@mondaydotcomorg/monday-authorization 3.5.0 → 3.5.1-feat-shaime-support-entity-attributes-in-authorization-sdk-d2be13e

package/src/utils/validation.ts

@@ -0,0 +1,77 @@
+import { ArgumentError } from '../errors/argument-error';
+
+/**
+ * Utility class for common validation operations
+ */
+export class ValidationUtils {
+  /**
+   * Validates that a value is an integer
+   * @param value The value to validate
+   * @param fieldName The name of the field for error messages
+   * @throws ArgumentError if value is not an integer
+   */
+  static validateInteger(value: any, fieldName: string): void {
+    if (!Number.isInteger(value)) {
+      throw new ArgumentError(`${fieldName} must be an integer, got: ${value}`);
+    }
+  }
+
+  /**
+   * Validates that a value is a string
+   * @param value The value to validate
+   * @param fieldName The name of the field for error messages
+   * @throws ArgumentError if value is not a string
+   */
+  static validateString(value: any, fieldName: string): void {
+    if (typeof value !== 'string') {
+      throw new ArgumentError(`${fieldName} must be a string, got: ${typeof value}`);
+    }
+  }
+
+  /**
+   * Validates that a value is an array and optionally checks minimum length
+   * @param value The value to validate
+   * @param fieldName The name of the field for error messages
+   * @param minLength Minimum required length (default: 0)
+   * @returns The validated array
+   * @throws ArgumentError if value is not an array or doesn't meet minimum length
+   */
+  static validateArray<T>(value: any, fieldName: string, minLength = 0): T[] {
+    if (!Array.isArray(value)) {
+      throw new ArgumentError(`${fieldName} must be an array`);
+    }
+    if (value.length < minLength) {
+      throw new ArgumentError(`${fieldName} must have at least ${minLength} items`);
+    }
+    return value;
+  }
+
+  /**
+   * Validates that a value is one of the allowed enum values
+   * @param value The value to validate
+   * @param validValues Array of valid values
+   * @param fieldName The name of the field for error messages
+   * @returns The validated value as the enum type
+   * @throws ArgumentError if value is not in validValues
+   */
+  static validateEnum<T extends string>(value: string, validValues: readonly T[], fieldName: string): T {
+    if (!validValues.includes(value as T)) {
+      throw new ArgumentError(`${fieldName} must be one of [${validValues.join(', ')}], got: ${value}`);
+    }
+    return value as T;
+  }
+
+  /**
+   * Validates that all items in an array are strings
+   * @param value Array to validate
+   * @param fieldName The name of the field for error messages
+   * @throws ArgumentError if any item is not a string
+   */
+  static validateStringArray(value: any[], fieldName: string): void {
+    for (let i = 0; i < value.length; i++) {
+      if (typeof value[i] !== 'string') {
+        throw new ArgumentError(`All ${fieldName} must be strings, but item at index ${i} is not`);
+      }
+    }
+  }
+}

