@mondaydotcomorg/monday-authorization 3.3.1 → 3.4.0-feature-bashanye-add-membership-create-delete-api-9ba3b16

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAInE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;IAChD,OAAO,CAAC,EAAE;QACR,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,QAAQ,CAAC,EAAE,OAAO,CAAC;KACpB,CAAC;CACH;AAED,wBAAsB,IAAI,CAAC,OAAO,GAAE,WAAgB,iBAuBnD;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,EACL,WAAW,EACX,YAAY,EACZ,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAErH,OAAO,EAAE,OAAO,EAAE,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAqB,aAAa,EAAE,MAAM,mBAAmB,CAAC;AACrE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,UAAU,kBAAkB;IAC1B,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;IAChD,OAAO,CAAC,EAAE,kBAAkB,CAAC;CAC9B;AAED,wBAAsB,IAAI,CAAC,OAAO,GAAE,WAAgB,iBA6BnD;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,EACL,WAAW,EACX,YAAY,EACZ,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAErH,OAAO,EAAE,OAAO,EAAE,CAAC"}

package/dist/index.js

@@ -7,19 +7,27 @@ const testKit_index = require('./testKit/index.js');
 const authorizationMiddleware = require('./authorization-middleware.js');
 const authorizationAttributesService = require('./authorization-attributes-service.js');
 const rolesService = require('./roles-service.js');
+const memberships = require('./memberships.js');
 const types_roles = require('./types/roles.js');
 
 async function init(options = {}) {
     if (options.prometheus) {
         prometheusService.setPrometheus(options.prometheus);
     }
-    const resolvedDisabled = options.metrics?.disabled ?? ['test', 'development'].includes((process.env.NODE_ENV ?? '').toLowerCase());
-    metricsService.initializeMetrics({
-        serviceName: options.metrics?.serviceName ?? process.env.APP_NAME ?? 'authorization-sdk',
-        host: options.metrics?.host,
-        port: options.metrics?.port,
-        disabled: resolvedDisabled,
-    });
+    if (options.metrics) {
+        if (options.metrics.client) {
+            metricsService.initializeMetrics({ client: options.metrics.client });
+        }
+        else {
+            const resolvedDisabled = options.metrics.disabled ?? ['test', 'development'].includes((process.env.NODE_ENV ?? '').toLowerCase());
+            metricsService.initializeMetrics({
+                serviceName: options.metrics.serviceName ?? process.env.APP_NAME ?? 'authorization-sdk',
+                host: options.metrics.host,
+                port: options.metrics.port,
+                disabled: resolvedDisabled,
+            });
+        }
+    }
     if (options.mondayFetchOptions) {
         authorizationService.setRequestFetchOptions(options.mondayFetchOptions);
     }
@@ -37,6 +45,7 @@ exports.getAuthorizationMiddleware = authorizationMiddleware.getAuthorizationMid
 exports.skipAuthorizationMiddleware = authorizationMiddleware.skipAuthorizationMiddleware;
 exports.AuthorizationAttributesService = authorizationAttributesService.AuthorizationAttributesService;
 exports.RolesService = rolesService.RolesService;
+exports.MembershipsService = memberships.MembershipsService;
 Object.defineProperty(exports, 'RoleType', {
 enumerable: true,
 get: () => types_roles.RoleType

