@mondaydotcomorg/monday-authorization 3.5.0-upgrade-observability-kit-2ebbd01 → 3.5.1-feat-shaime-support-entity-attributes-in-authorization-sdk-59162a3

package/dist/base-attribute-assignment.js

@@ -0,0 +1,43 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+
+const utils_validation = require('./utils/validation.js');
+
+/**
+ * Base class for attribute assignments (Resource or Entity)
+ * Provides common validation and functionality
+ */
+class BaseAttributeAssignment {
+    id;
+    type;
+    attributeKey;
+    attributeValue;
+    constructor(id, type, attributeKey, attributeValue, validTypes, idFieldName, typeFieldName) {
+        // Validate id
+        utils_validation.ValidationUtils.validateInteger(id, idFieldName);
+        // Validate type
+        this.type = utils_validation.ValidationUtils.validateEnum(type, validTypes, typeFieldName);
+        // Validate attributeKey
+        utils_validation.ValidationUtils.validateString(attributeKey, 'attributeKey');
+        // Validate attributeValue
+        utils_validation.ValidationUtils.validateString(attributeValue, 'attributeValue');
+        this.id = id;
+        this.attributeKey = attributeKey;
+        this.attributeValue = attributeValue;
+    }
+    /**
+     * Compares two assignments for equality
+     * @param other Another assignment instance
+     * @returns true if all properties are equal
+     */
+    equals(other) {
+        if (!(other instanceof this.constructor)) {
+            return false;
+        }
+        return (this.id === other.id &&
+            this.type === other.type &&
+            this.attributeKey === other.attributeKey &&
+            this.attributeValue === other.attributeValue);
+    }
+}
+
+exports.BaseAttributeAssignment = BaseAttributeAssignment;

package/dist/clients/graph-api.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../src/clients/graph-api.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AAQlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAgCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;OAEG;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAMxC,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}
+{"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../src/clients/graph-api.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AAQlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAiCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;OAEG;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAMxC,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}

package/dist/clients/graph-api.js

@@ -65,6 +65,7 @@ class GraphApi {
                 url: {
                     appName: constants.GRAPH_APP_NAME,
                     path: CAN_ACTION_IN_SCOPE_GRAPH_PATH,
+                    profile: constants.GraphApiProfile.PERMISSION,
                 },
                 method: 'POST',
                 headers: {

package/dist/constants/sns.d.ts

@@ -1,5 +1,15 @@
-export declare const SNS_ARN_ENV_VAR_NAME = "SHARED_AUTHORIZATION_SNS_ENDPOINT_RESOURCE_ATTRIBUTES";
-export declare const SNS_DEV_TEST_NAME = "arn:aws:sns:us-east-1:000000000000:monday-authorization-resource-attributes-sns-local";
+export declare enum SnsTopicType {
+    RESOURCE = "resource",
+    ENTITY = "entity"
+}
+export declare const RESOURCE_SNS_ARN_ENV_VAR_NAME = "SHARED_AUTHORIZATION_SNS_ENDPOINT_RESOURCE_ATTRIBUTES";
+export declare const RESOURCE_SNS_DEV_TEST_NAME = "arn:aws:sns:us-east-1:000000000000:monday-authorization-resource-attributes-sns-local";
+export declare const ENTITY_SNS_ARN_ENV_VAR_NAME = "SHARED_AUTHORIZATION_SNS_ENDPOINT_ENTITY_ATTRIBUTES";
+export declare const ENTITY_SNS_DEV_TEST_NAME = "arn:aws:sns:us-east-1:000000000000:monday-authorization-entity-attributes-sns-local";
 export declare const RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND = "resourceAttributeModification";
+export declare const ENTITY_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND = "entityAttributeModification";
 export declare const ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE = 100;
+export declare const ASYNC_ENTITY_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE = 100;
+export declare const SNS_ARN_ENV_VAR_NAME = "SHARED_AUTHORIZATION_SNS_ENDPOINT_RESOURCE_ATTRIBUTES";
+export declare const SNS_DEV_TEST_NAME = "arn:aws:sns:us-east-1:000000000000:monday-authorization-resource-attributes-sns-local";
 //# sourceMappingURL=sns.d.ts.map

