@mondaydotcomorg/monday-authorization 3.5.0-upgrade-observability-kit-2ebbd01 → 3.5.1-feat-shaime-support-entity-attributes-in-authorization-sdk-59162a3

package/dist/types/authorization-attributes-contracts.js

@@ -5,3 +5,8 @@ exports.ResourceAttributeOperationEnum = void 0;
     ResourceAttributeOperationEnum["UPSERT"] = "upsert";
     ResourceAttributeOperationEnum["DELETE"] = "delete";
 })(exports.ResourceAttributeOperationEnum || (exports.ResourceAttributeOperationEnum = {}));
+exports.EntityAttributeOperationEnum = void 0;
+(function (EntityAttributeOperationEnum) {
+    EntityAttributeOperationEnum["UPSERT"] = "upsert";
+    EntityAttributeOperationEnum["DELETE"] = "delete";
+})(exports.EntityAttributeOperationEnum || (exports.EntityAttributeOperationEnum = {}));

package/dist/utils/path-utils.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Replaces path template parameters with actual values
+ * @param template Path template with placeholders like {accountId}
+ * @param params Object with parameter names and values
+ * @returns Path with all placeholders replaced
+ */
+export declare function replacePathParams(template: string, params: Record<string, string | number>): string;
+//# sourceMappingURL=path-utils.d.ts.map

package/dist/utils/path-utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"path-utils.d.ts","sourceRoot":"","sources":["../../src/utils/path-utils.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,GAAG,MAAM,CAMnG"}

package/dist/utils/path-utils.js

@@ -0,0 +1,17 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+
+/**
+ * Replaces path template parameters with actual values
+ * @param template Path template with placeholders like {accountId}
+ * @param params Object with parameter names and values
+ * @returns Path with all placeholders replaced
+ */
+function replacePathParams(template, params) {
+    let path = template;
+    for (const [key, value] of Object.entries(params)) {
+        path = path.replace(`{${key}}`, String(value));
+    }
+    return path;
+}
+
+exports.replacePathParams = replacePathParams;

package/dist/utils/validation.d.ts

@@ -0,0 +1,45 @@
+/**
+ * Utility class for common validation operations
+ */
+export declare class ValidationUtils {
+    /**
+     * Validates that a value is an integer
+     * @param value The value to validate
+     * @param fieldName The name of the field for error messages
+     * @throws ArgumentError if value is not an integer
+     */
+    static validateInteger(value: any, fieldName: string): void;
+    /**
+     * Validates that a value is a string
+     * @param value The value to validate
+     * @param fieldName The name of the field for error messages
+     * @throws ArgumentError if value is not a string
+     */
+    static validateString(value: any, fieldName: string): void;
+    /**
+     * Validates that a value is an array and optionally checks minimum length
+     * @param value The value to validate
+     * @param fieldName The name of the field for error messages
+     * @param minLength Minimum required length (default: 0)
+     * @returns The validated array
+     * @throws ArgumentError if value is not an array or doesn't meet minimum length
+     */
+    static validateArray<T>(value: any, fieldName: string, minLength?: number): T[];
+    /**
+     * Validates that a value is one of the allowed enum values
+     * @param value The value to validate
+     * @param validValues Array of valid values
+     * @param fieldName The name of the field for error messages
+     * @returns The validated value as the enum type
+     * @throws ArgumentError if value is not in validValues
+     */
+    static validateEnum<T extends string>(value: string, validValues: readonly T[], fieldName: string): T;
+    /**
+     * Validates that all items in an array are strings
+     * @param value Array to validate
+     * @param fieldName The name of the field for error messages
+     * @throws ArgumentError if any item is not a string
+     */
+    static validateStringArray(value: any[], fieldName: string): void;
+}
+//# sourceMappingURL=validation.d.ts.map

package/dist/utils/validation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation.d.ts","sourceRoot":"","sources":["../../src/utils/validation.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,qBAAa,eAAe;IAC1B;;;;;OAKG;IACH,MAAM,CAAC,eAAe,CAAC,KAAK,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI;IAM3D;;;;;OAKG;IACH,MAAM,CAAC,cAAc,CAAC,KAAK,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI;IAM1D;;;;;;;OAOG;IACH,MAAM,CAAC,aAAa,CAAC,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,SAAI,GAAG,CAAC,EAAE;IAU1E;;;;;;;OAOG;IACH,MAAM,CAAC,YAAY,CAAC,CAAC,SAAS,MAAM,EAClC,KAAK,EAAE,MAAM,EACb,WAAW,EAAE,SAAS,CAAC,EAAE,EACzB,SAAS,EAAE,MAAM,GAChB,CAAC;IASJ;;;;;OAKG;IACH,MAAM,CAAC,mBAAmB,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI;CAOlE"}

