@mondaydotcomorg/monday-authorization 3.5.0-upgrade-observability-kit-2ebbd01 → 3.5.1-feat-shaime-support-entity-attributes-in-authorization-sdk-59162a3

package/dist/attributions-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../src/attributions-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;AAStF,oBAAY,eAAe;IACzB,YAAY,iBAAiB;IAC7B,IAAI,SAAS;IACb,QAAQ,aAAa;IACrB,GAAG,QAAQ;CACZ;AAED,wBAAgB,UAAU,mFAiBzB;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,gBAAgB,CAEtE;AAED,wBAAgB,sBAAsB,IAAI;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAqClE"}
+{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../src/attributions-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;AAStF,oBAAY,eAAe;IACzB,YAAY,iBAAiB;IAC7B,IAAI,SAAS;IACb,QAAQ,aAAa;IACrB,GAAG,QAAQ;CACZ;AAED,wBAAgB,UAAU,mFAiBzB;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,gBAAgB,CAEtE;AAED,wBAAgB,sBAAsB,IAAI;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAyClE"}

package/dist/attributions-service.js

@@ -46,6 +46,7 @@ function getAttributionsFromApi() {
         const { runtimeAttributions } = tridentContext;
         const runtimeAttributionsOutgoingHeaders = runtimeAttributions?.buildOutgoingHeaders('HTTP_INTERNAL');
         if (!runtimeAttributionsOutgoingHeaders) {
+            authorizationInternalService.logger.info({ tag: 'authorization-service', runtimeAttributionsOutgoingHeaders }, 'No runtime attributions outgoing headers');
             return callerAppNameFromSdk;
         }
         const attributionsHeaders = Object.fromEntries(runtimeAttributionsOutgoingHeaders);

package/dist/authorization-attributes-ms-service.d.ts

@@ -0,0 +1,67 @@
+import { ResourceAttributeAssignment } from './resource-attribute-assignment';
+import { EntityAttributeAssignment } from './entity-attribute-assignment';
+import { EntityType, EntityAttributeKeyType } from './types/authorization-attributes-contracts';
+interface Resource {
+    resourceType: string;
+    resourceId: number;
+}
+/**
+ * Service class for managing resource attributes in the authorization microservice.
+ * Provides synchronous HTTP operations to create/update and delete attributes on resources.
+ */
+export declare class AuthorizationAttributesMsService {
+    private static LOG_TAG;
+    /**
+     * Gets request headers including Authorization, Content-Type, and optional attribution headers
+     */
+    private static getRequestHeaders;
+    /**
+     * Validates that all messages are instances of the specified message class
+     */
+    private static validateMessages;
+    /**
+     * Handles request errors with consistent logging and error formatting
+     */
+    private static handleRequestError;
+    /**
+     * Generic helper for executing upsert requests
+     */
+    private static executeUpsertRequest;
+    /**
+     * Generic helper for executing delete requests
+     */
+    private static executeDeleteRequest;
+    /**
+     * Creates or updates resource attributes synchronously.
+     * @param accountId The account ID
+     * @param resourceAttributeAssignments Array of ResourceAttributeAssignment objects
+     * @returns Promise<void>
+     */
+    static upsertResourceAttributesSync(accountId: number, resourceAttributeAssignments: ResourceAttributeAssignment[]): Promise<void>;
+    /**
+     * Deletes specific attributes from a resource synchronously.
+     * @param accountId The account ID
+     * @param resource Object with resourceType (string) and resourceId (number)
+     * @param attributeKeys Array of attribute key strings to delete
+     * @returns Promise<void>
+     */
+    static deleteResourceAttributesSync(accountId: number, resource: Resource, attributeKeys: string[]): Promise<void>;
+    /**
+     * Creates or updates entity attributes synchronously.
+     * @param accountId The account ID
+     * @param entityAttributeAssignments Array of EntityAttributeAssignment objects
+     * @returns Promise<void>
+     */
+    static upsertEntityAttributesSync(accountId: number, entityAttributeAssignments: EntityAttributeAssignment[]): Promise<void>;
+    /**
+     * Deletes specific attributes from an entity synchronously.
+     * @param accountId The account ID
+     * @param entityType The entity type
+     * @param entityId The entity ID
+     * @param attributeKeys Array of attribute key strings to delete
+     * @returns Promise<void>
+     */
+    static deleteEntityAttributesSync(accountId: number, entityType: EntityType, entityId: number, attributeKeys: EntityAttributeKeyType[]): Promise<void>;
+}
+export {};
+//# sourceMappingURL=authorization-attributes-ms-service.d.ts.map

