import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
 * Creates a new Google SQL User on a Google SQL User Instance. For more information, see the [official documentation](https://cloud.google.com/sql/), or the [JSON API](https://cloud.google.com/sql/docs/admin-api/v1beta4/users).
 *
 * ## Example Usage
 *
 * Example creating a SQL User.
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * import * as random from "@pulumi/random";
 *
 * const dbNameSuffix = new random.index.Id("db_name_suffix", {byteLength: 4});
 * const main = new gcp.sql.DatabaseInstance("main", {
 *     name: `main-instance-${dbNameSuffix.hex}`,
 *     databaseVersion: "MYSQL_5_7",
 *     settings: {
 *         tier: "db-f1-micro",
 *     },
 * });
 * const users = new gcp.sql.User("users", {
 *     name: "me",
 *     instance: main.name,
 *     host: "me.com",
 *     password: "changeme",
 * });
 * ```
 *
 * Example using [Cloud SQL IAM database authentication](https://cloud.google.com/sql/docs/mysql/authentication).
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * import * as random from "@pulumi/random";
 * import * as std from "@pulumi/std";
 *
 * const dbNameSuffix = new random.index.Id("db_name_suffix", {byteLength: 4});
 * const main = new gcp.sql.DatabaseInstance("main", {
 *     name: `main-instance-${dbNameSuffix.hex}`,
 *     databaseVersion: "POSTGRES_15",
 *     settings: {
 *         tier: "db-f1-micro",
 *         databaseFlags: [{
 *             name: "cloudsql.iam_authentication",
 *             value: "on",
 *         }],
 *     },
 * });
 * const iamUser = new gcp.sql.User("iam_user", {
 *     name: "me@example.com",
 *     instance: main.name,
 *     type: "CLOUD_IAM_USER",
 * });
 * const iamServiceAccountUser = new gcp.sql.User("iam_service_account_user", {
 *     name: std.trimsuffix({
 *         input: serviceAccount.email,
 *         suffix: ".gserviceaccount.com",
 *     }).then(invoke => invoke.result),
 *     instance: main.name,
 *     type: "CLOUD_IAM_SERVICE_ACCOUNT",
 * });
 * ```
 *
 * Example using [Cloud SQL IAM Group authentication](https://cloud.google.com/sql/docs/mysql/iam-authentication#iam-group-auth).
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * import * as random from "@pulumi/random";
 *
 * const dbNameSuffix = new random.index.Id("db_name_suffix", {byteLength: 4});
 * const main = new gcp.sql.DatabaseInstance("main", {
 *     name: `main-instance-${dbNameSuffix.hex}`,
 *     databaseVersion: "MYSQL_8_0",
 *     settings: {
 *         tier: "db-f1-micro",
 *         databaseFlags: [{
 *             name: "cloudsql_iam_authentication",
 *             value: "on",
 *         }],
 *     },
 * });
 * const iamGroupUser = new gcp.sql.User("iam_group_user", {
 *     name: "iam_group@example.com",
 *     instance: main.name,
 *     type: "CLOUD_IAM_GROUP",
 * });
 * ```
 *
 * ## Ephemeral Attributes Reference
 *
 * The following write-only attributes are supported:
 *
 * * `passwordWo` - (Optional) The password for the user. Can be updated. For Postgres
 *     instances this is a Required field, unless type is set to either CLOUD_IAM_USER
 *     or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER
 *     and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance.
 *   **Note**: This property is write-only and will not be read from the API.
 *
 * ## Import
 *
 * SQL users for MySQL databases can be imported using the `project`, `instance`, `host` and `name`, e.g.
 *
 * * `{{project_id}}/{{instance}}/{{host}}/{{name}}`
 *
 * SQL users for PostgreSQL databases can be imported using the `project`, `instance` and `name`, e.g.
