@mondaydotcomorg/monday-authorization 2.1.1-feature-bashanye-export-fetcher-configuration.2f76af9 → 2.1.1-feature-bashanye-remove-authorization-url-secret-usage.04a9d3c
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/authorization-attributes-service.d.ts +17 -8
- package/dist/authorization-attributes-service.d.ts.map +1 -1
- package/dist/authorization-attributes-service.js +99 -45
- package/dist/constants.d.ts +6 -0
- package/dist/constants.d.ts.map +1 -0
- package/dist/constants.js +10 -0
- package/dist/esm/authorization-attributes-service.d.ts +17 -8
- package/dist/esm/authorization-attributes-service.d.ts.map +1 -1
- package/dist/esm/authorization-attributes-service.mjs +100 -46
- package/dist/esm/constants.d.ts +6 -0
- package/dist/esm/constants.d.ts.map +1 -0
- package/dist/esm/constants.mjs +7 -0
- package/package.json +1 -1
|
@@ -1,25 +1,35 @@
|
|
|
1
|
+
import { FetcherConfig, HttpClient } from '@mondaydotcomorg/trident-backend-api';
|
|
2
|
+
import { RecursivePartial } from '@mondaydotcomorg/monday-fetch-api';
|
|
1
3
|
import { ResourceAttributeAssignment, ResourceAttributeResponse, ResourceAttributesOperation } from './types/authorization-attributes-contracts';
|
|
2
4
|
import { Resource } from './types/general';
|
|
3
5
|
export declare class AuthorizationAttributesService {
|
|
4
6
|
private static LOG_TAG;
|
|
7
|
+
private static API_PATHS;
|
|
8
|
+
private httpClient;
|
|
9
|
+
private fetchOptions;
|
|
10
|
+
private snsArn;
|
|
11
|
+
/**
|
|
12
|
+
* Public constructor to create the AuthorizationAttributesService instance.
|
|
13
|
+
* @param httpClient The HTTP client to use for API requests, if not provided, the default HTTP client from Api will be used.
|
|
14
|
+
* @param fetchOptions The fetch options to use for API requests, if not provided, the default fetch options will be used.
|
|
15
|
+
*/
|
|
16
|
+
constructor(httpClient?: HttpClient, fetchOptions?: RecursivePartial<FetcherConfig>);
|
|
5
17
|
/**
|
|
6
18
|
* Upsert resource attributes synchronously, performing http call to the authorization MS to assign the given attributes to the given resource.
|
|
7
19
|
* @param accountId
|
|
8
|
-
* @param userId
|
|
9
20
|
* @param resourceAttributeAssignments - Array of resource (resourceType, resourceId) and attribute (key, value) pairs to upsert in the authorization MS.
|
|
10
21
|
* e.g. [{ resourceType: 'board', resourceId: 123, key: 'board_kind', value: 'private' }]
|
|
11
22
|
* @returns ResourceAttributeResponse - The affected (created and updated_ resource attributes assignments in the `attributes` field.
|
|
12
23
|
*/
|
|
13
|
-
|
|
24
|
+
upsertResourceAttributes(accountId: number, resourceAttributeAssignments: ResourceAttributeAssignment[]): Promise<ResourceAttributeResponse>;
|
|
14
25
|
/**
|
|
15
26
|
* Delete resource attributes assignments synchronously, performing http call to the authorization MS to delete the given attributes from the given singular resource.
|
|
16
27
|
* @param accountId
|
|
17
|
-
* @param userId
|
|
18
28
|
* @param resource - The resource (resourceType, resourceId) to delete the attributes for.
|
|
19
29
|
* @param attributeKeys - Array of attribute keys to delete for the resource.
|
|
20
30
|
* @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
|
|
21
31
|
*/
|
|
22
|
-
|
|
32
|
+
deleteResourceAttributes(accountId: number, resource: Resource, attributeKeys: string[]): Promise<ResourceAttributeResponse>;
|
|
23
33
|
/**
|
|
24
34
|
* Async function, this function only send the updates request to SNS and return before the change actually took place
|
|
25
35
|
* @param accountId
|
|
@@ -28,10 +38,9 @@ export declare class AuthorizationAttributesService {
|
|
|
28
38
|
* @param resourceAttributeOperations - Array of operations to do on resource attributes.
|
|
29
39
|
* @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
|
|
30
40
|
* */
|
|
31
|
-
|
|
32
|
-
private
|
|
41
|
+
updateResourceAttributesAsync(accountId: number, appName: string, callerActionIdentifier: string, resourceAttributeOperations: ResourceAttributesOperation[]): Promise<ResourceAttributesOperation[]>;
|
|
42
|
+
private sendSingleSnsMessage;
|
|
33
43
|
private static getSnsTopicArn;
|
|
34
|
-
private static getResourceAttributesUrl;
|
|
35
44
|
/**
|
|
36
45
|
* Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
|
|
37
46
|
* This function can be used as health check for services that updating resource attributes in async is crucial.
|
|
@@ -40,6 +49,6 @@ export declare class AuthorizationAttributesService {
|
|
|
40
49
|
* However, this is the best we can do without actually push dummy messages to the SNS.