package/dist/memberships.d.ts

@@ -0,0 +1,30 @@
+import { FetcherConfig, HttpClient } from '@mondaydotcomorg/trident-backend-api';
+import { RecursivePartial } from '@mondaydotcomorg/monday-fetch-api';
+import { MembershipCreateResponse, MembershipDeleteResponse, MembershipForCreate, MembershipForDelete } from './types/memberships';
+export declare class MembershipsService {
+    private static API_PATHS;
+    private httpClient;
+    private fetchOptions;
+    /**
+     * Public constructor to create the AuthorizationAttributesService instance.
+     * @param httpClient The HTTP client to use for API requests, if not provided, the default HTTP client from Api will be used.
+     * @param fetchOptions The fetch options to use for API requests, if not provided, the default fetch options will be used.
+     */
+    constructor(httpClient?: HttpClient, fetchOptions?: RecursivePartial<FetcherConfig>);
+    /**
+     * Upsert memberships synchronously, performing http call to the authorization MS to assign the given memberships.
+     * @param accountId
+     * @param memberships - Array of memberships to upsert
+     * @returns MembershipCreateResponse - The affected (created and updated) memberships.
+     */
+    upsertMemberships(accountId: number, memberships: MembershipForCreate[]): Promise<MembershipCreateResponse>;
+    /**
+     * Delete memberships synchronously, performing http call to the authorization MS to delete the given memberships.
+     * @param accountId
+     * @param resource - The resource (resourceType, resourceId) to delete the attributes for.
+     * @param attributeKeys - Array of attribute keys to delete for the resource.
+     * @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
+     */
+    deleteMemberships(accountId: number, memberships: MembershipForDelete[]): Promise<MembershipDeleteResponse>;
+}
+//# sourceMappingURL=memberships.d.ts.map

package/dist/memberships.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"memberships.d.ts","sourceRoot":"","sources":["../src/memberships.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,aAAa,EAAE,UAAU,EAAE,MAAM,sCAAsC,CAAC;AACtF,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACrE,OAAO,EACL,wBAAwB,EACxB,wBAAwB,EACxB,mBAAmB,EACnB,mBAAmB,EACpB,MAAM,mBAAmB,CAAC;AAM3B,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAAC,SAAS,CAGb;IACX,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,YAAY,CAAkC;IAEtD;;;;OAIG;gBACS,UAAU,CAAC,EAAE,UAAU,EAAE,YAAY,CAAC,EAAE,gBAAgB,CAAC,aAAa,CAAC;IAoBnF;;;;;OAKG;IACG,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC,wBAAwB,CAAC;IA0BjH;;;;;;OAMG;IACG,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC,wBAAwB,CAAC;CAyBlH"}

package/dist/memberships.js

@@ -0,0 +1,100 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+
+const tridentBackendApi = require('@mondaydotcomorg/trident-backend-api');
+const utils_apiErrorHandler = require('./utils/api-error-handler.js');
+const attributionsService = require('./attributions-service.js');
+const constants = require('./constants.js');
+
+class MembershipsService {
+    static API_PATHS = {
+        UPSERT_RESOURCE_ATTRIBUTES: '/memberships/{accountId}',
+        DELETE_RESOURCE_ATTRIBUTES: '/memberships/{accountId}',
+    };
+    httpClient;
+    fetchOptions;
+    /**
+     * Public constructor to create the AuthorizationAttributesService instance.
+     * @param httpClient The HTTP client to use for API requests, if not provided, the default HTTP client from Api will be used.
+     * @param fetchOptions The fetch options to use for API requests, if not provided, the default fetch options will be used.
+     */
+    constructor(httpClient, fetchOptions) {
+        if (!httpClient) {
+            httpClient = tridentBackendApi.Api.getPart('httpClient');
+            if (!httpClient) {
+                throw new Error(constants.ERROR_MESSAGES.HTTP_CLIENT_NOT_INITIALIZED);
+            }
+        }
+        if (!fetchOptions) {
+            fetchOptions = constants.DEFAULT_FETCH_OPTIONS;
+        }
+        else {
+            fetchOptions = {
+                ...constants.DEFAULT_FETCH_OPTIONS,
+                ...fetchOptions,
+            };
+        }
+        this.httpClient = httpClient;
+        this.fetchOptions = fetchOptions;
+    }
+    /**
+     * Upsert memberships synchronously, performing http call to the authorization MS to assign the given memberships.
+     * @param accountId
+     * @param memberships - Array of memberships to upsert
+     * @returns MembershipCreateResponse - The affected (created and updated) memberships.
+     */
+    async upsertMemberships(accountId, memberships) {
+        const attributionHeaders = attributionsService.getAttributionsFromApi();
+        try {
+            return await this.httpClient.fetch({
+                url: {
+                    appName: constants.APP_NAME,
+                    path: MembershipsService.API_PATHS.UPSERT_RESOURCE_ATTRIBUTES.replace('{accountId}', accountId.toString()),
+                },
+                method: 'PUT',
+                query: {
+                    useAStyleRoleId: 'true',
+                },
+                headers: {
+                    'Content-Type': 'application/json',
+                    ...attributionHeaders,
+                },
+                body: JSON.stringify({ memberships }),
+            }, this.fetchOptions);
+        }
+        catch (err) {
+            return utils_apiErrorHandler.handleApiError(err, 'authorization', 'upsertMemberships');
+        }
+    }
+    /**
+     * Delete memberships synchronously, performing http call to the authorization MS to delete the given memberships.
+     * @param accountId
+     * @param resource - The resource (resourceType, resourceId) to delete the attributes for.
+     * @param attributeKeys - Array of attribute keys to delete for the resource.
+     * @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
+     */
+    async deleteMemberships(accountId, memberships) {
+        const attributionHeaders = attributionsService.getAttributionsFromApi();
+        try {
+            return await this.httpClient.fetch({
+                url: {
+                    appName: constants.APP_NAME,
+                    path: MembershipsService.API_PATHS.DELETE_RESOURCE_ATTRIBUTES.replace('{accountId}', accountId.toString()),
+                },
+                method: 'DELETE',
+                query: {
+                    useAStyleRoleId: 'true',
+                },
+                headers: {
+                    'Content-Type': 'application/json',
+                    ...attributionHeaders,
+                },
+                body: JSON.stringify({ memberships }),
+            }, this.fetchOptions);
+        }
+        catch (err) {
+            return utils_apiErrorHandler.handleApiError(err, 'authorization', 'deleteMemberships');
+        }
+    }
+}
+
+exports.MembershipsService = MembershipsService;

