chore: optimize instance resource (#98)

* chore: optimize instance resource

* chore: update docs

* chore: update docs

* fix: lint

VERSION

@@ -1 +1 @@
-1.0.18
+1.0.19

api/client.go

@@ -56,7 +56,7 @@ type Client interface {
 	// GetDatabase gets the database by instance resource id and the database name.
 	GetDatabase(ctx context.Context, databaseName string) (*v1pb.Database, error)
 	// ListDatabase list the databases.
-	ListDatabase(ctx context.Context, instanceID, filter string) ([]*v1pb.Database, error)
+	ListDatabase(ctx context.Context, instanceID, filter string, listAll bool) ([]*v1pb.Database, error)
 	// UpdateDatabase patches the database.
 	UpdateDatabase(ctx context.Context, patch *v1pb.Database, updateMasks []string) (*v1pb.Database, error)
 	// BatchUpdateDatabases batch updates databases.

api/setting.go

@@ -8,8 +8,6 @@ const (
 	SettingWorkspaceApproval SettingName = "bb.workspace.approval"
 	// SettingWorkspaceProfile is the setting name for workspace profile settings.
 	SettingWorkspaceProfile SettingName = "bb.workspace.profile"
-	// SettingWorkspaceExternalApproval is the setting name for workspace external approval config.
-	SettingWorkspaceExternalApproval SettingName = "bb.workspace.approval.external"
 	// SettingDataClassification is the setting name for data classification.
 	SettingDataClassification SettingName = "bb.workspace.data-classification"
 	// SettingSemanticTypes is the setting name for semantic types.

client/database.go

@@ -29,7 +29,7 @@ func (c *client) GetDatabase(ctx context.Context, databaseName string) (*v1pb.Da
 }
 
 // ListDatabase list all databases.
-func (c *client) ListDatabase(ctx context.Context, parent, filter string) ([]*v1pb.Database, error) {
+func (c *client) ListDatabase(ctx context.Context, parent, filter string, listAll bool) ([]*v1pb.Database, error) {
 	res := []*v1pb.Database{}
 	pageToken := ""
 	startTime := time.Now()
@@ -47,7 +47,7 @@ func (c *client) ListDatabase(ctx context.Context, parent, filter string) ([]*v1
 		})
 
 		pageToken = resp.NextPageToken
-		if pageToken == "" {
+		if pageToken == "" || !listAll {
 			break
 		}
 	}

docs/data-sources/instance.md

@@ -19,8 +19,13 @@ The instance data source.
 
 - `resource_id` (String) The instance unique resource id.
 
+### Optional
+
+- `list_all_databases` (Boolean) List all databases in this instance. If false, will only list 500 databases.
+
 ### Read-Only
 
+- `activation` (Boolean) Whether assign license for this instance or not.
 - `data_sources` (Set of Object) (see [below for nested schema](#nestedatt--data_sources))
 - `databases` (Set of String) The databases full name in the resource.
 - `engine` (String) The instance engine. Support MYSQL, POSTGRES, TIDB, SNOWFLAKE, CLICKHOUSE, MONGODB, SQLITE, REDIS, ORACLE, SPANNER, MSSQL, REDSHIFT, MARIADB, OCEANBASE.
@@ -39,6 +44,7 @@ The instance data source.
 Read-Only:
 
 - `database` (String)
+- `external_secret` (List of Object) (see [below for nested schema](#nestedobjatt--data_sources--external_secret))
 - `host` (String)
 - `id` (String)
 - `password` (String)
@@ -49,4 +55,51 @@ Read-Only:
 - `type` (String)
 - `username` (String)
 