package/dist/constants/sns.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sns.d.ts","sourceRoot":"","sources":["../../src/constants/sns.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,oBAAoB,0DAA0D,CAAC;AAC5F,eAAO,MAAM,iBAAiB,0FAC2D,CAAC;AAC1F,eAAO,MAAM,qDAAqD,kCAAkC,CAAC;AACrG,eAAO,MAAM,oDAAoD,MAAM,CAAC"}
+{"version":3,"file":"sns.d.ts","sourceRoot":"","sources":["../../src/constants/sns.ts"],"names":[],"mappings":"AAAA,oBAAY,YAAY;IACtB,QAAQ,aAAa;IACrB,MAAM,WAAW;CAClB;AAGD,eAAO,MAAM,6BAA6B,0DAA0D,CAAC;AACrG,eAAO,MAAM,0BAA0B,0FACkD,CAAC;AAG1F,eAAO,MAAM,2BAA2B,wDAAwD,CAAC;AACjG,eAAO,MAAM,wBAAwB,wFACkD,CAAC;AACxF,eAAO,MAAM,qDAAqD,kCAAkC,CAAC;AACrG,eAAO,MAAM,mDAAmD,gCAAgC,CAAC;AACjG,eAAO,MAAM,oDAAoD,MAAM,CAAC;AACxE,eAAO,MAAM,kDAAkD,MAAM,CAAC;AAGtE,eAAO,MAAM,oBAAoB,0DAAgC,CAAC;AAClE,eAAO,MAAM,iBAAiB,0FAA6B,CAAC"}

package/dist/constants/sns.js

@@ -1,11 +1,31 @@
 Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
 
-const SNS_ARN_ENV_VAR_NAME = 'SHARED_AUTHORIZATION_SNS_ENDPOINT_RESOURCE_ATTRIBUTES';
-const SNS_DEV_TEST_NAME = 'arn:aws:sns:us-east-1:000000000000:monday-authorization-resource-attributes-sns-local';
+exports.SnsTopicType = void 0;
+(function (SnsTopicType) {
+    SnsTopicType["RESOURCE"] = "resource";
+    SnsTopicType["ENTITY"] = "entity";
+})(exports.SnsTopicType || (exports.SnsTopicType = {}));
+// Resource SNS constants
+const RESOURCE_SNS_ARN_ENV_VAR_NAME = 'SHARED_AUTHORIZATION_SNS_ENDPOINT_RESOURCE_ATTRIBUTES';
+const RESOURCE_SNS_DEV_TEST_NAME = 'arn:aws:sns:us-east-1:000000000000:monday-authorization-resource-attributes-sns-local';
+// Entity SNS constants
+const ENTITY_SNS_ARN_ENV_VAR_NAME = 'SHARED_AUTHORIZATION_SNS_ENDPOINT_ENTITY_ATTRIBUTES';
+const ENTITY_SNS_DEV_TEST_NAME = 'arn:aws:sns:us-east-1:000000000000:monday-authorization-entity-attributes-sns-local';
 const RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND = 'resourceAttributeModification';
+const ENTITY_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND = 'entityAttributeModification';
 const ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE = 100;
+const ASYNC_ENTITY_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE = 100;
+// Legacy exports for backward compatibility
+const SNS_ARN_ENV_VAR_NAME = RESOURCE_SNS_ARN_ENV_VAR_NAME;
+const SNS_DEV_TEST_NAME = RESOURCE_SNS_DEV_TEST_NAME;
 
+exports.ASYNC_ENTITY_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE = ASYNC_ENTITY_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE;
 exports.ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE = ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE;
+exports.ENTITY_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND = ENTITY_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND;
+exports.ENTITY_SNS_ARN_ENV_VAR_NAME = ENTITY_SNS_ARN_ENV_VAR_NAME;
+exports.ENTITY_SNS_DEV_TEST_NAME = ENTITY_SNS_DEV_TEST_NAME;
 exports.RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND = RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND;
+exports.RESOURCE_SNS_ARN_ENV_VAR_NAME = RESOURCE_SNS_ARN_ENV_VAR_NAME;
+exports.RESOURCE_SNS_DEV_TEST_NAME = RESOURCE_SNS_DEV_TEST_NAME;
 exports.SNS_ARN_ENV_VAR_NAME = SNS_ARN_ENV_VAR_NAME;
 exports.SNS_DEV_TEST_NAME = SNS_DEV_TEST_NAME;