package/dist/metrics-service.d.ts

@@ -1,12 +1,15 @@
-type ApiType = 'platform' | 'graph';
+import { Metric } from '@mondaydotcomorg/monday-observability-kit';
+type ApiType = 'platform' | 'graph' | 'authorization';
+export type MetricsClient = Pick<typeof Metric, 'distribution' | 'increment'>;
 interface InitializeMetricsOptions {
-    serviceName: string;
+    client?: MetricsClient;
+    serviceName?: string;
     host?: string;
     port?: number;
     disabled?: boolean;
 }
 export declare function initializeMetrics(options: InitializeMetricsOptions): void;
-export declare function recordAuthorizationTiming(apiType: ApiType, duration: number): void;
-export declare function recordAuthorizationError(apiType: ApiType, statusCode: number): void;
+export declare function recordAuthorizationTiming(apiType: ApiType, duration: number, placement: string): void;
+export declare function recordAuthorizationError(apiType: ApiType, statusCode: number, placement: string): void;
 export {};
 //# sourceMappingURL=metrics-service.d.ts.map

package/dist/metrics-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"metrics-service.d.ts","sourceRoot":"","sources":["../src/metrics-service.ts"],"names":[],"mappings":"AAGA,KAAK,OAAO,GAAG,UAAU,GAAG,OAAO,CAAC;AAEpC,UAAU,wBAAwB;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAID,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,wBAAwB,GAAG,IAAI,CA4BzE;AAED,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI,CAUlF;AAED,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,GAAG,IAAI,CAUnF"}
+{"version":3,"file":"metrics-service.d.ts","sourceRoot":"","sources":["../src/metrics-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AAGnE,KAAK,OAAO,GAAG,UAAU,GAAG,OAAO,GAAG,eAAe,CAAC;AAEtD,MAAM,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,MAAM,EAAE,cAAc,GAAG,WAAW,CAAC,CAAC;AAE9E,UAAU,wBAAwB;IAChC,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAID,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,wBAAwB,GAAG,IAAI,CAiCzE;AAED,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI,CAoBrG;AAED,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI,CAwBtG"}

package/dist/metrics-service.js

@@ -3,17 +3,21 @@ Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
 const mondayObservabilityKit = require('@mondaydotcomorg/monday-observability-kit');
 const authorizationInternalService = require('./authorization-internal-service.js');
 
