@mondaydotcomorg/monday-authorization 3.5.0-upgrade-observability-kit-2ebbd01 → 3.5.1-feat-shaime-support-entity-attributes-in-authorization-sdk-59162a3

package/src/authorization-attributes-sns-service.ts

@@ -0,0 +1,290 @@
+import chunk from 'lodash/chunk.js';
+import { getTopicAttributes, sendToSns } from '@mondaydotcomorg/monday-sns';
+import {
+  ResourceAttributeAssignment,
+  ResourceAttributesOperation,
+  EntityAttributesOperation,
+  ResourceAttributeOperationEnum,
+  EntityAttributeOperationEnum,
+} from './types/authorization-attributes-contracts';
+import { EntityAttributeAssignment } from './entity-attribute-assignment';
+import { Resource } from './types/general';
+import { logger } from './authorization-internal-service';
+import {
+  ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE,
+  ASYNC_ENTITY_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE,
+  RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND,
+  ENTITY_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND,
+  RESOURCE_SNS_ARN_ENV_VAR_NAME,
+  ENTITY_SNS_ARN_ENV_VAR_NAME,
+  RESOURCE_SNS_DEV_TEST_NAME,
+  ENTITY_SNS_DEV_TEST_NAME,
+  SnsTopicType,
+} from './constants/sns';
+import type { TopicAttributesMap } from 'aws-sdk/clients/sns';
+
+export class AuthorizationAttributesSnsService {
+  private static LOG_TAG = 'authorization_attributes';
+  private resourceSnsArn: string;
+  private entitySnsArn: string;
+
+  /**
+   * Public constructor to create the AuthorizationAttributesSnsService instance.
+   */
+  constructor() {
+    this.resourceSnsArn = AuthorizationAttributesSnsService.getSnsTopicArn(SnsTopicType.RESOURCE);
+    this.entitySnsArn = AuthorizationAttributesSnsService.getSnsTopicArn(SnsTopicType.ENTITY);
+  }
+
+  /**
+   * Async function to upsert resource attributes using SNS.
+   * Sends the updates request to SNS and returns before the change actually took place.
+   * @param accountId The account ID
+   * @param appName App name of the calling app
+   * @param callerActionIdentifier Action identifier
+   * @param resourceAttributeAssignments Array of resource attribute assignments to upsert
+   * @return Promise with array of sent operations
+   */
+  async upsertResourceAttributesAsync(
+    accountId: number,
+    appName: string,
+    callerActionIdentifier: string,
+    resourceAttributeAssignments: ResourceAttributeAssignment[]
+  ): Promise<ResourceAttributesOperation[]> {
+    const operations: ResourceAttributesOperation[] = resourceAttributeAssignments.map(assignment => ({
+      ...assignment,
+      operationType: ResourceAttributeOperationEnum.UPSERT,
+    }));
+    return this.updateResourceAttributesAsync(accountId, appName, callerActionIdentifier, operations);
+  }
+
+  /**
+   * Async function to delete resource attributes using SNS.
+   * Sends the updates request to SNS and returns before the change actually took place.
+   * @param accountId The account ID
+   * @param appName App name of the calling app
+   * @param callerActionIdentifier Action identifier
+   * @param resource The resource (resourceType, resourceId)
+   * @param attributeKeys Array of attribute keys to delete
+   * @return Promise with array of sent operations
+   */
+  async deleteResourceAttributesAsync(
+    accountId: number,
+    appName: string,
+    callerActionIdentifier: string,
+    resource: Resource,
+    attributeKeys: string[]
+  ): Promise<ResourceAttributesOperation[]> {
+    const operations: ResourceAttributesOperation[] = attributeKeys.map(key => ({
+      resourceType: resource.type,
+      resourceId: resource.id!,
+      key,
+      operationType: ResourceAttributeOperationEnum.DELETE,
+    }));
+    return this.updateResourceAttributesAsync(accountId, appName, callerActionIdentifier, operations);
+  }
+
+  /**
+   * Async function to upsert entity attributes using SNS.
+   * Sends the updates request to SNS and returns before the change actually took place.
+   * @param accountId The account ID
+   * @param appName App name of the calling app
+   * @param callerActionIdentifier Action identifier
+   * @param entityAttributeAssignments Array of entity attribute assignments to upsert
+   * @return Promise with array of sent operations
+   */
+  async upsertEntityAttributesAsync(
+    accountId: number,
+    appName: string,
+    callerActionIdentifier: string,
+    entityAttributeAssignments: EntityAttributeAssignment[]
+  ): Promise<EntityAttributesOperation[]> {
+    const operations: EntityAttributesOperation[] = entityAttributeAssignments.map(assignment => {
+      const assignmentData = assignment instanceof EntityAttributeAssignment ? assignment.toH() : assignment;
+      return {
+        entityId: assignmentData.entityId,
+        entityType: assignmentData.entityType as any,
+        key: assignmentData.key,
+        value: assignmentData.value,
+        operationType: EntityAttributeOperationEnum.UPSERT,
+      };
+    });
+    return this.updateEntityAttributesAsync(accountId, appName, callerActionIdentifier, operations);
+  }
+
+  /**
+   * Async function to delete entity attributes using SNS.
+   * Sends the updates request to SNS and returns before the change actually took place.
+   * @param accountId The account ID
+   * @param appName App name of the calling app
+   * @param callerActionIdentifier Action identifier
+   * @param entityType The entity type
+   * @param entityId The entity ID
+   * @param attributeKeys Array of attribute keys to delete
+   * @return Promise with array of sent operations
+   */
+  async deleteEntityAttributesAsync(
+    accountId: number,
+    appName: string,
+    callerActionIdentifier: string,
+    entityType: string,
+    entityId: number,
+    attributeKeys: string[]
+  ): Promise<EntityAttributesOperation[]> {
+    const operations: EntityAttributesOperation[] = attributeKeys.map(key => ({
+      entityType: entityType as any,