package/dist/utils/validation.js

@@ -0,0 +1,77 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+
+const errors_argumentError = require('../errors/argument-error.js');
+
+/**
+ * Utility class for common validation operations
+ */
+class ValidationUtils {
+    /**
+     * Validates that a value is an integer
+     * @param value The value to validate
+     * @param fieldName The name of the field for error messages
+     * @throws ArgumentError if value is not an integer
+     */
+    static validateInteger(value, fieldName) {
+        if (!Number.isInteger(value)) {
+            throw new errors_argumentError.ArgumentError(`${fieldName} must be an integer, got: ${value}`);
+        }
+    }
+    /**
+     * Validates that a value is a string
+     * @param value The value to validate
+     * @param fieldName The name of the field for error messages
+     * @throws ArgumentError if value is not a string
+     */
+    static validateString(value, fieldName) {
+        if (typeof value !== 'string') {
+            throw new errors_argumentError.ArgumentError(`${fieldName} must be a string, got: ${typeof value}`);
+        }
+    }
+    /**
+     * Validates that a value is an array and optionally checks minimum length
+     * @param value The value to validate
+     * @param fieldName The name of the field for error messages
+     * @param minLength Minimum required length (default: 0)
+     * @returns The validated array
+     * @throws ArgumentError if value is not an array or doesn't meet minimum length
+     */
+    static validateArray(value, fieldName, minLength = 0) {
+        if (!Array.isArray(value)) {
+            throw new errors_argumentError.ArgumentError(`${fieldName} must be an array`);
+        }
+        if (value.length < minLength) {
+            throw new errors_argumentError.ArgumentError(`${fieldName} must have at least ${minLength} items`);
+        }
+        return value;
+    }
+    /**
+     * Validates that a value is one of the allowed enum values
+     * @param value The value to validate
+     * @param validValues Array of valid values
+     * @param fieldName The name of the field for error messages
+     * @returns The validated value as the enum type
+     * @throws ArgumentError if value is not in validValues
+     */
+    static validateEnum(value, validValues, fieldName) {
+        if (!validValues.includes(value)) {
+            throw new errors_argumentError.ArgumentError(`${fieldName} must be one of [${validValues.join(', ')}], got: ${value}`);
+        }
+        return value;
+    }
+    /**
+     * Validates that all items in an array are strings
+     * @param value Array to validate
+     * @param fieldName The name of the field for error messages
+     * @throws ArgumentError if any item is not a string
+     */
+    static validateStringArray(value, fieldName) {
+        for (let i = 0; i < value.length; i++) {
+            if (typeof value[i] !== 'string') {
+                throw new errors_argumentError.ArgumentError(`All ${fieldName} must be strings, but item at index ${i} is not`);
+            }
+        }
+    }
+}
+
+exports.ValidationUtils = ValidationUtils;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mondaydotcomorg/monday-authorization",
-  "version": "3.5.0-upgrade-observability-kit-2ebbd01",
+  "version": "3.5.1-feat-shaime-support-entity-attributes-in-authorization-sdk-59162a3",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "license": "BSD-3-Clause",
@@ -25,7 +25,7 @@
     "@mondaydotcomorg/monday-fetch-api": "^1.0.2",
     "@mondaydotcomorg/monday-jwt": "^3.0.14",
     "@mondaydotcomorg/monday-logger": "^4.0.11",
-    "@mondaydotcomorg/monday-observability-kit": "^1.8.1",
+    "@mondaydotcomorg/monday-observability-kit": "^1.5.3",
     "@mondaydotcomorg/monday-sns": "^1.2.1",
     "@mondaydotcomorg/trident-backend-api": "^0.24.3",
     "lodash": "^4.17.21",

package/src/attributions-service.ts

@@ -53,6 +53,10 @@ export function getAttributionsFromApi(): { [key: string]: string } {
     const runtimeAttributionsOutgoingHeaders = runtimeAttributions?.buildOutgoingHeaders('HTTP_INTERNAL');
 
     if (!runtimeAttributionsOutgoingHeaders) {
+      logger.info(
+        { tag: 'authorization-service', runtimeAttributionsOutgoingHeaders },
+        'No runtime attributions outgoing headers'
+      );
       return callerAppNameFromSdk;
     }
 

package/src/authorization-attributes-ms-service.ts

@@ -0,0 +1,400 @@
+import { Api } from '@mondaydotcomorg/trident-backend-api';
+import { signAuthorizationHeader } from '@mondaydotcomorg/monday-jwt';
+import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
+import { ResourceAttributeAssignment } from './resource-attribute-assignment';
+import { EntityAttributeAssignment } from './entity-attribute-assignment';
+import { EntityType, EntityAttributeKeyType } from './types/authorization-attributes-contracts';
+import { ArgumentError } from './errors/argument-error';
+import { AuthorizationInternalService, logger } from './authorization-internal-service';
+import { getAttributionsFromApi } from './attributions-service';
+import { APP_NAME } from './constants';
+import { ValidationUtils } from './utils/validation';
+import { replacePathParams } from './utils/path-utils';
+
+const INTERNAL_APP_NAME = 'internal_ms';
+const UPSERT_RESOURCE_ATTRIBUTES_PATH = '/attributes/{accountId}/resource';
+const DELETE_RESOURCE_ATTRIBUTES_PATH = '/attributes/{accountId}/resource/{resourceType}/{resourceId}';
+const UPSERT_ENTITY_ATTRIBUTES_PATH = '/attributes/{accountId}/entity';
+const DELETE_ENTITY_ATTRIBUTES_PATH = '/attributes/{accountId}/entity/{entityType}/{entityId}';
+
+interface Resource {
+  resourceType: string;
+  resourceId: number;
+}
+
+interface UpsertRequestBody {
+  resourceAttributeAssignments: {
+    resourceId: number;
+    resourceType: string;
+    key: string;
+    value: string;
+  }[];
+}
+
+interface UpsertEntityRequestBody {
+  entityAttributeAssignments: {
+    entityId: number;
+    entityType: string;
+    key: string;
+    value: string;
+  }[];
+}
+
+interface DeleteRequestBody {
+  keys: string[];
+}
+
+/**
+ * Service class for managing resource attributes in the authorization microservice.
+ * Provides synchronous HTTP operations to create/update and delete attributes on resources.
+ */
+export class AuthorizationAttributesMsService {
+  private static LOG_TAG = 'authorization_attributes_ms';
+
+  /**
+   * Gets request headers including Authorization, Content-Type, and optional attribution headers
+   */
+  private static getRequestHeaders(accountId: number, userId?: number): Record<string, string> {
+    const headers: Record<string, string> = {
+      'Content-Type': 'application/json',
+    };
+
+    // Generate Authorization token
+    const authToken = signAuthorizationHeader({
+      appName: INTERNAL_APP_NAME,
+      accountId,
+      userId,
+    });
+    headers.Authorization = authToken;
+
+    // Add attribution headers if available
+    const attributionHeaders = getAttributionsFromApi();
+    for (const key in attributionHeaders) {
+      if (Object.prototype.hasOwnProperty.call(attributionHeaders, key)) {
+        headers[key] = attributionHeaders[key];
+      }
+    }
+
+    // Add X-REQUEST-ID if available from context
+    try {
+      const tridentContext = Api.getPart('context');
+      if (tridentContext?.runtimeAttributions) {
+        const outgoingHeaders = tridentContext.runtimeAttributions.buildOutgoingHeaders('HTTP_INTERNAL');
+        if (outgoingHeaders) {
+          const attributionHeadersMap: Record<string, string> = {};
+          for (const [key, value] of outgoingHeaders) {
+            attributionHeadersMap[key] = value;
+          }
+          if (attributionHeadersMap['x-request-id']) {
+            headers['X-REQUEST-ID'] = attributionHeadersMap['x-request-id'];
+          }
+        }
+      }
+    } catch (error) {
+      // Silently fail if context is not available
+      logger.debug({ tag: this.LOG_TAG, error }, 'Failed to get request ID from context');
+    }
+
+    // Add X-REQUEST-START timestamp
+    headers['X-REQUEST-START'] = Math.floor(Date.now() / 1000).toString();
+
+    return headers;
+  }
+
+  /**
+   * Validates that all messages are instances of the specified message class
+   */
+  private static validateMessages<T>(attributesMessages: T[], messageClass: abstract new (...args: any[]) => T): void {
+    if (typeof messageClass !== 'function') {
+      throw new ArgumentError('messageClass must be a class/constructor function');
+    }
+
+    ValidationUtils.validateArray(attributesMessages, 'attributesMessages');
+
+    for (let i = 0; i < attributesMessages.length; i++) {
+      if (!(attributesMessages[i] instanceof messageClass)) {
+        const className = (messageClass as { name?: string }).name || 'ResourceAttributeAssignment';
+        throw new ArgumentError(
+          `All attributesMessages must be instances of ${className}, but item at index ${i} is not`
+        );
+      }
+    }
+  }
+
+  /**
+   * Handles request errors with consistent logging and error formatting
+   */
+  private static handleRequestError(err: unknown, methodName: string, context: Record<string, any>): never {
+    logger.error(
+      {
+        tag: this.LOG_TAG,
+        method: methodName,
+        ...context,
+        error: err instanceof Error ? err.message : String(err),
+      },
+      `Failed in ${methodName}`
+    );
+
+    if (err instanceof HttpFetcherError) {
+      throw new Error(
+        `AuthorizationAttributesMsService: [${methodName}] request failed with status ${err.status}: ${err.message}`
+      );
+    }
+    throw err;
+  }
+
+  /**
+   * Generic helper for executing upsert requests
+   */
+  private static async executeUpsertRequest<T extends ResourceAttributeAssignment | EntityAttributeAssignment>(
+    accountId: number,
+    assignments: T[],
+    pathTemplate: string,
+    requestBodyKey: 'resourceAttributeAssignments' | 'entityAttributeAssignments',
+    assignmentClass: abstract new (...args: any[]) => T,
+    logPrefix: string,
+    methodName: string
+  ): Promise<void> {
+    // Skip HTTP requests in test environment
+    if (process.env.NODE_ENV === 'test') {
+      logger.debug(
+        { tag: this.LOG_TAG, accountId, count: assignments.length },
+        `Skipping ${methodName} in test environment`
+      );
+      return;
+    }
+
+    // Validate inputs
+    ValidationUtils.validateInteger(accountId, 'accountId');
+    ValidationUtils.validateArray(assignments, 'assignments');
+
+    if (assignments.length === 0) {
+      logger.warn({ tag: this.LOG_TAG, accountId }, `${methodName} called with empty array`);
+      return;
+    }
+
+    // Validate all assignments are instances of the correct class
+    this.validateMessages(assignments, assignmentClass);
+
+    // Convert assignments to hash format
+    const assignmentsHash = assignments.map(assignment => assignment.toH());
+
+    // Build request body
+    const requestBody =
+      requestBodyKey === 'resourceAttributeAssignments'
+        ? ({ resourceAttributeAssignments: assignmentsHash } as UpsertRequestBody)
+        : ({ entityAttributeAssignments: assignmentsHash } as UpsertEntityRequestBody);
+
+    const httpClient = Api.getPart('httpClient');
+    if (!httpClient) {
+      throw new Error('AuthorizationAttributesMsService: HTTP client is not initialized');
+    }
+    const path = replacePathParams(pathTemplate, { accountId });
+    const headers = this.getRequestHeaders(accountId);
+
+    try {
+      logger.info({ tag: this.LOG_TAG, accountId, count: assignments.length }, `Upserting ${logPrefix} attributes`);
+
+      await httpClient.fetch(
+        {
+          url: {
+            appName: APP_NAME,
+            path,
+          },
+          method: 'POST',
+          headers,
+          body: JSON.stringify(requestBody),
+        },
+        {
+          timeout: AuthorizationInternalService.getRequestTimeout(),
+          retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
+        }
+      );
+
+      logger.info(
+        { tag: this.LOG_TAG, accountId, count: assignments.length },
+        `Successfully upserted ${logPrefix} attributes`
+      );
+    } catch (err) {
+      this.handleRequestError(err, methodName, { accountId });
+    }
+  }
+
+  /**
+   * Generic helper for executing delete requests
+   */
+  private static async executeDeleteRequest(
+    accountId: number,
+    pathTemplate: string,
+    pathParams: Record<string, string | number>,
+    keys: string[],
+    logPrefix: string,
+    methodName: string,
+    context: Record<string, any> = {}
+  ): Promise<void> {
+    // Skip HTTP requests in test environment
+    if (process.env.NODE_ENV === 'test') {
+      logger.debug({ tag: this.LOG_TAG, accountId, ...pathParams, keys }, `Skipping ${methodName} in test environment`);
+      return;
+    }
+
+    // Validate inputs
+    ValidationUtils.validateInteger(accountId, 'accountId');
+    ValidationUtils.validateArray(keys, 'attributeKeys');
+
+    if (keys.length === 0) {
+      logger.warn({ tag: this.LOG_TAG, accountId, ...pathParams }, `${methodName} called with empty keys array`);
+      return;
+    }
+
+    // Validate all keys are strings
+    ValidationUtils.validateStringArray(keys, 'attributeKeys');
+
+    // Build request body
+    const requestBody: DeleteRequestBody = {
+      keys,
+    };
+
+    const httpClient = Api.getPart('httpClient');
+    if (!httpClient) {
+      throw new Error('AuthorizationAttributesMsService: HTTP client is not initialized');
+    }
+    const path = replacePathParams(pathTemplate, { accountId, ...pathParams });
+    const headers = this.getRequestHeaders(accountId);
+
+    try {
+      logger.info({ tag: this.LOG_TAG, accountId, ...pathParams, keys }, `Deleting ${logPrefix} attributes`);
+
+      await httpClient.fetch(
+        {
+          url: {
+            appName: APP_NAME,
+            path,
+          },
+          method: 'DELETE',
+          headers,
+          body: JSON.stringify(requestBody),
+        },
+        {
+          timeout: AuthorizationInternalService.getRequestTimeout(),
+          retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
+        }
+      );
+
+      logger.info(
+        { tag: this.LOG_TAG, accountId, ...pathParams, keys },
+        `Successfully deleted ${logPrefix} attributes`
+      );
+    } catch (err) {
+      this.handleRequestError(err, methodName, { accountId, ...pathParams, ...context });
+    }
+  }
+
+  /**
+   * Creates or updates resource attributes synchronously.
+   * @param accountId The account ID
+   * @param resourceAttributeAssignments Array of ResourceAttributeAssignment objects
+   * @returns Promise<void>
+   */
+  static async upsertResourceAttributesSync(
+    accountId: number,
+    resourceAttributeAssignments: ResourceAttributeAssignment[]
+  ): Promise<void> {
+    return this.executeUpsertRequest(
+      accountId,
+      resourceAttributeAssignments,
+      UPSERT_RESOURCE_ATTRIBUTES_PATH,
+      'resourceAttributeAssignments',
+      ResourceAttributeAssignment,
+      'resource',
+      'upsertResourceAttributesSync'
+    );
+  }
+
+  /**
+   * Deletes specific attributes from a resource synchronously.
+   * @param accountId The account ID
+   * @param resource Object with resourceType (string) and resourceId (number)
+   * @param attributeKeys Array of attribute key strings to delete
+   * @returns Promise<void>
+   */
+  static async deleteResourceAttributesSync(
+    accountId: number,
+    resource: Resource,
+    attributeKeys: string[]
+  ): Promise<void> {
+    // Validate resource object
+    if (!resource || typeof resource !== 'object') {
+      throw new ArgumentError('resource must be an object');
+    }
+    ValidationUtils.validateInteger(resource.resourceId, 'resource.resourceId');
+    ValidationUtils.validateString(resource.resourceType, 'resource.resourceType');
+
+    return this.executeDeleteRequest(
+      accountId,
+      DELETE_RESOURCE_ATTRIBUTES_PATH,
+      {
+        resourceType: resource.resourceType,
+        resourceId: resource.resourceId,
+      },
+      attributeKeys,
+      'resource',
+      'deleteResourceAttributesSync',
+      { resource }
+    );
+  }
+
+  /**
+   * Creates or updates entity attributes synchronously.
+   * @param accountId The account ID
+   * @param entityAttributeAssignments Array of EntityAttributeAssignment objects
+   * @returns Promise<void>
+   */
+  static async upsertEntityAttributesSync(
+    accountId: number,
+    entityAttributeAssignments: EntityAttributeAssignment[]
+  ): Promise<void> {
+    return this.executeUpsertRequest(
+      accountId,
+      entityAttributeAssignments,
+      UPSERT_ENTITY_ATTRIBUTES_PATH,
+      'entityAttributeAssignments',
+      EntityAttributeAssignment,
+      'entity',
+      'upsertEntityAttributesSync'
+    );
+  }
+
+  /**
+   * Deletes specific attributes from an entity synchronously.
+   * @param accountId The account ID
+   * @param entityType The entity type
+   * @param entityId The entity ID
+   * @param attributeKeys Array of attribute key strings to delete
+   * @returns Promise<void>
+   */
+  static async deleteEntityAttributesSync(
+    accountId: number,
+    entityType: EntityType,
+    entityId: number,
+    attributeKeys: EntityAttributeKeyType[]
+  ): Promise<void> {
+    if (!entityType || typeof entityType !== 'string' || entityType.trim() === '') {
+      throw new ArgumentError(`entityType must be a non-empty string, got: ${entityType}`);
+    }
+    ValidationUtils.validateInteger(entityId, 'entityId');
+
+    return this.executeDeleteRequest(
+      accountId,
+      DELETE_ENTITY_ATTRIBUTES_PATH,
+      {
+        entityType,
+        entityId,
+      },
+      attributeKeys,
+      'entity',
+      'deleteEntityAttributesSync',
+      { entityType, entityId }
+    );
+  }
+}