package/dist/authorization-attributes-service.d.ts

@@ -1,54 +0,0 @@
-import { FetcherConfig, HttpClient } from '@mondaydotcomorg/trident-backend-api';
-import { RecursivePartial } from '@mondaydotcomorg/monday-fetch-api';
-import { ResourceAttributeAssignment, ResourceAttributeResponse, ResourceAttributesOperation } from './types/authorization-attributes-contracts';
-import { Resource } from './types/general';
-export declare class AuthorizationAttributesService {
-    private static LOG_TAG;
-    private static API_PATHS;
-    private httpClient;
-    private fetchOptions;
-    private snsArn;
-    /**
-     * Public constructor to create the AuthorizationAttributesService instance.
-     * @param httpClient The HTTP client to use for API requests, if not provided, the default HTTP client from Api will be used.
-     * @param fetchOptions The fetch options to use for API requests, if not provided, the default fetch options will be used.
-     */
-    constructor(httpClient?: HttpClient, fetchOptions?: RecursivePartial<FetcherConfig>);
-    /**
-     * Upsert resource attributes synchronously, performing http call to the authorization MS to assign the given attributes to the given resource.
-     * @param accountId
-     * @param resourceAttributeAssignments - Array of resource (resourceType, resourceId) and attribute (key, value) pairs to upsert in the authorization MS.
-     * e.g. [{ resourceType: 'board', resourceId: 123, key: 'board_kind', value: 'private' }]
-     * @returns ResourceAttributeResponse - The affected (created and updated_ resource attributes assignments in the `attributes` field.
-     */
-    upsertResourceAttributes(accountId: number, resourceAttributeAssignments: ResourceAttributeAssignment[]): Promise<ResourceAttributeResponse>;
-    /**
-     * Delete resource attributes assignments synchronously, performing http call to the authorization MS to delete the given attributes from the given singular resource.
-     * @param accountId
-     * @param resource - The resource (resourceType, resourceId) to delete the attributes for.
-     * @param attributeKeys - Array of attribute keys to delete for the resource.
-     * @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
-     */
-    deleteResourceAttributes(accountId: number, resource: Resource, attributeKeys: string[]): Promise<ResourceAttributeResponse>;
-    /**
-     *  Async function, this function only send the updates request to SNS and return before the change actually took place
-     * @param accountId
-     * @param appName - App name of the calling app
-     * @param callerActionIdentifier - action identifier
-     * @param resourceAttributeOperations - Array of operations to do on resource attributes.
-     * @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
-     *  */
-    updateResourceAttributesAsync(accountId: number, appName: string, callerActionIdentifier: string, resourceAttributeOperations: ResourceAttributesOperation[]): Promise<ResourceAttributesOperation[]>;
-    private sendSingleSnsMessage;
-    private static getSnsTopicArn;
-    /**
-     * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
-     * This function can be used as health check for services that updating resource attributes in async is crucial.
-     * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
-     * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
-     * However, this is the best we can do without actually push dummy messages to the SNS.
-     * @return {Promise<boolean>} - true if succeeded
-     */
-    asyncResourceAttributesHealthCheck(): Promise<boolean>;
-}
-//# sourceMappingURL=authorization-attributes-service.d.ts.map

package/dist/authorization-attributes-service.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"authorization-attributes-service.d.ts","sourceRoot":"","sources":["../src/authorization-attributes-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAO,aAAa,EAAE,UAAU,EAAE,MAAM,sCAAsC,CAAC;AAEtF,OAAO,EAAoB,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACvF,OAAO,EACL,2BAA2B,EAC3B,yBAAyB,EACzB,2BAA2B,EAC5B,MAAM,4CAA4C,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAY3C,qBAAa,8BAA8B;IACzC,OAAO,CAAC,MAAM,CAAC,OAAO,CAA8B;IACpD,OAAO,CAAC,MAAM,CAAC,SAAS,CAGb;IACX,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,YAAY,CAAkC;IACtD,OAAO,CAAC,MAAM,CAAS;IAEvB;;;;OAIG;gBACS,UAAU,CAAC,EAAE,UAAU,EAAE,YAAY,CAAC,EAAE,gBAAgB,CAAC,aAAa,CAAC;IAqBnF;;;;;;OAMG;IACG,wBAAwB,CAC5B,SAAS,EAAE,MAAM,EACjB,4BAA4B,EAAE,2BAA2B,EAAE,GAC1D,OAAO,CAAC,yBAAyB,CAAC;IA6BrC;;;;;;OAMG;IACG,wBAAwB,CAC5B,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,QAAQ,EAClB,aAAa,EAAE,MAAM,EAAE,GACtB,OAAO,CAAC,yBAAyB,CAAC;IAkCrC;;;;;;;UAOM;IACA,6BAA6B,CACjC,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,sBAAsB,EAAE,MAAM,EAC9B,2BAA2B,EAAE,2BAA2B,EAAE,GACzD,OAAO,CAAC,2BAA2B,EAAE,CAAC;YAY3B,oBAAoB;IA4BlC,OAAO,CAAC,MAAM,CAAC,cAAc;IAW7B;;;;;;;OAOG;IACG,kCAAkC,IAAI,OAAO,CAAC,OAAO,CAAC;CAoB7D"}

