Skip to content

sql_user: improve docs for password_wo argument #15382

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

sql_user: improve docs for password_wo argument #15382

Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
e764a8f
improve docs for write-only in sql_user resource page
BBBmau Oct 14, 2025
a4015f3
more improvements
BBBmau Oct 14, 2025
22d616b
typo
BBBmau Oct 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 11 additions & 12 deletions mmv1/third_party/terraform/website/docs/r/sql_user.html.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ Creates a new Google SQL User on a Google SQL User Instance. For more informatio
[Read more about sensitive data in state](https://www.terraform.io/language/state/sensitive-data). Passwords will not be retrieved when running
"terraform import".

-> **Note:** Write-Only argument `password_wo` is available to use in place of `password`. Write-Only argumentss are supported in HashiCorp Terraform 1.11.0 and later. [Learn more](https://developer.hashicorp.com/terraform/language/resources/ephemeral#write-only-arguments).
Copy link
Contributor

@ramonvermeulen ramonvermeulen Oct 14, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NIT, for the rest LGTM!

Suggested change
-> **Note:** Write-Only argument `password_wo` is available to use in place of `password`. Write-Only argumentss are supported in HashiCorp Terraform 1.11.0 and later. [Learn more](https://developer.hashicorp.com/terraform/language/resources/ephemeral#write-only-arguments).
-> **Note:** Write-Only argument `password_wo` is available to use in place of `password`. Write-Only arguments are supported in HashiCorp Terraform 1.11.0 and later. [Learn more](https://developer.hashicorp.com/terraform/language/resources/ephemeral#write-only-arguments).


## Example Usage

Example creating a SQL User.
Expand Down Expand Up @@ -117,6 +119,15 @@ The following arguments are supported:
or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER
and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance.

* `password_wo` - (Optional, write-only) The password for the user. Can be updated. For Postgres
instances this is a Required field, unless type is set to either CLOUD_IAM_USER
or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER
and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance.

* ~> **Note:** One of `value` or `value_wo` can only be set.

* `password_wo_version` - (Optional) An integer value used to trigger an update for `password_wo`. This property should be incremented when updating `password_wo`. For more info see [updating write-only attributes](/docs/providers/google/guides/using_write_only_attributes.html#updating-write-only-attributes).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe this should also be a doc on: updating write only arguments?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* `password_wo_version` - (Optional) An integer value used to trigger an update for `password_wo`. This property should be incremented when updating `password_wo`. For more info see [updating write-only attributes](/docs/providers/google/guides/using_write_only_attributes.html#updating-write-only-attributes).
* `password_wo_version` - (Optional) An integer value used to trigger an update for `password_wo`. This property should be incremented when updating `password_wo`. For more info see [updating write-only arguments](/docs/providers/google/guides/using_write_only_attributes.html#updating-write-only-attributes).


* `type` - (Optional) The user type. It determines the method to authenticate the
user during login. The default is the database's built-in user type. Flags
include "BUILT_IN", "CLOUD_IAM_USER", "CLOUD_IAM_SERVICE_ACCOUNT", "CLOUD_IAM_GROUP",
Expand All @@ -130,8 +141,6 @@ The following arguments are supported:

Possible values are: `ABANDON`.

* `password_wo_version` - (Optional) The version of the password_wo. For more info see [updating write-only attributes](/docs/providers/google/guides/using_write_only_attributes.html#updating-write-only-attributes).

- - -

* `host` - (Optional) The host the user can connect from. This is only supported
Expand All @@ -157,16 +166,6 @@ The read only `password_policy.status` subblock supports:

* `password_expiration_time` - (read only) Password expiration duration with one week grace period.

## Ephemeral Attributes Reference

The following write-only attributes are supported:

* `password_wo` - (Optional) The password for the user. Can be updated. For Postgres
instances this is a Required field, unless type is set to either CLOUD_IAM_USER
or CLOUD_IAM_SERVICE_ACCOUNT. Don't set this field for CLOUD_IAM_USER
and CLOUD_IAM_SERVICE_ACCOUNT user types for any Cloud SQL instance.
**Note**: This property is write-only and will not be read from the API.

## Attributes Reference

Only the arguments listed above are exposed as attributes.
Expand Down
Loading