databricks · parthban-db · Apr 17, 2026
diff --git a/packages/abacpolicies/package.json b/packages/abacpolicies/package.json
@@ -27,6 +27,7 @@
   "author": "Databricks",
   "license": "Apache-2.0",
   "dependencies": {
+    "@databricks/sdk-core": "*",
     "@databricks/sdk-databricks": "*",
     "@js-temporal/polyfill": "^0.5.0",
     "zod": "^4.3.6"

diff --git a/packages/abacpolicies/src/v1/client.ts b/packages/abacpolicies/src/v1/client.ts
@@ -7,12 +7,7 @@ import {NoOpLogger} from '@databricks/sdk-databricks/logger';
 import type {ClientOptions} from '@databricks/sdk-databricks/options';
 import type {HttpClient} from '@databricks/sdk-databricks/transport';
 import {newHttpClient} from '@databricks/sdk-databricks/transport';
-import {
-  buildHttpRequest,
-  executeHttpCall,
-  marshalRequest,
-  parseResponse,
-} from './utils';
+import {buildHttpRequest, executeHttpCall, marshalRequest, parseResponse} from './utils';
 import type {
   CreatePolicy,
   DeletePolicy,
@@ -48,21 +43,13 @@ export class Client {
    * Creates a new policy on a securable.
    * The new policy applies to the securable and all its descendants.
    */
-  async createPolicy(
-    signal: AbortSignal | undefined,
-    req: CreatePolicy,
-    options?: Options
-  ): Promise<PolicyInfo> {
+  async createPolicy(signal: AbortSignal | undefined, req: CreatePolicy, options?: Options): Promise<PolicyInfo> {
     const url = `${this.host}/api/2.1/unity-catalog/policies`;
     const body = marshalRequest(req.policyInfo, marshalPolicyInfoSchema);
     let resp: PolicyInfo | undefined;
     const call: Call = async (callSignal?: AbortSignal): Promise<void> => {
       const httpReq = buildHttpRequest('POST', url, callSignal, body);
-      const respBody = await executeHttpCall({
-        request: httpReq,
-        httpClient: this.httpClient,
-        logger: this.logger,
-      });
+      const respBody = await executeHttpCall({request: httpReq, httpClient: this.httpClient, logger: this.logger});
       resp = parseResponse(respBody, unmarshalPolicyInfoSchema);
     };
     await execute(signal, call, options);
@@ -73,20 +60,12 @@ export class Client {
   }
 
   /** Delete an ABAC policy defined on a securable. */
-  async deletePolicy(
-    signal: AbortSignal | undefined,
-    req: DeletePolicy,
-    options?: Options
-  ): Promise<DeletePolicy_Response> {
+  async deletePolicy(signal: AbortSignal | undefined, req: DeletePolicy, options?: Options): Promise<DeletePolicy_Response> {
     const url = `${this.host}/api/2.1/unity-catalog/policies/${req.onSecurableType ?? ''}/${req.onSecurableFullname ?? ''}/${req.name ?? ''}`;
     let resp: DeletePolicy_Response | undefined;
     const call: Call = async (callSignal?: AbortSignal): Promise<void> => {
       const httpReq = buildHttpRequest('DELETE', url, callSignal);
-      const respBody = await executeHttpCall({
-        request: httpReq,
-        httpClient: this.httpClient,
-        logger: this.logger,
-      });
+      const respBody = await executeHttpCall({request: httpReq, httpClient: this.httpClient, logger: this.logger});
       resp = parseResponse(respBody, unmarshalDeletePolicy_ResponseSchema);
     };
     await execute(signal, call, options);
@@ -97,20 +76,12 @@ export class Client {
   }
 