package/dist/authorization-attributes-service.js

@@ -1,186 +0,0 @@
-Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
-
-const chunk = require('lodash/chunk.js');
-const tridentBackendApi = require('@mondaydotcomorg/trident-backend-api');
-const mondaySns = require('@mondaydotcomorg/monday-sns');
-const mondayFetchApi = require('@mondaydotcomorg/monday-fetch-api');
-const authorizationInternalService = require('./authorization-internal-service.js');
-const attributionsService = require('./attributions-service.js');
-const constants_sns = require('./constants/sns.js');
-const constants = require('./constants.js');
-
-const _interopDefault = e => e && e.__esModule ? e : { default: e };
-
-const chunk__default = /*#__PURE__*/_interopDefault(chunk);
-
-class AuthorizationAttributesService {
-    static LOG_TAG = 'authorization_attributes';
-    static API_PATHS = {
-        UPSERT_RESOURCE_ATTRIBUTES: '/attributes/{accountId}/resource',
-        DELETE_RESOURCE_ATTRIBUTES: '/attributes/{accountId}/resource/{resourceType}/{resourceId}',
-    };
-    httpClient;
-    fetchOptions;
-    snsArn;
-    /**
-     * Public constructor to create the AuthorizationAttributesService instance.
-     * @param httpClient The HTTP client to use for API requests, if not provided, the default HTTP client from Api will be used.
-     * @param fetchOptions The fetch options to use for API requests, if not provided, the default fetch options will be used.
-     */
-    constructor(httpClient, fetchOptions) {
-        if (!httpClient) {
-            httpClient = tridentBackendApi.Api.getPart('httpClient');
-            if (!httpClient) {
-                throw new Error(constants.ERROR_MESSAGES.HTTP_CLIENT_NOT_INITIALIZED);
-            }
-        }
-        if (!fetchOptions) {
-            fetchOptions = constants.DEFAULT_FETCH_OPTIONS;
-        }
-        else {
-            fetchOptions = {
-                ...constants.DEFAULT_FETCH_OPTIONS,
-                ...fetchOptions,
-            };
-        }
-        this.httpClient = httpClient;
-        this.fetchOptions = fetchOptions;
-        this.snsArn = AuthorizationAttributesService.getSnsTopicArn();
-    }
-    /**
-     * Upsert resource attributes synchronously, performing http call to the authorization MS to assign the given attributes to the given resource.
-     * @param accountId
-     * @param resourceAttributeAssignments - Array of resource (resourceType, resourceId) and attribute (key, value) pairs to upsert in the authorization MS.
-     * e.g. [{ resourceType: 'board', resourceId: 123, key: 'board_kind', value: 'private' }]
-     * @returns ResourceAttributeResponse - The affected (created and updated_ resource attributes assignments in the `attributes` field.
-     */
-    async upsertResourceAttributes(accountId, resourceAttributeAssignments) {
-        const attributionHeaders = attributionsService.getAttributionsFromApi();
-        try {
-            return await this.httpClient.fetch({
-                url: {
-                    appName: constants.APP_NAME,
-                    path: AuthorizationAttributesService.API_PATHS.UPSERT_RESOURCE_ATTRIBUTES.replace('{accountId}', accountId.toString()),
-                },
-                method: 'POST',
-                headers: {
-                    'Content-Type': 'application/json',
-                    ...attributionHeaders,
-                },
-                body: JSON.stringify({ resourceAttributeAssignments }),
-            }, this.fetchOptions);
-        }
-        catch (err) {
-            if (err instanceof mondayFetchApi.HttpFetcherError) {
-                throw new Error(constants.ERROR_MESSAGES.REQUEST_FAILED('upsertResourceAttributes', err.status, err.message));
-            }
-            throw err;
-        }
-    }
-    /**
-     * Delete resource attributes assignments synchronously, performing http call to the authorization MS to delete the given attributes from the given singular resource.
-     * @param accountId
-     * @param resource - The resource (resourceType, resourceId) to delete the attributes for.
-     * @param attributeKeys - Array of attribute keys to delete for the resource.
-     * @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
-     */
-    async deleteResourceAttributes(accountId, resource, attributeKeys) {
-        const attributionHeaders = attributionsService.getAttributionsFromApi();
-        if (!resource.id) {
-            throw new Error('Resource ID is required');
-        }
-        try {
-            return await this.httpClient.fetch({
-                url: {