package/dist/constants.d.ts

@@ -2,6 +2,9 @@ import { RecursivePartial } from '@mondaydotcomorg/monday-fetch-api';
 import { FetcherConfig } from '@mondaydotcomorg/trident-backend-api';
 export declare const APP_NAME = "authorization";
 export declare const GRAPH_APP_NAME = "authorization-graph";
+export declare enum GraphApiProfile {
+    PERMISSION = "authorization-graph-permission"
+}
 export declare const ERROR_MESSAGES: {
     readonly HTTP_CLIENT_NOT_INITIALIZED: "MondayAuthorization: HTTP client is not initialized";
     readonly REQUEST_FAILED: (method: string, status: number, reason: string) => string;

package/dist/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAErE,eAAO,MAAM,QAAQ,kBAAkB,CAAC;AACxC,eAAO,MAAM,cAAc,wBAAwB,CAAC;AAEpD,eAAO,MAAM,cAAc;;sCAEA,MAAM,UAAU,MAAM,UAAU,MAAM;CAEvD,CAAC;AAEX,eAAO,MAAM,qBAAqB,EAAE,gBAAgB,CAAC,aAAa,CAUjE,CAAC"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAErE,eAAO,MAAM,QAAQ,kBAAkB,CAAC;AACxC,eAAO,MAAM,cAAc,wBAAwB,CAAC;AAEpD,oBAAY,eAAe;IACzB,UAAU,mCAAmC;CAC9C;AAED,eAAO,MAAM,cAAc;;sCAEA,MAAM,UAAU,MAAM,UAAU,MAAM;CAEvD,CAAC;AAEX,eAAO,MAAM,qBAAqB,EAAE,gBAAgB,CAAC,aAAa,CAUjE,CAAC"}

package/dist/constants.js

@@ -2,6 +2,10 @@ Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
 
 const APP_NAME = 'authorization';
 const GRAPH_APP_NAME = 'authorization-graph';
+exports.GraphApiProfile = void 0;
+(function (GraphApiProfile) {
+    GraphApiProfile["PERMISSION"] = "authorization-graph-permission";
+})(exports.GraphApiProfile || (exports.GraphApiProfile = {}));
 const ERROR_MESSAGES = {
     HTTP_CLIENT_NOT_INITIALIZED: 'MondayAuthorization: HTTP client is not initialized',
     REQUEST_FAILED: (method, status, reason) => `MondayAuthorization: [${method}] request failed with status ${status} with reason: ${reason}`,

package/dist/entity-attribute-assignment.d.ts

@@ -0,0 +1,24 @@
+import { EntityType } from './entity-attributes-constants';
+import { BaseAttributeAssignment } from './base-attribute-assignment';
+export declare class EntityAttributeAssignment extends BaseAttributeAssignment<number, EntityType> {
+    readonly entityId: number;
+    readonly entityType: EntityType;
+    constructor(entityId: number, entityType: string, attributeKey: string, attributeValue: string);
+    /**
+     * Converts the assignment to hash format with camelCase keys
+     * @returns Object with camelCase keys: { entityId, entityType, key, value }
+     */
+    toH(): {
+        entityId: number;
+        entityType: string;
+        key: string;
+        value: string;
+    };
+    /**
+     * Compares two assignments for equality
+     * @param other Another EntityAttributeAssignment instance
+     * @returns true if all properties are equal
+     */
+    equals(other: EntityAttributeAssignment): boolean;
+}
+//# sourceMappingURL=entity-attribute-assignment.d.ts.map

package/dist/entity-attribute-assignment.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"entity-attribute-assignment.d.ts","sourceRoot":"","sources":["../src/entity-attribute-assignment.ts"],"names":[],"mappings":"AAAA,OAAO,EAAgB,UAAU,EAAE,MAAM,+BAA+B,CAAC;AACzE,OAAO,EAAE,uBAAuB,EAAE,MAAM,6BAA6B,CAAC;AAEtE,qBAAa,yBAA0B,SAAQ,uBAAuB,CAAC,MAAM,EAAE,UAAU,CAAC;IACxF,SAAgB,QAAQ,EAAE,MAAM,CAAC;IACjC,SAAgB,UAAU,EAAE,UAAU,CAAC;gBAE3B,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM;IAc9F;;;OAGG;IACH,GAAG,IAAI;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE;IAS3E;;;;OAIG;IACH,MAAM,CAAC,KAAK,EAAE,yBAAyB,GAAG,OAAO;CAGlD"}

package/dist/entity-attribute-assignment.js

@@ -0,0 +1,36 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+
+const entityAttributesConstants = require('./entity-attributes-constants.js');
+const baseAttributeAssignment = require('./base-attribute-assignment.js');
+
+class EntityAttributeAssignment extends baseAttributeAssignment.BaseAttributeAssignment {
+    entityId;
+    entityType;
+    constructor(entityId, entityType, attributeKey, attributeValue) {
+        super(entityId, entityType, attributeKey, attributeValue, Object.values(entityAttributesConstants.ENTITY_TYPES), 'entityId', 'entityType');
+        this.entityId = entityId;
+        this.entityType = this.type;
+    }
+    /**
+     * Converts the assignment to hash format with camelCase keys
+     * @returns Object with camelCase keys: { entityId, entityType, key, value }
+     */
+    toH() {
+        return {
+            entityId: this.entityId,
+            entityType: this.entityType,
+            key: this.attributeKey,
+            value: this.attributeValue,
+        };
+    }
+    /**
+     * Compares two assignments for equality
+     * @param other Another EntityAttributeAssignment instance
+     * @returns true if all properties are equal
+     */
+    equals(other) {
+        return super.equals(other);
+    }
+}
+
+exports.EntityAttributeAssignment = EntityAttributeAssignment;

package/dist/entity-attributes-constants.d.ts

@@ -0,0 +1,7 @@
+export declare const ENTITY_TYPES: {
+    readonly USER: "user";
+    readonly TEAM: "team";
+    readonly ACCOUNT: "account";
+};
+export type EntityType = (typeof ENTITY_TYPES)[keyof typeof ENTITY_TYPES];
+//# sourceMappingURL=entity-attributes-constants.d.ts.map

package/dist/entity-attributes-constants.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"entity-attributes-constants.d.ts","sourceRoot":"","sources":["../src/entity-attributes-constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,YAAY;;;;CAIf,CAAC;AAEX,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,YAAY,CAAC,CAAC,MAAM,OAAO,YAAY,CAAC,CAAC"}

package/dist/entity-attributes-constants.js

@@ -0,0 +1,9 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+
+const ENTITY_TYPES = {
+    USER: 'user',
+    TEAM: 'team',
+    ACCOUNT: 'account',
+};
+
+exports.ENTITY_TYPES = ENTITY_TYPES;

package/dist/errors/argument-error.d.ts

@@ -0,0 +1,4 @@
+export declare class ArgumentError extends Error {
+    constructor(message: string);
+}
+//# sourceMappingURL=argument-error.d.ts.map

package/dist/errors/argument-error.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"argument-error.d.ts","sourceRoot":"","sources":["../../src/errors/argument-error.ts"],"names":[],"mappings":"AAAA,qBAAa,aAAc,SAAQ,KAAK;gBAC1B,OAAO,EAAE,MAAM;CAK5B"}

package/dist/errors/argument-error.js

@@ -0,0 +1,11 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+
+class ArgumentError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'ArgumentError';
+        Object.setPrototypeOf(this, ArgumentError.prototype);
+    }
+}
+
+exports.ArgumentError = ArgumentError;

package/dist/esm/attributions-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../../src/attributions-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;AAStF,oBAAY,eAAe;IACzB,YAAY,iBAAiB;IAC7B,IAAI,SAAS;IACb,QAAQ,aAAa;IACrB,GAAG,QAAQ;CACZ;AAED,wBAAgB,UAAU,mFAiBzB;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,gBAAgB,CAEtE;AAED,wBAAgB,sBAAsB,IAAI;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAqClE"}
+{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../../src/attributions-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;AAStF,oBAAY,eAAe;IACzB,YAAY,iBAAiB;IAC7B,IAAI,SAAS;IACb,QAAQ,aAAa;IACrB,GAAG,QAAQ;CACZ;AAED,wBAAgB,UAAU,mFAiBzB;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,gBAAgB,CAEtE;AAED,wBAAgB,sBAAsB,IAAI;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAyClE"}

