bytebase · ecmadao · Oct 10, 2025 · Oct 10, 2025 · Oct 10, 2025 · Oct 10, 2025
diff --git a/README.md b/README.md
@@ -17,7 +17,7 @@ using Terraform Bytebase Provider to prepare those instances ready for applicati
 
 - [Go](https://golang.org/doc/install) (1.19 or later)
 - [Terraform](https://developer.hashicorp.com/terraform/downloads?product_intent=terraform) (1.3.5 or later)
-- [Bytebase](https://github.com/bytebase/bytebase) (3.10.0 or later)
+- [Bytebase](https://github.com/bytebase/bytebase) (3.11.1 or later)
 
 > If you have problems running `terraform` in MacOS with Apple Silicon, you can following https://stackoverflow.com/questions/66281882/how-can-i-get-terraform-init-to-run-on-my-apple-silicon-macbook-pro-for-the-go and use the `tfenv`.
 

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-3.11.0
+3.11.1
diff --git a/docs/data-sources/iam_policy.md b/docs/data-sources/iam_policy.md
@@ -50,7 +50,6 @@ Optional:
 
 - `database` (String) The accessible database full name in instances/{instance resource id}/databases/{database name} format
 - `expire_timestamp` (String) The expiration timestamp in YYYY-MM-DDThh:mm:ssZ format
-- `row_limit` (Number) The export row limit for exporter role
 - `schema` (String) The accessible schema in the database
 - `tables` (Set of String) The accessible table list
 

diff --git a/docs/data-sources/policy.md b/docs/data-sources/policy.md
@@ -23,7 +23,6 @@ The policy data source.
 ### Optional
 
 - `data_source_query_policy` (Block List, Max: 1) Restrict querying admin data sources (see [below for nested schema](#nestedblock--data_source_query_policy))
-- `disable_copy_data_policy` (Block List, Max: 1) Restrict data copying in SQL Editor (Admins/DBAs allowed) (see [below for nested schema](#nestedblock--disable_copy_data_policy))
 - `global_masking_policy` (Block List, Max: 1) (see [below for nested schema](#nestedblock--global_masking_policy))
 - `masking_exception_policy` (Block List, Max: 1) (see [below for nested schema](#nestedblock--masking_exception_policy))
 - `query_data_policy` (Block List, Max: 1) The policy for query data (see [below for nested schema](#nestedblock--query_data_policy))
@@ -46,14 +45,6 @@ Optional:
 - `restriction` (String) RESTRICTION_UNSPECIFIED means no restriction; FALLBACK will allows to query admin data sources when there is no read-only data source; DISALLOW will always disallow to query admin data sources.
 
 
-<a id="nestedblock--disable_copy_data_policy"></a>
-### Nested Schema for `disable_copy_data_policy`
-
-Required:
-
-- `enable` (Boolean) Restrict data copying
-
-
 <a id="nestedblock--global_masking_policy"></a>
 ### Nested Schema for `global_masking_policy`
 
@@ -106,12 +97,10 @@ Optional:
 <a id="nestedblock--query_data_policy"></a>
 ### Nested Schema for `query_data_policy`
 
-Required:
-
-- `disable_export` (Boolean) Disable export data in the SQL editor
-
 Optional:
 
+- `disable_copy_data` (Boolean) Disable copying data in the SQL editor
+- `disable_export` (Boolean) Disable export data in the SQL editor
 - `maximum_result_rows` (Number) The return rows limit. If the value <= 0, will be treated as no limit. The default value is -1.
 - `maximum_result_size` (Number) The size limit in bytes. The default value is 100MB, we will use the default value if the limit <= 0.
 - `timeout_in_seconds` (Number) The maximum time allowed for a query to run in SQL Editor. No limit when the value <= 0

diff --git a/docs/data-sources/policy_list.md b/docs/data-sources/policy_list.md
@@ -30,7 +30,6 @@ The policy data source list.
 Read-Only:
 
 - `data_source_query_policy` (List of Object) (see [below for nested schema](#nestedobjatt--policies--data_source_query_policy))
-- `disable_copy_data_policy` (List of Object) (see [below for nested schema](#nestedobjatt--policies--disable_copy_data_policy))
 - `enforce` (Boolean)
 - `global_masking_policy` (List of Object) (see [below for nested schema](#nestedobjatt--policies--global_masking_policy))
 - `inherit_from_parent` (Boolean)
@@ -50,14 +49,6 @@ Read-Only:
 - `restriction` (String)
 
 
-<a id="nestedobjatt--policies--disable_copy_data_policy"></a>
-### Nested Schema for `policies.disable_copy_data_policy`
-
-Read-Only:
-
-- `enable` (Boolean)
-
-
 <a id="nestedobjatt--policies--global_masking_policy"></a>
 ### Nested Schema for `policies.global_masking_policy`
 
@@ -106,6 +97,7 @@ Read-Only:
 
 Read-Only:
 
