-- https://dev.mysql.com/doc/refman/8.0/en/create-user.html

/* CREATE USER [IF NOT EXISTS]
    user [auth_option] [, user [auth_option]] ...
    DEFAULT ROLE role [, role ] ...
    [REQUIRE {NONE | tls_option [[AND] tls_option] ...}]
    [WITH resource_option [resource_option] ...]
    [password_option | lock_option] ...
    [COMMENT 'comment_string' | ATTRIBUTE 'json_object']

user:
    (see Section 6.2.4, “Specifying Account Names”)

auth_option: {
    IDENTIFIED BY 'auth_string' [AND 2fa_auth_option]
  | IDENTIFIED BY RANDOM PASSWORD [AND 2fa_auth_option]
  | IDENTIFIED WITH auth_plugin [AND 2fa_auth_option]
  | IDENTIFIED WITH auth_plugin BY 'auth_string' [AND 2fa_auth_option]
  | IDENTIFIED WITH auth_plugin BY RANDOM PASSWORD [AND 2fa_auth_option]
  | IDENTIFIED WITH auth_plugin AS 'auth_string' [AND 2fa_auth_option]
  | IDENTIFIED WITH auth_plugin [initial_auth_option]
}

2fa_auth_option: {
    IDENTIFIED BY 'auth_string' [AND 3fa_auth_option]
  | IDENTIFIED BY RANDOM PASSWORD [AND 3fa_auth_option]
  | IDENTIFIED WITH auth_plugin [AND 3fa_auth_option]
  | IDENTIFIED WITH auth_plugin BY 'auth_string' [AND 3fa_auth_option]
  | IDENTIFIED WITH auth_plugin BY RANDOM PASSWORD [AND 3fa_auth_option]
  | IDENTIFIED WITH auth_plugin AS 'auth_string' [AND 3fa_auth_option]
}

3fa_auth_option: {
    IDENTIFIED BY 'auth_string'
  | IDENTIFIED BY RANDOM PASSWORD
  | IDENTIFIED WITH auth_plugin
  | IDENTIFIED WITH auth_plugin BY 'auth_string'
  | IDENTIFIED WITH auth_plugin BY RANDOM PASSWORD
  | IDENTIFIED WITH auth_plugin AS 'auth_string'
}

initial_auth_option: {
    INITIAL AUTHENTICATION IDENTIFIED BY {RANDOM PASSWORD | 'auth_string'}
  | INITIAL AUTHENTICATION IDENTIFIED WITH auth_plugin AS 'auth_string'
}

tls_option: {
   SSL
 | X509
 | CIPHER 'cipher'
 | ISSUER 'issuer'
 | SUBJECT 'subject'
}

resource_option: {
    MAX_QUERIES_PER_HOUR count
  | MAX_UPDATES_PER_HOUR count
  | MAX_CONNECTIONS_PER_HOUR count
  | MAX_USER_CONNECTIONS count
}

password_option: {
    PASSWORD EXPIRE [DEFAULT | NEVER | INTERVAL N DAY]
  | PASSWORD HISTORY {DEFAULT | N}
  | PASSWORD REUSE INTERVAL {DEFAULT | N DAY}
  | PASSWORD REQUIRE CURRENT [DEFAULT | OPTIONAL]
  | FAILED_LOGIN_ATTEMPTS N
  | PASSWORD_LOCK_TIME {N | UNBOUNDED}
}

lock_option: {
    ACCOUNT LOCK
  | ACCOUNT UNLOCK
} */


CREATE USER IF NOT EXISTS USER() IDENTIFIED BY 'auth_string' AND IDENTIFIED BY RANDOM PASSWORD AND IDENTIFIED WITH 'auth_plugin' DEFAULT ROLE 'developer';
CREATE USER IF NOT EXISTS 'user' IDENTIFIED BY 'auth_string' AND IDENTIFIED BY RANDOM PASSWORD AND IDENTIFIED WITH 'auth_plugin' DEFAULT ROLE 'developer';
CREATE USER IF NOT EXISTS 'user' IDENTIFIED WITH 'auth_plugin' BY 'auth_string' AND IDENTIFIED WITH 'auth_plugin' BY RANDOM PASSWORD AND IDENTIFIED WITH auth_plugin AS 'auth_string' DEFAULT ROLE 'developer';
CREATE USER IF NOT EXISTS 'user' IDENTIFIED WITH 'auth_plugin' BY 'auth_string' AND IDENTIFIED WITH 'auth_plugin' BY RANDOM PASSWORD AND IDENTIFIED WITH auth_plugin AS 'auth_string',  USER() IDENTIFIED WITH 'auth_plugin' BY 'auth_string' AND IDENTIFIED WITH 'auth_plugin' BY RANDOM PASSWORD DEFAULT ROLE 'developer';
CREATE USER IF NOT EXISTS 'user' IDENTIFIED WITH 'auth_plugin' BY 'auth_string' AND IDENTIFIED WITH 'auth_plugin' BY RANDOM PASSWORD AND IDENTIFIED WITH auth_plugin AS 'auth_string',  USER() DEFAULT ROLE 'developer';
CREATE USER IF NOT EXISTS 'user' IDENTIFIED WITH 'auth_plugin' BY 'auth_string' AND IDENTIFIED WITH 'auth_plugin' BY RANDOM PASSWORD DEFAULT ROLE 'developer';
CREATE USER IF NOT EXISTS 'user' IDENTIFIED WITH 'auth_plugin' BY 'auth_string' AND IDENTIFIED WITH auth_plugin AS 'auth_string' DEFAULT ROLE 'developer';
CREATE USER IF NOT EXISTS 'user' IDENTIFIED WITH auth_plugin AS 'auth_string' DEFAULT ROLE 'developer';
CREATE USER IF NOT EXISTS 'user' IDENTIFIED WITH auth_plugin AS 'auth_string' DEFAULT ROLE 'developer';
CREATE USER 'user' DEFAULT ROLE 'developer';

CREATE USER USER() IDENTIFIED WITH 'auth_plugin' INITIAL AUTHENTICATION IDENTIFIED BY RANDOM PASSWORD DEFAULT ROLE 'developer';
CREATE USER 'user' IDENTIFIED WITH 'auth_plugin' INITIAL AUTHENTICATION IDENTIFIED BY 'auth_string' DEFAULT ROLE 'developer';