package/dist/esm/attributions-service.mjs

@@ -44,6 +44,7 @@ function getAttributionsFromApi() {
         const { runtimeAttributions } = tridentContext;
         const runtimeAttributionsOutgoingHeaders = runtimeAttributions?.buildOutgoingHeaders('HTTP_INTERNAL');
         if (!runtimeAttributionsOutgoingHeaders) {
+            logger.info({ tag: 'authorization-service', runtimeAttributionsOutgoingHeaders }, 'No runtime attributions outgoing headers');
             return callerAppNameFromSdk;
         }
         const attributionsHeaders = Object.fromEntries(runtimeAttributionsOutgoingHeaders);

package/dist/esm/authorization-attributes-ms-service.d.ts

@@ -0,0 +1,67 @@
+import { ResourceAttributeAssignment } from './resource-attribute-assignment';
+import { EntityAttributeAssignment } from './entity-attribute-assignment';
+import { EntityType, EntityAttributeKeyType } from './types/authorization-attributes-contracts';
+interface Resource {
+    resourceType: string;
+    resourceId: number;
+}
+/**
+ * Service class for managing resource attributes in the authorization microservice.
+ * Provides synchronous HTTP operations to create/update and delete attributes on resources.
+ */
+export declare class AuthorizationAttributesMsService {
+    private static LOG_TAG;
+    /**
+     * Gets request headers including Authorization, Content-Type, and optional attribution headers
+     */
+    private static getRequestHeaders;
+    /**
+     * Validates that all messages are instances of the specified message class
+     */
+    private static validateMessages;
+    /**
+     * Handles request errors with consistent logging and error formatting
+     */
+    private static handleRequestError;
+    /**
+     * Generic helper for executing upsert requests
+     */
+    private static executeUpsertRequest;
+    /**
+     * Generic helper for executing delete requests
+     */
+    private static executeDeleteRequest;
+    /**
+     * Creates or updates resource attributes synchronously.
+     * @param accountId The account ID
+     * @param resourceAttributeAssignments Array of ResourceAttributeAssignment objects
+     * @returns Promise<void>
+     */
+    static upsertResourceAttributesSync(accountId: number, resourceAttributeAssignments: ResourceAttributeAssignment[]): Promise<void>;
+    /**
+     * Deletes specific attributes from a resource synchronously.
+     * @param accountId The account ID
+     * @param resource Object with resourceType (string) and resourceId (number)
+     * @param attributeKeys Array of attribute key strings to delete
+     * @returns Promise<void>
+     */
+    static deleteResourceAttributesSync(accountId: number, resource: Resource, attributeKeys: string[]): Promise<void>;
+    /**
+     * Creates or updates entity attributes synchronously.
+     * @param accountId The account ID
+     * @param entityAttributeAssignments Array of EntityAttributeAssignment objects
+     * @returns Promise<void>
+     */
+    static upsertEntityAttributesSync(accountId: number, entityAttributeAssignments: EntityAttributeAssignment[]): Promise<void>;
+    /**
+     * Deletes specific attributes from an entity synchronously.
+     * @param accountId The account ID
+     * @param entityType The entity type
+     * @param entityId The entity ID
+     * @param attributeKeys Array of attribute key strings to delete
+     * @returns Promise<void>
+     */
+    static deleteEntityAttributesSync(accountId: number, entityType: EntityType, entityId: number, attributeKeys: EntityAttributeKeyType[]): Promise<void>;
+}
+export {};
+//# sourceMappingURL=authorization-attributes-ms-service.d.ts.map

package/dist/esm/authorization-attributes-ms-service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorization-attributes-ms-service.d.ts","sourceRoot":"","sources":["../../src/authorization-attributes-ms-service.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,2BAA2B,EAAE,MAAM,iCAAiC,CAAC;AAC9E,OAAO,EAAE,yBAAyB,EAAE,MAAM,+BAA+B,CAAC;AAC1E,OAAO,EAAE,UAAU,EAAE,sBAAsB,EAAE,MAAM,4CAA4C,CAAC;AAchG,UAAU,QAAQ;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;CACpB;AAwBD;;;GAGG;AACH,qBAAa,gCAAgC;IAC3C,OAAO,CAAC,MAAM,CAAC,OAAO,CAAiC;IAEvD;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,iBAAiB;IA+ChC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAiB/B;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,kBAAkB;IAmBjC;;OAEG;mBACkB,oBAAoB;IA0EzC;;OAEG;mBACkB,oBAAoB;IAmEzC;;;;;OAKG;WACU,4BAA4B,CACvC,SAAS,EAAE,MAAM,EACjB,4BAA4B,EAAE,2BAA2B,EAAE,GAC1D,OAAO,CAAC,IAAI,CAAC;IAYhB;;;;;;OAMG;WACU,4BAA4B,CACvC,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,QAAQ,EAClB,aAAa,EAAE,MAAM,EAAE,GACtB,OAAO,CAAC,IAAI,CAAC;IAsBhB;;;;;OAKG;WACU,0BAA0B,CACrC,SAAS,EAAE,MAAM,EACjB,0BAA0B,EAAE,yBAAyB,EAAE,GACtD,OAAO,CAAC,IAAI,CAAC;IAYhB;;;;;;;OAOG;WACU,0BAA0B,CACrC,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,UAAU,EACtB,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,sBAAsB,EAAE,GACtC,OAAO,CAAC,IAAI,CAAC;CAmBjB"}