-let initialized = false;
+let metricsClient = null;
 function initializeMetrics(options) {
-    if (initialized) {
+    if (metricsClient) {
+        return;
+    }
+    if (options.client) {
+        metricsClient = options.client;
         return;
     }
     const { serviceName } = options;
     if (!serviceName) {
-        authorizationInternalService.logger.warn({ tag: 'metrics-service' }, 'Metrics initialization skipped: serviceName is missing');
+        authorizationInternalService.logger.warn({ tag: 'monday-authorization-sdk' }, 'Metrics initialization skipped: serviceName is missing');
         return;
     }
-    const resolvedHost = options.host ?? process.env.DOGSTATSD_HOST ?? 'localhost';
+    const resolvedHost = options.host ?? process.env.HOST_IP ?? 'localhost';
     const envPort = process.env.DOGSTATSD_PORT ? Number(process.env.DOGSTATSD_PORT) : undefined;
     const resolvedPort = options.port ?? (Number.isFinite(envPort ?? NaN) ? envPort : undefined) ?? 8125;
     const resolvedDisabled = options.disabled ?? ['test', 'development'].includes((process.env.NODE_ENV ?? '').toLowerCase());
@@ -24,32 +28,46 @@ function initializeMetrics(options) {
             port: resolvedPort,
             disabled: resolvedDisabled,
         });
-        initialized = true;
+        metricsClient = mondayObservabilityKit.Metric;
     }
     catch (error) {
-        authorizationInternalService.logger.warn({ tag: 'metrics-service', error }, 'Failed to initialize metrics');
+        authorizationInternalService.logger.warn({ tag: 'monday-authorization-sdk', error }, 'Failed to initialize metrics');
     }
 }
-function recordAuthorizationTiming(apiType, duration) {
-    if (!initialized) {
+function recordAuthorizationTiming(apiType, duration, placement) {
+    if (!metricsClient) {
         return;
     }
     try {
-        mondayObservabilityKit.Metric.distribution(`authorization.authorizationCheck.${apiType}.duration`, duration);
+        metricsClient.distribution(`authorization.authorizationCheck.${apiType}.${placement}.duration`, duration);
     }
-    catch {
-        // ignore metric emission failures
+    catch (error) {
+        authorizationInternalService.logger.warn({
+            tag: 'monday-authorization-sdk',
+            metric: 'authorizationCheckDuration',
+            apiType,
+            placement,
+            duration,
+            error,
+        }, 'Failed to emit authorization timing metric');
     }
 }
-function recordAuthorizationError(apiType, statusCode) {
-    if (!initialized) {
+function recordAuthorizationError(apiType, statusCode, placement) {
+    if (!metricsClient) {
         return;
     }
     try {
-        mondayObservabilityKit.Metric.increment(`authorization.authorizationCheck.${apiType}.error`, { statusCode: String(statusCode) }, 1);
+        metricsClient.increment(`authorization.authorizationCheck.${apiType}.${placement}.error`, { statusCode: String(statusCode) }, 1);
     }
-    catch {
-        // ignore metric emission failures
+    catch (error) {
+        authorizationInternalService.logger.warn({
+            tag: 'monday-authorization-sdk',
+            metric: 'authorizationCheckError',
+            apiType,
+            placement,
+            statusCode,
+            error,
+        }, 'Failed to emit authorization error metric');
     }
 }
 

package/dist/types/memberships.d.ts

@@ -0,0 +1,42 @@
+export interface MembershipForCreate {
+    entityId: number;
+    entityType: string;
+    resourceId: number;
+    resourceType: string;
+    roleId: number;
+    roleType?: string;
+    addedById: number;
+}
+export interface MembershipForDelete {
+    entityId?: number;
+    entityType: string;
+    resourceId?: number;
+    resourceType: string;
+}
+export interface Membership {
+    id: number;
+    entityId: number;
+    entityType: string;
+    resourceId: number;
+    resourceType: string;
+    roleId: number;
+    roleType: string;
+    addedById: null | number | undefined;
+    hops: number;
+    isNewRecord: boolean;
+    previousValues: Partial<Membership>;
+    walVersion: number | null | undefined;
+}
+export interface MembershipCreateResponse {
+    memberships: Membership[];
+}
+export interface MembershipDeleteResponse {
+    memberships: Membership[];
+}
+export interface MembershipCreateRequest {
+    memberships: MembershipForCreate[];
+}
+export interface MembershipDeleteRequest {
+    memberships: MembershipForDelete[];
+}
+//# sourceMappingURL=memberships.d.ts.map