CREATE USER 'user' IDENTIFIED WITH 'auth_plugin' INITIAL AUTHENTICATION IDENTIFIED BY 'auth_string' DEFAULT ROLE 'developer' REQUIRE NONE;
CREATE USER 'user' IDENTIFIED WITH 'auth_plugin' INITIAL AUTHENTICATION IDENTIFIED BY 'auth_string' DEFAULT ROLE 'developer' REQUIRE SUBJECT 'subject' AND CIPHER 'cipher';
CREATE USER 'user' IDENTIFIED WITH 'auth_plugin' INITIAL AUTHENTICATION IDENTIFIED BY 'auth_string' DEFAULT ROLE 'developer' REQUIRE SSL AND X509 AND ISSUER 'issuer';
CREATE USER 'user' IDENTIFIED WITH 'auth_plugin' INITIAL AUTHENTICATION IDENTIFIED BY 'auth_string' DEFAULT ROLE 'developer' REQUIRE SSL AND X509 AND ISSUER 'issuer' WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 100 MAX_USER_CONNECTIONS 4;
CREATE USER 'user' IDENTIFIED WITH 'auth_plugin' INITIAL AUTHENTICATION IDENTIFIED BY 'auth_string' DEFAULT ROLE 'developer' REQUIRE SSL AND X509 AND ISSUER 'issuer' WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 100 MAX_USER_CONNECTIONS 4 PASSWORD EXPIRE DEFAULT;
CREATE USER 'user' IDENTIFIED WITH 'auth_plugin' INITIAL AUTHENTICATION IDENTIFIED BY 'auth_string' DEFAULT ROLE 'developer' REQUIRE SSL AND X509 AND ISSUER 'issuer' WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 100 MAX_USER_CONNECTIONS 4 PASSWORD EXPIRE NEVER;
CREATE USER 'user' IDENTIFIED WITH 'auth_plugin' INITIAL AUTHENTICATION IDENTIFIED BY 'auth_string' DEFAULT ROLE 'developer' REQUIRE SSL AND X509 AND ISSUER 'issuer' WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 100 MAX_USER_CONNECTIONS 4 PASSWORD EXPIRE INTERVAL 5 DAY;
CREATE USER 'user' IDENTIFIED WITH 'auth_plugin' INITIAL AUTHENTICATION IDENTIFIED BY 'auth_string' DEFAULT ROLE 'developer' REQUIRE SSL AND X509 AND ISSUER 'issuer' WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 100 MAX_USER_CONNECTIONS 4 PASSWORD HISTORY DEFAULT;
CREATE USER 'user' IDENTIFIED WITH 'auth_plugin' INITIAL AUTHENTICATION IDENTIFIED BY 'auth_string' DEFAULT ROLE 'developer' REQUIRE SSL AND X509 AND ISSUER 'issuer' WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 100 MAX_USER_CONNECTIONS 4 PASSWORD HISTORY 5;
CREATE USER 'user' IDENTIFIED WITH 'auth_plugin' INITIAL AUTHENTICATION IDENTIFIED BY 'auth_string' DEFAULT ROLE 'developer' REQUIRE SSL AND X509 AND ISSUER 'issuer' WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 100 MAX_USER_CONNECTIONS 4 PASSWORD REUSE INTERVAL DEFAULT;
CREATE USER 'user' IDENTIFIED WITH 'auth_plugin' INITIAL AUTHENTICATION IDENTIFIED BY 'auth_string' DEFAULT ROLE 'developer' REQUIRE SSL AND X509 AND ISSUER 'issuer' WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 100 MAX_USER_CONNECTIONS 4 PASSWORD REUSE INTERVAL 5 DAY;
CREATE USER 'user' IDENTIFIED WITH 'auth_plugin' INITIAL AUTHENTICATION IDENTIFIED BY 'auth_string' DEFAULT ROLE 'developer' REQUIRE SSL AND X509 AND ISSUER 'issuer' WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 100 MAX_USER_CONNECTIONS 4 PASSWORD REQUIRE CURRENT DEFAULT;
CREATE USER 'user' IDENTIFIED WITH 'auth_plugin' INITIAL AUTHENTICATION IDENTIFIED BY 'auth_string' DEFAULT ROLE 'developer' REQUIRE SSL AND X509 AND ISSUER 'issuer' WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 100 MAX_USER_CONNECTIONS 4 PASSWORD REQUIRE CURRENT OPTIONAL;
CREATE USER 'user' IDENTIFIED WITH 'auth_plugin' INITIAL AUTHENTICATION IDENTIFIED BY 'auth_string' DEFAULT ROLE 'developer' REQUIRE SSL AND X509 AND ISSUER 'issuer' WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 100 MAX_USER_CONNECTIONS 4 FAILED_LOGIN_ATTEMPTS 5;
CREATE USER 'user' IDENTIFIED WITH 'auth_plugin' INITIAL AUTHENTICATION IDENTIFIED BY 'auth_string' DEFAULT ROLE 'developer' REQUIRE SSL AND X509 AND ISSUER 'issuer' WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 100 MAX_USER_CONNECTIONS 4 PASSWORD_LOCK_TIME 5;
CREATE USER 'user' IDENTIFIED WITH 'auth_plugin' INITIAL AUTHENTICATION IDENTIFIED BY 'auth_string' DEFAULT ROLE 'developer' REQUIRE SSL AND X509 AND ISSUER 'issuer' WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 100 MAX_USER_CONNECTIONS 4 PASSWORD_LOCK_TIME UNBOUNDED;
CREATE USER 'user' IDENTIFIED WITH 'auth_plugin' INITIAL AUTHENTICATION IDENTIFIED BY 'auth_string' DEFAULT ROLE 'developer' REQUIRE SSL AND X509 AND ISSUER 'issuer' WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 100 MAX_USER_CONNECTIONS 4 ACCOUNT LOCK;
CREATE USER 'user' IDENTIFIED WITH 'auth_plugin' INITIAL AUTHENTICATION IDENTIFIED BY 'auth_string' DEFAULT ROLE 'developer' REQUIRE SSL AND X509 AND ISSUER 'issuer' WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 100 MAX_USER_CONNECTIONS 4 ACCOUNT UNLOCK;

CREATE USER 'user' IDENTIFIED WITH 'auth_plugin' INITIAL AUTHENTICATION IDENTIFIED BY 'auth_string' DEFAULT ROLE 'developer' REQUIRE SSL AND X509 AND ISSUER 'issuer' WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 100 MAX_USER_CONNECTIONS 4 COMMENT 'comment_string';
CREATE USER 'user' IDENTIFIED WITH 'auth_plugin' INITIAL AUTHENTICATION IDENTIFIED BY 'auth_string' DEFAULT ROLE 'developer' REQUIRE SSL AND X509 AND ISSUER 'issuer' WITH MAX_QUERIES_PER_HOUR 1 MAX_UPDATES_PER_HOUR 2 MAX_CONNECTIONS_PER_HOUR 100 MAX_USER_CONNECTIONS 4 ATTRIBUTE 'comment_string';

CREATE USER 'user' IDENTIFIED BY PASSWORD 'auth_string';