package/dist/esm/authorization-attributes-ms-service.mjs

@@ -0,0 +1,254 @@
+import { Api } from '@mondaydotcomorg/trident-backend-api';
+import { signAuthorizationHeader } from '@mondaydotcomorg/monday-jwt';
+import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
+import { ResourceAttributeAssignment } from './resource-attribute-assignment.mjs';
+import { EntityAttributeAssignment } from './entity-attribute-assignment.mjs';
+import { ArgumentError } from './errors/argument-error.mjs';
+import { logger, AuthorizationInternalService } from './authorization-internal-service.mjs';
+import { getAttributionsFromApi } from './attributions-service.mjs';
+import { APP_NAME } from './constants.mjs';
+import { ValidationUtils } from './utils/validation.mjs';
+import { replacePathParams } from './utils/path-utils.mjs';
+
+const INTERNAL_APP_NAME = 'internal_ms';
+const UPSERT_RESOURCE_ATTRIBUTES_PATH = '/attributes/{accountId}/resource';
+const DELETE_RESOURCE_ATTRIBUTES_PATH = '/attributes/{accountId}/resource/{resourceType}/{resourceId}';
+const UPSERT_ENTITY_ATTRIBUTES_PATH = '/attributes/{accountId}/entity';
+const DELETE_ENTITY_ATTRIBUTES_PATH = '/attributes/{accountId}/entity/{entityType}/{entityId}';
+/**
+ * Service class for managing resource attributes in the authorization microservice.
+ * Provides synchronous HTTP operations to create/update and delete attributes on resources.
+ */
+class AuthorizationAttributesMsService {
+    static LOG_TAG = 'authorization_attributes_ms';
+    /**
+     * Gets request headers including Authorization, Content-Type, and optional attribution headers
+     */
+    static getRequestHeaders(accountId, userId) {
+        const headers = {
+            'Content-Type': 'application/json',
+        };
+        // Generate Authorization token
+        const authToken = signAuthorizationHeader({
+            appName: INTERNAL_APP_NAME,
+            accountId,
+            userId,
+        });
+        headers.Authorization = authToken;
+        // Add attribution headers if available
+        const attributionHeaders = getAttributionsFromApi();
+        for (const key in attributionHeaders) {
+            if (Object.prototype.hasOwnProperty.call(attributionHeaders, key)) {
+                headers[key] = attributionHeaders[key];
+            }
+        }
+        // Add X-REQUEST-ID if available from context
+        try {
+            const tridentContext = Api.getPart('context');
+            if (tridentContext?.runtimeAttributions) {
+                const outgoingHeaders = tridentContext.runtimeAttributions.buildOutgoingHeaders('HTTP_INTERNAL');
+                if (outgoingHeaders) {
+                    const attributionHeadersMap = {};
+                    for (const [key, value] of outgoingHeaders) {
+                        attributionHeadersMap[key] = value;
+                    }
+                    if (attributionHeadersMap['x-request-id']) {
+                        headers['X-REQUEST-ID'] = attributionHeadersMap['x-request-id'];
+                    }
+                }
+            }
+        }
+        catch (error) {
+            // Silently fail if context is not available
+            logger.debug({ tag: this.LOG_TAG, error }, 'Failed to get request ID from context');
+        }
+        // Add X-REQUEST-START timestamp
+        headers['X-REQUEST-START'] = Math.floor(Date.now() / 1000).toString();
+        return headers;
+    }
+    /**
+     * Validates that all messages are instances of the specified message class
+     */
+    static validateMessages(attributesMessages, messageClass) {
+        if (typeof messageClass !== 'function') {
+            throw new ArgumentError('messageClass must be a class/constructor function');
+        }
+        ValidationUtils.validateArray(attributesMessages, 'attributesMessages');
+        for (let i = 0; i < attributesMessages.length; i++) {
+            if (!(attributesMessages[i] instanceof messageClass)) {
+                const className = messageClass.name || 'ResourceAttributeAssignment';
+                throw new ArgumentError(`All attributesMessages must be instances of ${className}, but item at index ${i} is not`);
+            }
+        }
+    }
+    /**
+     * Handles request errors with consistent logging and error formatting
+     */
+    static handleRequestError(err, methodName, context) {
+        logger.error({
+            tag: this.LOG_TAG,
+            method: methodName,
+            ...context,
+            error: err instanceof Error ? err.message : String(err),
+        }, `Failed in ${methodName}`);
+        if (err instanceof HttpFetcherError) {
+            throw new Error(`AuthorizationAttributesMsService: [${methodName}] request failed with status ${err.status}: ${err.message}`);
+        }
+        throw err;
+    }
+    /**
+     * Generic helper for executing upsert requests
+     */
+    static async executeUpsertRequest(accountId, assignments, pathTemplate, requestBodyKey, assignmentClass, logPrefix, methodName) {
+        // Skip HTTP requests in test environment
+        if (process.env.NODE_ENV === 'test') {
+            logger.debug({ tag: this.LOG_TAG, accountId, count: assignments.length }, `Skipping ${methodName} in test environment`);
+            return;
+        }
+        // Validate inputs
+        ValidationUtils.validateInteger(accountId, 'accountId');
+        ValidationUtils.validateArray(assignments, 'assignments');
+        if (assignments.length === 0) {
+            logger.warn({ tag: this.LOG_TAG, accountId }, `${methodName} called with empty array`);
+            return;
+        }
+        // Validate all assignments are instances of the correct class
+        this.validateMessages(assignments, assignmentClass);
+        // Convert assignments to hash format
+        const assignmentsHash = assignments.map(assignment => assignment.toH());
+        // Build request body
+        const requestBody = requestBodyKey === 'resourceAttributeAssignments'
+            ? { resourceAttributeAssignments: assignmentsHash }
+            : { entityAttributeAssignments: assignmentsHash };
+        const httpClient = Api.getPart('httpClient');
+        if (!httpClient) {
+            throw new Error('AuthorizationAttributesMsService: HTTP client is not initialized');
