This tutorial is part of the Bytebase Terraform Provider series:

What You’ll Learn

  • Configure SQL review rules for schema standards
  • Enforce naming conventions and structural requirements
  • Apply different severity levels (ERROR, WARNING)
  • Target specific environments with review policies

Prerequisites

Before starting this tutorial, ensure you have:

Setup

From the previous tutorials, you should have:
  • Bytebase workspaces and projects configured
  • Environments (Test and Prod) set up
  • Workspace settings and approval flows configured

Configure SQL Review Rules

SQL Review rules automatically validate SQL statements against predefined standards, ensuring code quality and schema consistency before changes enter the approval workflow.
Terraform resourcebytebase_review_config
Sample file5-sql-review.tf

Step 1 - Create Review Configuration

The examples below show some SQL Review rules. For a complete list of available rules and their configurations, see the above terraform provider resource documentation.
Create 5-sql-review.tf with the SQL review configuration:
5-sql-review.tf
# SQL review configuration for production environment
resource "bytebase_review_config" "sample" {
  depends_on = [
    bytebase_setting.environments
  ]

  resource_id = "review-config-sample"
  title       = "Sample SQL Review Config"
  enabled     = true

  # Apply to production environment only
  resources = toset([
    bytebase_setting.environments.environment_setting[0].environment[1].name
  ])

  # Rule 1: Warn about nullable columns
  rules {
    type   = "column.no-null"
    engine = "POSTGRES"
    level  = "WARNING"
  }

  # Rule 2: Require specific columns
  rules {
    type    = "column.required"
    engine  = "POSTGRES"
    level   = "ERROR"
    payload = "{\"list\":[\"id\",\"created_ts\",\"updated_ts\",\"creator_id\",\"updater_id\"]}"
  }

  # Rule 3: Tables must have primary key
  rules {
    type   = "table.require-pk"
    engine = "POSTGRES"
    level  = "ERROR"
  }

  # Rule 4: Column naming convention
  rules {
    type    = "naming.column"
    engine  = "POSTGRES"
    level   = "ERROR"
    payload = "{\"format\":\"^[a-z]+(_[a-z]+)*$\",\"maxLength\":64}"
  }

  # Rule 5: Limit maximum rows in SELECT
  rules {
    type    = "statement.maximum-limit-value"
    engine  = "POSTGRES"
    level   = "ERROR"
    payload = "{\"number\":1000}"
  }
}

Step 2 - Apply Configuration

terraform plan
terraform apply

Step 3 - Verify in Bytebase

  1. Go to CI/CD > SQL Review on the left sidebar, you should see Sample SQL Review Config listed. Note that it’s applied to the Prod environment. sql-review-list
  2. Click on it to view the configured rules. sql-review-pg

Understanding SQL Review Rules

SQL Review rules are categorized by what they validate:

1. Column Rules

  • column.no-null: Warns about nullable columns to encourage data integrity
  • column.required: Enforces required columns (id, timestamps, audit fields) for consistency

2. Table Rules

  • table.require-pk: Ensures every table has a primary key for data integrity and performance

3. Naming Rules

  • naming.column: Enforces lowercase snake_case column names for consistency across your schema

4. Statement Rules

  • statement.maximum-limit-value: Prevents SELECT queries without proper limits to avoid performance issues

Step 4 - Test SQL Review

Create a test SQL statement to see the review in action:
  1. Go to Project Two, and click Database > Databases on the left sidebar.
  2. Check hr_prod and click Edit Schema.
  3. Try creating a table that violates the rules: 
    -- This will trigger multiple violations
CREATE TABLE BadExample (
    FirstName VARCHAR(50),  -- Violates naming convention
    LastName VARCHAR(50)    -- Missing required columns, no primary key
);
    Expected violations:
    • ❌ Column naming convention (should be first_name)
    • ❌ Missing required columns (id, created_ts, etc.)
    • ❌ No primary key defined
    sql-review-violations
  4. Even if you continue to create an issue, it will still show red SQL Review. issue-sql-review-errors
  5. Try a compliant table: 
    -- This follows all rules
CREATE TABLE good_example (
    id SERIAL PRIMARY KEY,
    first_name VARCHAR(50) NOT NULL,
    last_name VARCHAR(50) NOT NULL,
    created_ts TIMESTAMP NOT NULL DEFAULT NOW(),
    updated_ts TIMESTAMP NOT NULL DEFAULT NOW(),
    creator_id INTEGER NOT NULL,
    updater_id INTEGER NOT NULL
);
    Expected result:
    • ✅ All required rules pass
    issue-sql-review-pass

Advanced Configuration

Targeting Multiple Environments

To apply rules to multiple environments: 
resources = toset([
  bytebase_setting.environments.environment_setting[0].environment[0].name,
  bytebase_setting.environments.environment_setting[0].environment[1].name
])

Engine-Specific Rules

Different rules for different database engines: 
# MySQL-specific rule
rules {
  type   = "table.require-pk"
  engine = "MYSQL"
  level  = "ERROR"
}

# PostgreSQL-specific rule
rules {
  type   = "table.require-pk"
  engine = "POSTGRES"
  level  = "ERROR"
}

Key Points

  • Rule Levels:
    • ERROR: Blocks the SQL statement from being executed
    • WARNING: Allows execution but notifies users of potential issues
  • Engine Specific: Rules can target specific database engines (PostgreSQL, MySQL, etc.)
  • Environment Scoped: Apply different rules to test vs. production environments
  • Payload Format: Complex rules use JSON payloads for configuration (e.g., regex patterns, lists)
  • Best Practice: Start with WARNING level rules and gradually move to ERROR as teams adapt

Part 6: Manage Users and Groups with Terraform