 *
 * * `{{project_id}}/{{instance}}/{{name}}`
 *
 * When using the `pulumi import` command, NAME_HERE can be imported using one of the formats above. For example:
 *
 * MySQL database
 *
 * ```sh
 * $ pulumi import gcp:sql/user:User default {{project_id}}/{{instance}}/{{host}}/{{name}}
 * ```
 *
 * PostgreSQL database
 *
 * ```sh
 * $ pulumi import gcp:sql/user:User default {{project_id}}/{{instance}}/{{name}}
 * ```
 */
export declare class User extends pulumi.CustomResource {
    /**
     * Get an existing User resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserState, opts?: pulumi.CustomResourceOptions): User;
    /**
     * Returns true if the given object is an instance of User.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj: any): obj is User;
    /**
     * The deletion policy for the user.
     * Setting `ABANDON` allows the resource to be abandoned rather than deleted. This is useful
     * for Postgres, where users cannot be deleted from the API if they have been granted SQL roles.
     *
     * Possible values are: `ABANDON`.
     */
    readonly deletionPolicy: pulumi.Output<string | undefined>;
    /**
     * The host the user can connect from. This is only supported
     * for BUILT_IN users in MySQL instances. Don't set this field for PostgreSQL and SQL Server instances.
     * Can be an IP address. Changing this forces a new resource to be created.
     */
    readonly host: pulumi.Output<string>;
    /**
     * The name of the Cloud SQL instance. Changing this
     * forces a new resource to be created.
     */
    readonly instance: pulumi.Output<string>;
    /**
     * The name of the user. Changing this forces a new resource
     * to be created.
     */
    readonly name: pulumi.Output<string>;
    /**
     * The password for the user. Can be updated. For Postgres
     * instances this is a Required field, unless type is set to either CLOUD_IAM_USER
     * or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER
     * and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance.
     */
    readonly password: pulumi.Output<string | undefined>;
    readonly passwordPolicy: pulumi.Output<outputs.sql.UserPasswordPolicy | undefined>;
    /**
     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
     * The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to
     * 				either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT.
     */
    readonly passwordWo: pulumi.Output<string | undefined>;
    /**
     * The version of the password_wo. For more info see [updating write-only attributes](https://www.terraform.io/docs/providers/google/guides/using_write_only_attributes.html#updating-write-only-attributes).
     *
     * - - -
     */
    readonly passwordWoVersion: pulumi.Output<number | undefined>;
    /**
     * The ID of the project in which the resource belongs. If it
     * is not provided, the provider project is used.
     */
    readonly project: pulumi.Output<string>;
    readonly sqlServerUserDetails: pulumi.Output<outputs.sql.UserSqlServerUserDetail[]>;
    /**
     * The user type. It determines the method to authenticate the
     * user during login. The default is the database's built-in user type. Flags
     * include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_SERVICE_ACCOUNT", "CLOUD_IAM_GROUP",
     * "CLOUD_IAM_GROUP_USER" and "CLOUD_IAM_GROUP_SERVICE_ACCOUNT" for
     * [Postgres](https://cloud.google.com/sql/docs/postgres/admin-api/rest/v1beta4/users#sqlusertype)
     * and [MySQL](https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1beta4/users#sqlusertype).
     */
    readonly type: pulumi.Output<string | undefined>;
    /**
     * Create a User resource with the given unique name, arguments, and options.
     *
     * @param name The _unique_ name of the resource.
     * @param args The arguments to use to populate this resource's properties.
     * @param opts A bag of options that control this resource's behavior.
     */
    constructor(name: string, args: UserArgs, opts?: pulumi.CustomResourceOptions);
}
/**
 * Input properties used for looking up and filtering User resources.
 */
export interface UserState {
    /**
     * The deletion policy for the user.
     * Setting `ABANDON` allows the resource to be abandoned rather than deleted. This is useful
     * for Postgres, where users cannot be deleted from the API if they have been granted SQL roles.
     *
     * Possible values are: `ABANDON`.
     */
    deletionPolicy?: pulumi.Input<string>;
    /**
     * The host the user can connect from. This is only supported
     * for BUILT_IN users in MySQL instances. Don't set this field for PostgreSQL and SQL Server instances.
     * Can be an IP address. Changing this forces a new resource to be created.
     */
    host?: pulumi.Input<string>;
    /**
     * The name of the Cloud SQL instance. Changing this
     * forces a new resource to be created.