+        }
+        const path = replacePathParams(pathTemplate, { accountId });
+        const headers = this.getRequestHeaders(accountId);
+        try {
+            logger.info({ tag: this.LOG_TAG, accountId, count: assignments.length }, `Upserting ${logPrefix} attributes`);
+            await httpClient.fetch({
+                url: {
+                    appName: APP_NAME,
+                    path,
+                },
+                method: 'POST',
+                headers,
+                body: JSON.stringify(requestBody),
+            }, {
+                timeout: AuthorizationInternalService.getRequestTimeout(),
+                retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
+            });
+            logger.info({ tag: this.LOG_TAG, accountId, count: assignments.length }, `Successfully upserted ${logPrefix} attributes`);
+        }
+        catch (err) {
+            this.handleRequestError(err, methodName, { accountId });
+        }
+    }
+    /**
+     * Generic helper for executing delete requests
+     */
+    static async executeDeleteRequest(accountId, pathTemplate, pathParams, keys, logPrefix, methodName, context = {}) {
+        // Skip HTTP requests in test environment
+        if (process.env.NODE_ENV === 'test') {
+            logger.debug({ tag: this.LOG_TAG, accountId, ...pathParams, keys }, `Skipping ${methodName} in test environment`);
+            return;
+        }
+        // Validate inputs
+        ValidationUtils.validateInteger(accountId, 'accountId');
+        ValidationUtils.validateArray(keys, 'attributeKeys');
+        if (keys.length === 0) {
+            logger.warn({ tag: this.LOG_TAG, accountId, ...pathParams }, `${methodName} called with empty keys array`);
+            return;
+        }
+        // Validate all keys are strings
+        ValidationUtils.validateStringArray(keys, 'attributeKeys');
+        // Build request body
+        const requestBody = {
+            keys,
+        };
+        const httpClient = Api.getPart('httpClient');
+        if (!httpClient) {
+            throw new Error('AuthorizationAttributesMsService: HTTP client is not initialized');
+        }
+        const path = replacePathParams(pathTemplate, { accountId, ...pathParams });
+        const headers = this.getRequestHeaders(accountId);
+        try {
+            logger.info({ tag: this.LOG_TAG, accountId, ...pathParams, keys }, `Deleting ${logPrefix} attributes`);
+            await httpClient.fetch({
+                url: {
+                    appName: APP_NAME,
+                    path,
+                },
+                method: 'DELETE',
+                headers,
+                body: JSON.stringify(requestBody),
+            }, {
+                timeout: AuthorizationInternalService.getRequestTimeout(),
+                retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
+            });
+            logger.info({ tag: this.LOG_TAG, accountId, ...pathParams, keys }, `Successfully deleted ${logPrefix} attributes`);
+        }
+        catch (err) {
+            this.handleRequestError(err, methodName, { accountId, ...pathParams, ...context });
+        }
+    }
+    /**
+     * Creates or updates resource attributes synchronously.
+     * @param accountId The account ID
+     * @param resourceAttributeAssignments Array of ResourceAttributeAssignment objects
+     * @returns Promise<void>
+     */
+    static async upsertResourceAttributesSync(accountId, resourceAttributeAssignments) {
+        return this.executeUpsertRequest(accountId, resourceAttributeAssignments, UPSERT_RESOURCE_ATTRIBUTES_PATH, 'resourceAttributeAssignments', ResourceAttributeAssignment, 'resource', 'upsertResourceAttributesSync');
+    }
+    /**
+     * Deletes specific attributes from a resource synchronously.
+     * @param accountId The account ID
+     * @param resource Object with resourceType (string) and resourceId (number)
+     * @param attributeKeys Array of attribute key strings to delete
+     * @returns Promise<void>
+     */
+    static async deleteResourceAttributesSync(accountId, resource, attributeKeys) {
+        // Validate resource object
+        if (!resource || typeof resource !== 'object') {
+            throw new ArgumentError('resource must be an object');
+        }
+        ValidationUtils.validateInteger(resource.resourceId, 'resource.resourceId');
+        ValidationUtils.validateString(resource.resourceType, 'resource.resourceType');
+        return this.executeDeleteRequest(accountId, DELETE_RESOURCE_ATTRIBUTES_PATH, {
+            resourceType: resource.resourceType,
+            resourceId: resource.resourceId,
+        }, attributeKeys, 'resource', 'deleteResourceAttributesSync', { resource });
+    }
+    /**
+     * Creates or updates entity attributes synchronously.
+     * @param accountId The account ID
+     * @param entityAttributeAssignments Array of EntityAttributeAssignment objects
+     * @returns Promise<void>
+     */
+    static async upsertEntityAttributesSync(accountId, entityAttributeAssignments) {
+        return this.executeUpsertRequest(accountId, entityAttributeAssignments, UPSERT_ENTITY_ATTRIBUTES_PATH, 'entityAttributeAssignments', EntityAttributeAssignment, 'entity', 'upsertEntityAttributesSync');
+    }
+    /**
+     * Deletes specific attributes from an entity synchronously.
+     * @param accountId The account ID
+     * @param entityType The entity type
+     * @param entityId The entity ID
+     * @param attributeKeys Array of attribute key strings to delete
+     * @returns Promise<void>
+     */
+    static async deleteEntityAttributesSync(accountId, entityType, entityId, attributeKeys) {
+        if (!entityType || typeof entityType !== 'string' || entityType.trim() === '') {
+            throw new ArgumentError(`entityType must be a non-empty string, got: ${entityType}`);
+        }
+        ValidationUtils.validateInteger(entityId, 'entityId');
+        return this.executeDeleteRequest(accountId, DELETE_ENTITY_ATTRIBUTES_PATH, {
+            entityType,
+            entityId,
+        }, attributeKeys, 'entity', 'deleteEntityAttributesSync', { entityType, entityId });
+    }
+}
+
+export { AuthorizationAttributesMsService };