-                    appName: constants.APP_NAME,
-                    path: AuthorizationAttributesService.API_PATHS.DELETE_RESOURCE_ATTRIBUTES.replace('{accountId}', accountId.toString())
-                        .replace('{resourceType}', resource.type)
-                        .replace('{resourceId}', resource.id.toString()),
-                },
-                method: 'DELETE',
-                headers: {
-                    'Content-Type': 'application/json',
-                    ...attributionHeaders,
-                },
-                body: JSON.stringify({ keys: attributeKeys }),
-            }, this.fetchOptions);
-        }
-        catch (err) {
-            if (err instanceof mondayFetchApi.HttpFetcherError) {
-                throw new Error(constants.ERROR_MESSAGES.REQUEST_FAILED('deleteResourceAttributes', err.status, err.message));
-            }
-            throw err;
-        }
-    }
-    /**
-     *  Async function, this function only send the updates request to SNS and return before the change actually took place
-     * @param accountId
-     * @param appName - App name of the calling app
-     * @param callerActionIdentifier - action identifier
-     * @param resourceAttributeOperations - Array of operations to do on resource attributes.
-     * @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
-     *  */
-    async updateResourceAttributesAsync(accountId, appName, callerActionIdentifier, resourceAttributeOperations) {
-        const topicArn = this.snsArn;
-        const sendToSnsPromises = [];
-        const operationChucks = chunk__default.default(resourceAttributeOperations, constants_sns.ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE);
-        for (const operationsChunk of operationChucks) {
-            sendToSnsPromises.push(this.sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operationsChunk));
-        }
-        return (await Promise.all(sendToSnsPromises)).flat();
-    }
-    async sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operations) {
-        const payload = {
-            kind: constants_sns.RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND,
-            payload: {
-                accountId: accountId,
-                callerAppName: appName,
-                callerActionIdentifier: callerActionIdentifier,
-                operations: operations,
-            },
-        };
-        try {
-            await mondaySns.sendToSns(payload, topicArn);
-            return operations;
-        }
-        catch (error) {
-            authorizationInternalService.logger.error({ error, tag: AuthorizationAttributesService.LOG_TAG }, 'Authorization resource attributes async update: failed to send operations to SNS');
-            return [];
-        }
-    }
-    static getSnsTopicArn() {
-        const arnFromEnv = process.env[constants_sns.SNS_ARN_ENV_VAR_NAME];
-        if (arnFromEnv) {
-            return arnFromEnv;
-        }
-        if (process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'test') {
-            return constants_sns.SNS_DEV_TEST_NAME;
-        }
-        throw new Error('Unable to get sns topic arn from env variable');
-    }
-    /**
-     * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
-     * This function can be used as health check for services that updating resource attributes in async is crucial.
-     * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
-     * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
-     * However, this is the best we can do without actually push dummy messages to the SNS.
-     * @return {Promise<boolean>} - true if succeeded
-     */
-    async asyncResourceAttributesHealthCheck() {
-        try {
-            const requestedTopicArn = this.snsArn;
-            const attributes = await mondaySns.getTopicAttributes(requestedTopicArn);
-            const isHealthy = !(!attributes || !('TopicArn' in attributes) || attributes.TopicArn !== requestedTopicArn);
-            if (!isHealthy) {
-                authorizationInternalService.logger.error({ requestedTopicArn, snsReturnedAttributes: attributes, tag: AuthorizationAttributesService.LOG_TAG }, 'authorization-attributes-service failed in health check');
-            }
-            return isHealthy;
-        }
-        catch (error) {
-            authorizationInternalService.logger.error({ error, tag: AuthorizationAttributesService.LOG_TAG }, 'authorization-attributes-service got error during health check');
-            return false;
-        }
-    }
-}
-
-exports.AuthorizationAttributesService = AuthorizationAttributesService;