package/dist/authorization-attributes-ms-service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorization-attributes-ms-service.d.ts","sourceRoot":"","sources":["../src/authorization-attributes-ms-service.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,2BAA2B,EAAE,MAAM,iCAAiC,CAAC;AAC9E,OAAO,EAAE,yBAAyB,EAAE,MAAM,+BAA+B,CAAC;AAC1E,OAAO,EAAE,UAAU,EAAE,sBAAsB,EAAE,MAAM,4CAA4C,CAAC;AAchG,UAAU,QAAQ;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;CACpB;AAwBD;;;GAGG;AACH,qBAAa,gCAAgC;IAC3C,OAAO,CAAC,MAAM,CAAC,OAAO,CAAiC;IAEvD;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,iBAAiB;IA+ChC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAiB/B;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,kBAAkB;IAmBjC;;OAEG;mBACkB,oBAAoB;IA0EzC;;OAEG;mBACkB,oBAAoB;IAmEzC;;;;;OAKG;WACU,4BAA4B,CACvC,SAAS,EAAE,MAAM,EACjB,4BAA4B,EAAE,2BAA2B,EAAE,GAC1D,OAAO,CAAC,IAAI,CAAC;IAYhB;;;;;;OAMG;WACU,4BAA4B,CACvC,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,QAAQ,EAClB,aAAa,EAAE,MAAM,EAAE,GACtB,OAAO,CAAC,IAAI,CAAC;IAsBhB;;;;;OAKG;WACU,0BAA0B,CACrC,SAAS,EAAE,MAAM,EACjB,0BAA0B,EAAE,yBAAyB,EAAE,GACtD,OAAO,CAAC,IAAI,CAAC;IAYhB;;;;;;;OAOG;WACU,0BAA0B,CACrC,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,UAAU,EACtB,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,sBAAsB,EAAE,GACtC,OAAO,CAAC,IAAI,CAAC;CAmBjB"}

