chore: update for Bytebase 3.11 compatibility

docs/data-sources/iam_policy.md

@@ -50,7 +50,6 @@ Optional:
 
 - `database` (String) The accessible database full name in instances/{instance resource id}/databases/{database name} format
 - `expire_timestamp` (String) The expiration timestamp in YYYY-MM-DDThh:mm:ssZ format
-- `row_limit` (Number) The export row limit for exporter role
 - `schema` (String) The accessible schema in the database
 - `tables` (Set of String) The accessible table list
 

docs/data-sources/policy.md

@@ -23,7 +23,6 @@ The policy data source.
 ### Optional
 
 - `data_source_query_policy` (Block List, Max: 1) Restrict querying admin data sources (see [below for nested schema](#nestedblock--data_source_query_policy))
-- `disable_copy_data_policy` (Block List, Max: 1) Restrict data copying in SQL Editor (Admins/DBAs allowed) (see [below for nested schema](#nestedblock--disable_copy_data_policy))
 - `global_masking_policy` (Block List, Max: 1) (see [below for nested schema](#nestedblock--global_masking_policy))
 - `masking_exception_policy` (Block List, Max: 1) (see [below for nested schema](#nestedblock--masking_exception_policy))
 - `query_data_policy` (Block List, Max: 1) The policy for query data (see [below for nested schema](#nestedblock--query_data_policy))
@@ -46,14 +45,6 @@ Optional:
 - `restriction` (String) RESTRICTION_UNSPECIFIED means no restriction; FALLBACK will allows to query admin data sources when there is no read-only data source; DISALLOW will always disallow to query admin data sources.
 
 
-<a id="nestedblock--disable_copy_data_policy"></a>
-### Nested Schema for `disable_copy_data_policy`
-
-Required:
-
-- `enable` (Boolean) Restrict data copying
-
-
 <a id="nestedblock--global_masking_policy"></a>
 ### Nested Schema for `global_masking_policy`
 
@@ -108,6 +99,7 @@ Optional:
 
 Required:
 
+- `disable_copy_data` (Boolean) Disable copying data in the SQL editor
 - `disable_export` (Boolean) Disable export data in the SQL editor
 
 Optional:

docs/data-sources/policy_list.md

@@ -30,7 +30,6 @@ The policy data source list.
 Read-Only:
 
 - `data_source_query_policy` (List of Object) (see [below for nested schema](#nestedobjatt--policies--data_source_query_policy))
-- `disable_copy_data_policy` (List of Object) (see [below for nested schema](#nestedobjatt--policies--disable_copy_data_policy))
 - `enforce` (Boolean)
 - `global_masking_policy` (List of Object) (see [below for nested schema](#nestedobjatt--policies--global_masking_policy))
 - `inherit_from_parent` (Boolean)
@@ -50,14 +49,6 @@ Read-Only:
 - `restriction` (String)
 
 
-<a id="nestedobjatt--policies--disable_copy_data_policy"></a>
-### Nested Schema for `policies.disable_copy_data_policy`
-
-Read-Only:
-
-- `enable` (Boolean)
-
-
 <a id="nestedobjatt--policies--global_masking_policy"></a>
 ### Nested Schema for `policies.global_masking_policy`
 
@@ -106,6 +97,7 @@ Read-Only:
 
 Read-Only:
 
+- `disable_copy_data` (Boolean)
 - `disable_export` (Boolean)
 - `maximum_result_rows` (Number)
 - `maximum_result_size` (Number)

docs/resources/iam_policy.md

@@ -50,7 +50,6 @@ Optional:
 