+      entityId,
+      key,
+      operationType: EntityAttributeOperationEnum.DELETE,
+    }));
+    return this.updateEntityAttributesAsync(accountId, appName, callerActionIdentifier, operations);
+  }
+
+  /**
+   *  Async function, this function only send the updates request to SNS and return before the change actually took place
+   * @param accountId
+   * @param appName - App name of the calling app
+   * @param callerActionIdentifier - action identifier
+   * @param resourceAttributeOperations - Array of operations to do on resource attributes.
+   * @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
+   *  */
+  async updateResourceAttributesAsync(
+    accountId: number,
+    appName: string,
+    callerActionIdentifier: string,
+    resourceAttributeOperations: ResourceAttributesOperation[]
+  ): Promise<ResourceAttributesOperation[]> {
+    const topicArn: string = this.resourceSnsArn;
+    const sendToSnsPromises: Promise<ResourceAttributesOperation[]>[] = [];
+    const operationChucks = chunk(resourceAttributeOperations, ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE);
+    for (const operationsChunk of operationChucks) {
+      sendToSnsPromises.push(
+        this.sendSingleSnsMessage(
+          topicArn,
+          accountId,
+          appName,
+          callerActionIdentifier,
+          operationsChunk,
+          RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND,
+          'Authorization resource attributes async update: failed to send operations to SNS'
+        )
+      );
+    }
+    return (await Promise.all(sendToSnsPromises)).flat();
+  }
+
+  /**
+   *  Async function, this function only send the updates request to SNS and return before the change actually took place
+   * @param accountId
+   * @param appName - App name of the calling app
+   * @param callerActionIdentifier - action identifier
+   * @param entityAttributeOperations - Array of operations to do on entity attributes.
+   * @return {Promise<EntityAttributesOperation[]>} Array of sent operations
+   *  */
+  async updateEntityAttributesAsync(
+    accountId: number,
+    appName: string,
+    callerActionIdentifier: string,
+    entityAttributeOperations: EntityAttributesOperation[]
+  ): Promise<EntityAttributesOperation[]> {
+    const topicArn: string = this.entitySnsArn;
+    const sendToSnsPromises: Promise<EntityAttributesOperation[]>[] = [];
+    const operationChucks = chunk(entityAttributeOperations, ASYNC_ENTITY_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE);
+    for (const operationsChunk of operationChucks) {
+      sendToSnsPromises.push(
+        this.sendSingleSnsMessage(
+          topicArn,
+          accountId,
+          appName,
+          callerActionIdentifier,
+          operationsChunk,
+          ENTITY_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND,
+          'Authorization entity attributes async update: failed to send operations to SNS'
+        )
+      );
+    }
+    return (await Promise.all(sendToSnsPromises)).flat();
+  }
+
+  private async sendSingleSnsMessage<T extends ResourceAttributesOperation | EntityAttributesOperation>(
+    topicArn: string,
+    accountId: number,
+    appName: string,
+    callerActionIdentifier: string,
+    operations: T[],
+    kind: string,
+    errorLogMessage: string
+  ): Promise<T[]> {
+    const payload = {
+      kind,
+      payload: {
+        accountId: accountId,
+        callerAppName: appName,
+        callerActionIdentifier: callerActionIdentifier,
+        operations: operations,
+      },
+    };
+    try {
+      await sendToSns(payload, topicArn);
+      return operations;
+    } catch (error) {
+      logger.error({ error, tag: AuthorizationAttributesSnsService.LOG_TAG }, errorLogMessage);
+      return [];
+    }
+  }
+
+  private static getSnsTopicArn(type: SnsTopicType): string {
+    let envVarName: string;
+    let devTestName: string;
+
+    switch (type) {
+      case SnsTopicType.ENTITY:
+        envVarName = ENTITY_SNS_ARN_ENV_VAR_NAME;
+        devTestName = ENTITY_SNS_DEV_TEST_NAME;
+        break;
+      default:
+        // Default to resource SNS constants
+        envVarName = RESOURCE_SNS_ARN_ENV_VAR_NAME;
+        devTestName = RESOURCE_SNS_DEV_TEST_NAME;
+        break;
+    }
+
+    const arnFromEnv: string | undefined = process.env[envVarName];
+    if (arnFromEnv) {
+      return arnFromEnv;
+    }
+    if (process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'test') {
+      return devTestName;
+    }
+    throw new Error(`Unable to get ${type} sns topic arn from env variable`);
+  }
+
+  /**
+   * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
+   * This function can be used as health check for services that updating resource attributes in async is crucial.
+   * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
+   * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
+   * However, this is the best we can do without actually push dummy messages to the SNS.
+   * @return {Promise<boolean>} - true if succeeded
+   */
+  async asyncResourceAttributesHealthCheck(): Promise<boolean> {
+    try {
+      const requestedTopicArn: string = this.resourceSnsArn;
+      const attributes: TopicAttributesMap = await getTopicAttributes(requestedTopicArn);
+      const isHealthy = !(!attributes || !('TopicArn' in attributes) || attributes.TopicArn !== requestedTopicArn);
+      if (!isHealthy) {
+        logger.error(
+          { requestedTopicArn, snsReturnedAttributes: attributes, tag: AuthorizationAttributesSnsService.LOG_TAG },
+          'authorization-attributes-service failed in health check'
+        );
+      }
+      return isHealthy;
+    } catch (error) {
+      logger.error(
+        { error, tag: AuthorizationAttributesSnsService.LOG_TAG },
+        'authorization-attributes-service got error during health check'
+      );
+      return false;
+    }
+  }
+}

package/src/base-attribute-assignment.ts

@@ -0,0 +1,56 @@
+import { ValidationUtils } from './utils/validation';
+
+/**
+ * Base class for attribute assignments (Resource or Entity)
+ * Provides common validation and functionality
+ */
+export abstract class BaseAttributeAssignment<TId extends number, TType extends string> {
+  public readonly id: TId;
+  public readonly type: TType;
+  public readonly attributeKey: string;
+  public readonly attributeValue: string;
+
+  constructor(
+    id: TId,
+    type: string,
+    attributeKey: string,
+    attributeValue: string,
+    validTypes: readonly string[],
+    idFieldName: string,
+    typeFieldName: string
+  ) {
+    // Validate id
+    ValidationUtils.validateInteger(id, idFieldName);
+
+    // Validate type
+    this.type = ValidationUtils.validateEnum(type, validTypes as readonly TType[], typeFieldName) as TType;
+
+    // Validate attributeKey
+    ValidationUtils.validateString(attributeKey, 'attributeKey');
+
+    // Validate attributeValue
+    ValidationUtils.validateString(attributeValue, 'attributeValue');
+
+    this.id = id;
+    this.attributeKey = attributeKey;
+    this.attributeValue = attributeValue;
+  }
+
+  /**
+   * Compares two assignments for equality
+   * @param other Another assignment instance
+   * @returns true if all properties are equal
+   */
+  equals(other: BaseAttributeAssignment<TId, TType>): boolean {
+    if (!(other instanceof this.constructor)) {
+      return false;
+    }
+    return (
+      this.id === other.id &&
+      this.type === other.type &&
+      this.attributeKey === other.attributeKey &&
+      this.attributeValue === other.attributeValue
+    );
+  }
+}
+

package/src/clients/graph-api.ts

@@ -18,7 +18,7 @@ import {
   GraphPermissionReason,
 } from '../types/graph-api.types';
 import { scopeToResource } from '../utils/authorization.utils';
-import { GRAPH_APP_NAME } from '../constants';
+import { GRAPH_APP_NAME, GraphApiProfile } from '../constants';
 import { handleApiError } from '../utils/api-error-handler';
 
 const CAN_ACTION_IN_SCOPE_GRAPH_PATH = '/permissions/is-allowed';
@@ -85,6 +85,7 @@ export class GraphApi {
           url: {
             appName: GRAPH_APP_NAME,
             path: CAN_ACTION_IN_SCOPE_GRAPH_PATH,
+            profile: GraphApiProfile.PERMISSION,
           },
           method: 'POST',
           headers: {

package/src/constants/sns.ts

@@ -1,5 +1,22 @@
-export const SNS_ARN_ENV_VAR_NAME = 'SHARED_AUTHORIZATION_SNS_ENDPOINT_RESOURCE_ATTRIBUTES';
-export const SNS_DEV_TEST_NAME =
+export enum SnsTopicType {
+  RESOURCE = 'resource',
+  ENTITY = 'entity',
+}
+
+// Resource SNS constants
+export const RESOURCE_SNS_ARN_ENV_VAR_NAME = 'SHARED_AUTHORIZATION_SNS_ENDPOINT_RESOURCE_ATTRIBUTES';
+export const RESOURCE_SNS_DEV_TEST_NAME =
   'arn:aws:sns:us-east-1:000000000000:monday-authorization-resource-attributes-sns-local';
+
+// Entity SNS constants
+export const ENTITY_SNS_ARN_ENV_VAR_NAME = 'SHARED_AUTHORIZATION_SNS_ENDPOINT_ENTITY_ATTRIBUTES';
+export const ENTITY_SNS_DEV_TEST_NAME =
+  'arn:aws:sns:us-east-1:000000000000:monday-authorization-entity-attributes-sns-local';
 export const RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND = 'resourceAttributeModification';
+export const ENTITY_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND = 'entityAttributeModification';
 export const ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE = 100;
+export const ASYNC_ENTITY_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE = 100;
+
+// Legacy exports for backward compatibility
+export const SNS_ARN_ENV_VAR_NAME = RESOURCE_SNS_ARN_ENV_VAR_NAME;
+export const SNS_DEV_TEST_NAME = RESOURCE_SNS_DEV_TEST_NAME;

package/src/constants.ts

@@ -4,6 +4,10 @@ import { FetcherConfig } from '@mondaydotcomorg/trident-backend-api';
 export const APP_NAME = 'authorization';
 export const GRAPH_APP_NAME = 'authorization-graph';
 
+export enum GraphApiProfile {
+  PERMISSION = 'authorization-graph-permission',
+}
+
 export const ERROR_MESSAGES = {
   HTTP_CLIENT_NOT_INITIALIZED: 'MondayAuthorization: HTTP client is not initialized',
   REQUEST_FAILED: (method: string, status: number, reason: string) =>

package/src/entity-attribute-assignment.ts

@@ -0,0 +1,43 @@
+import { ENTITY_TYPES, EntityType } from './entity-attributes-constants';
+import { BaseAttributeAssignment } from './base-attribute-assignment';
+
+export class EntityAttributeAssignment extends BaseAttributeAssignment<number, EntityType> {
+  public readonly entityId: number;
+  public readonly entityType: EntityType;
+
+  constructor(entityId: number, entityType: string, attributeKey: string, attributeValue: string) {
+    super(
+      entityId,
+      entityType,
+      attributeKey,
+      attributeValue,
+      Object.values(ENTITY_TYPES),
+      'entityId',
+      'entityType'
+    );
+    this.entityId = entityId;
+    this.entityType = this.type;
+  }
+
+  /**
+   * Converts the assignment to hash format with camelCase keys
+   * @returns Object with camelCase keys: { entityId, entityType, key, value }
+   */
+  toH(): { entityId: number; entityType: string; key: string; value: string } {
+    return {
+      entityId: this.entityId,
+      entityType: this.entityType,
+      key: this.attributeKey,
+      value: this.attributeValue,
+    };
+  }
+
+  /**
+   * Compares two assignments for equality
+   * @param other Another EntityAttributeAssignment instance
+   * @returns true if all properties are equal
+   */
+  equals(other: EntityAttributeAssignment): boolean {
+    return super.equals(other);
+  }
+}

package/src/entity-attributes-constants.ts

@@ -0,0 +1,7 @@
+export const ENTITY_TYPES = {
+  USER: 'user',
+  TEAM: 'team',
+  ACCOUNT: 'account',
+} as const;
+
+export type EntityType = (typeof ENTITY_TYPES)[keyof typeof ENTITY_TYPES];

package/src/errors/argument-error.ts

@@ -0,0 +1,7 @@
+export class ArgumentError extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = 'ArgumentError';
+    Object.setPrototypeOf(this, ArgumentError.prototype);
+  }
+}

package/src/index.ts

@@ -57,7 +57,24 @@ export {
   skipAuthorizationMiddleware,
 } from './authorization-middleware';
 export { AuthorizationService, AuthorizeResponse } from './authorization-service';
-export { AuthorizationAttributesService } from './authorization-attributes-service';
+export { AuthorizationAttributesSnsService } from './authorization-attributes-sns-service';
+export { AuthorizationAttributesMsService } from './authorization-attributes-ms-service';
+export { ResourceAttributeAssignment } from './resource-attribute-assignment';
+export { RESOURCE_TYPES, RESOURCE_ATTRIBUTES_CONSTANTS } from './resource-attributes-constants';
+export { EntityAttributeAssignment } from './entity-attribute-assignment';
+export { ENTITY_TYPES } from './entity-attributes-constants';
+export { ArgumentError } from './errors/argument-error';
+export {
+  ResourceAttributeResponse,
+  EntityAttributeResponse,
+  ResourceType,
+  EntityAttributeKeyType,
+  ResourceAttributeKeyType,
+  CommonAttributeKey,
+  ResourceAttributeKey,
+  EntityAttributeKey,
+} from './types/authorization-attributes-contracts';
+export type { EntityType } from './entity-attributes-constants';
 export { RolesService } from './roles-service';
 export { MembershipsService } from './memberships';
 export { AuthorizationObject, Resource, BaseRequest, ResourceGetter, ContextGetter } from './types/general';

package/src/resource-attribute-assignment.ts

@@ -0,0 +1,43 @@
+import { RESOURCE_TYPES, ResourceType } from './resource-attributes-constants';
+import { BaseAttributeAssignment } from './base-attribute-assignment';
+
+export class ResourceAttributeAssignment extends BaseAttributeAssignment<number, ResourceType> {
+  public readonly resourceId: number;
+  public readonly resourceType: ResourceType;
+
+  constructor(resourceId: number, resourceType: string, attributeKey: string, attributeValue: string) {
+    super(
+      resourceId,
+      resourceType,
+      attributeKey,
+      attributeValue,
+      Object.values(RESOURCE_TYPES),
+      'resourceId',
+      'resourceType'
+    );
+    this.resourceId = resourceId;
+    this.resourceType = this.type;
+  }
+
+  /**
+   * Converts the assignment to hash format with camelCase keys
+   * @returns Object with camelCase keys: { resourceId, resourceType, key, value }
+   */
+  toH(): { resourceId: number; resourceType: string; key: string; value: string } {
+    return {
+      resourceId: this.resourceId,
+      resourceType: this.resourceType,
+      key: this.attributeKey,
+      value: this.attributeValue,
+    };
+  }
+
+  /**
+   * Compares two assignments for equality
+   * @param other Another ResourceAttributeAssignment instance
+   * @returns true if all properties are equal
+   */
+  equals(other: ResourceAttributeAssignment): boolean {
+    return super.equals(other);
+  }
+}

package/src/resource-attributes-constants.ts

@@ -0,0 +1,26 @@
+export const RESOURCE_TYPES = {
+  ACCOUNT: 'account',
+  ACCOUNT_PRODUCT: 'account_product',
+  WORKSPACE: 'workspace',
+  BOARD: 'board',
+  ITEM: 'item',
+  TEAM: 'team',
+  OVERVIEW: 'overview',
+  DOCUMENT: 'document',
+  CRM: 'crm',
+} as const;
+
+export const RESOURCE_ATTRIBUTES_CONSTANTS = {
+  ACCOUNT_RESOURCE_ATTRIBUTES: {
+    ENABLE_MEMBERS_INVITE_FROM_NON_AUTH_DOMAIN: 'enable_members_invite_from_non_auth_domain',
+  },
+  WORKSPACE_RESOURCE_ATTRIBUTES: {
+    IS_DEFAULT_WORKSPACE: 'is_default_workspace',
+  },
+  BOARD_RESOURCE_ATTRIBUTES: {
+    IS_SYNCABLE_CHILD_ENTITY: 'is_syncable_child_entity',
+    SYSTEM_ENTITY_TYPE: 'system_entity_type',
+  },
+} as const;
+
+export type ResourceType = (typeof RESOURCE_TYPES)[keyof typeof RESOURCE_TYPES];

package/src/roles-service.ts

@@ -12,7 +12,7 @@ export class RolesService {
   private attributionHeaders: { [key: string]: string };
 
   /**
-   * Public constructor to create the AuthorizationAttributesService instance.
+   * Public constructor to create the RolesService instance.
    * @param httpClient The HTTP client to use for API requests, if not provided, the default HTTP client from Api will be used.
    * @param fetchOptions The fetch options to use for API requests, if not provided, the default fetch options will be used.
    */

package/src/types/authorization-attributes-contracts.ts

@@ -1,27 +1,71 @@
 import { Resource } from './general';
+import type { EntityType } from '../entity-attributes-constants';
+import type { ResourceType } from '../resource-attributes-constants';
 
+export type { EntityType, ResourceType };
+
+// Common attribute keys that can be used for both resources and entities
+export type CommonAttributeKey = string;
+
+// Resource-specific attribute keys
+export type ResourceAttributeKey = string;
+
+// Entity-specific attribute keys
+export type EntityAttributeKey = string;
+
+// Combined types for attribute keys
+export type ResourceAttributeKeyType = CommonAttributeKey | ResourceAttributeKey;
+export type EntityAttributeKeyType = CommonAttributeKey | EntityAttributeKey;
+
+// Resource Attribute Assignment - matching API contract
 export interface ResourceAttributeAssignment {
-  resourceType: Resource['type'];
-  resourceId: Resource['id'];
-  key: string;
+  resourceId: number;
+  resourceType: ResourceType;
+  key: ResourceAttributeKeyType;
+  value: string;
+}
+
+// Entity Attribute Assignment - matching API contract
+// Note: For validation, use the EntityAttributeAssignment class from '../entity-attribute-assignment'
+export interface EntityAttributeAssignment {
+  entityId: number;
+  entityType: EntityType;
+  key: EntityAttributeKeyType;
   value: string;
 }
 
+// Response types
 export interface ResourceAttributeResponse {
   attributes: ResourceAttributeAssignment[];
 }
 
+export interface EntityAttributeResponse {
+  attributes: EntityAttributeAssignment[];
+}
+
+// Legacy types for backward compatibility
 export interface ResourceAttributeDelete {
   resourceType: Resource['type'];
   resourceId: Resource['id'];
   key: string;
 }
 
+export interface EntityAttributeDelete {
+  entityType: EntityType;
+  entityId: number;
+  key: string;
+}
+
 export enum ResourceAttributeOperationEnum {
   UPSERT = 'upsert',
   DELETE = 'delete',
 }
 
+export enum EntityAttributeOperationEnum {
+  UPSERT = 'upsert',
+  DELETE = 'delete',
+}
+
 interface UpsertResourceAttributeOperation extends ResourceAttributeAssignment {
   operationType: ResourceAttributeOperationEnum.UPSERT;
 }
@@ -30,4 +74,13 @@ interface DeleteResourceAttributeOperation extends ResourceAttributeDelete {
   operationType: ResourceAttributeOperationEnum.DELETE;
 }
 
+interface UpsertEntityAttributeOperation extends EntityAttributeAssignment {
+  operationType: EntityAttributeOperationEnum.UPSERT;
+}
+
+interface DeleteEntityAttributeOperation extends EntityAttributeDelete {
+  operationType: EntityAttributeOperationEnum.DELETE;
+}
+
 export type ResourceAttributesOperation = UpsertResourceAttributeOperation | DeleteResourceAttributeOperation;
+export type EntityAttributesOperation = UpsertEntityAttributeOperation | DeleteEntityAttributeOperation;

package/src/utils/path-utils.ts

@@ -0,0 +1,14 @@
+/**
+ * Replaces path template parameters with actual values
+ * @param template Path template with placeholders like {accountId}
+ * @param params Object with parameter names and values
+ * @returns Path with all placeholders replaced
+ */
+export function replacePathParams(template: string, params: Record<string, string | number>): string {
+  let path = template;
+  for (const [key, value] of Object.entries(params)) {
+    path = path.replace(`{${key}}`, String(value));
+  }
+  return path;
+}
+