package/dist/authorization-attributes-ms-service.js

@@ -0,0 +1,256 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+
+const tridentBackendApi = require('@mondaydotcomorg/trident-backend-api');
+const mondayJwt = require('@mondaydotcomorg/monday-jwt');
+const mondayFetchApi = require('@mondaydotcomorg/monday-fetch-api');
+const resourceAttributeAssignment = require('./resource-attribute-assignment.js');
+const entityAttributeAssignment = require('./entity-attribute-assignment.js');
+const errors_argumentError = require('./errors/argument-error.js');
+const authorizationInternalService = require('./authorization-internal-service.js');
+const attributionsService = require('./attributions-service.js');
+const constants = require('./constants.js');
+const utils_validation = require('./utils/validation.js');
+const utils_pathUtils = require('./utils/path-utils.js');
+
+const INTERNAL_APP_NAME = 'internal_ms';
+const UPSERT_RESOURCE_ATTRIBUTES_PATH = '/attributes/{accountId}/resource';
+const DELETE_RESOURCE_ATTRIBUTES_PATH = '/attributes/{accountId}/resource/{resourceType}/{resourceId}';
+const UPSERT_ENTITY_ATTRIBUTES_PATH = '/attributes/{accountId}/entity';
+const DELETE_ENTITY_ATTRIBUTES_PATH = '/attributes/{accountId}/entity/{entityType}/{entityId}';
+/**
+ * Service class for managing resource attributes in the authorization microservice.
+ * Provides synchronous HTTP operations to create/update and delete attributes on resources.
+ */
+class AuthorizationAttributesMsService {
+    static LOG_TAG = 'authorization_attributes_ms';
+    /**
+     * Gets request headers including Authorization, Content-Type, and optional attribution headers
+     */
+    static getRequestHeaders(accountId, userId) {
+        const headers = {
+            'Content-Type': 'application/json',
+        };
+        // Generate Authorization token
+        const authToken = mondayJwt.signAuthorizationHeader({
+            appName: INTERNAL_APP_NAME,
+            accountId,
+            userId,
+        });
+        headers.Authorization = authToken;
+        // Add attribution headers if available
+        const attributionHeaders = attributionsService.getAttributionsFromApi();
+        for (const key in attributionHeaders) {
+            if (Object.prototype.hasOwnProperty.call(attributionHeaders, key)) {
+                headers[key] = attributionHeaders[key];
+            }
+        }
+        // Add X-REQUEST-ID if available from context
+        try {
+            const tridentContext = tridentBackendApi.Api.getPart('context');
+            if (tridentContext?.runtimeAttributions) {
+                const outgoingHeaders = tridentContext.runtimeAttributions.buildOutgoingHeaders('HTTP_INTERNAL');
+                if (outgoingHeaders) {
+                    const attributionHeadersMap = {};
+                    for (const [key, value] of outgoingHeaders) {
+                        attributionHeadersMap[key] = value;
+                    }
+                    if (attributionHeadersMap['x-request-id']) {
+                        headers['X-REQUEST-ID'] = attributionHeadersMap['x-request-id'];
+                    }
+                }
+            }
+        }
+        catch (error) {
+            // Silently fail if context is not available
+            authorizationInternalService.logger.debug({ tag: this.LOG_TAG, error }, 'Failed to get request ID from context');
+        }
+        // Add X-REQUEST-START timestamp
+        headers['X-REQUEST-START'] = Math.floor(Date.now() / 1000).toString();
+        return headers;
+    }
+    /**
+     * Validates that all messages are instances of the specified message class
+     */
+    static validateMessages(attributesMessages, messageClass) {
+        if (typeof messageClass !== 'function') {
+            throw new errors_argumentError.ArgumentError('messageClass must be a class/constructor function');
+        }
+        utils_validation.ValidationUtils.validateArray(attributesMessages, 'attributesMessages');
+        for (let i = 0; i < attributesMessages.length; i++) {
+            if (!(attributesMessages[i] instanceof messageClass)) {
+                const className = messageClass.name || 'ResourceAttributeAssignment';
+                throw new errors_argumentError.ArgumentError(`All attributesMessages must be instances of ${className}, but item at index ${i} is not`);
+            }
+        }
+    }
+    /**
+     * Handles request errors with consistent logging and error formatting
+     */
+    static handleRequestError(err, methodName, context) {
+        authorizationInternalService.logger.error({
+            tag: this.LOG_TAG,
+            method: methodName,
+            ...context,
+            error: err instanceof Error ? err.message : String(err),
+        }, `Failed in ${methodName}`);
+        if (err instanceof mondayFetchApi.HttpFetcherError) {
+            throw new Error(`AuthorizationAttributesMsService: [${methodName}] request failed with status ${err.status}: ${err.message}`);
+        }
+        throw err;
+    }
+    /**
+     * Generic helper for executing upsert requests
+     */
+    static async executeUpsertRequest(accountId, assignments, pathTemplate, requestBodyKey, assignmentClass, logPrefix, methodName) {
+        // Skip HTTP requests in test environment
+        if (process.env.NODE_ENV === 'test') {
+            authorizationInternalService.logger.debug({ tag: this.LOG_TAG, accountId, count: assignments.length }, `Skipping ${methodName} in test environment`);
+            return;
+        }
+        // Validate inputs
+        utils_validation.ValidationUtils.validateInteger(accountId, 'accountId');
+        utils_validation.ValidationUtils.validateArray(assignments, 'assignments');
+        if (assignments.length === 0) {
+            authorizationInternalService.logger.warn({ tag: this.LOG_TAG, accountId }, `${methodName} called with empty array`);
+            return;
+        }
+        // Validate all assignments are instances of the correct class
+        this.validateMessages(assignments, assignmentClass);
+        // Convert assignments to hash format
+        const assignmentsHash = assignments.map(assignment => assignment.toH());
+        // Build request body
+        const requestBody = requestBodyKey === 'resourceAttributeAssignments'
+            ? { resourceAttributeAssignments: assignmentsHash }
+            : { entityAttributeAssignments: assignmentsHash };
+        const httpClient = tridentBackendApi.Api.getPart('httpClient');
+        if (!httpClient) {
+            throw new Error('AuthorizationAttributesMsService: HTTP client is not initialized');
+        }
+        const path = utils_pathUtils.replacePathParams(pathTemplate, { accountId });