package/dist/types/memberships.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"memberships.d.ts","sourceRoot":"","sources":["../../src/types/memberships.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,IAAI,GAAG,MAAM,GAAG,SAAS,CAAC;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,OAAO,CAAC;IACrB,cAAc,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;IACpC,UAAU,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,CAAC;CACvC;AAED,MAAM,WAAW,wBAAwB;IACvC,WAAW,EAAE,UAAU,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,wBAAwB;IACvC,WAAW,EAAE,UAAU,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,uBAAuB;IACtC,WAAW,EAAE,mBAAmB,EAAE,CAAC;CACpC;AAED,MAAM,WAAW,uBAAuB;IACtC,WAAW,EAAE,mBAAmB,EAAE,CAAC;CACpC"}

package/dist/types/memberships.js

@@ -0,0 +1 @@
+

package/dist/utils/api-error-handler.d.ts

@@ -1,2 +1,2 @@
-export declare function handleApiError(err: unknown, apiType: 'platform' | 'graph', placement: string): never;
+export declare function handleApiError(err: unknown, apiType: 'platform' | 'graph' | 'authorization', placement: string): never;
 //# sourceMappingURL=api-error-handler.d.ts.map

package/dist/utils/api-error-handler.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"api-error-handler.d.ts","sourceRoot":"","sources":["../../src/utils/api-error-handler.ts"],"names":[],"mappings":"AAIA,wBAAgB,cAAc,CAAC,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,GAAG,OAAO,EAAE,SAAS,EAAE,MAAM,GAAG,KAAK,CAgBpG"}
+{"version":3,"file":"api-error-handler.d.ts","sourceRoot":"","sources":["../../src/utils/api-error-handler.ts"],"names":[],"mappings":"AAIA,wBAAgB,cAAc,CAC5B,GAAG,EAAE,OAAO,EACZ,OAAO,EAAE,UAAU,GAAG,OAAO,GAAG,eAAe,EAC/C,SAAS,EAAE,MAAM,GAChB,KAAK,CAgBP"}

package/dist/utils/api-error-handler.js

@@ -6,13 +6,13 @@ const metricsService = require('../metrics-service.js');
 
 function handleApiError(err, apiType, placement) {
     if (err instanceof mondayFetchApi.HttpFetcherError) {
-        authorizationInternalService.logger.error({ tag: `${apiType}-api`, status: err.status, error: err.message }, `${apiType.charAt(0).toUpperCase() + apiType.slice(1)} API authorization request failed`);
-        metricsService.recordAuthorizationError(apiType, err.status);
+        authorizationInternalService.logger.error({ tag: `${apiType}-api`, status: err.status, error: err.message }, `${apiType.charAt(0).toUpperCase() + apiType.slice(1)} API ${placement} request failed`);
+        metricsService.recordAuthorizationError(apiType, err.status, placement);
         authorizationInternalService.AuthorizationInternalService.throwOnHttpError(err.status, placement);
     }
     else {
-        authorizationInternalService.logger.error({ tag: `${apiType}-api`, error: err instanceof Error ? err.message : String(err) }, `${apiType.charAt(0).toUpperCase() + apiType.slice(1)} API authorization request failed`);
-        metricsService.recordAuthorizationError(apiType, 500);
+        authorizationInternalService.logger.error({ tag: `${apiType}-api`, error: err instanceof Error ? err.message : String(err) }, `${apiType.charAt(0).toUpperCase() + apiType.slice(1)} API ${placement} request failed`);
+        metricsService.recordAuthorizationError(apiType, 500, placement);
         throw err;
     }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mondaydotcomorg/monday-authorization",
-  "version": "3.3.1",
+  "version": "3.4.0-feature-bashanye-add-membership-create-delete-api-9ba3b16",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "license": "BSD-3-Clause",

package/src/authorization-service.ts

@@ -213,7 +213,7 @@ export class AuthorizationService {
       const { resourceType } = scopeToResource(scope);
       const isAuthorized = obj.permit.can;
       sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, 200, time);
-      recordAuthorizationTiming(apiType, time);
+      recordAuthorizationTiming(apiType, time, 'canActionInScopeMultiple');
     }
 
     return scopedActionResponseObjects;

package/src/clients/graph-api.ts

@@ -1,4 +1,5 @@
 import { Api, HttpClient } from '@mondaydotcomorg/trident-backend-api';
+import { signAuthorizationHeader } from '@mondaydotcomorg/monday-jwt';
 import {
   ScopedAction,
   ScopedActionResponseObject,
@@ -17,7 +18,6 @@ import {
   GraphPermissionReason,
 } from '../types/graph-api.types';
 import { scopeToResource } from '../utils/authorization.utils';
-import { signAuthorizationHeader } from '@mondaydotcomorg/monday-jwt';
 import { GRAPH_APP_NAME } from '../constants';
 import { handleApiError } from '../utils/api-error-handler';
 

package/src/index.ts

@@ -1,20 +1,23 @@
 import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
 import { setPrometheus } from './prometheus-service';
 import { setIgniteClient, setRedisClient, setRequestFetchOptions } from './authorization-service';
-import { initializeMetrics } from './metrics-service';
+import { initializeMetrics, MetricsClient } from './metrics-service';
 import * as TestKit from './testKit';
 
+interface MetricsInitOptions {
+  client?: MetricsClient;
+  serviceName?: string;
+  host?: string;
+  port?: number;
+  disabled?: boolean;
+}
+
 export interface InitOptions {
   prometheus?: any;
   mondayFetchOptions?: MondayFetchOptions;
   redisClient?: any;
   grantedFeatureRedisExpirationInSeconds?: number;
-  metrics?: {
-    serviceName?: string;
-    host?: string;
-    port?: number;
-    disabled?: boolean;
-  };
+  metrics?: MetricsInitOptions;
 }
 
 export async function init(options: InitOptions = {}) {
@@ -22,14 +25,20 @@ export async function init(options: InitOptions = {}) {
     setPrometheus(options.prometheus);
   }
 
-  const resolvedDisabled =
-    options.metrics?.disabled ?? ['test', 'development'].includes((process.env.NODE_ENV ?? '').toLowerCase());
-  initializeMetrics({
-    serviceName: options.metrics?.serviceName ?? process.env.APP_NAME ?? 'authorization-sdk',
-    host: options.metrics?.host,
-    port: options.metrics?.port,
-    disabled: resolvedDisabled,
-  });
+  if (options.metrics) {
+    if (options.metrics.client) {
+      initializeMetrics({ client: options.metrics.client });
+    } else {
+      const resolvedDisabled =
+        options.metrics.disabled ?? ['test', 'development'].includes((process.env.NODE_ENV ?? '').toLowerCase());
+      initializeMetrics({
+        serviceName: options.metrics.serviceName ?? process.env.APP_NAME ?? 'authorization-sdk',
+        host: options.metrics.host,
+        port: options.metrics.port,
+        disabled: resolvedDisabled,
+      });
+    }
+  }
 
   if (options.mondayFetchOptions) {
     setRequestFetchOptions(options.mondayFetchOptions);
@@ -50,6 +59,7 @@ export {
 export { AuthorizationService, AuthorizeResponse } from './authorization-service';
 export { AuthorizationAttributesService } from './authorization-attributes-service';
 export { RolesService } from './roles-service';
+export { MembershipsService } from './memberships';
 export { AuthorizationObject, Resource, BaseRequest, ResourceGetter, ContextGetter } from './types/general';
 export {
   Translation,

package/src/memberships.ts

@@ -0,0 +1,111 @@
+import { Api, FetcherConfig, HttpClient } from '@mondaydotcomorg/trident-backend-api';
+import { RecursivePartial } from '@mondaydotcomorg/monday-fetch-api';
+import {
+  MembershipCreateResponse,
+  MembershipDeleteResponse,
+  MembershipForCreate,
+  MembershipForDelete,
+} from 'types/memberships';
+import { handleApiError } from 'utils/api-error-handler';
+import { getAttributionsFromApi } from './attributions-service';
+
+import { APP_NAME, DEFAULT_FETCH_OPTIONS, ERROR_MESSAGES } from './constants';
+
+export class MembershipsService {
+  private static API_PATHS = {
+    UPSERT_RESOURCE_ATTRIBUTES: '/memberships/{accountId}',
+    DELETE_RESOURCE_ATTRIBUTES: '/memberships/{accountId}',
+  } as const;
+  private httpClient: HttpClient;
+  private fetchOptions: RecursivePartial<FetcherConfig>;
+
+  /**
+   * Public constructor to create the AuthorizationAttributesService instance.
+   * @param httpClient The HTTP client to use for API requests, if not provided, the default HTTP client from Api will be used.
+   * @param fetchOptions The fetch options to use for API requests, if not provided, the default fetch options will be used.
+   */
+  constructor(httpClient?: HttpClient, fetchOptions?: RecursivePartial<FetcherConfig>) {
+    if (!httpClient) {
+      httpClient = Api.getPart('httpClient');
+      if (!httpClient) {
+        throw new Error(ERROR_MESSAGES.HTTP_CLIENT_NOT_INITIALIZED);
+      }
+    }
+
+    if (!fetchOptions) {
+      fetchOptions = DEFAULT_FETCH_OPTIONS;
+    } else {
+      fetchOptions = {
+        ...DEFAULT_FETCH_OPTIONS,
+        ...fetchOptions,
+      };
+    }
+    this.httpClient = httpClient;
+    this.fetchOptions = fetchOptions;
+  }
+
+  /**
+   * Upsert memberships synchronously, performing http call to the authorization MS to assign the given memberships.
+   * @param accountId
+   * @param memberships - Array of memberships to upsert
+   * @returns MembershipCreateResponse - The affected (created and updated) memberships.
+   */
+  async upsertMemberships(accountId: number, memberships: MembershipForCreate[]): Promise<MembershipCreateResponse> {
+    const attributionHeaders = getAttributionsFromApi();
+    try {
+      return await this.httpClient.fetch<MembershipCreateResponse>(
+        {
+          url: {
+            appName: APP_NAME,
+            path: MembershipsService.API_PATHS.UPSERT_RESOURCE_ATTRIBUTES.replace('{accountId}', accountId.toString()),
+          },
+          method: 'PUT',
+          query: {
+            useAStyleRoleId: 'true',
+          },
+          headers: {
+            'Content-Type': 'application/json',
+            ...attributionHeaders,
+          },
+          body: JSON.stringify({ memberships }),
+        },
+        this.fetchOptions
+      );
+    } catch (err) {
+      return handleApiError(err, 'authorization', 'upsertMemberships');
+    }
+  }
+
+  /**
+   * Delete memberships synchronously, performing http call to the authorization MS to delete the given memberships.
+   * @param accountId
+   * @param resource - The resource (resourceType, resourceId) to delete the attributes for.
+   * @param attributeKeys - Array of attribute keys to delete for the resource.
+   * @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
+   */
+  async deleteMemberships(accountId: number, memberships: MembershipForDelete[]): Promise<MembershipDeleteResponse> {
+    const attributionHeaders = getAttributionsFromApi();
+    try {
+      return await this.httpClient.fetch<MembershipDeleteResponse>(
+        {
+          url: {
+            appName: APP_NAME,
+            path: MembershipsService.API_PATHS.DELETE_RESOURCE_ATTRIBUTES.replace('{accountId}', accountId.toString()),
+          },
+          method: 'DELETE',
+          query: {
+            useAStyleRoleId: 'true',
+          },
+          headers: {
+            'Content-Type': 'application/json',
+            ...attributionHeaders,
+          },
+          body: JSON.stringify({ memberships }),
+        },
+        this.fetchOptions
+      );
+    } catch (err) {
+      return handleApiError(err, 'authorization', 'deleteMemberships');
+    }
+  }
+}