   /** Get the policy definition on a securable */
-  async getPolicy(
-    signal: AbortSignal | undefined,
-    req: GetPolicy,
-    options?: Options
-  ): Promise<PolicyInfo> {
+  async getPolicy(signal: AbortSignal | undefined, req: GetPolicy, options?: Options): Promise<PolicyInfo> {
     const url = `${this.host}/api/2.1/unity-catalog/policies/${req.onSecurableType ?? ''}/${req.onSecurableFullname ?? ''}/${req.name ?? ''}`;
     let resp: PolicyInfo | undefined;
     const call: Call = async (callSignal?: AbortSignal): Promise<void> => {
       const httpReq = buildHttpRequest('GET', url, callSignal);
-      const respBody = await executeHttpCall({
-        request: httpReq,
-        httpClient: this.httpClient,
-        logger: this.logger,
-      });
+      const respBody = await executeHttpCall({request: httpReq, httpClient: this.httpClient, logger: this.logger});
       resp = parseResponse(respBody, unmarshalPolicyInfoSchema);
     };
     await execute(signal, call, options);
@@ -123,15 +94,11 @@ export class Client {
   /**
    * List all policies defined on a securable.
    * Optionally, the list can include inherited policies defined on the securable's parent schema or catalog.
-   *
+   * 
    * PAGINATION BEHAVIOR: The API is by default paginated, a page may contain zero results while still providing a next_page_token.
    * Clients must continue reading pages until next_page_token is absent, which is the only indication that the end of results has been reached.
    */
-  async listPolicies(
-    signal: AbortSignal | undefined,
-    req: ListPolicies,
-    options?: Options
-  ): Promise<ListPolicies_Response> {
+  async listPolicies(signal: AbortSignal | undefined, req: ListPolicies, options?: Options): Promise<ListPolicies_Response> {
     const url = `${this.host}/api/2.1/unity-catalog/policies/${req.onSecurableType ?? ''}/${req.onSecurableFullname ?? ''}`;
     const params = new URLSearchParams();
     if (req.includeInherited !== undefined) {
@@ -148,11 +115,7 @@ export class Client {
     let resp: ListPolicies_Response | undefined;
     const call: Call = async (callSignal?: AbortSignal): Promise<void> => {
       const httpReq = buildHttpRequest('GET', fullUrl, callSignal);
-      const respBody = await executeHttpCall({
-        request: httpReq,
-        httpClient: this.httpClient,
-        logger: this.logger,
-      });
+      const respBody = await executeHttpCall({request: httpReq, httpClient: this.httpClient, logger: this.logger});
       resp = parseResponse(respBody, unmarshalListPolicies_ResponseSchema);
     };
     await execute(signal, call, options);
@@ -162,11 +125,8 @@ export class Client {
     return resp;
   }
 
-  async *listPoliciesIter(
-    signal: AbortSignal | undefined,
-    req: ListPolicies,
-    options?: Options
-  ): AsyncGenerator<PolicyInfo> {
+
+  async *listPoliciesIter(signal: AbortSignal | undefined, req: ListPolicies, options?: Options): AsyncGenerator<PolicyInfo> {
     const pageReq: ListPolicies = {...req};
     for (;;) {
       const resp = await this.listPolicies(signal, pageReq, options);
@@ -180,28 +140,21 @@ export class Client {
     }
   }
 
+
   /** Update an ABAC policy on a securable. */
-  async updatePolicy(
-    signal: AbortSignal | undefined,
-    req: UpdatePolicy,
-    options?: Options
-  ): Promise<PolicyInfo> {
+  async updatePolicy(signal: AbortSignal | undefined, req: UpdatePolicy, options?: Options): Promise<PolicyInfo> {
     const url = `${this.host}/api/2.1/unity-catalog/policies/${req.onSecurableType ?? ''}/${req.onSecurableFullname ?? ''}/${req.name ?? ''}`;
     const params = new URLSearchParams();
     if (req.updateMask !== undefined) {
-      params.append('update_mask', req.updateMask);
+      params.append('update_mask', req.updateMask.paths.join(','));
     }
     const query = params.toString();
     const fullUrl = query !== '' ? `${url}?${query}` : url;
     const body = marshalRequest(req.policyInfo, marshalPolicyInfoSchema);
     let resp: PolicyInfo | undefined;
     const call: Call = async (callSignal?: AbortSignal): Promise<void> => {
       const httpReq = buildHttpRequest('PATCH', fullUrl, callSignal, body);
-      const respBody = await executeHttpCall({
-        request: httpReq,
-        httpClient: this.httpClient,
-        logger: this.logger,
-      });
+      const respBody = await executeHttpCall({request: httpReq, httpClient: this.httpClient, logger: this.logger});
       resp = parseResponse(respBody, unmarshalPolicyInfoSchema);
     };
     await execute(signal, call, options);

diff --git a/packages/abacpolicies/src/v1/index.ts b/packages/abacpolicies/src/v1/index.ts
@@ -1,8 +1,12 @@
 // Code generated from API definition by Databricks SDK Generator. DO NOT EDIT.
 