+        const headers = this.getRequestHeaders(accountId);
+        try {
+            authorizationInternalService.logger.info({ tag: this.LOG_TAG, accountId, count: assignments.length }, `Upserting ${logPrefix} attributes`);
+            await httpClient.fetch({
+                url: {
+                    appName: constants.APP_NAME,
+                    path,
+                },
+                method: 'POST',
+                headers,
+                body: JSON.stringify(requestBody),
+            }, {
+                timeout: authorizationInternalService.AuthorizationInternalService.getRequestTimeout(),
+                retryPolicy: authorizationInternalService.AuthorizationInternalService.getRetriesPolicy(),
+            });
+            authorizationInternalService.logger.info({ tag: this.LOG_TAG, accountId, count: assignments.length }, `Successfully upserted ${logPrefix} attributes`);
+        }
+        catch (err) {
+            this.handleRequestError(err, methodName, { accountId });
+        }
+    }
+    /**
+     * Generic helper for executing delete requests
+     */
+    static async executeDeleteRequest(accountId, pathTemplate, pathParams, keys, logPrefix, methodName, context = {}) {
+        // Skip HTTP requests in test environment
+        if (process.env.NODE_ENV === 'test') {
+            authorizationInternalService.logger.debug({ tag: this.LOG_TAG, accountId, ...pathParams, keys }, `Skipping ${methodName} in test environment`);
+            return;
+        }
+        // Validate inputs
+        utils_validation.ValidationUtils.validateInteger(accountId, 'accountId');
+        utils_validation.ValidationUtils.validateArray(keys, 'attributeKeys');
+        if (keys.length === 0) {
+            authorizationInternalService.logger.warn({ tag: this.LOG_TAG, accountId, ...pathParams }, `${methodName} called with empty keys array`);
+            return;
+        }
+        // Validate all keys are strings
+        utils_validation.ValidationUtils.validateStringArray(keys, 'attributeKeys');
+        // Build request body
+        const requestBody = {
+            keys,
+        };
+        const httpClient = tridentBackendApi.Api.getPart('httpClient');
+        if (!httpClient) {
+            throw new Error('AuthorizationAttributesMsService: HTTP client is not initialized');
+        }
+        const path = utils_pathUtils.replacePathParams(pathTemplate, { accountId, ...pathParams });
+        const headers = this.getRequestHeaders(accountId);
+        try {
+            authorizationInternalService.logger.info({ tag: this.LOG_TAG, accountId, ...pathParams, keys }, `Deleting ${logPrefix} attributes`);
+            await httpClient.fetch({
+                url: {
+                    appName: constants.APP_NAME,
+                    path,
+                },
+                method: 'DELETE',
+                headers,
+                body: JSON.stringify(requestBody),
+            }, {
+                timeout: authorizationInternalService.AuthorizationInternalService.getRequestTimeout(),
+                retryPolicy: authorizationInternalService.AuthorizationInternalService.getRetriesPolicy(),
+            });
+            authorizationInternalService.logger.info({ tag: this.LOG_TAG, accountId, ...pathParams, keys }, `Successfully deleted ${logPrefix} attributes`);
+        }
+        catch (err) {
+            this.handleRequestError(err, methodName, { accountId, ...pathParams, ...context });
+        }
+    }
+    /**
+     * Creates or updates resource attributes synchronously.
+     * @param accountId The account ID
+     * @param resourceAttributeAssignments Array of ResourceAttributeAssignment objects
+     * @returns Promise<void>
+     */
+    static async upsertResourceAttributesSync(accountId, resourceAttributeAssignments) {
+        return this.executeUpsertRequest(accountId, resourceAttributeAssignments, UPSERT_RESOURCE_ATTRIBUTES_PATH, 'resourceAttributeAssignments', resourceAttributeAssignment.ResourceAttributeAssignment, 'resource', 'upsertResourceAttributesSync');
+    }
+    /**
+     * Deletes specific attributes from a resource synchronously.
+     * @param accountId The account ID
+     * @param resource Object with resourceType (string) and resourceId (number)
+     * @param attributeKeys Array of attribute key strings to delete
+     * @returns Promise<void>
+     */
+    static async deleteResourceAttributesSync(accountId, resource, attributeKeys) {
+        // Validate resource object
+        if (!resource || typeof resource !== 'object') {
+            throw new errors_argumentError.ArgumentError('resource must be an object');
+        }
+        utils_validation.ValidationUtils.validateInteger(resource.resourceId, 'resource.resourceId');
+        utils_validation.ValidationUtils.validateString(resource.resourceType, 'resource.resourceType');
+        return this.executeDeleteRequest(accountId, DELETE_RESOURCE_ATTRIBUTES_PATH, {
+            resourceType: resource.resourceType,
+            resourceId: resource.resourceId,
+        }, attributeKeys, 'resource', 'deleteResourceAttributesSync', { resource });
+    }
+    /**
+     * Creates or updates entity attributes synchronously.
+     * @param accountId The account ID
+     * @param entityAttributeAssignments Array of EntityAttributeAssignment objects
+     * @returns Promise<void>
+     */
+    static async upsertEntityAttributesSync(accountId, entityAttributeAssignments) {
+        return this.executeUpsertRequest(accountId, entityAttributeAssignments, UPSERT_ENTITY_ATTRIBUTES_PATH, 'entityAttributeAssignments', entityAttributeAssignment.EntityAttributeAssignment, 'entity', 'upsertEntityAttributesSync');
+    }
+    /**
+     * Deletes specific attributes from an entity synchronously.
+     * @param accountId The account ID
+     * @param entityType The entity type
+     * @param entityId The entity ID
+     * @param attributeKeys Array of attribute key strings to delete
+     * @returns Promise<void>
+     */
+    static async deleteEntityAttributesSync(accountId, entityType, entityId, attributeKeys) {
+        if (!entityType || typeof entityType !== 'string' || entityType.trim() === '') {
+            throw new errors_argumentError.ArgumentError(`entityType must be a non-empty string, got: ${entityType}`);
+        }
+        utils_validation.ValidationUtils.validateInteger(entityId, 'entityId');
+        return this.executeDeleteRequest(accountId, DELETE_ENTITY_ATTRIBUTES_PATH, {
+            entityType,
+            entityId,
+        }, attributeKeys, 'entity', 'deleteEntityAttributesSync', { entityType, entityId });
+    }
+}
+
+exports.AuthorizationAttributesMsService = AuthorizationAttributesMsService;