|
|
41
50
|
* @return {Promise<boolean>} - true if succeeded
|
|
42
51
|
*/
|
|
43
|
-
|
|
52
|
+
asyncResourceAttributesHealthCheck(): Promise<boolean>;
|
|
44
53
|
}
|
|
45
54
|
//# sourceMappingURL=authorization-attributes-service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-attributes-service.d.ts","sourceRoot":"","sources":["../src/authorization-attributes-service.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"authorization-attributes-service.d.ts","sourceRoot":"","sources":["../src/authorization-attributes-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAO,aAAa,EAAE,UAAU,EAAE,MAAM,sCAAsC,CAAC;AAEtF,OAAO,EAAoB,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACvF,OAAO,EACL,2BAA2B,EAC3B,yBAAyB,EACzB,2BAA2B,EAC5B,MAAM,4CAA4C,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAwB3C,qBAAa,8BAA8B;IACzC,OAAO,CAAC,MAAM,CAAC,OAAO,CAA8B;IACpD,OAAO,CAAC,MAAM,CAAC,SAAS,CAGb;IACX,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,YAAY,CAAkC;IACtD,OAAO,CAAC,MAAM,CAAS;IAEvB;;;;OAIG;gBACS,UAAU,CAAC,EAAE,UAAU,EAAE,YAAY,CAAC,EAAE,gBAAgB,CAAC,aAAa,CAAC;IAqBnF;;;;;;OAMG;IACG,wBAAwB,CAC5B,SAAS,EAAE,MAAM,EACjB,4BAA4B,EAAE,2BAA2B,EAAE,GAC1D,OAAO,CAAC,yBAAyB,CAAC;IA6BrC;;;;;;OAMG;IACG,wBAAwB,CAC5B,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,QAAQ,EAClB,aAAa,EAAE,MAAM,EAAE,GACtB,OAAO,CAAC,yBAAyB,CAAC;IA+BrC;;;;;;;UAOM;IACA,6BAA6B,CACjC,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,sBAAsB,EAAE,MAAM,EAC9B,2BAA2B,EAAE,2BAA2B,EAAE,GACzD,OAAO,CAAC,2BAA2B,EAAE,CAAC;YAY3B,oBAAoB;IA4BlC,OAAO,CAAC,MAAM,CAAC,cAAc;IAe7B;;;;;;;OAOG;IACG,kCAAkC,IAAI,OAAO,CAAC,OAAO,CAAC;CAoB7D"}
|
|
@@ -1,69 +1,126 @@
|
|
|
1
1
|
Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
|
|
2
2
|
|
|
3
3
|
const chunk = require('lodash/chunk.js');
|
|
4
|
-
const mondayFetch = require('@mondaydotcomorg/monday-fetch');
|
|
5
4
|
const tridentBackendApi = require('@mondaydotcomorg/trident-backend-api');
|
|
6
5
|
const mondaySns = require('@mondaydotcomorg/monday-sns');
|
|
6
|
+
const mondayFetchApi = require('@mondaydotcomorg/monday-fetch-api');
|
|
7
7
|
const authorizationInternalService = require('./authorization-internal-service.js');
|
|
8
8
|
const attributionsService = require('./attributions-service.js');
|
|
9
9
|
const constants_sns = require('./constants/sns.js');
|
|
10
|
+
const constants = require('./constants.js');
|
|
10
11
|
|
|
11
12
|
const _interopDefault = e => e && e.__esModule ? e : { default: e };
|
|
12
13
|
|
|
13
14
|
const chunk__default = /*#__PURE__*/_interopDefault(chunk);
|
|
14
15
|
|
|
16
|
+
function getDefaultFetchOptions() {
|
|
17
|
+
return {
|
|
18
|
+
retryPolicy: {
|
|
19
|
+
useRetries: true,
|
|
20
|
+
maxRetries: 3,
|
|
21
|
+
retryDelayMS: 10,
|
|
22
|
+
},
|
|
23
|
+
logPolicy: {
|
|
24
|
+
logErrors: 'error',
|
|
25
|
+
logRequests: 'info',
|
|
26
|
+
},
|
|
27
|
+
};
|
|
28
|
+
}
|
|
15
29
|
class AuthorizationAttributesService {
|
|
16
30
|
static LOG_TAG = 'authorization_attributes';
|
|
31
|
+
static API_PATHS = {
|
|
32
|
+
UPSERT_RESOURCE_ATTRIBUTES: '/attributes/{accountId}/resource',
|
|
33
|
+
DELETE_RESOURCE_ATTRIBUTES: '/attributes/{accountId}/resource/{resourceType}/{resourceId}',
|
|
34
|
+
};
|
|
35
|
+
httpClient;
|
|
36
|
+
fetchOptions;
|
|
37
|
+
snsArn;
|
|
38
|
+
/**
|
|
39
|
+
* Public constructor to create the AuthorizationAttributesService instance.
|
|
40
|
+
* @param httpClient The HTTP client to use for API requests, if not provided, the default HTTP client from Api will be used.
|
|
41
|
+
* @param fetchOptions The fetch options to use for API requests, if not provided, the default fetch options will be used.
