bytebase
diff --git a/‎api/client.go‎
Lines changed: 4 additions & 0 deletions b/‎api/client.go‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎api/policy.go‎
Lines changed: 13 additions & 0 deletions b/‎api/policy.go‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎client/policy.go‎
Lines changed: 59 additions & 0 deletions b/‎client/policy.go‎
Lines changed: 59 additions & 0 deletions
diff --git a/‎examples/setup/main.tf‎
Lines changed: 32 additions & 0 deletions b/‎examples/setup/main.tf‎
Lines changed: 32 additions & 0 deletions
@@ -53,4 +53,8 @@ type Client interface {
 	ListPolicies(ctx context.Context, find *PolicyFindMessage) (*ListPolicyMessage, error)
 	// GetPolicy gets a policy in a specific resource.
 	GetPolicy(ctx context.Context, find *PolicyFindMessage) (*PolicyMessage, error)
+	// UpsertPolicy creates or updates the policy.
+	UpsertPolicy(ctx context.Context, find *PolicyFindMessage, patch *PolicyPatchMessage) (*PolicyMessage, error)
+	// DeletePolicy deletes the policy.
+	DeletePolicy(ctx context.Context, find *PolicyFindMessage) error
 }
@@ -141,6 +141,19 @@ type PolicyMessage struct {
 	SQLReviewPolicy          *SQLReviewPolicy          `json:"sqlReviewPolicy"`
 }
 
+// PolicyPatchMessage is the API message to patch the policy.
+type PolicyPatchMessage struct {
+	InheritFromParent *bool      `json:"inheritFromParent"`
+	Type              PolicyType `json:"type"`
+
+	// The policy payload
+	DeploymentApprovalPolicy *DeploymentApprovalPolicy `json:"deploymentApprovalPolicy"`
+	BackupPlanPolicy         *BackupPlanPolicy         `json:"backupPlanPolicy"`
+	SensitiveDataPolicy      *SensitiveDataPolicy      `json:"sensitiveDataPolicy"`
+	AccessControlPolicy      *AccessControlPolicy      `json:"accessControlPolicy"`
+	SQLReviewPolicy          *SQLReviewPolicy          `json:"sqlReviewPolicy"`
+}
+
 // ListPolicyMessage is the API message for list policy response.
 type ListPolicyMessage struct {
 	Policies      []*PolicyMessage `json:"policies"`
 
@@ -62,6 +62,65 @@ func (c *client) GetPolicy(ctx context.Context, find *api.PolicyFindMessage) (*a
 	return &res, nil
 }
 
+// UpsertPolicy creates or updates the policy.
+func (c *client) UpsertPolicy(ctx context.Context, find *api.PolicyFindMessage, patch *api.PolicyPatchMessage) (*api.PolicyMessage, error) {
+	if find.Type == nil {
+		return nil, errors.Errorf("invalid request, get policy must specific the policy type")
+	}
+
+	payload, err := json.Marshal(patch)
+	if err != nil {
+		return nil, err
+	}
+
+	paths := []string{}
+	if patch.InheritFromParent != nil {
+		paths = append(paths, "policy.inherit_from_parent")
+	}
+	if patch.DeploymentApprovalPolicy != nil ||
+		patch.BackupPlanPolicy != nil ||
+		patch.SensitiveDataPolicy != nil ||
+		patch.AccessControlPolicy != nil ||
+		patch.SQLReviewPolicy != nil {
+		paths = append(paths, "policy.payload")
+	}
+
+	req, err := http.NewRequestWithContext(ctx, "PATCH", fmt.Sprintf("%s/%s?allow_missing=true&update_mask=%s", c.HostURL, getPolicyRequestName(find), strings.Join(paths, ",")), strings.NewReader(string(payload)))
+	if err != nil {
+		return nil, err
+	}
+
+	body, err := c.doRequest(req)
+	if err != nil {
+		return nil, err
+	}
+
+	var res api.PolicyMessage
+	err = json.Unmarshal(body, &res)
+	if err != nil {
+		return nil, err
+	}
+
+	return &res, nil
+}
+
+// DeletePolicy deletes the policy.
+func (c *client) DeletePolicy(ctx context.Context, find *api.PolicyFindMessage) error {
+	if find.Type == nil {
+		return errors.Errorf("invalid request, get policy must specific the policy type")
+	}
+
+	req, err := http.NewRequestWithContext(ctx, "DELETE", fmt.Sprintf("%s/%s", c.HostURL, getPolicyRequestName(find)), nil)
+	if err != nil {
+		return err
+	}
+
+	if _, err := c.doRequest(req); err != nil {
+		return err
+	}
+	return nil
+}
+
 func getPolicyRequestName(find *api.PolicyFindMessage) string {
 	paths := []string{}
 	if v := find.ProjectID; v != nil {
 
@@ -108,3 +108,35 @@ resource "bytebase_instance_role" "test" {
     bypass_rls  = true
   }
 }
+
+# Create deployment approval policy for test env.
+resource "bytebase_policy" "deployment_approval" {
+  environment = bytebase_instance.test.environment
+  type        = "DEPLOYMENT_APPROVAL"
+
+  deployment_approval_policy {
+    default_strategy = "AUTOMATIC"
+
+    deployment_approval_strategies {
+      approval_group    = "APPROVAL_GROUP_DBA"
+      approval_strategy = "AUTOMATIC"
+      deployment_type   = "DATABASE_CREATE"
+    }
+    deployment_approval_strategies {
+      approval_group    = "APPROVAL_GROUP_PROJECT_OWNER"
+      approval_strategy = "AUTOMATIC"
+      deployment_type   = "DATABASE_DDL"
+    }
+  }
+}
+
+# Create backup plan policy for test env.
+resource "bytebase_policy" "backup_plan" {
+  environment = bytebase_instance.test.environment
+  type        = "BACKUP_PLAN"
+
+  backup_plan_policy {
+    schedule           = "WEEKLY"
+    retention_duration = 86400
+  }
+}
Original file line number	Diff line number	Diff line change
`@@ -53,4 +53,8 @@ type Client interface {`
`53`	`53`	`ListPolicies(ctx context.Context, find PolicyFindMessage) (ListPolicyMessage, error)`
`54`	`54`	`// GetPolicy gets a policy in a specific resource.`
`55`	`55`	`GetPolicy(ctx context.Context, find PolicyFindMessage) (PolicyMessage, error)`
	`56`	`+ // UpsertPolicy creates or updates the policy.`
	`57`	`+ UpsertPolicy(ctx context.Context, find PolicyFindMessage, patch PolicyPatchMessage) (*PolicyMessage, error)`
	`58`	`+ // DeletePolicy deletes the policy.`
	`59`	`+ DeletePolicy(ctx context.Context, find *PolicyFindMessage) error`
`56`	`60`	`}`