package/dist/authorization-attributes-sns-service.d.ts

@@ -0,0 +1,85 @@
+import { ResourceAttributeAssignment, ResourceAttributesOperation, EntityAttributesOperation } from './types/authorization-attributes-contracts';
+import { EntityAttributeAssignment } from './entity-attribute-assignment';
+import { Resource } from './types/general';
+export declare class AuthorizationAttributesSnsService {
+    private static LOG_TAG;
+    private resourceSnsArn;
+    private entitySnsArn;
+    /**
+     * Public constructor to create the AuthorizationAttributesSnsService instance.
+     */
+    constructor();
+    /**
+     * Async function to upsert resource attributes using SNS.
+     * Sends the updates request to SNS and returns before the change actually took place.
+     * @param accountId The account ID
+     * @param appName App name of the calling app
+     * @param callerActionIdentifier Action identifier
+     * @param resourceAttributeAssignments Array of resource attribute assignments to upsert
+     * @return Promise with array of sent operations
+     */
+    upsertResourceAttributesAsync(accountId: number, appName: string, callerActionIdentifier: string, resourceAttributeAssignments: ResourceAttributeAssignment[]): Promise<ResourceAttributesOperation[]>;
+    /**
+     * Async function to delete resource attributes using SNS.
+     * Sends the updates request to SNS and returns before the change actually took place.
+     * @param accountId The account ID
+     * @param appName App name of the calling app
+     * @param callerActionIdentifier Action identifier
+     * @param resource The resource (resourceType, resourceId)
+     * @param attributeKeys Array of attribute keys to delete
+     * @return Promise with array of sent operations
+     */
+    deleteResourceAttributesAsync(accountId: number, appName: string, callerActionIdentifier: string, resource: Resource, attributeKeys: string[]): Promise<ResourceAttributesOperation[]>;
+    /**
+     * Async function to upsert entity attributes using SNS.
+     * Sends the updates request to SNS and returns before the change actually took place.
+     * @param accountId The account ID
+     * @param appName App name of the calling app
+     * @param callerActionIdentifier Action identifier
+     * @param entityAttributeAssignments Array of entity attribute assignments to upsert
+     * @return Promise with array of sent operations
+     */
+    upsertEntityAttributesAsync(accountId: number, appName: string, callerActionIdentifier: string, entityAttributeAssignments: EntityAttributeAssignment[]): Promise<EntityAttributesOperation[]>;
+    /**
+     * Async function to delete entity attributes using SNS.
+     * Sends the updates request to SNS and returns before the change actually took place.
+     * @param accountId The account ID
+     * @param appName App name of the calling app
+     * @param callerActionIdentifier Action identifier
+     * @param entityType The entity type
+     * @param entityId The entity ID
+     * @param attributeKeys Array of attribute keys to delete
+     * @return Promise with array of sent operations
+     */
+    deleteEntityAttributesAsync(accountId: number, appName: string, callerActionIdentifier: string, entityType: string, entityId: number, attributeKeys: string[]): Promise<EntityAttributesOperation[]>;
+    /**
+     *  Async function, this function only send the updates request to SNS and return before the change actually took place
+     * @param accountId
+     * @param appName - App name of the calling app
+     * @param callerActionIdentifier - action identifier
+     * @param resourceAttributeOperations - Array of operations to do on resource attributes.
+     * @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
+     *  */
+    updateResourceAttributesAsync(accountId: number, appName: string, callerActionIdentifier: string, resourceAttributeOperations: ResourceAttributesOperation[]): Promise<ResourceAttributesOperation[]>;
+    /**
+     *  Async function, this function only send the updates request to SNS and return before the change actually took place
+     * @param accountId
+     * @param appName - App name of the calling app
+     * @param callerActionIdentifier - action identifier
+     * @param entityAttributeOperations - Array of operations to do on entity attributes.
+     * @return {Promise<EntityAttributesOperation[]>} Array of sent operations
+     *  */
+    updateEntityAttributesAsync(accountId: number, appName: string, callerActionIdentifier: string, entityAttributeOperations: EntityAttributesOperation[]): Promise<EntityAttributesOperation[]>;
+    private sendSingleSnsMessage;
+    private static getSnsTopicArn;
+    /**
+     * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
+     * This function can be used as health check for services that updating resource attributes in async is crucial.
+     * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
+     * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
+     * However, this is the best we can do without actually push dummy messages to the SNS.
+     * @return {Promise<boolean>} - true if succeeded
+     */
+    asyncResourceAttributesHealthCheck(): Promise<boolean>;
+}
+//# sourceMappingURL=authorization-attributes-sns-service.d.ts.map