+
 export {Client} from './client';
 
-export {PolicyType, SecurableType} from './model';
+export {
+  PolicyType,
+  SecurableType,
+} from './model';
 
 export type {
   ColumnMaskOptions,

diff --git a/packages/abacpolicies/src/v1/model.ts b/packages/abacpolicies/src/v1/model.ts
@@ -1,5 +1,6 @@
 // Code generated from API definition by Databricks SDK Generator. DO NOT EDIT.
 
+import {FieldMask, type FieldPaths} from '@databricks/sdk-core/wkt';
 import {z} from 'zod';
 
 export enum PolicyType {
@@ -292,7 +293,7 @@ export interface UpdatePolicy {
    * Optional. The update mask field for specifying user intentions on which
    * fields to update in the request.
    */
-  updateMask?: string | undefined;
+  updateMask?: FieldMask<FieldPaths<PolicyInfo>> | undefined;
 }
 
 export const unmarshalColumnMaskOptionsSchema: z.ZodType<ColumnMaskOptions> = z
@@ -307,16 +308,15 @@ export const unmarshalColumnMaskOptionsSchema: z.ZodType<ColumnMaskOptions> = z
     using: d.using,
   }));
 
-export const unmarshalColumnTagValueExtractionSchema: z.ZodType<ColumnTagValueExtraction> =
-  z
-    .object({
-      column_alias: z.string().optional(),
-      tag_key: z.string().optional(),
-    })
-    .transform(d => ({
-      columnAlias: d.column_alias,
-      tagKey: d.tag_key,
-    }));
+export const unmarshalColumnTagValueExtractionSchema: z.ZodType<ColumnTagValueExtraction> = z
+  .object({
+    column_alias: z.string().optional(),
+    tag_key: z.string().optional(),
+  })
+  .transform(d => ({
+    columnAlias: d.column_alias,
+    tagKey: d.tag_key,
+  }));
 
 export const unmarshalCreatePolicySchema: z.ZodType<CreatePolicy> = z
   .object({
@@ -339,8 +339,9 @@ export const unmarshalDeletePolicySchema: z.ZodType<DeletePolicy> = z
   }));
 
 // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
-export const unmarshalDeletePolicy_ResponseSchema: z.ZodType<DeletePolicy_Response> =
-  z.object({});
+export const unmarshalDeletePolicy_ResponseSchema: z.ZodType<DeletePolicy_Response> = z
+  .object({
+  });
 
 export const unmarshalDenyOptionsSchema: z.ZodType<DenyOptions> = z
   .object({
@@ -354,9 +355,7 @@ export const unmarshalFunctionArgumentSchema: z.ZodType<FunctionArgument> = z
   .object({
     alias: z.string().optional(),
     constant: z.string().optional(),
-    metadata_extraction: z
-      .lazy(() => unmarshalMetadataExtractionExpressionSchema)
-      .optional(),
+    metadata_extraction: z.lazy(() => unmarshalMetadataExtractionExpressionSchema).optional(),
   })
   .transform(d => ({
     alias: d.alias,
@@ -401,16 +400,15 @@ export const unmarshalListPoliciesSchema: z.ZodType<ListPolicies> = z
   }));
 
 // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
-export const unmarshalListPolicies_ResponseSchema: z.ZodType<ListPolicies_Response> =
-  z
-    .object({
-      policies: z.array(z.lazy(() => unmarshalPolicyInfoSchema)).optional(),
-      next_page_token: z.string().optional(),
-    })
-    .transform(d => ({
-      policies: d.policies,
-      nextPageToken: d.next_page_token,
-    }));
+export const unmarshalListPolicies_ResponseSchema: z.ZodType<ListPolicies_Response> = z
+  .object({
+    policies: z.array(z.lazy(() => unmarshalPolicyInfoSchema)).optional(),
+    next_page_token: z.string().optional(),
+  })
+  .transform(d => ({
+    policies: d.policies,
+    nextPageToken: d.next_page_token,
+  }));
 
 export const unmarshalMatchColumnSchema: z.ZodType<MatchColumn> = z
   .object({
@@ -422,18 +420,15 @@ export const unmarshalMatchColumnSchema: z.ZodType<MatchColumn> = z
     alias: d.alias,
   }));
 