+- `disable_copy_data` (Boolean)
 - `disable_export` (Boolean)
 - `maximum_result_rows` (Number)
 - `maximum_result_size` (Number)

diff --git a/docs/data-sources/setting.md b/docs/data-sources/setting.md
@@ -214,17 +214,9 @@ Read-Only:
 Read-Only:
 
 - `description` (String)
-- `steps` (List of Object) (see [below for nested schema](#nestedobjatt--approval_flow--rules--flow--steps))
+- `roles` (List of String)
 - `title` (String)
 
-<a id="nestedobjatt--approval_flow--rules--flow--steps"></a>
-### Nested Schema for `approval_flow.rules.flow.title`
-
-Read-Only:
-
-- `role` (String)
-
-
 
 
 

diff --git a/docs/resources/iam_policy.md b/docs/resources/iam_policy.md
@@ -50,7 +50,6 @@ Optional:
 
 - `database` (String) The accessible database full name in instances/{instance resource id}/databases/{database name} format
 - `expire_timestamp` (String) The expiration timestamp in YYYY-MM-DDThh:mm:ssZ format
-- `row_limit` (Number) The export row limit for exporter role
 - `schema` (String) The accessible schema in the database
 - `tables` (Set of String) The accessible table list
 

diff --git a/docs/resources/policy.md b/docs/resources/policy.md
@@ -23,7 +23,6 @@ The policy resource.
 ### Optional
 
 - `data_source_query_policy` (Block List, Max: 1) Restrict querying admin data sources (see [below for nested schema](#nestedblock--data_source_query_policy))
-- `disable_copy_data_policy` (Block List, Max: 1) Restrict data copying in SQL Editor (Admins/DBAs allowed) (see [below for nested schema](#nestedblock--disable_copy_data_policy))
 - `enforce` (Boolean) Decide if the policy is enforced.
 - `global_masking_policy` (Block List, Max: 1) (see [below for nested schema](#nestedblock--global_masking_policy))
 - `inherit_from_parent` (Boolean) Decide if the policy should inherit from the parent.
@@ -46,14 +45,6 @@ Optional:
 - `restriction` (String) RESTRICTION_UNSPECIFIED means no restriction; FALLBACK will allows to query admin data sources when there is no read-only data source; DISALLOW will always disallow to query admin data sources.
 
 
-<a id="nestedblock--disable_copy_data_policy"></a>
-### Nested Schema for `disable_copy_data_policy`
-
-Required:
-
-- `enable` (Boolean) Restrict data copying
-
-
 <a id="nestedblock--global_masking_policy"></a>
 ### Nested Schema for `global_masking_policy`
 
@@ -106,12 +97,10 @@ Optional:
 <a id="nestedblock--query_data_policy"></a>
 ### Nested Schema for `query_data_policy`
 
-Required:
-
-- `disable_export` (Boolean) Disable export data in the SQL editor
-
 Optional:
 
+- `disable_copy_data` (Boolean) Disable copying data in the SQL editor
+- `disable_export` (Boolean) Disable export data in the SQL editor
 - `maximum_result_rows` (Number) The return rows limit. If the value <= 0, will be treated as no limit. The default value is -1.
 - `maximum_result_size` (Number) The size limit in bytes. The default value is 100MB, we will use the default value if the limit <= 0.
 - `timeout_in_seconds` (Number) The maximum time allowed for a query to run in SQL Editor. No limit when the value <= 0

diff --git a/docs/resources/risk.md b/docs/resources/risk.md
@@ -18,7 +18,7 @@ The risk resource. Require ENTERPRISE subscription. Check the docs https://www.b
 ### Required
 
 - `condition` (String) The risk condition. Check the proto message https://github.com/bytebase/bytebase/blob/main/proto/v1/v1/risk_service.proto#L210 for details.
-- `level` (Number) The risk level, should be 300, 200 or 100. Higher number means higher level.
+- `level` (String) The risk level. Check https://github.com/bytebase/bytebase/blob/fd87c6bfe8a0d4883f25eb480a3b05ed3c2e1727/proto/v1/v1/common.proto#L93 for details
 - `source` (String) The risk source. Check https://github.com/bytebase/bytebase/blob/main/proto/v1/v1/risk_service.proto#L138 for details
 - `title` (String) The risk title.
 

diff --git a/docs/resources/setting.md b/docs/resources/setting.md
@@ -55,21 +55,13 @@ Optional:
 
 Required:
 
-- `steps` (Block List, Min: 1) Approval flow following the step order. (see [below for nested schema](#nestedblock--approval_flow--rules--flow--steps))
+- `roles` (List of String) The role require to review in this step
 - `title` (String)
 
 Optional:
 
 - `description` (String)
 
-<a id="nestedblock--approval_flow--rules--flow--steps"></a>
-### Nested Schema for `approval_flow.rules.flow.steps`
-
-Required:
-
-- `role` (String) The role require to review in this step
-
-
 
 <a id="nestedblock--approval_flow--rules--conditions"></a>
 ### Nested Schema for `approval_flow.rules.conditions`

diff --git a/examples/database/main.tf b/examples/database/main.tf
@@ -2,7 +2,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "3.10.0"
+      version = "3.11.1"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }

diff --git a/examples/database_group/main.tf b/examples/database_group/main.tf
@@ -1,7 +1,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "3.10.0"
+      version = "3.11.1"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }
@@ -36,7 +36,7 @@ resource "bytebase_database_group" "databases_in_test" {
   resource_id = "databases-in-test"
   project     = data.bytebase_project.sample_project.name
   title       = "Databases in test env"
-  condition   = "resource.environment_name == \"test\""
+  condition   = "resource.environment_id == \"test\""
 }
 
 data "bytebase_database_group" "databases_in_test" {

diff --git a/examples/environments/main.tf b/examples/environments/main.tf
@@ -1,7 +1,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "3.10.0"
+      version = "3.11.1"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }

diff --git a/examples/groups/main.tf b/examples/groups/main.tf
@@ -1,7 +1,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "3.10.0"
+      version = "3.11.1"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }

diff --git a/examples/iamPolicy/main.tf b/examples/iamPolicy/main.tf
@@ -1,7 +1,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "3.10.0"
+      version = "3.11.1"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }

diff --git a/examples/instances/main.tf b/examples/instances/main.tf
@@ -2,7 +2,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "3.10.0"
+      version = "3.11.1"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }

diff --git a/examples/policies/main.tf b/examples/policies/main.tf
@@ -1,7 +1,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "3.10.0"
+      version = "3.11.1"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }

diff --git a/examples/projects/main.tf b/examples/projects/main.tf
@@ -2,7 +2,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "3.10.0"
+      version = "3.11.1"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }

diff --git a/examples/risk/main.tf b/examples/risk/main.tf
@@ -1,7 +1,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "3.10.0"
+      version = "3.11.1"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }

diff --git a/examples/roles/main.tf b/examples/roles/main.tf
@@ -1,7 +1,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "3.10.0"
+      version = "3.11.1"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }

diff --git a/examples/settings/main.tf b/examples/settings/main.tf
@@ -1,7 +1,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "3.10.0"
+      version = "3.11.1"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }

diff --git a/examples/setup/approval_flow.tf b/examples/setup/approval_flow.tf
@@ -7,17 +7,11 @@ resource "bytebase_setting" "approval_flow" {
         description = "Need DBA and workspace admin approval"
 
         # Approval flow following the step order.
-        steps {
-          role = "roles/projectOwner"
-        }
-
-        steps {
-          role = "roles/workspaceDBA"
-        }
-
-        steps {
-          role = "roles/workspaceAdmin"
-        }
+        roles = [
+          "roles/projectOwner",
+          "roles/workspaceDBA",
+          "roles/workspaceAdmin"
+        ]
       }
 
       # Match any condition will trigger this approval flow.

diff --git a/examples/setup/database_group.tf b/examples/setup/database_group.tf
@@ -4,5 +4,5 @@ resource "bytebase_database_group" "databases_in_test" {
   resource_id = "databases-in-test"
   project     = bytebase_project.sample_project.name
   title       = "Databases in test env"
-  condition   = "resource.environment_name == \"test\""
+  condition   = "resource.environment_id == \"test\""
 }
diff --git a/examples/setup/environment.tf b/examples/setup/environment.tf
@@ -51,13 +51,13 @@ resource "bytebase_policy" "rollout_policy" {
   }
 }
 
-resource "bytebase_policy" "disable_copy_data_policy" {
+resource "bytebase_policy" "env_query_data_policy" {
   depends_on = [bytebase_setting.environments]
   parent     = bytebase_setting.environments.environment_setting[0].environment[0].name
-  type       = "DISABLE_COPY_DATA"
+  type       = "DATA_QUERY"
 
-  disable_copy_data_policy {
-    enable = false
+  query_data_policy {
+    disable_copy_data = true
   }
 }
 

diff --git a/examples/setup/iam.tf b/examples/setup/iam.tf
@@ -80,7 +80,6 @@ resource "bytebase_iam_policy" "project_iam" {
       condition {
         database         = "instances/test-sample-instance/databases/employee"
         tables           = ["dept_emp", "dept_manager"]
-        row_limit        = 10000
         expire_timestamp = "2027-03-09T16:17:49Z"
       }
     }

diff --git a/examples/setup/main.tf b/examples/setup/main.tf
@@ -1,7 +1,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "3.10.0"
+      version = "3.11.1"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }

diff --git a/examples/setup/risk.tf b/examples/setup/risk.tf
@@ -1,7 +1,7 @@
 resource "bytebase_risk" "risk" {
   title     = "Risk for prod environment"
   source    = "DML"
-  level     = 300
+  level     = "HIGH"
   active    = true
   condition = "resource.environment_id == \"prod\" && statement.affected_rows >= 100"
 }
diff --git a/examples/sql_review/main.tf b/examples/sql_review/main.tf
@@ -1,7 +1,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "3.10.0"
+      version = "3.11.1"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }

diff --git a/examples/users/main.tf b/examples/users/main.tf
@@ -2,7 +2,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "3.10.0"
+      version = "3.11.1"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }