@mondaydotcomorg/monday-authorization 3.4.0-feature-bashanye-add-membership-create-delete-api-234505c → 3.5.0-feat-shaime-support-entity-attributes-in-authorization-sdk-397ce54

package/dist/esm/authorization-attributes-ms-service.d.ts

@@ -0,0 +1,37 @@
+import { ResourceAttributeAssignment } from './resource-attribute-assignment';
+interface Resource {
+    resourceType: string;
+    resourceId: number;
+}
+/**
+ * Service class for managing resource attributes in the authorization microservice.
+ * Provides synchronous HTTP operations to create/update and delete attributes on resources.
+ */
+export declare class AuthorizationAttributesMsService {
+    private static LOG_TAG;
+    /**
+     * Gets request headers including Authorization, Content-Type, and optional attribution headers
+     */
+    private static getRequestHeaders;
+    /**
+     * Validates that all messages are instances of the specified message class
+     */
+    private static validateMessages;
+    /**
+     * Creates or updates resource attributes synchronously.
+     * @param accountId The account ID
+     * @param resourceAttributeAssignments Array of ResourceAttributeAssignment objects
+     * @returns Promise<void>
+     */
+    static upsertResourceAttributesSync(accountId: number, resourceAttributeAssignments: ResourceAttributeAssignment[]): Promise<void>;
+    /**
+     * Deletes specific attributes from a resource synchronously.
+     * @param accountId The account ID
+     * @param resource Object with resourceType (string) and resourceId (number)
+     * @param attributeKeys Array of attribute key strings to delete
+     * @returns Promise<void>
+     */
+    static deleteResourceAttributesSync(accountId: number, resource: Resource, attributeKeys: string[]): Promise<void>;
+}
+export {};
+//# sourceMappingURL=authorization-attributes-ms-service.d.ts.map

package/dist/esm/authorization-attributes-ms-service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorization-attributes-ms-service.d.ts","sourceRoot":"","sources":["../../src/authorization-attributes-ms-service.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,2BAA2B,EAAE,MAAM,iCAAiC,CAAC;AAW9E,UAAU,QAAQ;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;CACpB;AAeD;;;GAGG;AACH,qBAAa,gCAAgC;IAC3C,OAAO,CAAC,MAAM,CAAC,OAAO,CAAiC;IAEvD;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,iBAAiB;IA+ChC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAsB/B;;;;;OAKG;WACU,4BAA4B,CACvC,SAAS,EAAE,MAAM,EACjB,4BAA4B,EAAE,2BAA2B,EAAE,GAC1D,OAAO,CAAC,IAAI,CAAC;IAwFhB;;;;;;OAMG;WACU,4BAA4B,CACvC,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,QAAQ,EAClB,aAAa,EAAE,MAAM,EAAE,GACtB,OAAO,CAAC,IAAI,CAAC;CAuGjB"}

package/dist/esm/authorization-attributes-ms-service.mjs

@@ -0,0 +1,230 @@
+import { Api } from '@mondaydotcomorg/trident-backend-api';
+import { signAuthorizationHeader } from '@mondaydotcomorg/monday-jwt';
+import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
+import { ResourceAttributeAssignment } from './resource-attribute-assignment.mjs';
+import { ArgumentError } from './errors/argument-error.mjs';
+import { logger, AuthorizationInternalService } from './authorization-internal-service.mjs';
+import { getAttributionsFromApi } from './attributions-service.mjs';
+import { APP_NAME } from './constants.mjs';
+
+const INTERNAL_APP_NAME = 'internal_ms';
+const UPSERT_RESOURCE_ATTRIBUTES_PATH = '/attributes/{accountId}/resource';
+const DELETE_RESOURCE_ATTRIBUTES_PATH = '/attributes/{accountId}/resource/{resourceType}/{resourceId}';
+/**
+ * Service class for managing resource attributes in the authorization microservice.
+ * Provides synchronous HTTP operations to create/update and delete attributes on resources.
+ */
+class AuthorizationAttributesMsService {
+    static LOG_TAG = 'authorization_attributes_ms';
+    /**
+     * Gets request headers including Authorization, Content-Type, and optional attribution headers
+     */
+    static getRequestHeaders(accountId, userId) {
+        const headers = {
+            'Content-Type': 'application/json',
+        };
+        // Generate Authorization token
+        const authToken = signAuthorizationHeader({
+            appName: INTERNAL_APP_NAME,
+            accountId,
+            userId,
+        });
+        headers.Authorization = authToken;
+        // Add attribution headers if available
+        const attributionHeaders = getAttributionsFromApi();
+        for (const key in attributionHeaders) {
+            if (attributionHeaders.hasOwnProperty(key)) {
+                headers[key] = attributionHeaders[key];
+            }
+        }
+        // Add X-REQUEST-ID if available from context
+        try {
+            const tridentContext = Api.getPart('context');
+            if (tridentContext?.runtimeAttributions) {
+                const outgoingHeaders = tridentContext.runtimeAttributions.buildOutgoingHeaders('HTTP_INTERNAL');
+                if (outgoingHeaders) {
+                    const attributionHeadersMap = {};
+                    for (const [key, value] of outgoingHeaders) {
+                        attributionHeadersMap[key] = value;
+                    }
+                    if (attributionHeadersMap['x-request-id']) {
+                        headers['X-REQUEST-ID'] = attributionHeadersMap['x-request-id'];
+                    }
+                }
+            }
+        }
+        catch (error) {
+            // Silently fail if context is not available
+            logger.debug({ tag: this.LOG_TAG, error }, 'Failed to get request ID from context');
+        }
+        // Add X-REQUEST-START timestamp
+        headers['X-REQUEST-START'] = Math.floor(Date.now() / 1000).toString();
+        return headers;
+    }
+    /**
+     * Validates that all messages are instances of the specified message class
+     */
+    static validateMessages(attributesMessages, messageClass) {
+        if (typeof messageClass !== 'function') {
+            throw new ArgumentError('messageClass must be a class/constructor function');
+        }
+        if (!Array.isArray(attributesMessages)) {
+            throw new ArgumentError('attributesMessages must be an array');
+        }
+        for (let i = 0; i < attributesMessages.length; i++) {
+            if (!(attributesMessages[i] instanceof messageClass)) {
+                const className = messageClass.name || 'ResourceAttributeAssignment';
+                throw new ArgumentError(`All attributesMessages must be instances of ${className}, but item at index ${i} is not`);
+            }
+        }
+    }
+    /**
+     * Creates or updates resource attributes synchronously.
+     * @param accountId The account ID
+     * @param resourceAttributeAssignments Array of ResourceAttributeAssignment objects
+     * @returns Promise<void>
+     */
+    static async upsertResourceAttributesSync(accountId, resourceAttributeAssignments) {
+        // Skip HTTP requests in test environment
+        if (process.env.NODE_ENV === 'test') {
+            logger.debug({ tag: this.LOG_TAG, accountId, count: resourceAttributeAssignments.length }, 'Skipping upsertResourceAttributesSync in test environment');
+            return;
+        }
+        // Validate inputs
+        if (!Number.isInteger(accountId)) {
+            throw new ArgumentError(`accountId must be an integer, got: ${accountId}`);
+        }
+        if (!Array.isArray(resourceAttributeAssignments)) {
+            throw new ArgumentError('resourceAttributeAssignments must be an array');
+        }
+        if (resourceAttributeAssignments.length === 0) {
+            logger.warn({ tag: this.LOG_TAG, accountId }, 'upsertResourceAttributesSync called with empty array');
+            return;
+        }
+        // Validate all assignments are instances of ResourceAttributeAssignment
+        this.validateMessages(resourceAttributeAssignments, ResourceAttributeAssignment);
+        // Convert assignments to hash format
+        const assignmentsHash = resourceAttributeAssignments.map(assignment => assignment.toH());
+        // Build request body
+        const requestBody = {
+            resourceAttributeAssignments: assignmentsHash,
+        };
+        const httpClient = Api.getPart('httpClient');
+        if (!httpClient) {
+            throw new Error('AuthorizationAttributesMsService: HTTP client is not initialized');
+        }
+        const path = UPSERT_RESOURCE_ATTRIBUTES_PATH.replace('{accountId}', accountId.toString());
+        const headers = this.getRequestHeaders(accountId);
+        try {
+            logger.info({ tag: this.LOG_TAG, accountId, count: resourceAttributeAssignments.length }, 'Upserting resource attributes');
+            await httpClient.fetch({
+                url: {
+                    appName: APP_NAME,
+                    path,
+                },
+                method: 'POST',
+                headers,
+                body: JSON.stringify(requestBody),
+            }, {
+                timeout: AuthorizationInternalService.getRequestTimeout(),
+                retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
+            });
+            logger.info({ tag: this.LOG_TAG, accountId, count: resourceAttributeAssignments.length }, 'Successfully upserted resource attributes');
+        }
+        catch (err) {
+            logger.error({
+                tag: this.LOG_TAG,
+                accountId,
+                method: 'upsertResourceAttributesSync',
+                error: err instanceof Error ? err.message : String(err),
+            }, 'Failed to upsert resource attributes');
+            if (err instanceof HttpFetcherError) {
+                throw new Error(`AuthorizationAttributesMsService: [upsertResourceAttributesSync] request failed with status ${err.status}: ${err.message}`);
+            }
+            throw err;
+        }
+    }
+    /**
+     * Deletes specific attributes from a resource synchronously.
+     * @param accountId The account ID
+     * @param resource Object with resourceType (string) and resourceId (number)
+     * @param attributeKeys Array of attribute key strings to delete
+     * @returns Promise<void>
+     */
+    static async deleteResourceAttributesSync(accountId, resource, attributeKeys) {
+        // Skip HTTP requests in test environment
+        if (process.env.NODE_ENV === 'test') {
+            logger.debug({ tag: this.LOG_TAG, accountId, resource, attributeKeys }, 'Skipping deleteResourceAttributesSync in test environment');
+            return;
+        }
+        // Validate inputs
+        if (!Number.isInteger(accountId)) {
+            throw new ArgumentError(`accountId must be an integer, got: ${accountId}`);
+        }
+        if (!resource || typeof resource !== 'object') {
+            throw new ArgumentError('resource must be an object');
+        }
+        if (!Number.isInteger(resource.resourceId)) {
+            throw new ArgumentError(`resource.resourceId must be an integer, got: ${resource.resourceId}`);
+        }
+        if (typeof resource.resourceType !== 'string') {
+            throw new ArgumentError(`resource.resourceType must be a string, got: ${typeof resource.resourceType}`);
+        }
+        if (!Array.isArray(attributeKeys)) {
+            throw new ArgumentError('attributeKeys must be an array');
+        }
+        if (attributeKeys.length === 0) {
+            logger.warn({ tag: this.LOG_TAG, accountId, resource }, 'deleteResourceAttributesSync called with empty keys array');
+            return;
+        }
+        // Validate all keys are strings
+        for (let i = 0; i < attributeKeys.length; i++) {
+            if (typeof attributeKeys[i] !== 'string') {
+                throw new ArgumentError(`All attributeKeys must be strings, but item at index ${i} is not`);
+            }
+        }
+        // Build request body
+        const requestBody = {
+            keys: attributeKeys,
+        };
+        const httpClient = Api.getPart('httpClient');
+        if (!httpClient) {
+            throw new Error('AuthorizationAttributesMsService: HTTP client is not initialized');
+        }
+        const path = DELETE_RESOURCE_ATTRIBUTES_PATH.replace('{accountId}', accountId.toString())
+            .replace('{resourceType}', resource.resourceType)
+            .replace('{resourceId}', resource.resourceId.toString());
+        const headers = this.getRequestHeaders(accountId);
+        try {
+            logger.info({ tag: this.LOG_TAG, accountId, resource, keys: attributeKeys }, 'Deleting resource attributes');
+            await httpClient.fetch({
+                url: {
+                    appName: APP_NAME,
+                    path,
+                },
+                method: 'DELETE',
+                headers,
+                body: JSON.stringify(requestBody),
+            }, {
+                timeout: AuthorizationInternalService.getRequestTimeout(),
+                retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
+            });
+            logger.info({ tag: this.LOG_TAG, accountId, resource, keys: attributeKeys }, 'Successfully deleted resource attributes');
+        }
+        catch (err) {
+            logger.error({
+                tag: this.LOG_TAG,
+                accountId,
+                method: 'deleteResourceAttributesSync',
+                resource,
+                error: err instanceof Error ? err.message : String(err),
+            }, 'Failed to delete resource attributes');
+            if (err instanceof HttpFetcherError) {
+                throw new Error(`AuthorizationAttributesMsService: [deleteResourceAttributesSync] request failed with status ${err.status}: ${err.message}`);
+            }
+            throw err;
+        }
+    }
+}
+
+export { AuthorizationAttributesMsService };

package/dist/esm/authorization-attributes-service.d.ts

@@ -1,6 +1,6 @@
 import { FetcherConfig, HttpClient } from '@mondaydotcomorg/trident-backend-api';
 import { RecursivePartial } from '@mondaydotcomorg/monday-fetch-api';
-import { ResourceAttributeAssignment, ResourceAttributeResponse, ResourceAttributesOperation } from './types/authorization-attributes-contracts';
+import { ResourceAttributeAssignment, ResourceAttributeResponse, ResourceAttributesOperation, EntityAttributeAssignment, EntityAttributeResponse, ResourceType, EntityType, ResourceAttributeKeyType, EntityAttributeKeyType } from './types/authorization-attributes-contracts';
 import { Resource } from './types/general';
 export declare class AuthorizationAttributesService {
     private static LOG_TAG;
@@ -50,5 +50,49 @@ export declare class AuthorizationAttributesService {
      * @return {Promise<boolean>} - true if succeeded
      */
     asyncResourceAttributesHealthCheck(): Promise<boolean>;
+    /**
+     * Validates resource attribute assignments array
+     */
+    private static validateResourceAttributeAssignments;
+    /**
+     * Validates entity attribute assignments array
+     */
+    private static validateEntityAttributeAssignments;
+    /**
+     * Upsert resource attributes synchronously.
+     * Matches API endpoint: POST /attributes/:accountId/resource
+     * @param accountId The account ID
+     * @param resourceAttributeAssignments Array of ResourceAttributeAssignment objects (1-100 items)
+     * @returns Promise with response containing affected attributes
+     */
+    static upsertResourceAttributesSync(accountId: number, resourceAttributeAssignments: ResourceAttributeAssignment[]): Promise<ResourceAttributeResponse>;
+    /**
+     * Delete resource attributes synchronously.
+     * Matches API endpoint: DELETE /attributes/:accountId/resource/:resourceType/:resourceId
+     * @param accountId The account ID
+     * @param resourceType The resource type
+     * @param resourceId The resource ID
+     * @param keys Array of attribute keys to delete
+     * @returns Promise with response containing affected attributes
+     */
+    static deleteResourceAttributesSync(accountId: number, resourceType: ResourceType, resourceId: number, keys: ResourceAttributeKeyType[]): Promise<ResourceAttributeResponse>;
+    /**
+     * Upsert entity attributes synchronously.
+     * Matches API endpoint: POST /attributes/:accountId/entity
+     * @param accountId The account ID
+     * @param entityAttributeAssignments Array of EntityAttributeAssignment objects (1-100 items)
+     * @returns Promise with response containing affected attributes
+     */
+    static upsertEntityAttributesSync(accountId: number, entityAttributeAssignments: EntityAttributeAssignment[]): Promise<EntityAttributeResponse>;
+    /**
+     * Delete entity attributes synchronously.
+     * Matches API endpoint: DELETE /attributes/:accountId/entity/:entityType/:entityId
+     * @param accountId The account ID
+     * @param entityType The entity type
+     * @param entityId The entity ID
+     * @param keys Array of attribute keys to delete
+     * @returns Promise with response containing affected attributes
+     */
+    static deleteEntityAttributesSync(accountId: number, entityType: EntityType, entityId: number, keys: EntityAttributeKeyType[]): Promise<EntityAttributeResponse>;
 }
 //# sourceMappingURL=authorization-attributes-service.d.ts.map

package/dist/esm/authorization-attributes-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-attributes-service.d.ts","sourceRoot":"","sources":["../../src/authorization-attributes-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAO,aAAa,EAAE,UAAU,EAAE,MAAM,sCAAsC,CAAC;AAEtF,OAAO,EAAoB,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACvF,OAAO,EACL,2BAA2B,EAC3B,yBAAyB,EACzB,2BAA2B,EAC5B,MAAM,4CAA4C,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAY3C,qBAAa,8BAA8B;IACzC,OAAO,CAAC,MAAM,CAAC,OAAO,CAA8B;IACpD,OAAO,CAAC,MAAM,CAAC,SAAS,CAGb;IACX,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,YAAY,CAAkC;IACtD,OAAO,CAAC,MAAM,CAAS;IAEvB;;;;OAIG;gBACS,UAAU,CAAC,EAAE,UAAU,EAAE,YAAY,CAAC,EAAE,gBAAgB,CAAC,aAAa,CAAC;IAqBnF;;;;;;OAMG;IACG,wBAAwB,CAC5B,SAAS,EAAE,MAAM,EACjB,4BAA4B,EAAE,2BAA2B,EAAE,GAC1D,OAAO,CAAC,yBAAyB,CAAC;IA6BrC;;;;;;OAMG;IACG,wBAAwB,CAC5B,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,QAAQ,EAClB,aAAa,EAAE,MAAM,EAAE,GACtB,OAAO,CAAC,yBAAyB,CAAC;IAkCrC;;;;;;;UAOM;IACA,6BAA6B,CACjC,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,sBAAsB,EAAE,MAAM,EAC9B,2BAA2B,EAAE,2BAA2B,EAAE,GACzD,OAAO,CAAC,2BAA2B,EAAE,CAAC;YAY3B,oBAAoB;IA4BlC,OAAO,CAAC,MAAM,CAAC,cAAc;IAW7B;;;;;;;OAOG;IACG,kCAAkC,IAAI,OAAO,CAAC,OAAO,CAAC;CAoB7D"}
+{"version":3,"file":"authorization-attributes-service.d.ts","sourceRoot":"","sources":["../../src/authorization-attributes-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAO,aAAa,EAAE,UAAU,EAAE,MAAM,sCAAsC,CAAC;AAEtF,OAAO,EAAoB,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACvF,OAAO,EACL,2BAA2B,EAC3B,yBAAyB,EACzB,2BAA2B,EAC3B,yBAAyB,EACzB,uBAAuB,EACvB,YAAY,EACZ,UAAU,EACV,wBAAwB,EACxB,sBAAsB,EACvB,MAAM,4CAA4C,CAAC;AAEpD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAY3C,qBAAa,8BAA8B;IACzC,OAAO,CAAC,MAAM,CAAC,OAAO,CAA8B;IACpD,OAAO,CAAC,MAAM,CAAC,SAAS,CAKb;IACX,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,YAAY,CAAkC;IACtD,OAAO,CAAC,MAAM,CAAS;IAEvB;;;;OAIG;gBACS,UAAU,CAAC,EAAE,UAAU,EAAE,YAAY,CAAC,EAAE,gBAAgB,CAAC,aAAa,CAAC;IAqBnF;;;;;;OAMG;IACG,wBAAwB,CAC5B,SAAS,EAAE,MAAM,EACjB,4BAA4B,EAAE,2BAA2B,EAAE,GAC1D,OAAO,CAAC,yBAAyB,CAAC;IA6BrC;;;;;;OAMG;IACG,wBAAwB,CAC5B,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,QAAQ,EAClB,aAAa,EAAE,MAAM,EAAE,GACtB,OAAO,CAAC,yBAAyB,CAAC;IAkCrC;;;;;;;UAOM;IACA,6BAA6B,CACjC,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,sBAAsB,EAAE,MAAM,EAC9B,2BAA2B,EAAE,2BAA2B,EAAE,GACzD,OAAO,CAAC,2BAA2B,EAAE,CAAC;YAY3B,oBAAoB;IA4BlC,OAAO,CAAC,MAAM,CAAC,cAAc;IAW7B;;;;;;;OAOG;IACG,kCAAkC,IAAI,OAAO,CAAC,OAAO,CAAC;IAqB5D;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,oCAAoC;IA6BnD;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,kCAAkC;IA2BjD;;;;;;OAMG;WACU,4BAA4B,CACvC,SAAS,EAAE,MAAM,EACjB,4BAA4B,EAAE,2BAA2B,EAAE,GAC1D,OAAO,CAAC,yBAAyB,CAAC;IA6CrC;;;;;;;;OAQG;WACU,4BAA4B,CACvC,SAAS,EAAE,MAAM,EACjB,YAAY,EAAE,YAAY,EAC1B,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,wBAAwB,EAAE,GAC/B,OAAO,CAAC,yBAAyB,CAAC;IA0DrC;;;;;;OAMG;WACU,0BAA0B,CACrC,SAAS,EAAE,MAAM,EACjB,0BAA0B,EAAE,yBAAyB,EAAE,GACtD,OAAO,CAAC,uBAAuB,CAAC;IA6CnC;;;;;;;;OAQG;WACU,0BAA0B,CACrC,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,UAAU,EACtB,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,sBAAsB,EAAE,GAC7B,OAAO,CAAC,uBAAuB,CAAC;CAyDpC"}

package/dist/esm/authorization-attributes-service.mjs

@@ -2,7 +2,7 @@ import chunk from 'lodash/chunk.js';
 import { Api } from '@mondaydotcomorg/trident-backend-api';
 import { sendToSns, getTopicAttributes } from '@mondaydotcomorg/monday-sns';
 import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
-import { logger } from './authorization-internal-service.mjs';
+import { logger, AuthorizationInternalService } from './authorization-internal-service.mjs';
 import { getAttributionsFromApi } from './attributions-service.mjs';
 import { ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE, SNS_ARN_ENV_VAR_NAME, SNS_DEV_TEST_NAME, RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND } from './constants/sns.mjs';
 import { ERROR_MESSAGES, DEFAULT_FETCH_OPTIONS, APP_NAME } from './constants.mjs';
@@ -12,6 +12,8 @@ class AuthorizationAttributesService {
     static API_PATHS = {
         UPSERT_RESOURCE_ATTRIBUTES: '/attributes/{accountId}/resource',
         DELETE_RESOURCE_ATTRIBUTES: '/attributes/{accountId}/resource/{resourceType}/{resourceId}',
+        UPSERT_ENTITY_ATTRIBUTES: '/attributes/{accountId}/entity',
+        DELETE_ENTITY_ATTRIBUTES: '/attributes/{accountId}/entity/{entityType}/{entityId}',
     };
     httpClient;
     fetchOptions;
@@ -175,6 +177,266 @@ class AuthorizationAttributesService {
             return false;
         }
     }
+    /**
+     * Validates resource attribute assignments array
+     */
+    static validateResourceAttributeAssignments(assignments) {
+        if (!Array.isArray(assignments)) {
+            throw new Error('resourceAttributeAssignments must be an array');
+        }
+        if (assignments.length === 0) {
+            throw new Error('resourceAttributeAssignments must contain at least 1 item');
+        }
+        if (assignments.length > 100) {
+            throw new Error('resourceAttributeAssignments must contain at most 100 items');
+        }
+        for (let i = 0; i < assignments.length; i++) {
+            const assignment = assignments[i];
+            if (!assignment.resourceId || typeof assignment.resourceId !== 'number') {
+                throw new Error(`resourceAttributeAssignments[${i}].resourceId is required and must be a number`);
+            }
+            if (!assignment.resourceType || typeof assignment.resourceType !== 'string') {
+                throw new Error(`resourceAttributeAssignments[${i}].resourceType is required and must be a string`);
+            }
+            if (!assignment.key || typeof assignment.key !== 'string') {
+                throw new Error(`resourceAttributeAssignments[${i}].key is required and must be a string`);
+            }
+            if (assignment.value === undefined || typeof assignment.value !== 'string') {
+                throw new Error(`resourceAttributeAssignments[${i}].value is required and must be a string`);
+            }
+        }
+    }
+    /**
+     * Validates entity attribute assignments array
+     */
+    static validateEntityAttributeAssignments(assignments) {
+        if (!Array.isArray(assignments)) {
+            throw new Error('entityAttributeAssignments must be an array');
+        }
+        if (assignments.length === 0) {
+            throw new Error('entityAttributeAssignments must contain at least 1 item');
+        }
+        if (assignments.length > 100) {
+            throw new Error('entityAttributeAssignments must contain at most 100 items');
+        }
+        for (let i = 0; i < assignments.length; i++) {
+            const assignment = assignments[i];
+            if (!assignment.entityId || typeof assignment.entityId !== 'number') {
+                throw new Error(`entityAttributeAssignments[${i}].entityId is required and must be a number`);
+            }
+            if (!assignment.entityType || typeof assignment.entityType !== 'string') {
+                throw new Error(`entityAttributeAssignments[${i}].entityType is required and must be a string`);
+            }
+            if (!assignment.key || typeof assignment.key !== 'string') {
+                throw new Error(`entityAttributeAssignments[${i}].key is required and must be a string`);
+            }
+            if (assignment.value === undefined || typeof assignment.value !== 'string') {
+                throw new Error(`entityAttributeAssignments[${i}].value is required and must be a string`);
+            }
+        }
+    }
+    /**
+     * Upsert resource attributes synchronously.
+     * Matches API endpoint: POST /attributes/:accountId/resource
+     * @param accountId The account ID
+     * @param resourceAttributeAssignments Array of ResourceAttributeAssignment objects (1-100 items)
+     * @returns Promise with response containing affected attributes
+     */
+    static async upsertResourceAttributesSync(accountId, resourceAttributeAssignments) {
+        // Validate inputs
+        if (!Number.isInteger(accountId)) {
+            throw new Error(`accountId must be an integer, got: ${accountId}`);
+        }
+        AuthorizationAttributesService.validateResourceAttributeAssignments(resourceAttributeAssignments);
+        const httpClient = Api.getPart('httpClient');
+        if (!httpClient) {
+            throw new Error(ERROR_MESSAGES.HTTP_CLIENT_NOT_INITIALIZED);
+        }
+        const attributionHeaders = getAttributionsFromApi();
+        const path = AuthorizationAttributesService.API_PATHS.UPSERT_RESOURCE_ATTRIBUTES.replace('{accountId}', accountId.toString());
+        try {
+            return await httpClient.fetch({
+                url: {
+                    appName: APP_NAME,
+                    path,
+                },
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                    ...attributionHeaders,
+                },
+                body: JSON.stringify({ resourceAttributeAssignments }),
+            }, {
+                timeout: AuthorizationInternalService.getRequestTimeout(),
+                retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
+            });
+        }
+        catch (err) {
+            if (err instanceof HttpFetcherError) {
+                throw new Error(ERROR_MESSAGES.REQUEST_FAILED('upsertResourceAttributesSync', err.status, err.message));
+            }
+            throw err;
+        }
+    }
+    /**
+     * Delete resource attributes synchronously.
+     * Matches API endpoint: DELETE /attributes/:accountId/resource/:resourceType/:resourceId
+     * @param accountId The account ID
+     * @param resourceType The resource type
+     * @param resourceId The resource ID
+     * @param keys Array of attribute keys to delete
+     * @returns Promise with response containing affected attributes
+     */
+    static async deleteResourceAttributesSync(accountId, resourceType, resourceId, keys) {
+        // Validate inputs
+        if (!Number.isInteger(accountId)) {
+            throw new Error(`accountId must be an integer, got: ${accountId}`);
+        }
+        if (!resourceType || typeof resourceType !== 'string') {
+            throw new Error(`resourceType must be a string, got: ${typeof resourceType}`);
+        }
+        if (!Number.isInteger(resourceId)) {
+            throw new Error(`resourceId must be an integer, got: ${resourceId}`);
+        }
+        if (!Array.isArray(keys)) {
+            throw new Error('keys must be an array');
+        }
+        if (keys.length === 0) {
+            throw new Error('keys must contain at least 1 item');
+        }
+        const httpClient = Api.getPart('httpClient');
+        if (!httpClient) {
+            throw new Error(ERROR_MESSAGES.HTTP_CLIENT_NOT_INITIALIZED);
+        }
+        const attributionHeaders = getAttributionsFromApi();
+        const path = AuthorizationAttributesService.API_PATHS.DELETE_RESOURCE_ATTRIBUTES.replace('{accountId}', accountId.toString())
+            .replace('{resourceType}', resourceType)
+            .replace('{resourceId}', resourceId.toString());
+        try {
+            return await httpClient.fetch({
+                url: {
+                    appName: APP_NAME,
+                    path,
+                },
+                method: 'DELETE',
+                headers: {
+                    'Content-Type': 'application/json',
+                    ...attributionHeaders,
+                },
+                body: JSON.stringify({ keys }),
+            }, {
+                timeout: AuthorizationInternalService.getRequestTimeout(),
+                retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
+            });
+        }
+        catch (err) {
+            if (err instanceof HttpFetcherError) {
+                throw new Error(ERROR_MESSAGES.REQUEST_FAILED('deleteResourceAttributesSync', err.status, err.message));
+            }
+            throw err;
+        }
+    }
+    /**
+     * Upsert entity attributes synchronously.
+     * Matches API endpoint: POST /attributes/:accountId/entity
+     * @param accountId The account ID
+     * @param entityAttributeAssignments Array of EntityAttributeAssignment objects (1-100 items)
+     * @returns Promise with response containing affected attributes
+     */
+    static async upsertEntityAttributesSync(accountId, entityAttributeAssignments) {
+        // Validate inputs
+        if (!Number.isInteger(accountId)) {
+            throw new Error(`accountId must be an integer, got: ${accountId}`);
+        }
+        AuthorizationAttributesService.validateEntityAttributeAssignments(entityAttributeAssignments);
+        const httpClient = Api.getPart('httpClient');
+        if (!httpClient) {
+            throw new Error(ERROR_MESSAGES.HTTP_CLIENT_NOT_INITIALIZED);
+        }
+        const attributionHeaders = getAttributionsFromApi();
+        const path = AuthorizationAttributesService.API_PATHS.UPSERT_ENTITY_ATTRIBUTES.replace('{accountId}', accountId.toString());
+        try {
+            return await httpClient.fetch({
+                url: {
+                    appName: APP_NAME,
+                    path,
+                },
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                    ...attributionHeaders,
+                },
+                body: JSON.stringify({ entityAttributeAssignments }),
+            }, {
+                timeout: AuthorizationInternalService.getRequestTimeout(),
+                retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
+            });
+        }
+        catch (err) {
+            if (err instanceof HttpFetcherError) {
+                throw new Error(ERROR_MESSAGES.REQUEST_FAILED('upsertEntityAttributesSync', err.status, err.message));
+            }
+            throw err;
+        }
+    }
+    /**
+     * Delete entity attributes synchronously.
+     * Matches API endpoint: DELETE /attributes/:accountId/entity/:entityType/:entityId
+     * @param accountId The account ID
+     * @param entityType The entity type
+     * @param entityId The entity ID
+     * @param keys Array of attribute keys to delete
+     * @returns Promise with response containing affected attributes
+     */
+    static async deleteEntityAttributesSync(accountId, entityType, entityId, keys) {
+        // Validate inputs
+        if (!Number.isInteger(accountId)) {
+            throw new Error(`accountId must be an integer, got: ${accountId}`);
+        }
+        if (!entityType || typeof entityType !== 'string') {
+            throw new Error(`entityType must be a string, got: ${typeof entityType}`);
+        }
+        if (!Number.isInteger(entityId)) {
+            throw new Error(`entityId must be an integer, got: ${entityId}`);
+        }
+        if (!Array.isArray(keys)) {
+            throw new Error('keys must be an array');
+        }
+        if (keys.length === 0) {
+            throw new Error('keys must contain at least 1 item');
+        }
+        const httpClient = Api.getPart('httpClient');
+        if (!httpClient) {
+            throw new Error(ERROR_MESSAGES.HTTP_CLIENT_NOT_INITIALIZED);
+        }
+        const attributionHeaders = getAttributionsFromApi();
+        const path = AuthorizationAttributesService.API_PATHS.DELETE_ENTITY_ATTRIBUTES.replace('{accountId}', accountId.toString())
+            .replace('{entityType}', entityType)
+            .replace('{entityId}', entityId.toString());
+        try {
+            return await httpClient.fetch({
+                url: {
+                    appName: APP_NAME,
+                    path,
+                },
+                method: 'DELETE',
+                headers: {
+                    'Content-Type': 'application/json',
+                    ...attributionHeaders,
+                },
+                body: JSON.stringify({ keys }),
+            }, {
+                timeout: AuthorizationInternalService.getRequestTimeout(),
+                retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
+            });
+        }
+        catch (err) {
+            if (err instanceof HttpFetcherError) {
+                throw new Error(ERROR_MESSAGES.REQUEST_FAILED('deleteEntityAttributesSync', err.status, err.message));
+            }
+            throw err;
+        }
+    }
 }
 
 export { AuthorizationAttributesService };

package/dist/esm/errors/argument-error.d.ts

@@ -0,0 +1,4 @@
+export declare class ArgumentError extends Error {
+    constructor(message: string);
+}
+//# sourceMappingURL=argument-error.d.ts.map

package/dist/esm/errors/argument-error.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"argument-error.d.ts","sourceRoot":"","sources":["../../../src/errors/argument-error.ts"],"names":[],"mappings":"AAAA,qBAAa,aAAc,SAAQ,KAAK;gBAC1B,OAAO,EAAE,MAAM;CAK5B"}

package/dist/esm/errors/argument-error.mjs

@@ -0,0 +1,9 @@
+class ArgumentError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'ArgumentError';
+        Object.setPrototypeOf(this, ArgumentError.prototype);
+    }
+}
+
+export { ArgumentError };

package/dist/esm/index.d.ts

@@ -19,6 +19,11 @@ export declare function init(options?: InitOptions): Promise<void>;
 export { authorizationCheckMiddleware, getAuthorizationMiddleware, skipAuthorizationMiddleware, } from './authorization-middleware';
 export { AuthorizationService, AuthorizeResponse } from './authorization-service';
 export { AuthorizationAttributesService } from './authorization-attributes-service';
+export { AuthorizationAttributesMsService } from './authorization-attributes-ms-service';
+export { ResourceAttributeAssignment } from './resource-attribute-assignment';
+export { RESOURCE_TYPES, RESOURCE_ATTRIBUTES_CONSTANTS } from './resource-attributes-constants';
+export { ArgumentError } from './errors/argument-error';
+export { EntityAttributeAssignment, ResourceAttributeResponse, EntityAttributeResponse, ResourceType, EntityType, ResourceAttributeKeyType, EntityAttributeKeyType, CommonAttributeKey, ResourceAttributeKey, EntityAttributeKey, } from './types/authorization-attributes-contracts';
 export { RolesService } from './roles-service';
 export { MembershipsService } from './memberships';
 export { AuthorizationObject, Resource, BaseRequest, ResourceGetter, ContextGetter } from './types/general';

package/dist/esm/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAqB,aAAa,EAAE,MAAM,mBAAmB,CAAC;AACrE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,UAAU,kBAAkB;IAC1B,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;IAChD,OAAO,CAAC,EAAE,kBAAkB,CAAC;CAC9B;AAED,wBAAsB,IAAI,CAAC,OAAO,GAAE,WAAgB,iBA6BnD;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,EACL,WAAW,EACX,YAAY,EACZ,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAErH,OAAO,EAAE,OAAO,EAAE,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAqB,aAAa,EAAE,MAAM,mBAAmB,CAAC;AACrE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,UAAU,kBAAkB;IAC1B,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;IAChD,OAAO,CAAC,EAAE,kBAAkB,CAAC;CAC9B;AAED,wBAAsB,IAAI,CAAC,OAAO,GAAE,WAAgB,iBA6BnD;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,OAAO,EAAE,gCAAgC,EAAE,MAAM,uCAAuC,CAAC;AACzF,OAAO,EAAE,2BAA2B,EAAE,MAAM,iCAAiC,CAAC;AAC9E,OAAO,EAAE,cAAc,EAAE,6BAA6B,EAAE,MAAM,iCAAiC,CAAC;AAChG,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,OAAO,EACL,yBAAyB,EACzB,yBAAyB,EACzB,uBAAuB,EACvB,YAAY,EACZ,UAAU,EACV,wBAAwB,EACxB,sBAAsB,EACtB,kBAAkB,EAClB,oBAAoB,EACpB,kBAAkB,GACnB,MAAM,4CAA4C,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,EACL,WAAW,EACX,YAAY,EACZ,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAErH,OAAO,EAAE,OAAO,EAAE,CAAC"}