docs: sync Terraform tutorial series to provider 3.17.1#1076
Open
adela-bytebase wants to merge 2 commits intomainfrom
Open
docs: sync Terraform tutorial series to provider 3.17.1#1076adela-bytebase wants to merge 2 commits intomainfrom
adela-bytebase wants to merge 2 commits intomainfrom
Conversation
Fix schema drift across all 8 parts of the Bytebase Terraform Provider tutorial series after months of provider evolution. - Part 1: bump provider version 3.8.6 -> 3.17.1; unify DISABLE_COPY_DATA + DATA_SOURCE_QUERY into DATA_QUERY / query_data_policy; remove non-existent checkers block from rollout_policy - Part 3: remove removed fields (auto_enable_backup, allow_modify_statement, auto_resolve_issue); fix notification_types to current Activity enum values (ISSUE_CREATED, ISSUE_APPROVAL_REQUESTED, PIPELINE_COMPLETED) - Part 4: remove non-existent bytebase_risk resource; rewrite approval_flow to current schema (flow.roles list + source + CEL condition) - Part 6: migrate SERVICE_ACCOUNT bytebase_user to bytebase_service_account + bytebase_workload_identity resources; drop removed type field - Part 7: drop parent = "workspaces/-" (fails validation, parent defaults to current workspace); update bindings to serviceAccount: / workloadIdentity: member prefixes - Part 8: rename MASKING_EXCEPTION -> MASKING_EXEMPTION and nested fields; drop deprecated actions field on exemptions; fix classification schema (levels.level as Number, not levels.id); prefix CEL conditions with resource. and use integer comparison for classification_level Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
1 task
Contributor
There was a problem hiding this comment.
Pull request overview
Updates the Bytebase Terraform Provider tutorial series to match provider v3.17.1 by removing/rewriting drifted schema fields and updating example snippets (resources, enums, and CEL attributes).
Changes:
- Update Part 1 environment examples to provider
3.17.1, simplify rollout policy, and migrate data protection policy toDATA_QUERY/query_data_policy. - Update Part 4 general settings to the current approval flow schema (
flow.roles+source+ CELcondition) and remove the non-existent risk resource section. - Update Parts 6–8 tutorials for the new identity model (service accounts + workload identities), IAM member prefixes, and masking exemption/classification schema changes.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| docs/tutorials/manage-users-and-groups-with-terraform.mdx | Introduces bytebase_service_account + bytebase_workload_identity and updates the user-management narrative/snippets. |
| docs/tutorials/manage-projects-with-terraform.mdx | Updates bytebase_project example to current fields and notification enum values. |
| docs/tutorials/manage-general-settings-with-terraform.mdx | Rewrites approval flow section to current schema and removes risk-policy content. |
| docs/tutorials/manage-environments-with-terraform.mdx | Bumps provider version and updates rollout/data policies to current schema. |
| docs/tutorials/manage-database-access-control-with-terraform.mdx | Updates IAM dependencies and member prefixes for service accounts/workload identities. |
| docs/tutorials/manage-data-masking-with-terraform.mdx | Updates classification schema types, CEL conditions, and renames masking exception → exemption. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Contributor
|
Preview deployment for your docs. Learn more about Mintlify Previews.
💡 Tip: Enable Workflows to automatically generate PRs for you. |
- Part 6: clarify bytebase_service_account adopts the Part 1 bootstrap account - Part 7: move tf service account to workspaceAdmin to prevent self-demotion - Part 8: rename 'Masking Exceptions' to 'Masking Exemptions' for consistency
ecmadao
approved these changes
Apr 15, 2026
Contributor
ecmadao
left a comment
ecmadao
left a comment
There was a problem hiding this comment.
There're many duplicate TF examples in different repos, maybe we can consider give a link to the https://github.com/bytebase/terraform-provider-bytebase/tree/main/tutorials?
zchpeter
approved these changes
Apr 15, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fix schema drift across all 8 parts of the Bytebase Terraform Provider tutorial series. The docs were written against older provider versions and several snippets no longer apply against 3.17.1 (invalid resources, removed fields, wrong CEL attribute names).
Changes by part
3.8.6→3.17.1; unifiedDISABLE_COPY_DATA+DATA_SOURCE_QUERYintoDATA_QUERY/query_data_policy; removed the non-existentcheckers { required_issue_approval, required_status_checks { plan_check_enforcement } }blockbytebase_project(auto_enable_backup,allow_modify_statement,auto_resolve_issue); fixednotification_typesto current Activity enum valuesbytebase_riskresource; rewroteapproval_flowto current schema (flow.roles = [list]+source+ CELconditionlike"request.risk >= 100")bytebase_userwithtype = "SERVICE_ACCOUNT"to separatebytebase_service_account+bytebase_workload_identityresources; dropped removedtypefieldparent = "workspaces/-"(fails validation; parent defaults to workspace); updated bindings to useserviceAccount:/workloadIdentity:member prefixesMASKING_EXCEPTION→MASKING_EXEMPTIONand nested fields; dropped deprecatedactions; fixed classification schema (levels.levelas Number, notlevels.id); addedresource.prefix to CEL conditions and fixedclassification_levelinteger comparisonTest plan
./docs/check-links.shpasses🤖 Generated with Claude Code