package/dist/authorization-attributes-sns-service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorization-attributes-sns-service.d.ts","sourceRoot":"","sources":["../src/authorization-attributes-sns-service.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,2BAA2B,EAC3B,2BAA2B,EAC3B,yBAAyB,EAG1B,MAAM,4CAA4C,CAAC;AACpD,OAAO,EAAE,yBAAyB,EAAE,MAAM,+BAA+B,CAAC;AAC1E,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAe3C,qBAAa,iCAAiC;IAC5C,OAAO,CAAC,MAAM,CAAC,OAAO,CAA8B;IACpD,OAAO,CAAC,cAAc,CAAS;IAC/B,OAAO,CAAC,YAAY,CAAS;IAE7B;;OAEG;;IAMH;;;;;;;;OAQG;IACG,6BAA6B,CACjC,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,sBAAsB,EAAE,MAAM,EAC9B,4BAA4B,EAAE,2BAA2B,EAAE,GAC1D,OAAO,CAAC,2BAA2B,EAAE,CAAC;IAQzC;;;;;;;;;OASG;IACG,6BAA6B,CACjC,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,sBAAsB,EAAE,MAAM,EAC9B,QAAQ,EAAE,QAAQ,EAClB,aAAa,EAAE,MAAM,EAAE,GACtB,OAAO,CAAC,2BAA2B,EAAE,CAAC;IAUzC;;;;;;;;OAQG;IACG,2BAA2B,CAC/B,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,sBAAsB,EAAE,MAAM,EAC9B,0BAA0B,EAAE,yBAAyB,EAAE,GACtD,OAAO,CAAC,yBAAyB,EAAE,CAAC;IAcvC;;;;;;;;;;OAUG;IACG,2BAA2B,CAC/B,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,sBAAsB,EAAE,MAAM,EAC9B,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,MAAM,EAAE,GACtB,OAAO,CAAC,yBAAyB,EAAE,CAAC;IAUvC;;;;;;;UAOM;IACA,6BAA6B,CACjC,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,sBAAsB,EAAE,MAAM,EAC9B,2BAA2B,EAAE,2BAA2B,EAAE,GACzD,OAAO,CAAC,2BAA2B,EAAE,CAAC;IAoBzC;;;;;;;UAOM;IACA,2BAA2B,CAC/B,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,sBAAsB,EAAE,MAAM,EAC9B,yBAAyB,EAAE,yBAAyB,EAAE,GACrD,OAAO,CAAC,yBAAyB,EAAE,CAAC;YAoBzB,oBAAoB;IA2BlC,OAAO,CAAC,MAAM,CAAC,cAAc;IA0B7B;;;;;;;OAOG;IACG,kCAAkC,IAAI,OAAO,CAAC,OAAO,CAAC;CAoB7D"}