 - `database` (String) The accessible database full name in instances/{instance resource id}/databases/{database name} format
 - `expire_timestamp` (String) The expiration timestamp in YYYY-MM-DDThh:mm:ssZ format
-- `row_limit` (Number) The export row limit for exporter role
 - `schema` (String) The accessible schema in the database
 - `tables` (Set of String) The accessible table list
 

docs/resources/policy.md

@@ -23,7 +23,6 @@ The policy resource.
 ### Optional
 
 - `data_source_query_policy` (Block List, Max: 1) Restrict querying admin data sources (see [below for nested schema](#nestedblock--data_source_query_policy))
-- `disable_copy_data_policy` (Block List, Max: 1) Restrict data copying in SQL Editor (Admins/DBAs allowed) (see [below for nested schema](#nestedblock--disable_copy_data_policy))
 - `enforce` (Boolean) Decide if the policy is enforced.
 - `global_masking_policy` (Block List, Max: 1) (see [below for nested schema](#nestedblock--global_masking_policy))
 - `inherit_from_parent` (Boolean) Decide if the policy should inherit from the parent.
@@ -46,14 +45,6 @@ Optional:
 - `restriction` (String) RESTRICTION_UNSPECIFIED means no restriction; FALLBACK will allows to query admin data sources when there is no read-only data source; DISALLOW will always disallow to query admin data sources.
 
 
-<a id="nestedblock--disable_copy_data_policy"></a>
-### Nested Schema for `disable_copy_data_policy`
-
-Required:
-
-- `enable` (Boolean) Restrict data copying
-
-
 <a id="nestedblock--global_masking_policy"></a>
 ### Nested Schema for `global_masking_policy`
 
@@ -108,6 +99,7 @@ Optional:
 
 Required:
 
+- `disable_copy_data` (Boolean) Disable copying data in the SQL editor
 - `disable_export` (Boolean) Disable export data in the SQL editor
 
 Optional:

examples/database_group/main.tf

@@ -36,7 +36,7 @@ resource "bytebase_database_group" "databases_in_test" {
   resource_id = "databases-in-test"
   project     = data.bytebase_project.sample_project.name
   title       = "Databases in test env"
-  condition   = "resource.environment_name == \"test\""
+  condition   = "resource.environment_id == \"test\""
 }
 
 data "bytebase_database_group" "databases_in_test" {

examples/setup/database_group.tf

@@ -4,5 +4,5 @@ resource "bytebase_database_group" "databases_in_test" {
   resource_id = "databases-in-test"
   project     = bytebase_project.sample_project.name
   title       = "Databases in test env"
-  condition   = "resource.environment_name == \"test\""
+  condition   = "resource.environment_id == \"test\""
 }

examples/setup/environment.tf

@@ -51,13 +51,13 @@ resource "bytebase_policy" "rollout_policy" {
   }
 }
 
-resource "bytebase_policy" "disable_copy_data_policy" {
+resource "bytebase_policy" "env_query_data_policy" {
   depends_on = [bytebase_setting.environments]
   parent     = bytebase_setting.environments.environment_setting[0].environment[0].name
-  type       = "DISABLE_COPY_DATA"
+  type       = "DATA_QUERY"
 
-  disable_copy_data_policy {
-    enable = false
+  query_data_policy {
+    disable_copy_data = true
   }
 }
 

examples/setup/iam.tf

@@ -80,7 +80,6 @@ resource "bytebase_iam_policy" "project_iam" {
       condition {
         database         = "instances/test-sample-instance/databases/employee"
         tables           = ["dept_emp", "dept_manager"]
-        row_limit        = 10000
         expire_timestamp = "2027-03-09T16:17:49Z"
       }
     }

