional |
Allowed value: The `name` field of a `SQLInstance` resource. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. |
|
Optional |
Value of the field. Cannot be used if 'valueFrom' is specified. |
|
Optional |
Source for the field's value. Cannot be used if 'value' is specified. |
|
Optional |
Reference to a value with the given key in the given Secret in the resource's namespace. |
|
Required* |
Key that identifies the value to be extracted. |
|
Required* |
Name of the Secret to extract a value from. |
|
Optional |
|
|
Optional |
Number of failed attempts allowed before the user get locked. |
|
Optional |
If true, the check that will lock user after too many failed login attempts will be enabled. |
|
Optional |
If true, the user must specify the current password before changing the password. This flag is supported only for MySQL. |
|
Optional |
Password expiration duration with one week grace period. |
|
Optional |
|
|
Optional |
|
|
Optional |
If true, user does not have login privileges. |
|
Optional |
Password expiration duration with one week grace period. |
|
Optional |
Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. |
|
Optional |
Immutable. The user type. It determines the method to authenticate the user during login. The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", or "CLOUD_IAM_SERVICE_ACCOUNT". |
* Field is required when parent field is specified
Status
Schema
conditions:
- lastTransitionTime: string
message: string
reason: string
status: string
type: string
observedGeneration: integer
sqlServerUserDetails:
- disabled: boolean
serverRoles:
- string
| Fields | |
|---|---|
conditions |
Conditions represent the latest available observation of the resource's current state. |
conditions[] |
|
conditions[].lastTransitionTime |
Last time the condition transitioned from one status to another. |
conditions[].message |
Human-readable message indicating details about last transition. |
conditions[].reason |
Unique, one-word, CamelCase reason for the condition's last transition. |
conditions[].status |
Status is the status of the condition. Can be True, False, Unknown. |
conditions[].type |
Type is the type of the condition. |
observedGeneration |
ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. |
sqlServerUserDetails |
|
sqlServerUserDetails[] |
|
sqlServerUserDetails[].disabled |
If the user has been disabled. |
sqlServerUserDetails[].serverRoles |
The server roles for this user in the database. |
sqlServerUserDetails[].serverRoles[] |
|
Sample YAML(s)
Typical Use Case
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: sql.cnrm.cloud.google.com/v1beta1
kind: SQLUser
metadata:
name: sqluser-sample
spec:
instanceRef:
name: sqluser-dep
host: "%"
password:
valueFrom:
secretKeyRef:
name: sqluser-dep
key: password
---
apiVersion: v1
kind: Secret
metadata:
name: sqluser-dep
data:
password: cGFzc3dvcmQ=
---
apiVersion: sql.cnrm.cloud.google.com/v1beta1
kind: SQLInstance
metadata:
labels:
label-one: "value-one"
name: sqluser-dep
spec:
region: us-central1
databaseVersion: MYSQL_5_7
settings:
tier: db-n1-standard-1