+<a id="nestedobjatt--data_sources--external_secret"></a>
+### Nested Schema for `data_sources.external_secret`
+
+Read-Only:
+
+- `aws_secrets_manager` (List of Object) (see [below for nested schema](#nestedobjatt--data_sources--external_secret--aws_secrets_manager))
+- `gcp_secret_manager` (List of Object) (see [below for nested schema](#nestedobjatt--data_sources--external_secret--gcp_secret_manager))
+- `vault` (List of Object) (see [below for nested schema](#nestedobjatt--data_sources--external_secret--vault))
+
+<a id="nestedobjatt--data_sources--external_secret--aws_secrets_manager"></a>
+### Nested Schema for `data_sources.external_secret.aws_secrets_manager`
+
+Read-Only:
+
+- `password_key_name` (String)
+- `secret_name` (String)
+
+
+<a id="nestedobjatt--data_sources--external_secret--gcp_secret_manager"></a>
+### Nested Schema for `data_sources.external_secret.gcp_secret_manager`
+
+Read-Only:
+
+- `secret_name` (String)
+
+
+<a id="nestedobjatt--data_sources--external_secret--vault"></a>
+### Nested Schema for `data_sources.external_secret.vault`
+
+Read-Only:
+
+- `app_role` (List of Object) (see [below for nested schema](#nestedobjatt--data_sources--external_secret--vault--app_role))
+- `engine_name` (String)
+- `password_key_name` (String)
+- `secret_name` (String)
+- `token` (String)
+- `url` (String)
+
+<a id="nestedobjatt--data_sources--external_secret--vault--app_role"></a>
+### Nested Schema for `data_sources.external_secret.vault.url`
+
+Read-Only:
+
+- `role_id` (String)
+- `secret` (String)
+- `secret_type` (String)
+
 

docs/data-sources/instance_list.md

@@ -29,8 +29,8 @@ The instance data source list.
 
 Read-Only:
 
+- `activation` (Boolean)
 - `data_sources` (Set of Object) (see [below for nested schema](#nestedobjatt--instances--data_sources))
-- `databases` (Set of String)
 - `engine` (String)
 - `engine_version` (String)
 - `environment` (String)
@@ -47,6 +47,7 @@ Read-Only:
 Read-Only:
 
 - `database` (String)
+- `external_secret` (List of Object) (see [below for nested schema](#nestedobjatt--instances--data_sources--external_secret))
 - `host` (String)
 - `id` (String)
 - `password` (String)
@@ -57,4 +58,51 @@ Read-Only:
 - `type` (String)
 - `username` (String)
 
+<a id="nestedobjatt--instances--data_sources--external_secret"></a>
+### Nested Schema for `instances.data_sources.external_secret`
+
+Read-Only:
+
+- `aws_secrets_manager` (List of Object) (see [below for nested schema](#nestedobjatt--instances--data_sources--external_secret--aws_secrets_manager))
+- `gcp_secret_manager` (List of Object) (see [below for nested schema](#nestedobjatt--instances--data_sources--external_secret--gcp_secret_manager))
+- `vault` (List of Object) (see [below for nested schema](#nestedobjatt--instances--data_sources--external_secret--vault))
+
+<a id="nestedobjatt--instances--data_sources--external_secret--aws_secrets_manager"></a>
+### Nested Schema for `instances.data_sources.external_secret.vault`
+
+Read-Only:
+
+- `password_key_name` (String)
+- `secret_name` (String)
+
+
+<a id="nestedobjatt--instances--data_sources--external_secret--gcp_secret_manager"></a>
+### Nested Schema for `instances.data_sources.external_secret.vault`
+
+Read-Only:
+
+- `secret_name` (String)
+
+
+<a id="nestedobjatt--instances--data_sources--external_secret--vault"></a>
+### Nested Schema for `instances.data_sources.external_secret.vault`
+
+Read-Only:
+
+- `app_role` (List of Object) (see [below for nested schema](#nestedobjatt--instances--data_sources--external_secret--vault--app_role))
+- `engine_name` (String)
+- `password_key_name` (String)
+- `secret_name` (String)
+- `token` (String)
+- `url` (String)
+
+<a id="nestedobjatt--instances--data_sources--external_secret--vault--app_role"></a>
+### Nested Schema for `instances.data_sources.external_secret.vault.app_role`
+
+Read-Only:
+
+- `role_id` (String)
+- `secret` (String)
+- `secret_type` (String)
+
 

docs/data-sources/setting.md

@@ -28,7 +28,6 @@ The setting data source.
 ### Read-Only
 
 - `approval_flow` (Block List) Configure risk level and approval flow for different tasks. Require ENTERPRISE subscription. (see [below for nested schema](#nestedblock--approval_flow))
-- `external_approval_nodes` (Block List) Configure external nodes in the approval flow. Require ENTERPRISE subscription. (see [below for nested schema](#nestedblock--external_approval_nodes))
 - `id` (String) The ID of this resource.
 