go.mod

@@ -5,17 +5,17 @@ go 1.24.4
 toolchain go1.24.5
 
 require (
-	buf.build/gen/go/bytebase/bytebase/connectrpc/go v1.18.1-20250908030532-58bfc338601e.1
-	buf.build/gen/go/bytebase/bytebase/protocolbuffers/go v1.36.8-20250908030532-58bfc338601e.1
-	connectrpc.com/connect v1.18.1
+	buf.build/gen/go/bytebase/bytebase/connectrpc/go v1.19.1-20251010010834-1aa0c6de76e4.1
+	buf.build/gen/go/bytebase/bytebase/protocolbuffers/go v1.36.10-20251010010834-1aa0c6de76e4.1
+	connectrpc.com/connect v1.19.1
 	github.com/hashicorp/go-cty v1.5.0
 	github.com/hashicorp/terraform-plugin-docs v0.13.0
 	github.com/hashicorp/terraform-plugin-log v0.9.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.37.0
 	github.com/pkg/errors v0.9.1
 	google.golang.org/genproto v0.0.0-20250528174236-200df99c418a
 	google.golang.org/genproto/googleapis/api v0.0.0-20250603155806-513f23925822
-	google.golang.org/protobuf v1.36.8
+	google.golang.org/protobuf v1.36.10
 )
 
 require (

go.sum

@@ -1,9 +1,15 @@
 buf.build/gen/go/bytebase/bytebase/connectrpc/go v1.18.1-20250908030532-58bfc338601e.1 h1:FQEei3tpJ+OjhAAfLOTzqm+XaFboZI+UpWbXEiQJ1m4=
 buf.build/gen/go/bytebase/bytebase/connectrpc/go v1.18.1-20250908030532-58bfc338601e.1/go.mod h1:/jFGXncqA/NGlTsADOmP7o1PaKo05HUP64uWe4g7UZg=
+buf.build/gen/go/bytebase/bytebase/connectrpc/go v1.19.1-20251010010834-1aa0c6de76e4.1 h1:WNQflXc5jqg/LZikcsJxwVFfJMB0i1O7olWXgBZ/DVM=
+buf.build/gen/go/bytebase/bytebase/connectrpc/go v1.19.1-20251010010834-1aa0c6de76e4.1/go.mod h1:EhBo6m8asi2++hICIxqtAJdmw8SGYXdxZxPpytC1xUw=
 buf.build/gen/go/bytebase/bytebase/protocolbuffers/go v1.36.8-20250908030532-58bfc338601e.1 h1:9VCImLW8Zda6Tay+4zoS85Y8RwX94/x5XlZeeyQHZ38=
 buf.build/gen/go/bytebase/bytebase/protocolbuffers/go v1.36.8-20250908030532-58bfc338601e.1/go.mod h1:dwdKUX0jGgJ7OJe024SNHvANb1TKuBzIrZOzL/3Njtk=
+buf.build/gen/go/bytebase/bytebase/protocolbuffers/go v1.36.10-20251010010834-1aa0c6de76e4.1 h1:LKV7Q1GToSWI0IFvWxfw5Ul8AyiR8ItAzq1cKbEGP8U=
+buf.build/gen/go/bytebase/bytebase/protocolbuffers/go v1.36.10-20251010010834-1aa0c6de76e4.1/go.mod h1:hCjM3DsxzHQGb3QEnCNYrln9ZgB16AZLOVfRJZRKC0E=
 connectrpc.com/connect v1.18.1 h1:PAg7CjSAGvscaf6YZKUefjoih5Z/qYkyaTrBW8xvYPw=
 connectrpc.com/connect v1.18.1/go.mod h1:0292hj1rnx8oFrStN7cB4jjVBeqs+Yx5yDIC2prWDO8=
+connectrpc.com/connect v1.19.1 h1:R5M57z05+90EfEvCY1b7hBxDVOUl45PrtXtAV2fOC14=
+connectrpc.com/connect v1.19.1/go.mod h1:tN20fjdGlewnSFeZxLKb0xwIZ6ozc3OQs2hTXy4du9w=
 dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
 dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
 github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
@@ -296,6 +302,8 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.36.8 h1:xHScyCOEuuwZEc6UtSOvPbAT4zRh0xcNRYekJwfqyMc=
 google.golang.org/protobuf v1.36.8/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU=
+google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
+google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=

provider/data_source_iam_policy.go

@@ -3,12 +3,10 @@ package provider
 import (
 	"context"
 	"fmt"
-	"strconv"
 	"strings"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
-	"github.com/pkg/errors"
 
 	v1pb "buf.build/gen/go/bytebase/bytebase/protocolbuffers/go/v1"
 