     */
    instance?: pulumi.Input<string>;
    /**
     * The name of the user. Changing this forces a new resource
     * to be created.
     */
    name?: pulumi.Input<string>;
    /**
     * The password for the user. Can be updated. For Postgres
     * instances this is a Required field, unless type is set to either CLOUD_IAM_USER
     * or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER
     * and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance.
     */
    password?: pulumi.Input<string>;
    passwordPolicy?: pulumi.Input<inputs.sql.UserPasswordPolicy>;
    /**
     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
     * The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to
     * 				either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT.
     */
    passwordWo?: pulumi.Input<string>;
    /**
     * The version of the password_wo. For more info see [updating write-only attributes](https://www.terraform.io/docs/providers/google/guides/using_write_only_attributes.html#updating-write-only-attributes).
     *
     * - - -
     */
    passwordWoVersion?: pulumi.Input<number>;
    /**
     * The ID of the project in which the resource belongs. If it
     * is not provided, the provider project is used.
     */
    project?: pulumi.Input<string>;
    sqlServerUserDetails?: pulumi.Input<pulumi.Input<inputs.sql.UserSqlServerUserDetail>[]>;
    /**
     * The user type. It determines the method to authenticate the
     * user during login. The default is the database's built-in user type. Flags
     * include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_SERVICE_ACCOUNT", "CLOUD_IAM_GROUP",
     * "CLOUD_IAM_GROUP_USER" and "CLOUD_IAM_GROUP_SERVICE_ACCOUNT" for
     * [Postgres](https://cloud.google.com/sql/docs/postgres/admin-api/rest/v1beta4/users#sqlusertype)
     * and [MySQL](https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1beta4/users#sqlusertype).
     */
    type?: pulumi.Input<string>;
}
/**
 * The set of arguments for constructing a User resource.
 */
export interface UserArgs {
    /**
     * The deletion policy for the user.
     * Setting `ABANDON` allows the resource to be abandoned rather than deleted. This is useful
     * for Postgres, where users cannot be deleted from the API if they have been granted SQL roles.
     *
     * Possible values are: `ABANDON`.
     */
    deletionPolicy?: pulumi.Input<string>;
    /**
     * The host the user can connect from. This is only supported
     * for BUILT_IN users in MySQL instances. Don't set this field for PostgreSQL and SQL Server instances.
     * Can be an IP address. Changing this forces a new resource to be created.
     */
    host?: pulumi.Input<string>;
    /**
     * The name of the Cloud SQL instance. Changing this
     * forces a new resource to be created.
     */
    instance: pulumi.Input<string>;
    /**
     * The name of the user. Changing this forces a new resource
     * to be created.
     */
    name?: pulumi.Input<string>;
    /**
     * The password for the user. Can be updated. For Postgres
     * instances this is a Required field, unless type is set to either CLOUD_IAM_USER
     * or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER
     * and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance.
     */
    password?: pulumi.Input<string>;
    passwordPolicy?: pulumi.Input<inputs.sql.UserPasswordPolicy>;
    /**
     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
     * The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to
     * 				either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT.
     */
    passwordWo?: pulumi.Input<string>;
    /**
     * The version of the password_wo. For more info see [updating write-only attributes](https://www.terraform.io/docs/providers/google/guides/using_write_only_attributes.html#updating-write-only-attributes).
     *
     * - - -
     */
    passwordWoVersion?: pulumi.Input<number>;
    /**
     * The ID of the project in which the resource belongs. If it
     * is not provided, the provider project is used.
     */
    project?: pulumi.Input<string>;
    /**
     * The user type. It determines the method to authenticate the
     * user during login. The default is the database's built-in user type. Flags
     * include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_SERVICE_ACCOUNT", "CLOUD_IAM_GROUP",
     * "CLOUD_IAM_GROUP_USER" and "CLOUD_IAM_GROUP_SERVICE_ACCOUNT" for
     * [Postgres](https://cloud.google.com/sql/docs/postgres/admin-api/rest/v1beta4/users#sqlusertype)
     * and [MySQL](https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1beta4/users#sqlusertype).
     */
    type?: pulumi.Input<string>;
}