 <a id="nestedblock--classification"></a>
@@ -186,23 +185,3 @@ Read-Only:
 - `type` (String)
 
 
-
-
-
-<a id="nestedblock--external_approval_nodes"></a>
-### Nested Schema for `external_approval_nodes`
-
-Read-Only:
-
-- `nodes` (Set of Object) (see [below for nested schema](#nestedatt--external_approval_nodes--nodes))
-
-<a id="nestedatt--external_approval_nodes--nodes"></a>
-### Nested Schema for `external_approval_nodes.nodes`
-
-Read-Only:
-
-- `endpoint` (String)
-- `id` (String)
-- `title` (String)
-
-

docs/resources/instance.md

@@ -25,7 +25,9 @@ The instance resource.
 
 ### Optional
 
+- `activation` (Boolean) Whether assign license for this instance or not.
 - `external_link` (String) The external console URL managing this instance (e.g. AWS RDS console, your in-house DB instance console)
+- `list_all_databases` (Boolean) List all databases in this instance. If false, will only list 500 databases.
 - `maximum_connections` (Number) The maximum number of connections.
 - `sync_interval` (Number) How often the instance is synced in seconds. Default 0, means never sync.
 
@@ -44,15 +46,66 @@ Required:
 - `host` (String) Host or socket for your instance, or the account name if the instance type is Snowflake.
 - `id` (String) The unique data source id in this instance.
 - `port` (String) The port for your instance.
-- `type` (String) The data source type. Should be ADMIN or RO.
+- `type` (String) The data source type. Should be ADMIN or READ_ONLY.
 
 Optional:
 
 - `database` (String) The database for the instance, you can set this if the engine type is POSTGRES.
+- `external_secret` (Block List, Max: 1) The external secret to get the database password. Learn more: https://www.bytebase.com/docs/get-started/instance/#use-external-secret-manager (see [below for nested schema](#nestedblock--data_sources--external_secret))
 - `password` (String, Sensitive) The connection user password used by Bytebase to perform DDL and DML operations.
 - `ssl_ca` (String, Sensitive) The CA certificate. Optional, you can set this if the engine type is MYSQL, POSTGRES, TIDB or CLICKHOUSE.
 - `ssl_cert` (String, Sensitive) The client certificate. Optional, you can set this if the engine type is MYSQL, POSTGRES, TIDB or CLICKHOUSE.
 - `ssl_key` (String, Sensitive) The client key. Optional, you can set this if the engine type is MYSQL, POSTGRES, TIDB or CLICKHOUSE.
 - `username` (String) The connection user name used by Bytebase to perform DDL and DML operations.
 