|
|
42
|
+
*/
|
|
43
|
+
constructor(httpClient, fetchOptions) {
|
|
44
|
+
if (!httpClient) {
|
|
45
|
+
httpClient = tridentBackendApi.Api.getPart('httpClient');
|
|
46
|
+
if (!httpClient) {
|
|
47
|
+
throw new Error(constants.ERROR_MESSAGES.HTTP_CLIENT_NOT_INITIALIZED);
|
|
48
|
+
}
|
|
49
|
+
}
|
|
50
|
+
if (!fetchOptions) {
|
|
51
|
+
fetchOptions = getDefaultFetchOptions();
|
|
52
|
+
}
|
|
53
|
+
else {
|
|
54
|
+
fetchOptions = {
|
|
55
|
+
...getDefaultFetchOptions(),
|
|
56
|
+
...fetchOptions,
|
|
57
|
+
};
|
|
58
|
+
}
|
|
59
|
+
this.httpClient = httpClient;
|
|
60
|
+
this.fetchOptions = fetchOptions;
|
|
61
|
+
this.snsArn = AuthorizationAttributesService.getSnsTopicArn();
|
|
62
|
+
}
|
|
17
63
|
/**
|
|
18
64
|
* Upsert resource attributes synchronously, performing http call to the authorization MS to assign the given attributes to the given resource.
|
|
19
65
|
* @param accountId
|
|
20
|
-
* @param userId
|
|
21
66
|
* @param resourceAttributeAssignments - Array of resource (resourceType, resourceId) and attribute (key, value) pairs to upsert in the authorization MS.
|
|
22
67
|
* e.g. [{ resourceType: 'board', resourceId: 123, key: 'board_kind', value: 'private' }]
|
|
23
68
|
* @returns ResourceAttributeResponse - The affected (created and updated_ resource attributes assignments in the `attributes` field.
|
|
24
69
|
*/
|
|
25
|
-
|
|
26
|
-
const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
|
|
70
|
+
async upsertResourceAttributes(accountId, resourceAttributeAssignments) {
|
|
27
71
|
const attributionHeaders = attributionsService.getAttributionsFromApi();
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
72
|
+
try {
|
|
73
|
+
return await this.httpClient.fetch({
|
|
74
|
+
url: {
|
|
75
|
+
appName: constants.APP_NAME,
|
|
76
|
+
path: AuthorizationAttributesService.API_PATHS.UPSERT_RESOURCE_ATTRIBUTES.replace('{accountId}', accountId.toString()),
|
|
77
|
+
},
|
|
78
|
+
method: 'POST',
|
|
79
|
+
headers: {
|
|
80
|
+
'Content-Type': 'application/json',
|
|
81
|
+
...attributionHeaders,
|
|
82
|
+
},
|
|
83
|
+
body: JSON.stringify({ resourceAttributeAssignments }),
|
|
84
|
+
}, this.fetchOptions);
|
|
85
|
+
}
|
|
86
|
+
catch (err) {
|
|
87
|
+
if (err instanceof mondayFetchApi.HttpFetcherError) {
|
|
88
|
+
throw new Error(constants.ERROR_MESSAGES.REQUEST_FAILED('upsertResourceAttributes', err.status, err.message));
|
|
89
|
+
}
|
|
90
|
+
throw err;
|
|
91
|
+
}
|
|
41
92
|
}
|
|
42
93
|
/**
|
|
43
94
|
* Delete resource attributes assignments synchronously, performing http call to the authorization MS to delete the given attributes from the given singular resource.
|
|
44
95
|
* @param accountId
|
|
45
|
-
* @param userId
|
|
46
96
|
* @param resource - The resource (resourceType, resourceId) to delete the attributes for.
|
|
47
97
|
* @param attributeKeys - Array of attribute keys to delete for the resource.
|
|
48
98
|
* @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
|
|
49
99
|
*/
|
|
50
|
-
|
|
51
|
-
const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
|
|
52
|
-
const url = `${this.getResourceAttributesUrl(accountId)}/${resource.type}/${resource.id}`;
|
|
100
|
+
async deleteResourceAttributes(accountId, resource, attributeKeys) {
|
|
53
101
|
const attributionHeaders = attributionsService.getAttributionsFromApi();
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
102
|
+
try {
|
|
103
|
+
return await this.httpClient.fetch({
|
|
104
|
+
url: {
|
|
105
|
+
appName: constants.APP_NAME,
|
|
106
|
+
path: AuthorizationAttributesService.API_PATHS.DELETE_RESOURCE_ATTRIBUTES.replace('{accountId}', accountId.toString())
|
|
107
|
+
.replace('{resourceType}', resource.type)
|
|
108
|
+
.replace('{resourceId}', resource.id.toString()),
|
|
109
|
+
},
|
|
110
|
+
method: 'DELETE',
|
|
111
|
+
headers: {
|
|
112
|
+
'Content-Type': 'application/json',
|
|
113
|
+
...attributionHeaders,
|
|
114
|
+
},
|
|
115
|
+
body: JSON.stringify({ keys: attributeKeys }),
|
|
116
|
+
}, this.fetchOptions);
|
|
117
|
+
}
|
|
118
|
+
catch (err) {
|
|
119
|
+
if (err instanceof mondayFetchApi.HttpFetcherError) {
|
|
120
|
+
throw new Error(constants.ERROR_MESSAGES.REQUEST_FAILED('deleteResourceAttributes', err.status, err.message));
|
|
121
|
+
}
|
|
122
|
+
throw err;
|
|
123
|
+
}
|
|
67
124
|
}
|
|
68
125
|
/**
|
|
69
126
|
* Async function, this function only send the updates request to SNS and return before the change actually took place
|
|
@@ -73,8 +130,8 @@ class AuthorizationAttributesService {
|
|
|
73
130
|
* @param resourceAttributeOperations - Array of operations to do on resource attributes.