-export const unmarshalMetadataExtractionExpressionSchema: z.ZodType<MetadataExtractionExpression> =
-  z
-    .object({
-      tag_value: z.lazy(() => unmarshalTagValueExtractionSchema).optional(),
-      column_tag_value: z
-        .lazy(() => unmarshalColumnTagValueExtractionSchema)
-        .optional(),
-    })
-    .transform(d => ({
-      tagValue: d.tag_value,
-      columnTagValue: d.column_tag_value,
-    }));
+export const unmarshalMetadataExtractionExpressionSchema: z.ZodType<MetadataExtractionExpression> = z
+  .object({
+    tag_value: z.lazy(() => unmarshalTagValueExtractionSchema).optional(),
+    column_tag_value: z.lazy(() => unmarshalColumnTagValueExtractionSchema).optional(),
+  })
+  .transform(d => ({
+    tagValue: d.tag_value,
+    columnTagValue: d.column_tag_value,
+  }));
 
 export const unmarshalPolicyInfoSchema: z.ZodType<PolicyInfo> = z
   .object({
@@ -491,22 +486,21 @@ export const unmarshalRowFilterOptionsSchema: z.ZodType<RowFilterOptions> = z
     using: d.using,
   }));
 
-export const unmarshalTagValueExtractionSchema: z.ZodType<TagValueExtraction> =
-  z
-    .object({
-      tag_key: z.string().optional(),
-    })
-    .transform(d => ({
-      tagKey: d.tag_key,
-    }));
+export const unmarshalTagValueExtractionSchema: z.ZodType<TagValueExtraction> = z
+  .object({
+    tag_key: z.string().optional(),
+  })
+  .transform(d => ({
+    tagKey: d.tag_key,
+  }));
 
 export const unmarshalUpdatePolicySchema: z.ZodType<UpdatePolicy> = z
   .object({
     on_securable_type: z.string().optional(),
     on_securable_fullname: z.string().optional(),
     name: z.string().optional(),
     policy_info: z.lazy(() => unmarshalPolicyInfoSchema).optional(),
-    update_mask: z.string().optional(),
+    update_mask: z.string().transform(s => FieldMask.of(...(s === '' ? [] : s.split(','))) as FieldMask<FieldPaths<PolicyInfo>>).optional(),
   })
   .transform(d => ({
     onSecurableType: d.on_securable_type,
@@ -559,7 +553,9 @@ export const marshalDeletePolicySchema: z.ZodType = z
   }));
 
 // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
-export const marshalDeletePolicy_ResponseSchema: z.ZodType = z.object({});
+export const marshalDeletePolicy_ResponseSchema: z.ZodType = z
+  .object({
+  });
 
 export const marshalDenyOptionsSchema: z.ZodType = z
   .object({
@@ -573,9 +569,7 @@ export const marshalFunctionArgumentSchema: z.ZodType = z
   .object({
     alias: z.string().optional(),
     constant: z.string().optional(),
-    metadataExtraction: z
-      .lazy(() => marshalMetadataExtractionExpressionSchema)
-      .optional(),
+    metadataExtraction: z.lazy(() => marshalMetadataExtractionExpressionSchema).optional(),
   })
   .transform(d => ({
     alias: d.alias,
@@ -643,9 +637,7 @@ export const marshalMatchColumnSchema: z.ZodType = z
 export const marshalMetadataExtractionExpressionSchema: z.ZodType = z
   .object({
     tagValue: z.lazy(() => marshalTagValueExtractionSchema).optional(),
-    columnTagValue: z
-      .lazy(() => marshalColumnTagValueExtractionSchema)
-      .optional(),
+    columnTagValue: z.lazy(() => marshalColumnTagValueExtractionSchema).optional(),
   })
   .transform(d => ({
     tag_value: d.tagValue,
@@ -722,7 +714,7 @@ export const marshalUpdatePolicySchema: z.ZodType = z
     onSecurableFullname: z.string().optional(),
     name: z.string().optional(),
     policyInfo: z.lazy(() => marshalPolicyInfoSchema).optional(),
-    updateMask: z.string().optional(),
+    updateMask: z.any().transform((d: FieldMask<FieldPaths<PolicyInfo>>) => d.paths.join(',')).optional(),
   })
   .transform(d => ({
     on_securable_type: d.onSecurableType,