+<a id="nestedblock--data_sources--external_secret"></a>
+### Nested Schema for `data_sources.external_secret`
+
+Optional:
+
+- `aws_secrets_manager` (Block List, Max: 1) The AWS Secrets Manager to get the database password. Reference doc https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html (see [below for nested schema](#nestedblock--data_sources--external_secret--aws_secrets_manager))
+- `gcp_secret_manager` (Block List, Max: 1) The GCP Secret Manager to get the database password. Reference doc https://cloud.google.com/secret-manager/docs (see [below for nested schema](#nestedblock--data_sources--external_secret--gcp_secret_manager))
+- `vault` (Block List, Max: 1) The Valut to get the database password. Reference doc https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2 (see [below for nested schema](#nestedblock--data_sources--external_secret--vault))
+
+<a id="nestedblock--data_sources--external_secret--aws_secrets_manager"></a>
+### Nested Schema for `data_sources.external_secret.aws_secrets_manager`
+
+Required:
+
+- `password_key_name` (String) The key name for the password.
+- `secret_name` (String) The secret name to store the password.
+
+
+<a id="nestedblock--data_sources--external_secret--gcp_secret_manager"></a>
+### Nested Schema for `data_sources.external_secret.gcp_secret_manager`
+
+Required:
+
+- `secret_name` (String) The secret name should be like "projects/{project-id}/secrets/{secret-id}".
+
+
+<a id="nestedblock--data_sources--external_secret--vault"></a>
+### Nested Schema for `data_sources.external_secret.vault`
+
+Required:
+
+- `engine_name` (String) The name for secret engine.
+- `password_key_name` (String) The key name for the password.
+- `secret_name` (String) The secret name in the engine to store the password.
+- `url` (String) The Vault URL.
+
+Optional:
+
+- `app_role` (Block List, Max: 1) The Vault app role to get the password. (see [below for nested schema](#nestedblock--data_sources--external_secret--vault--app_role))
+- `token` (String, Sensitive) The root token without TTL. Learn more: https://developer.hashicorp.com/vault/docs/commands/operator/generate-root
+
+<a id="nestedblock--data_sources--external_secret--vault--app_role"></a>
+### Nested Schema for `data_sources.external_secret.vault.app_role`
+
+Required:
+
+- `role_id` (String, Sensitive) The app role id.
+- `secret` (String, Sensitive) The secret id for the role without ttl.
+- `secret_type` (String) The secret id type, can be PLAIN (plain text for the secret) or ENVIRONMENT (envirionment name for the secret).
+
 

docs/resources/setting.md

@@ -23,7 +23,6 @@ The setting resource.
 
 - `approval_flow` (Block List) Configure risk level and approval flow for different tasks. Require ENTERPRISE subscription. (see [below for nested schema](#nestedblock--approval_flow))
 - `classification` (Block List, Max: 1) Classification for data masking. Require ENTERPRISE subscription. (see [below for nested schema](#nestedblock--classification))
-- `external_approval_nodes` (Block List) Configure external nodes in the approval flow. Require ENTERPRISE subscription. (see [below for nested schema](#nestedblock--external_approval_nodes))
 - `semantic_types` (Block Set) Semantic types for data masking. Require ENTERPRISE subscription. (see [below for nested schema](#nestedblock--semantic_types))
 - `workspace_profile` (Block List, Max: 1) (see [below for nested schema](#nestedblock--workspace_profile))
 
@@ -119,24 +118,6 @@ Optional:
 
 
 
-<a id="nestedblock--external_approval_nodes"></a>
-### Nested Schema for `external_approval_nodes`
-
-Required:
-
-- `nodes` (Block Set, Min: 1) (see [below for nested schema](#nestedblock--external_approval_nodes--nodes))
-
-<a id="nestedblock--external_approval_nodes--nodes"></a>
-### Nested Schema for `external_approval_nodes.nodes`
-
-Required:
-
-- `endpoint` (String) The endpoint URL to receive the approval message. Learn more: https://www.bytebase.com/docs/api/external-approval
-- `id` (String) The unique external node id.
-- `title` (String) The external node title.
-
-
-
 <a id="nestedblock--semantic_types"></a>
 ### Nested Schema for `semantic_types`
 

examples/environments/main.tf

@@ -2,7 +2,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "1.0.18"
+      version = "1.0.19"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }

examples/groups/main.tf

@@ -1,7 +1,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "1.0.18"
+      version = "1.0.19"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }

examples/instances/main.tf

@@ -2,7 +2,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "1.0.18"
+      version = "1.0.19"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }
@@ -32,15 +32,17 @@ output "all_instances" {
 
 # Find a specific instance by name
 data "bytebase_instance" "test" {
-  resource_id = local.instance_id_test
+  resource_id        = local.instance_id_test
+  list_all_databases = true
 }
 
 output "test_instance" {
   value = data.bytebase_instance.test
 }
 
 data "bytebase_instance" "prod" {
-  resource_id = local.instance_id_prod
+  resource_id        = local.instance_id_prod
+  list_all_databases = false
 }
 
 output "prod_instance" {

examples/policies/main.tf

@@ -1,7 +1,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "1.0.18"
+      version = "1.0.19"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }

examples/projects/main.tf

@@ -2,7 +2,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "1.0.18"
+      version = "1.0.19"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }