From e764a8fee4a89c940027e3e69fc6ddfe0ae484d0 Mon Sep 17 00:00:00 2001 From: "alvarez.mauriciotm@gmail.com" Date: Tue, 14 Oct 2025 10:52:46 -0700 Subject: [PATCH 1/3] improve docs for write-only in sql_user resource page --- .../website/docs/r/sql_user.html.markdown | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/mmv1/third_party/terraform/website/docs/r/sql_user.html.markdown b/mmv1/third_party/terraform/website/docs/r/sql_user.html.markdown index 054666ef4fc1..67ec5020c10f 100644 --- a/mmv1/third_party/terraform/website/docs/r/sql_user.html.markdown +++ b/mmv1/third_party/terraform/website/docs/r/sql_user.html.markdown @@ -12,6 +12,8 @@ Creates a new Google SQL User on a Google SQL User Instance. For more informatio [Read more about sensitive data in state](https://www.terraform.io/language/state/sensitive-data). Passwords will not be retrieved when running "terraform import". +-> **Note:** Write-Only argument `password_wo` is available to use in place of `password`. Write-Only argumentss are supported in HashiCorp Terraform 1.11.0 and later. [Learn more](https://developer.hashicorp.com/terraform/language/resources/ephemeral#write-only-arguments). + ## Example Usage Example creating a SQL User. @@ -117,6 +119,12 @@ The following arguments are supported: or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance. +* `password_wo` - (Optional) The password for the user. Can be updated. For Postgres + instances this is a Required field, unless type is set to either CLOUD_IAM_USER + or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER + and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance. + **Note**: This property is write-only and will not be read from the API. + * `type` - (Optional) The user type. It determines the method to authenticate the user during login. The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_SERVICE_ACCOUNT", "CLOUD_IAM_GROUP", @@ -157,16 +165,6 @@ The read only `password_policy.status` subblock supports: * `password_expiration_time` - (read only) Password expiration duration with one week grace period. -## Ephemeral Attributes Reference - -The following write-only attributes are supported: - -* `password_wo` - (Optional) The password for the user. Can be updated. For Postgres - instances this is a Required field, unless type is set to either CLOUD_IAM_USER - or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER - and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance. - **Note**: This property is write-only and will not be read from the API. - ## Attributes Reference Only the arguments listed above are exposed as attributes. From a4015f3c1736bb705897c47201df037939572eb2 Mon Sep 17 00:00:00 2001 From: "alvarez.mauriciotm@gmail.com" Date: Tue, 14 Oct 2025 11:07:59 -0700 Subject: [PATCH 2/3] more improvements --- .../terraform/website/docs/r/sql_user.html.markdown | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/mmv1/third_party/terraform/website/docs/r/sql_user.html.markdown b/mmv1/third_party/terraform/website/docs/r/sql_user.html.markdown index 67ec5020c10f..0f5d49ddc7fd 100644 --- a/mmv1/third_party/terraform/website/docs/r/sql_user.html.markdown +++ b/mmv1/third_party/terraform/website/docs/r/sql_user.html.markdown @@ -119,11 +119,14 @@ The following arguments are supported: or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance. -* `password_wo` - (Optional) The password for the user. Can be updated. For Postgres +* `password_wo` - (Optional, write-only) The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance. - **Note**: This property is write-only and will not be read from the API. + +* ~> **Note:** One of `value` or `value_wo` can only be set. + +* `password_wo_version` - (Optional) An integer value used to trigger an update for `password_wo`. This property should be incremented when updating `password_wo`. For more info see [updating write-only attributes](/docs/providers/google/guides/using_write_only_attributes.html#updating-write-only-attributes). * `type` - (Optional) The user type. It determines the method to authenticate the user during login. The default is the database's built-in user type. Flags @@ -138,8 +141,6 @@ The following arguments are supported: Possible values are: `ABANDON`. -* `password_wo_version` - (Optional) The version of the password_wo. For more info see [updating write-only attributes](/docs/providers/google/guides/using_write_only_attributes.html#updating-write-only-attributes). - - - - * `host` - (Optional) The host the user can connect from. This is only supported From 22d616be6bfe1bccdce9e8461ceb87ea573ff7c8 Mon Sep 17 00:00:00 2001 From: "alvarez.mauriciotm@gmail.com" Date: Tue, 14 Oct 2025 11:10:04 -0700 Subject: [PATCH 3/3] typo --- .../third_party/terraform/website/docs/r/sql_user.html.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mmv1/third_party/terraform/website/docs/r/sql_user.html.markdown b/mmv1/third_party/terraform/website/docs/r/sql_user.html.markdown index 0f5d49ddc7fd..c0d918a98485 100644 --- a/mmv1/third_party/terraform/website/docs/r/sql_user.html.markdown +++ b/mmv1/third_party/terraform/website/docs/r/sql_user.html.markdown @@ -12,7 +12,7 @@ Creates a new Google SQL User on a Google SQL User Instance. For more informatio [Read more about sensitive data in state](https://www.terraform.io/language/state/sensitive-data). Passwords will not be retrieved when running "terraform import". --> **Note:** Write-Only argument `password_wo` is available to use in place of `password`. Write-Only argumentss are supported in HashiCorp Terraform 1.11.0 and later. [Learn more](https://developer.hashicorp.com/terraform/language/resources/ephemeral#write-only-arguments). +-> **Note:** Write-Only argument `password_wo` is available to use in place of `password`. Write-Only arguments are supported in HashiCorp Terraform 1.11.0 and later. [Learn more](https://developer.hashicorp.com/terraform/language/resources/ephemeral#write-only-arguments). ## Example Usage