|
|
74
131
|
* @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
|
|
75
132
|
* */
|
|
76
|
-
|
|
77
|
-
const topicArn = this.
|
|
133
|
+
async updateResourceAttributesAsync(accountId, appName, callerActionIdentifier, resourceAttributeOperations) {
|
|
134
|
+
const topicArn = this.snsArn;
|
|
78
135
|
const sendToSnsPromises = [];
|
|
79
136
|
const operationChucks = chunk__default.default(resourceAttributeOperations, constants_sns.ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE);
|
|
80
137
|
for (const operationsChunk of operationChucks) {
|
|
@@ -82,7 +139,7 @@ class AuthorizationAttributesService {
|
|
|
82
139
|
}
|
|
83
140
|
return (await Promise.all(sendToSnsPromises)).flat();
|
|
84
141
|
}
|
|
85
|
-
|
|
142
|
+
async sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operations) {
|
|
86
143
|
const payload = {
|
|
87
144
|
kind: constants_sns.RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND,
|
|
88
145
|
payload: {
|
|
@@ -97,7 +154,7 @@ class AuthorizationAttributesService {
|
|
|
97
154
|
return operations;
|
|
98
155
|
}
|
|
99
156
|
catch (error) {
|
|
100
|
-
authorizationInternalService.logger.error({ error, tag:
|
|
157
|
+
authorizationInternalService.logger.error({ error, tag: AuthorizationAttributesService.LOG_TAG }, 'Authorization resource attributes async update: failed to send operations to SNS');
|
|
101
158
|
return [];
|
|
102
159
|
}
|
|
103
160
|
}
|
|
@@ -113,9 +170,6 @@ class AuthorizationAttributesService {
|
|
|
113
170
|
}
|
|
114
171
|
throw new Error('Unable to get sns topic arn from env variable');
|
|
115
172
|
}
|
|
116
|
-
static getResourceAttributesUrl(accountId) {
|
|
117
|
-
return `${process.env.AUTHORIZATION_URL}/attributes/${accountId}/resource`;
|
|
118
|
-
}
|
|
119
173
|
/**
|
|
120
174
|
* Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
|
|
121
175
|
* This function can be used as health check for services that updating resource attributes in async is crucial.
|
|
@@ -124,18 +178,18 @@ class AuthorizationAttributesService {
|
|
|
124
178
|
* However, this is the best we can do without actually push dummy messages to the SNS.
|
|
125
179
|
* @return {Promise<boolean>} - true if succeeded
|
|
126
180
|
*/
|
|
127
|
-
|
|
181
|
+
async asyncResourceAttributesHealthCheck() {
|
|
128
182
|
try {
|
|
129
|
-
const requestedTopicArn = this.
|
|
183
|
+
const requestedTopicArn = this.snsArn;
|
|
130
184
|
const attributes = await mondaySns.getTopicAttributes(requestedTopicArn);
|
|
131
185
|
const isHealthy = !(!attributes || !('TopicArn' in attributes) || attributes.TopicArn !== requestedTopicArn);
|
|
132
186
|
if (!isHealthy) {
|
|
133
|
-
authorizationInternalService.logger.error({ requestedTopicArn, snsReturnedAttributes: attributes, tag:
|
|
187
|
+
authorizationInternalService.logger.error({ requestedTopicArn, snsReturnedAttributes: attributes, tag: AuthorizationAttributesService.LOG_TAG }, 'authorization-attributes-service failed in health check');
|
|
134
188
|
}
|
|
135
189
|
return isHealthy;
|
|
136
190
|
}
|
|
137
191
|
catch (error) {
|
|
138
|
-
authorizationInternalService.logger.error({ error, tag:
|
|
192
|
+
authorizationInternalService.logger.error({ error, tag: AuthorizationAttributesService.LOG_TAG }, 'authorization-attributes-service got error during health check');
|
|
139
193
|
return false;
|
|
140
194
|
}
|
|
141
195
|
}
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
export declare const APP_NAME = "authorization";
|
|
2
|
+
export declare const ERROR_MESSAGES: {
|
|
3
|
+
readonly HTTP_CLIENT_NOT_INITIALIZED: "MondayAuthorization: HTTP client is not initialized";
|
|
4
|
+
readonly REQUEST_FAILED: (method: string, status: number, reason: string) => string;
|
|
5
|
+
};
|
|
6
|
+
//# sourceMappingURL=constants.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,QAAQ,kBAAkB,CAAC;AAExC,eAAO,MAAM,cAAc;;sCAEA,MAAM,UAAU,MAAM,UAAU,MAAM;CAEvD,CAAC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
|
|
2
|
+
|
|
3
|
+
const APP_NAME = 'authorization';
|
|
4
|
+
const ERROR_MESSAGES = {
|
|
5
|
+
HTTP_CLIENT_NOT_INITIALIZED: 'MondayAuthorization: HTTP client is not initialized',
|
|
6
|
+
REQUEST_FAILED: (method, status, reason) => `MondayAuthorization: [${method}] request failed with status ${status} with reason: ${reason}`,
|
|
7
|
+
};
|
|
8
|
+
|
|
9
|
+
exports.APP_NAME = APP_NAME;
|
|
10
|
+
exports.ERROR_MESSAGES = ERROR_MESSAGES;
|
|
@@ -1,25 +1,35 @@
|
|
|
1
|
+
import { FetcherConfig, HttpClient } from '@mondaydotcomorg/trident-backend-api';
|
|
2
|
+
import { RecursivePartial } from '@mondaydotcomorg/monday-fetch-api';
|
|
1
3
|
import { ResourceAttributeAssignment, ResourceAttributeResponse, ResourceAttributesOperation } from './types/authorization-attributes-contracts';
|
|
2
4
|
import { Resource } from './types/general';
|
|
3
5
|
export declare class AuthorizationAttributesService {
|
|
4
6
|
private static LOG_TAG;
|
|
7
|
+
private static API_PATHS;
|
|
8
|
+
private httpClient;
|
|
9
|
+
private fetchOptions;
|
|
10
|
+
private snsArn;
|
|
11
|
+
/**
|
|
12
|
+
* Public constructor to create the AuthorizationAttributesService instance.
|
|
13
|
+
* @param httpClient The HTTP client to use for API requests, if not provided, the default HTTP client from Api will be used.
|
|
14
|
+
* @param fetchOptions The fetch options to use for API requests, if not provided, the default fetch options will be used.
|
|
15
|
+
*/
|
|
16
|
+
constructor(httpClient?: HttpClient, fetchOptions?: RecursivePartial<FetcherConfig>);
|
|
5
17
|
/**
|
|
6
18
|
* Upsert resource attributes synchronously, performing http call to the authorization MS to assign the given attributes to the given resource.
|
|
7
19
|
* @param accountId
|
|
8
|
-
* @param userId
|
|
9
20
|
* @param resourceAttributeAssignments - Array of resource (resourceType, resourceId) and attribute (key, value) pairs to upsert in the authorization MS.
|
|
10
21
|
* e.g. [{ resourceType: 'board', resourceId: 123, key: 'board_kind', value: 'private' }]
|
|
11
22
|
* @returns ResourceAttributeResponse - The affected (created and updated_ resource attributes assignments in the `attributes` field.
|
|
12
23
|
*/
|
|
13
|
-
|
|
24
|
+
upsertResourceAttributes(accountId: number, resourceAttributeAssignments: ResourceAttributeAssignment[]): Promise<ResourceAttributeResponse>;
|
|
14
25
|
/**
|
|
15
26
|
* Delete resource attributes assignments synchronously, performing http call to the authorization MS to delete the given attributes from the given singular resource.
|
|
16
27
|
* @param accountId
|
|
17
|
-
* @param userId
|
|
18
28
|
* @param resource - The resource (resourceType, resourceId) to delete the attributes for.
|
|
19
29
|
* @param attributeKeys - Array of attribute keys to delete for the resource.
|
|
20
30
|
* @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
|
|
21
31
|
*/
|
|
22
|
-
|
|
32
|
+
deleteResourceAttributes(accountId: number, resource: Resource, attributeKeys: string[]): Promise<ResourceAttributeResponse>;
|
|
23
33
|
/**
|
|
24
34
|
* Async function, this function only send the updates request to SNS and return before the change actually took place
|
|
25
35
|
* @param accountId
|
|
@@ -28,10 +38,9 @@ export declare class AuthorizationAttributesService {
|
|
|
28
38
|
* @param resourceAttributeOperations - Array of operations to do on resource attributes.
|
|
29
39
|
* @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
|
|
30
40
|
* */
|
|
31
|
-
|
|
32
|
-
private
|
|
41
|
+
updateResourceAttributesAsync(accountId: number, appName: string, callerActionIdentifier: string, resourceAttributeOperations: ResourceAttributesOperation[]): Promise<ResourceAttributesOperation[]>;
|
|
42
|
+
private sendSingleSnsMessage;
|
|
33
43
|
private static getSnsTopicArn;
|
|
34
|
-
private static getResourceAttributesUrl;
|
|
35
44
|
/**
|
|
36
45
|
* Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
|
|
37
46
|
* This function can be used as health check for services that updating resource attributes in async is crucial.
|
|
@@ -40,6 +49,6 @@ export declare class AuthorizationAttributesService {
|
|
|
40
49
|
* However, this is the best we can do without actually push dummy messages to the SNS.
