fix: UpdatePolicy update mask (bytebase#17240)

RainbowDashy · web-flow · commit 73a088dc2162 · 2025-08-21T11:49:09.000+08:00
diff --git a/backend/api/v1/org_policy_service.go b/backend/api/v1/org_policy_service.go
@@ -160,7 +160,19 @@ func (s *OrgPolicyService) UpdatePolicy(ctx context.Context, req *connect.Reques
 		switch path {
 		case "inherit_from_parent":
 			patch.InheritFromParent = &req.Msg.Policy.InheritFromParent
-		case "payload":
+		case
+			"rollout_policy",
+			"disable_copy_data_policy",
+			"masking_rule_policy",
+			"masking_exception_policy",
+			"restrict_issue_creation_for_sql_review_policy",
+			"tag_policy",
+			"data_source_query_policy",
+			"export_data_policy",
+			"query_data_policy":
+			if !pathMatchType(path, policy.Type) {
+				return nil, connect.NewError(connect.CodeInvalidArgument, errors.Errorf("invalid path %s for policy type %s", path, policy.Type.String()))
+			}
 			if err := validatePolicyPayload(policy.Type, req.Msg.Policy); err != nil {
 				return nil, connect.NewError(connect.CodeInvalidArgument, errors.Wrap(err, "invalid policy"))
 			}
@@ -172,6 +184,7 @@ func (s *OrgPolicyService) UpdatePolicy(ctx context.Context, req *connect.Reques
 		case "enforce":
 			patch.Enforce = &req.Msg.Policy.Enforce
 		default:
+			return nil, connect.NewError(connect.CodeInvalidArgument, errors.Errorf("unexpected path %s", path))
 		}
 	}
 
@@ -188,6 +201,31 @@ func (s *OrgPolicyService) UpdatePolicy(ctx context.Context, req *connect.Reques
 	return connect.NewResponse(response), nil
 }
 
+func pathMatchType(path string, policyType storepb.Policy_Type) bool {
+	switch policyType {
+	case storepb.Policy_ROLLOUT:
+		return path == "rollout_policy"
+	case storepb.Policy_DISABLE_COPY_DATA:
+		return path == "disable_copy_data_policy"
+	case storepb.Policy_MASKING_RULE:
+		return path == "masking_rule_policy"
+	case storepb.Policy_MASKING_EXCEPTION:
+		return path == "masking_exception_policy"
+	case storepb.Policy_RESTRICT_ISSUE_CREATION_FOR_SQL_REVIEW:
+		return path == "restrict_issue_creation_for_sql_review_policy"
+	case storepb.Policy_TAG:
+		return path == "tag_policy"
+	case storepb.Policy_DATA_SOURCE_QUERY:
+		return path == "data_source_query_policy"
+	case storepb.Policy_EXPORT_DATA:
+		return path == "export_data_policy"
+	case storepb.Policy_QUERY_DATA:
+		return path == "query_data_policy"
+	default:
+		return false
+	}
+}
+
 // DeletePolicy deletes a policy for a specific resource.
 func (s *OrgPolicyService) DeletePolicy(ctx context.Context, req *connect.Request[v1pb.DeletePolicyRequest]) (*connect.Response[emptypb.Empty], error) {
 	policy, _, err := s.findPolicyMessage(ctx, req.Msg.Name)
diff --git a/frontend/src/store/modules/v1/policy.ts b/frontend/src/store/modules/v1/policy.ts
@@ -185,7 +185,7 @@ export const usePolicyV1Store = defineStore("policy_v1", {
       });
       const request = create(UpdatePolicyRequestSchema, {
         policy: fullPolicy,
-        updateMask: { paths: ["payload"] },
+        updateMask: { paths: getUpdateMaskFromPolicyType(policy.type) },
         allowMissing: true,
       });
       const response =
@@ -201,6 +201,33 @@ export const usePolicyV1Store = defineStore("policy_v1", {
   },
 });
 
+const getUpdateMaskFromPolicyType = (policyType: PolicyType) => {
+  switch (policyType) {
+    case PolicyType.ROLLOUT_POLICY:
+      return [PolicySchema.field.rolloutPolicy.name];
+    case PolicyType.MASKING_EXCEPTION:
+      return [PolicySchema.field.maskingExceptionPolicy.name];
+    case PolicyType.MASKING_RULE:
+      return [PolicySchema.field.maskingRulePolicy.name];
+    case PolicyType.DATA_EXPORT:
+      return [PolicySchema.field.exportDataPolicy.name];
+    case PolicyType.DATA_QUERY:
+      return [PolicySchema.field.queryDataPolicy.name];
+    case PolicyType.DATA_SOURCE_QUERY:
+      return [PolicySchema.field.dataSourceQueryPolicy.name];
+    case PolicyType.DISABLE_COPY_DATA:
+      return [PolicySchema.field.disableCopyDataPolicy.name];
+    case PolicyType.RESTRICT_ISSUE_CREATION_FOR_SQL_REVIEW:
+      return [PolicySchema.field.restrictIssueCreationForSqlReviewPolicy.name];
+    case PolicyType.TAG:
+      return [PolicySchema.field.tagPolicy.name];
+    case PolicyType.POLICY_TYPE_UNSPECIFIED:
+      throw new Error("unexpected POLICY_TYPE_UNSPECIFIED");
+    default:
+      throw new Error(`unknown policyType ${policyType satisfies never}`);
+  }
+};
+
 export const usePolicyListByResourceTypeAndPolicyType = (
   params: MaybeRef<{
     resourceType: PolicyResourceType;