@@ -113,12 +111,6 @@ func getIAMBindingSchema(computed bool) *schema.Schema {
 								Set:         schema.HashString,
 								Description: "The accessible table list",
 							},
-							"row_limit": {
-								Type:        schema.TypeInt,
-								Computed:    computed,
-								Optional:    true,
-								Description: "The export row limit for exporter role",
-							},
 							"expire_timestamp": {
 								Type:        schema.TypeString,
 								Computed:    computed,
@@ -204,13 +196,6 @@ func flattenIAMPolicy(p *v1pb.IamPolicy) ([]interface{}, error) {
 					}
 					rawCondition["tables"] = schema.NewSet(schema.HashString, rawTableList)
 				}
-				if strings.HasPrefix(expression, `request.row_limit <= `) {
-					i, err := strconv.Atoi(strings.TrimPrefix(expression, `request.row_limit <= `))
-					if err != nil {
-						return nil, errors.Errorf("cannot convert %s to int with error: %s", expression, err.Error())
-					}
-					rawCondition["row_limit"] = i
-				}
 				if strings.HasPrefix(expression, "request.time < ") {
 					rawCondition["expire_timestamp"] = strings.TrimSuffix(
 						strings.TrimPrefix(expression, `request.time < timestamp("`),

provider/data_source_policy.go

@@ -44,7 +44,6 @@ func dataSourcePolicy() *schema.Resource {
 				ValidateFunc: validation.StringInSlice([]string{
 					v1pb.PolicyType_MASKING_EXCEPTION.String(),
 					v1pb.PolicyType_MASKING_RULE.String(),
-					v1pb.PolicyType_DISABLE_COPY_DATA.String(),
 					v1pb.PolicyType_DATA_SOURCE_QUERY.String(),
 					v1pb.PolicyType_ROLLOUT_POLICY.String(),
 					v1pb.PolicyType_DATA_QUERY.String(),
@@ -68,7 +67,6 @@ func dataSourcePolicy() *schema.Resource {
 			},
 			"masking_exception_policy": getMaskingExceptionPolicySchema(true),
 			"global_masking_policy":    getGlobalMaskingPolicySchema(true),
-			"disable_copy_data_policy": getDisableCopyDataPolicySchema(true),
 			"data_source_query_policy": getDataSourceQueryPolicySchema(true),
 			"rollout_policy":           getRolloutPolicySchema(true),
 			"query_data_policy":        getDataQueryPolicySchema(true),
@@ -250,9 +248,14 @@ func getDataQueryPolicySchema(computed bool) *schema.Schema {
 				},
 				"disable_export": {
 					Type:        schema.TypeBool,
-					Required:    true,
+					Optional:    true,
 					Description: "Disable export data in the SQL editor",
 				},
+				"disable_copy_data": {
+					Type:        schema.TypeBool,
+					Optional:    true,
+					Description: "Disable copying data in the SQL editor",
+				},
 				"timeout_in_seconds": {
 					Type:        schema.TypeInt,
 					Optional:    true,
@@ -263,27 +266,6 @@ func getDataQueryPolicySchema(computed bool) *schema.Schema {
 	}
 }
 