|
|
41
50
|
* @return {Promise<boolean>} - true if succeeded
|
|
42
51
|
*/
|
|
43
|
-
|
|
52
|
+
asyncResourceAttributesHealthCheck(): Promise<boolean>;
|
|
44
53
|
}
|
|
45
54
|
//# sourceMappingURL=authorization-attributes-service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization-attributes-service.d.ts","sourceRoot":"","sources":["../../src/authorization-attributes-service.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"authorization-attributes-service.d.ts","sourceRoot":"","sources":["../../src/authorization-attributes-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAO,aAAa,EAAE,UAAU,EAAE,MAAM,sCAAsC,CAAC;AAEtF,OAAO,EAAoB,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACvF,OAAO,EACL,2BAA2B,EAC3B,yBAAyB,EACzB,2BAA2B,EAC5B,MAAM,4CAA4C,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAwB3C,qBAAa,8BAA8B;IACzC,OAAO,CAAC,MAAM,CAAC,OAAO,CAA8B;IACpD,OAAO,CAAC,MAAM,CAAC,SAAS,CAGb;IACX,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,YAAY,CAAkC;IACtD,OAAO,CAAC,MAAM,CAAS;IAEvB;;;;OAIG;gBACS,UAAU,CAAC,EAAE,UAAU,EAAE,YAAY,CAAC,EAAE,gBAAgB,CAAC,aAAa,CAAC;IAqBnF;;;;;;OAMG;IACG,wBAAwB,CAC5B,SAAS,EAAE,MAAM,EACjB,4BAA4B,EAAE,2BAA2B,EAAE,GAC1D,OAAO,CAAC,yBAAyB,CAAC;IA6BrC;;;;;;OAMG;IACG,wBAAwB,CAC5B,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,QAAQ,EAClB,aAAa,EAAE,MAAM,EAAE,GACtB,OAAO,CAAC,yBAAyB,CAAC;IA+BrC;;;;;;;UAOM;IACA,6BAA6B,CACjC,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,sBAAsB,EAAE,MAAM,EAC9B,2BAA2B,EAAE,2BAA2B,EAAE,GACzD,OAAO,CAAC,2BAA2B,EAAE,CAAC;YAY3B,oBAAoB;IA4BlC,OAAO,CAAC,MAAM,CAAC,cAAc;IAe7B;;;;;;;OAOG;IACG,kCAAkC,IAAI,OAAO,CAAC,OAAO,CAAC;CAoB7D"}
|
|
@@ -1,63 +1,120 @@
|
|
|
1
1
|
import chunk from 'lodash/chunk.js';
|
|
2
|
-
import { fetch } from '@mondaydotcomorg/monday-fetch';
|
|
3
2
|
import { Api } from '@mondaydotcomorg/trident-backend-api';
|
|
4
3
|
import { sendToSns, getTopicAttributes } from '@mondaydotcomorg/monday-sns';
|
|
5
|
-
import {
|
|
4
|
+
import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
|
|
5
|
+
import { logger } from './authorization-internal-service.mjs';
|
|
6
6
|
import { getAttributionsFromApi } from './attributions-service.mjs';
|
|
7
7
|
import { ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE, RESOURCE_ATTRIBUTES_SNS_ARN_SECRET_NAME, RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND } from './constants/sns.mjs';
|
|
8
|
+
import { ERROR_MESSAGES, APP_NAME } from './constants.mjs';
|
|
8
9
|
|
|
10
|
+
function getDefaultFetchOptions() {
|
|
11
|
+
return {
|
|
12
|
+
retryPolicy: {
|
|
13
|
+
useRetries: true,
|
|
14
|
+
maxRetries: 3,
|
|
15
|
+
retryDelayMS: 10,
|
|
16
|
+
},
|
|
17
|
+
logPolicy: {
|
|
18
|
+
logErrors: 'error',
|
|
19
|
+
logRequests: 'info',
|
|
20
|
+
},
|
|
21
|
+
};
|
|
22
|
+
}
|
|
9
23
|
class AuthorizationAttributesService {
|
|
10
24
|
static LOG_TAG = 'authorization_attributes';
|
|
25
|
+
static API_PATHS = {
|
|
26
|
+
UPSERT_RESOURCE_ATTRIBUTES: '/attributes/{accountId}/resource',
|
|
27
|
+
DELETE_RESOURCE_ATTRIBUTES: '/attributes/{accountId}/resource/{resourceType}/{resourceId}',
|
|
28
|
+
};
|
|
29
|
+
httpClient;
|
|
30
|
+
fetchOptions;
|
|
31
|
+
snsArn;
|
|
32
|
+
/**
|
|
33
|
+
* Public constructor to create the AuthorizationAttributesService instance.
|
|
34
|
+
* @param httpClient The HTTP client to use for API requests, if not provided, the default HTTP client from Api will be used.
|
|
35
|
+
* @param fetchOptions The fetch options to use for API requests, if not provided, the default fetch options will be used.
|
|
36
|
+
*/
|
|
37
|
+
constructor(httpClient, fetchOptions) {
|
|
38
|
+
if (!httpClient) {
|
|
39
|
+
httpClient = Api.getPart('httpClient');
|
|
40
|
+
if (!httpClient) {
|
|
41
|
+
throw new Error(ERROR_MESSAGES.HTTP_CLIENT_NOT_INITIALIZED);
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
if (!fetchOptions) {
|
|
45
|
+
fetchOptions = getDefaultFetchOptions();
|
|
46
|
+
}
|
|
47
|
+
else {
|
|
48
|
+
fetchOptions = {
|
|
49
|
+
...getDefaultFetchOptions(),
|
|
50
|
+
...fetchOptions,
|
|
51
|
+
};
|
|
52
|
+
}
|
|
53
|
+
this.httpClient = httpClient;
|
|
54
|
+
this.fetchOptions = fetchOptions;
|
|
55
|
+
this.snsArn = AuthorizationAttributesService.getSnsTopicArn();
|
|
56
|
+
}
|
|
11
57
|
/**
|
|
12
58
|
* Upsert resource attributes synchronously, performing http call to the authorization MS to assign the given attributes to the given resource.
|
|
13
59
|
* @param accountId
|
|
14
|
-
* @param userId
|
|
15
60
|
* @param resourceAttributeAssignments - Array of resource (resourceType, resourceId) and attribute (key, value) pairs to upsert in the authorization MS.
|
|
16
61
|
* e.g. [{ resourceType: 'board', resourceId: 123, key: 'board_kind', value: 'private' }]
|
|
17
62
|
* @returns ResourceAttributeResponse - The affected (created and updated_ resource attributes assignments in the `attributes` field.
|
|
18
63
|
*/
|
|
19
|
-
|
|
20
|
-
const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
|
|
64
|
+
async upsertResourceAttributes(accountId, resourceAttributeAssignments) {
|
|
21
65
|
const attributionHeaders = getAttributionsFromApi();
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
66
|
+
try {
|
|
67
|
+
return await this.httpClient.fetch({
|
|
68
|
+
url: {
|
|
69
|
+
appName: APP_NAME,
|
|
70
|
+
path: AuthorizationAttributesService.API_PATHS.UPSERT_RESOURCE_ATTRIBUTES.replace('{accountId}', accountId.toString()),
|
|
71
|
+
},
|
|
72
|
+
method: 'POST',
|
|
73
|
+
headers: {
|
|
74
|
+
'Content-Type': 'application/json',
|
|
75
|
+
...attributionHeaders,
|
|
76
|
+
},
|
|
77
|
+
body: JSON.stringify({ resourceAttributeAssignments }),
|
|
78
|
+
}, this.fetchOptions);
|
|
79
|
+
}
|
|
80
|
+
catch (err) {
|
|
81
|
+
if (err instanceof HttpFetcherError) {
|
|
82
|
+
throw new Error(ERROR_MESSAGES.REQUEST_FAILED('upsertResourceAttributes', err.status, err.message));
|
|
83
|
+
}
|
|
84
|
+
throw err;
|
|
85
|
+
}
|
|
35
86
|
}
|
|
36
87
|
/**
|
|
37
88
|
* Delete resource attributes assignments synchronously, performing http call to the authorization MS to delete the given attributes from the given singular resource.
|
|
38
89
|
* @param accountId
|
|
39
|
-
* @param userId
|
|
40
90
|
* @param resource - The resource (resourceType, resourceId) to delete the attributes for.
|
|
41
91
|
* @param attributeKeys - Array of attribute keys to delete for the resource.
|
|
42
92
|
* @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
|
|
43
93
|
*/
|
|
44
|
-
|
|
45
|
-
const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
|
|
46
|
-
const url = `${this.getResourceAttributesUrl(accountId)}/${resource.type}/${resource.id}`;
|
|
94
|
+
async deleteResourceAttributes(accountId, resource, attributeKeys) {
|
|
47
95
|
const attributionHeaders = getAttributionsFromApi();
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
96
|
+
try {
|
|
97
|
+
return await this.httpClient.fetch({
|
|
98
|
+
url: {
|
|
99
|
+
appName: APP_NAME,
|
|
100
|
+
path: AuthorizationAttributesService.API_PATHS.DELETE_RESOURCE_ATTRIBUTES.replace('{accountId}', accountId.toString())
|
|
101
|
+
.replace('{resourceType}', resource.type)
|
|
102
|
+
.replace('{resourceId}', resource.id.toString()),
|
|
103
|
+
},
|
|
104
|
+
method: 'DELETE',
|
|
105
|
+
headers: {
|
|
106
|
+
'Content-Type': 'application/json',
|
|
107
|
+
...attributionHeaders,
|
|
108
|
+
},
|
|
109
|
+
body: JSON.stringify({ keys: attributeKeys }),
|
|
110
|
+
}, this.fetchOptions);
|
|
111
|
+
}
|
|
112
|
+
catch (err) {
|
|
113
|
+
if (err instanceof HttpFetcherError) {
|
|
114
|
+
throw new Error(ERROR_MESSAGES.REQUEST_FAILED('deleteResourceAttributes', err.status, err.message));
|
|
115
|
+
}
|
|
116
|
+
throw err;
|
|
117
|
+
}
|
|
61
118
|
}
|
|
62
119
|
/**
|
|
63
120
|
* Async function, this function only send the updates request to SNS and return before the change actually took place
|
|
@@ -67,8 +124,8 @@ class AuthorizationAttributesService {
|
|
|
67
124
|
* @param resourceAttributeOperations - Array of operations to do on resource attributes.
|
|
68
125
|
* @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
|
|
69
126
|
* */
|
|
70
|
-
|
|
71
|
-
const topicArn = this.
|
|
127
|
+
async updateResourceAttributesAsync(accountId, appName, callerActionIdentifier, resourceAttributeOperations) {
|
|
128
|
+
const topicArn = this.snsArn;
|
|
72
129
|
const sendToSnsPromises = [];
|
|
73
130
|
const operationChucks = chunk(resourceAttributeOperations, ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE);
|
|
74
131
|
for (const operationsChunk of operationChucks) {
|
|
@@ -76,7 +133,7 @@ class AuthorizationAttributesService {
|
|
|
76
133
|
}
|
|
77
134
|
return (await Promise.all(sendToSnsPromises)).flat();
|
|
78
135
|
}
|
|
79
|
-
|
|
136
|
+
async sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operations) {
|
|
80
137
|
const payload = {
|
|
81
138
|
kind: RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND,
|
|
82
139
|
payload: {
|
|
@@ -91,7 +148,7 @@ class AuthorizationAttributesService {
|
|
|
91
148
|
return operations;
|
|
92
149
|
}
|
|
93
150
|
catch (error) {
|
|
94
|
-
logger.error({ error, tag:
|
|
151
|
+
logger.error({ error, tag: AuthorizationAttributesService.LOG_TAG }, 'Authorization resource attributes async update: failed to send operations to SNS');
|
|
95
152
|
return [];
|
|
96
153
|
}
|
|
97
154
|
}
|
|
@@ -107,9 +164,6 @@ class AuthorizationAttributesService {
|
|
|
107
164
|
}
|
|
108
165
|
throw new Error('Unable to get sns topic arn from env variable');
|
|
109
166
|
}
|
|
110
|
-
static getResourceAttributesUrl(accountId) {
|
|
111
|
-
return `${process.env.AUTHORIZATION_URL}/attributes/${accountId}/resource`;
|
|
112
|
-
}
|
|
113
167
|
/**
|
|
114
168
|
* Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
|
|
115
169
|
* This function can be used as health check for services that updating resource attributes in async is crucial.
|
|
@@ -118,18 +172,18 @@ class AuthorizationAttributesService {
|
|
|
118
172
|
* However, this is the best we can do without actually push dummy messages to the SNS.
|
|
119
173
|
* @return {Promise<boolean>} - true if succeeded
|
|
120
174
|
*/
|
|
121
|
-
|
|
175
|
+
async asyncResourceAttributesHealthCheck() {
|
|
122
176
|
try {
|
|
123
|
-
const requestedTopicArn = this.
|
|
177
|
+
const requestedTopicArn = this.snsArn;
|
|
124
178
|
const attributes = await getTopicAttributes(requestedTopicArn);
|
|
125
179
|
const isHealthy = !(!attributes || !('TopicArn' in attributes) || attributes.TopicArn !== requestedTopicArn);
|
|
126
180
|
if (!isHealthy) {
|
|
127
|
-
logger.error({ requestedTopicArn, snsReturnedAttributes: attributes, tag:
|
|
181
|
+
logger.error({ requestedTopicArn, snsReturnedAttributes: attributes, tag: AuthorizationAttributesService.LOG_TAG }, 'authorization-attributes-service failed in health check');
|
|
128
182
|
}
|
|
129
183
|
return isHealthy;
|
|
130
184
|
}
|
|
131
185
|
catch (error) {
|
|
132
|
-
logger.error({ error, tag:
|
|
186
|
+
logger.error({ error, tag: AuthorizationAttributesService.LOG_TAG }, 'authorization-attributes-service got error during health check');
|
|
133
187
|
return false;
|
|
134
188
|
}
|
|
135
189
|
}
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
export declare const APP_NAME = "authorization";
|
|
2
|
+
export declare const ERROR_MESSAGES: {
|
|
3
|
+
readonly HTTP_CLIENT_NOT_INITIALIZED: "MondayAuthorization: HTTP client is not initialized";
|
|
4
|
+
readonly REQUEST_FAILED: (method: string, status: number, reason: string) => string;
|
|
5
|
+
};
|
|
6
|
+
//# sourceMappingURL=constants.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,QAAQ,kBAAkB,CAAC;AAExC,eAAO,MAAM,cAAc;;sCAEA,MAAM,UAAU,MAAM,UAAU,MAAM;CAEvD,CAAC"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
const APP_NAME = 'authorization';
|
|
2
|
+
const ERROR_MESSAGES = {
|
|
3
|
+
HTTP_CLIENT_NOT_INITIALIZED: 'MondayAuthorization: HTTP client is not initialized',
|
|
4
|
+
REQUEST_FAILED: (method, status, reason) => `MondayAuthorization: [${method}] request failed with status ${status} with reason: ${reason}`,
|
|
5
|
+
};
|
|
6
|
+
|
|
7
|
+
export { APP_NAME, ERROR_MESSAGES };
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@mondaydotcomorg/monday-authorization",
|
|
3
|
-
"version": "2.1.1-feature-bashanye-
|
|
3
|
+
"version": "2.1.1-feature-bashanye-remove-authorization-url-secret-usage.04a9d3c",
|
|
4
4
|
"main": "dist/index.js",
|
|
5
5
|
"types": "dist/index.d.ts",
|
|
6
6
|
"license": "BSD-3-Clause",
|