package/dist/authorization-attributes-sns-service.js

@@ -0,0 +1,203 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+
+const chunk = require('lodash/chunk.js');
+const mondaySns = require('@mondaydotcomorg/monday-sns');
+const types_authorizationAttributesContracts = require('./types/authorization-attributes-contracts.js');
+const entityAttributeAssignment = require('./entity-attribute-assignment.js');
+const authorizationInternalService = require('./authorization-internal-service.js');
+const constants_sns = require('./constants/sns.js');
+
+const _interopDefault = e => e && e.__esModule ? e : { default: e };
+
+const chunk__default = /*#__PURE__*/_interopDefault(chunk);
+
+class AuthorizationAttributesSnsService {
+    static LOG_TAG = 'authorization_attributes';
+    resourceSnsArn;
+    entitySnsArn;
+    /**
+     * Public constructor to create the AuthorizationAttributesSnsService instance.
+     */
+    constructor() {
+        this.resourceSnsArn = AuthorizationAttributesSnsService.getSnsTopicArn(constants_sns.SnsTopicType.RESOURCE);
+        this.entitySnsArn = AuthorizationAttributesSnsService.getSnsTopicArn(constants_sns.SnsTopicType.ENTITY);
+    }
+    /**
+     * Async function to upsert resource attributes using SNS.
+     * Sends the updates request to SNS and returns before the change actually took place.
+     * @param accountId The account ID
+     * @param appName App name of the calling app
+     * @param callerActionIdentifier Action identifier
+     * @param resourceAttributeAssignments Array of resource attribute assignments to upsert
+     * @return Promise with array of sent operations
+     */
+    async upsertResourceAttributesAsync(accountId, appName, callerActionIdentifier, resourceAttributeAssignments) {
+        const operations = resourceAttributeAssignments.map(assignment => ({
+            ...assignment,
+            operationType: types_authorizationAttributesContracts.ResourceAttributeOperationEnum.UPSERT,
+        }));
+        return this.updateResourceAttributesAsync(accountId, appName, callerActionIdentifier, operations);
+    }
+    /**
+     * Async function to delete resource attributes using SNS.
+     * Sends the updates request to SNS and returns before the change actually took place.
+     * @param accountId The account ID
+     * @param appName App name of the calling app
+     * @param callerActionIdentifier Action identifier
+     * @param resource The resource (resourceType, resourceId)
+     * @param attributeKeys Array of attribute keys to delete
+     * @return Promise with array of sent operations
+     */
+    async deleteResourceAttributesAsync(accountId, appName, callerActionIdentifier, resource, attributeKeys) {
+        const operations = attributeKeys.map(key => ({
+            resourceType: resource.type,
+            resourceId: resource.id,
+            key,
+            operationType: types_authorizationAttributesContracts.ResourceAttributeOperationEnum.DELETE,
+        }));
+        return this.updateResourceAttributesAsync(accountId, appName, callerActionIdentifier, operations);
+    }
+    /**
+     * Async function to upsert entity attributes using SNS.
+     * Sends the updates request to SNS and returns before the change actually took place.
+     * @param accountId The account ID
+     * @param appName App name of the calling app
+     * @param callerActionIdentifier Action identifier
+     * @param entityAttributeAssignments Array of entity attribute assignments to upsert
+     * @return Promise with array of sent operations
+     */
+    async upsertEntityAttributesAsync(accountId, appName, callerActionIdentifier, entityAttributeAssignments) {
+        const operations = entityAttributeAssignments.map(assignment => {
+            const assignmentData = assignment instanceof entityAttributeAssignment.EntityAttributeAssignment ? assignment.toH() : assignment;
+            return {
+                entityId: assignmentData.entityId,
+                entityType: assignmentData.entityType,
+                key: assignmentData.key,
+                value: assignmentData.value,
+                operationType: types_authorizationAttributesContracts.EntityAttributeOperationEnum.UPSERT,
+            };
+        });
+        return this.updateEntityAttributesAsync(accountId, appName, callerActionIdentifier, operations);
+    }
+    /**
+     * Async function to delete entity attributes using SNS.
+     * Sends the updates request to SNS and returns before the change actually took place.
+     * @param accountId The account ID
+     * @param appName App name of the calling app
+     * @param callerActionIdentifier Action identifier
+     * @param entityType The entity type
+     * @param entityId The entity ID
+     * @param attributeKeys Array of attribute keys to delete
+     * @return Promise with array of sent operations
+     */
+    async deleteEntityAttributesAsync(accountId, appName, callerActionIdentifier, entityType, entityId, attributeKeys) {
+        const operations = attributeKeys.map(key => ({
+            entityType: entityType,
+            entityId,
+            key,
+            operationType: types_authorizationAttributesContracts.EntityAttributeOperationEnum.DELETE,
+        }));
+        return this.updateEntityAttributesAsync(accountId, appName, callerActionIdentifier, operations);
+    }
+    /**
+     *  Async function, this function only send the updates request to SNS and return before the change actually took place
+     * @param accountId
+     * @param appName - App name of the calling app
+     * @param callerActionIdentifier - action identifier
+     * @param resourceAttributeOperations - Array of operations to do on resource attributes.
+     * @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
+     *  */
+    async updateResourceAttributesAsync(accountId, appName, callerActionIdentifier, resourceAttributeOperations) {
+        const topicArn = this.resourceSnsArn;
+        const sendToSnsPromises = [];
+        const operationChucks = chunk__default.default(resourceAttributeOperations, constants_sns.ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE);
+        for (const operationsChunk of operationChucks) {
+            sendToSnsPromises.push(this.sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operationsChunk, constants_sns.RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND, 'Authorization resource attributes async update: failed to send operations to SNS'));
+        }
+        return (await Promise.all(sendToSnsPromises)).flat();
+    }
+    /**
+     *  Async function, this function only send the updates request to SNS and return before the change actually took place
+     * @param accountId
+     * @param appName - App name of the calling app
+     * @param callerActionIdentifier - action identifier
+     * @param entityAttributeOperations - Array of operations to do on entity attributes.
+     * @return {Promise<EntityAttributesOperation[]>} Array of sent operations
+     *  */
+    async updateEntityAttributesAsync(accountId, appName, callerActionIdentifier, entityAttributeOperations) {
+        const topicArn = this.entitySnsArn;
+        const sendToSnsPromises = [];
+        const operationChucks = chunk__default.default(entityAttributeOperations, constants_sns.ASYNC_ENTITY_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE);
+        for (const operationsChunk of operationChucks) {
+            sendToSnsPromises.push(this.sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operationsChunk, constants_sns.ENTITY_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND, 'Authorization entity attributes async update: failed to send operations to SNS'));
+        }
+        return (await Promise.all(sendToSnsPromises)).flat();
+    }
+    async sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operations, kind, errorLogMessage) {
+        const payload = {
+            kind,
+            payload: {
+                accountId: accountId,
+                callerAppName: appName,
+                callerActionIdentifier: callerActionIdentifier,
+                operations: operations,
+            },
+        };
+        try {
+            await mondaySns.sendToSns(payload, topicArn);
+            return operations;
+        }
+        catch (error) {
+            authorizationInternalService.logger.error({ error, tag: AuthorizationAttributesSnsService.LOG_TAG }, errorLogMessage);
+            return [];
+        }
+    }
+    static getSnsTopicArn(type) {
+        let envVarName;
+        let devTestName;
+        switch (type) {
+            case constants_sns.SnsTopicType.ENTITY:
+                envVarName = constants_sns.ENTITY_SNS_ARN_ENV_VAR_NAME;
+                devTestName = constants_sns.ENTITY_SNS_DEV_TEST_NAME;
+                break;
+            default:
+                // Default to resource SNS constants
+                envVarName = constants_sns.RESOURCE_SNS_ARN_ENV_VAR_NAME;
+                devTestName = constants_sns.RESOURCE_SNS_DEV_TEST_NAME;
+                break;
+        }
+        const arnFromEnv = process.env[envVarName];
+        if (arnFromEnv) {
+            return arnFromEnv;
+        }
+        if (process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'test') {
+            return devTestName;
+        }
+        throw new Error(`Unable to get ${type} sns topic arn from env variable`);
+    }
+    /**
+     * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
+     * This function can be used as health check for services that updating resource attributes in async is crucial.
+     * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
+     * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
+     * However, this is the best we can do without actually push dummy messages to the SNS.
+     * @return {Promise<boolean>} - true if succeeded
+     */
+    async asyncResourceAttributesHealthCheck() {
+        try {
+            const requestedTopicArn = this.resourceSnsArn;
+            const attributes = await mondaySns.getTopicAttributes(requestedTopicArn);
+            const isHealthy = !(!attributes || !('TopicArn' in attributes) || attributes.TopicArn !== requestedTopicArn);
+            if (!isHealthy) {
+                authorizationInternalService.logger.error({ requestedTopicArn, snsReturnedAttributes: attributes, tag: AuthorizationAttributesSnsService.LOG_TAG }, 'authorization-attributes-service failed in health check');
+            }
+            return isHealthy;
+        }
+        catch (error) {
+            authorizationInternalService.logger.error({ error, tag: AuthorizationAttributesSnsService.LOG_TAG }, 'authorization-attributes-service got error during health check');
+            return false;
+        }
+    }
+}
+
+exports.AuthorizationAttributesSnsService = AuthorizationAttributesSnsService;

package/dist/base-attribute-assignment.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Base class for attribute assignments (Resource or Entity)
+ * Provides common validation and functionality
+ */
+export declare abstract class BaseAttributeAssignment<TId extends number, TType extends string> {
+    readonly id: TId;
+    readonly type: TType;
+    readonly attributeKey: string;
+    readonly attributeValue: string;
+    constructor(id: TId, type: string, attributeKey: string, attributeValue: string, validTypes: readonly string[], idFieldName: string, typeFieldName: string);
+    /**
+     * Compares two assignments for equality
+     * @param other Another assignment instance
+     * @returns true if all properties are equal
+     */
+    equals(other: BaseAttributeAssignment<TId, TType>): boolean;
+}
+//# sourceMappingURL=base-attribute-assignment.d.ts.map

package/dist/base-attribute-assignment.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"base-attribute-assignment.d.ts","sourceRoot":"","sources":["../src/base-attribute-assignment.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,8BAAsB,uBAAuB,CAAC,GAAG,SAAS,MAAM,EAAE,KAAK,SAAS,MAAM;IACpF,SAAgB,EAAE,EAAE,GAAG,CAAC;IACxB,SAAgB,IAAI,EAAE,KAAK,CAAC;IAC5B,SAAgB,YAAY,EAAE,MAAM,CAAC;IACrC,SAAgB,cAAc,EAAE,MAAM,CAAC;gBAGrC,EAAE,EAAE,GAAG,EACP,IAAI,EAAE,MAAM,EACZ,YAAY,EAAE,MAAM,EACpB,cAAc,EAAE,MAAM,EACtB,UAAU,EAAE,SAAS,MAAM,EAAE,EAC7B,WAAW,EAAE,MAAM,EACnB,aAAa,EAAE,MAAM;IAmBvB;;;;OAIG;IACH,MAAM,CAAC,KAAK,EAAE,uBAAuB,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,OAAO;CAW5D"}