-func getDisableCopyDataPolicySchema(computed bool) *schema.Schema {
-	return &schema.Schema{
-		Computed:    computed,
-		Optional:    true,
-		Default:     nil,
-		Type:        schema.TypeList,
-		MinItems:    0,
-		MaxItems:    1,
-		Description: "Restrict data copying in SQL Editor (Admins/DBAs allowed)",
-		Elem: &schema.Resource{
-			Schema: map[string]*schema.Schema{
-				"enable": {
-					Type:        schema.TypeBool,
-					Required:    true,
-					Description: "Restrict data copying",
-				},
-			},
-		},
-	}
-}
-
 func getDataSourceQueryPolicySchema(computed bool) *schema.Schema {
 	return &schema.Schema{
 		Computed:    computed,
@@ -415,11 +397,6 @@ func flattenPolicyPayload(policy *v1pb.Policy) (string, interface{}, diag.Diagno
 			}
 			return "global_masking_policy", maskingPolicy, nil
 		}
-	case v1pb.PolicyType_DISABLE_COPY_DATA:
-		if p := policy.GetDisableCopyDataPolicy(); p != nil {
-			disableCopyDataPolicy := flattenDisableCopyDataPolicy(p)
-			return "disable_copy_data_policy", disableCopyDataPolicy, nil
-		}
 	case v1pb.PolicyType_DATA_SOURCE_QUERY:
 		if p := policy.GetDataSourceQueryPolicy(); p != nil {
 			dataSourceQueryPolicy := flattenDataSourceQueryPolicy(p)
@@ -443,7 +420,6 @@ func flattenPolicyPayload(policy *v1pb.Policy) (string, interface{}, diag.Diagno
 func flattenRolloutPolicy(p *v1pb.RolloutPolicy) []interface{} {
 	roles := []string{}
 	roles = append(roles, p.Roles...)
-	roles = append(roles, p.IssueRoles...)
 	policy := map[string]interface{}{
 		"automatic": p.Automatic,
 		"roles":     roles,
@@ -460,18 +436,12 @@ func flattenDataSourceQueryPolicy(p *v1pb.DataSourceQueryPolicy) []interface{} {
 	return []interface{}{policy}
 }
 
-func flattenDisableCopyDataPolicy(p *v1pb.DisableCopyDataPolicy) []interface{} {
-	policy := map[string]interface{}{
-		"enable": p.Active,
-	}
-	return []interface{}{policy}
-}
-
 func flattenQueryDataPolicy(p *v1pb.QueryDataPolicy) []interface{} {
 	policy := map[string]interface{}{
 		"maximum_result_size": int(p.MaximumResultSize),
 		"maximum_result_rows": int(p.MaximumResultRows),
 		"disable_export":      p.DisableExport,
+		"disable_copy_data":   p.DisableCopyData,
 		"timeout_in_seconds":  int(p.Timeout.Seconds),
 	}
 	return []interface{}{policy}

provider/data_source_policy_list.go

@@ -65,7 +65,6 @@ func dataSourcePolicyList() *schema.Resource {
 						},
 						"masking_exception_policy": getMaskingExceptionPolicySchema(true),
 						"global_masking_policy":    getGlobalMaskingPolicySchema(true),
-						"disable_copy_data_policy": getDisableCopyDataPolicySchema(true),
 						"data_source_query_policy": getDataSourceQueryPolicySchema(true),
 						"rollout_policy":           getRolloutPolicySchema(true),
 						"query_data_policy":        getDataQueryPolicySchema(true),

provider/internal/mock_client.go

@@ -1070,9 +1070,6 @@ func (c *mockClient) UpdateDatabaseGroup(_ context.Context, group *v1pb.Database
 	if slices.Contains(updateMasks, "matched_databases") {
 		existed.MatchedDatabases = group.MatchedDatabases
 	}
-	if slices.Contains(updateMasks, "unmatched_databases") {
-		existed.UnmatchedDatabases = group.UnmatchedDatabases
-	}
 
 	c.databaseGroupMap[group.Name] = existed
 	return existed, nil

provider/resource_iam_policy.go

@@ -143,9 +143,6 @@ func convertToV1Condition(rawSchema interface{}) (*expr.Expr, error) {
 		}
 		expressions = append(expressions, fmt.Sprintf(`resource.table_name in [%s]`, strings.Join(tableList, ",")))
 	}
-	if rowLimit, ok := rawCondition["row_limit"].(int); ok && rowLimit > 0 {
-		expressions = append(expressions, fmt.Sprintf(`request.row_limit <= %d`, rowLimit))
-	}
 	if expire, ok := rawCondition["expire_timestamp"].(string); ok && expire != "" {
 		formattedTime, err := time.Parse(time.RFC3339, expire)
 		if err != nil {