NAME

gcloud alpha sql users set-password-policy - replaces a user's password policy in a given instance

SYNOPSIS

gcloud alpha sql users set-password-policy USERNAME --instance=INSTANCE, -i INSTANCE [--async] [--clear-password-policy] [--host=HOST] [--password-policy-allowed-failed-attempts=PASSWORD_POLICY_ALLOWED_FAILED_ATTEMPTS] [--[no-]password-policy-enable-failed-attempts-check] [--[no-]password-policy-enable-password-verification] [--password-policy-password-expiration-duration=PASSWORD_POLICY_PASSWORD_EXPIRATION_DURATION] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION

(ALPHA) Replaces a user's password policy in a given instance with a specified username and host.

EXAMPLES

To replace the password policy with 2 minutes password expiration time for my-user in instance prod-instance, run:

$ gcloud alpha sql users set-password-policy my-user \ --instance=prod-instance \ --password-policy-password-expiration-duration=2m

To clear the existing password policy of my-user in instance prod-instance, run:

$ gcloud alpha sql users set-password-policy my-user \ --instance=prod-instance --clear-password-policy

POSITIONAL ARGUMENTS

USERNAME

Cloud SQL username.

REQUIRED FLAGS

--instance=INSTANCE, -i INSTANCE

Cloud SQL instance ID.

OPTIONAL FLAGS

--async

Return immediately, without waiting for the operation in progress to complete.

--clear-password-policy

Clear the existing password policy. This flag is only available for Postgres.

--host=HOST

Cloud SQL user's hostname expressed as a specific IP address or address range. % denotes an unrestricted hostname. Applicable flag for MySQL instances; ignored for all other engines. Note, if you connect to your instance using IP addresses, you must add your client IP address as an authorized address, even if your hostname is unrestricted. For more information, see Configure IP https://cloud.google.com/sql/docs/mysql/configure-ip.

--password-policy-allowed-failed-attempts=PASSWORD_POLICY_ALLOWED_FAILED_ATTEMPTS

Number of failed login attempts allowed before a user is locked out. This flag is available only for MySQL.

--[no-]password-policy-enable-failed-attempts-check

Enables the failed login attempts check if set to true. This flag is available only for MySQL. Use --password-policy-enable-failed-attempts-check to enable and --no-password-policy-enable-failed-attempts-check to disable.

--[no-]password-policy-enable-password-verification

The current password must be specified when altering the password. This flag is available only for MySQL. Use --password-policy-enable-password-verification to enable and --no-password-policy-enable-password-verification to disable.

--password-policy-password-expiration-duration=PASSWORD_POLICY_PASSWORD_EXPIRATION_DURATION

Expiration duration after a password is updated, for example, 2d for 2 days. See gcloud topic datetimes for information on duration formats. This flag is available only for MySQL.

GCLOUD WIDE FLAGS

These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES

This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. These variants are also available:

$ gcloud sql users set-password-policy

$ gcloud beta sql users set-password-policy