ROX-27260: Fix policy scope validation for edit/clone

[bradr5]

Description

Fixes policy wizard step 4 validation failing on edit/clone when an excluded deployment scope has only a name (e.g. "node-resolver") and no scope.

The backend returns scope: null for name only exclusions, but the UI form initializes new exclusions with scope: { label: {} }. The yup schema didn't accept null, so validation rejected the entry before the custom test (which already handles null via optional chaining) could run. Added .nullable() to the scope schema and updated the WizardExcludedDeployment type to allow null.

User-facing documentation

• CHANGELOG.md is updated OR update is not needed
• documentation PR is created and is linked above OR is not needed

Testing and quality

• the change is production ready: the change is GA, or otherwise the functionality is gated by a feature flag
• CI results are inspected

Automated testing

• added unit tests
• added e2e tests
• added regression tests
• added compatibility tests
• modified existing tests

How I validated my change

Added additional automated tests and performed the following manual verification:

The system policy "90-Day Image Age" includes an inclusion/exclusion scope where only a deployment name is specified. Prior to this fix, cloning or editing the policy caused the Next button to be disabled. After this change, the Next button now works as expected.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 49.48%. Comparing base (e8b7c39) to head (beb3999).
⚠️ Report is 25 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #18925      +/-   ##
==========================================
- Coverage   49.48%   49.48%   -0.01%     
==========================================
  Files        2661     2661              
  Lines      200784   200784              
==========================================
- Hits        99357    99355       -2     
- Misses      94011    94013       +2     
  Partials     7416     7416              

Flag	Coverage Δ
go-unit-tests	49.48% <ø> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[rhacs-bot]

Images are ready for the commit at beb3999.

To use with deploy scripts, first export MAIN_IMAGE_TAG=4.11.x-60-gbeb39994d3.

[pedrottimark]

Delayed observation, not change request:

The backend returns scope: null for name only exclusions, but the UI form initializes new exclusions with scope: { label: {} }

If frontend code works for both scenarios (for example, via optional chaining) what is pro and con for it to initialize as scope: null for consistency and simplicity (as potential follow up).

[pedrottimark]

For the record, Brad and I discussed possible improvements for later contributions.

[bradr5]

/retest-required