package/dist/esm/authorization-attributes-service.d.ts

@@ -1,54 +0,0 @@
-import { FetcherConfig, HttpClient } from '@mondaydotcomorg/trident-backend-api';
-import { RecursivePartial } from '@mondaydotcomorg/monday-fetch-api';
-import { ResourceAttributeAssignment, ResourceAttributeResponse, ResourceAttributesOperation } from './types/authorization-attributes-contracts';
-import { Resource } from './types/general';
-export declare class AuthorizationAttributesService {
-    private static LOG_TAG;
-    private static API_PATHS;
-    private httpClient;
-    private fetchOptions;
-    private snsArn;
-    /**
-     * Public constructor to create the AuthorizationAttributesService instance.
-     * @param httpClient The HTTP client to use for API requests, if not provided, the default HTTP client from Api will be used.
-     * @param fetchOptions The fetch options to use for API requests, if not provided, the default fetch options will be used.
-     */
-    constructor(httpClient?: HttpClient, fetchOptions?: RecursivePartial<FetcherConfig>);
-    /**
-     * Upsert resource attributes synchronously, performing http call to the authorization MS to assign the given attributes to the given resource.
-     * @param accountId
-     * @param resourceAttributeAssignments - Array of resource (resourceType, resourceId) and attribute (key, value) pairs to upsert in the authorization MS.
-     * e.g. [{ resourceType: 'board', resourceId: 123, key: 'board_kind', value: 'private' }]
-     * @returns ResourceAttributeResponse - The affected (created and updated_ resource attributes assignments in the `attributes` field.
-     */
-    upsertResourceAttributes(accountId: number, resourceAttributeAssignments: ResourceAttributeAssignment[]): Promise<ResourceAttributeResponse>;
-    /**
-     * Delete resource attributes assignments synchronously, performing http call to the authorization MS to delete the given attributes from the given singular resource.
-     * @param accountId
-     * @param resource - The resource (resourceType, resourceId) to delete the attributes for.
-     * @param attributeKeys - Array of attribute keys to delete for the resource.
-     * @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
-     */
-    deleteResourceAttributes(accountId: number, resource: Resource, attributeKeys: string[]): Promise<ResourceAttributeResponse>;
-    /**
-     *  Async function, this function only send the updates request to SNS and return before the change actually took place
-     * @param accountId
-     * @param appName - App name of the calling app
-     * @param callerActionIdentifier - action identifier
-     * @param resourceAttributeOperations - Array of operations to do on resource attributes.
-     * @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
-     *  */
-    updateResourceAttributesAsync(accountId: number, appName: string, callerActionIdentifier: string, resourceAttributeOperations: ResourceAttributesOperation[]): Promise<ResourceAttributesOperation[]>;
-    private sendSingleSnsMessage;
-    private static getSnsTopicArn;
-    /**
-     * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
-     * This function can be used as health check for services that updating resource attributes in async is crucial.
-     * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
-     * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
-     * However, this is the best we can do without actually push dummy messages to the SNS.
-     * @return {Promise<boolean>} - true if succeeded
-     */
-    asyncResourceAttributesHealthCheck(): Promise<boolean>;
-}
-//# sourceMappingURL=authorization-attributes-service.d.ts.map

package/dist/esm/authorization-attributes-service.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"authorization-attributes-service.d.ts","sourceRoot":"","sources":["../../src/authorization-attributes-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAO,aAAa,EAAE,UAAU,EAAE,MAAM,sCAAsC,CAAC;AAEtF,OAAO,EAAoB,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACvF,OAAO,EACL,2BAA2B,EAC3B,yBAAyB,EACzB,2BAA2B,EAC5B,MAAM,4CAA4C,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAY3C,qBAAa,8BAA8B;IACzC,OAAO,CAAC,MAAM,CAAC,OAAO,CAA8B;IACpD,OAAO,CAAC,MAAM,CAAC,SAAS,CAGb;IACX,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,YAAY,CAAkC;IACtD,OAAO,CAAC,MAAM,CAAS;IAEvB;;;;OAIG;gBACS,UAAU,CAAC,EAAE,UAAU,EAAE,YAAY,CAAC,EAAE,gBAAgB,CAAC,aAAa,CAAC;IAqBnF;;;;;;OAMG;IACG,wBAAwB,CAC5B,SAAS,EAAE,MAAM,EACjB,4BAA4B,EAAE,2BAA2B,EAAE,GAC1D,OAAO,CAAC,yBAAyB,CAAC;IA6BrC;;;;;;OAMG;IACG,wBAAwB,CAC5B,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,QAAQ,EAClB,aAAa,EAAE,MAAM,EAAE,GACtB,OAAO,CAAC,yBAAyB,CAAC;IAkCrC;;;;;;;UAOM;IACA,6BAA6B,CACjC,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,sBAAsB,EAAE,MAAM,EAC9B,2BAA2B,EAAE,2BAA2B,EAAE,GACzD,OAAO,CAAC,2BAA2B,EAAE,CAAC;YAY3B,oBAAoB;IA4BlC,OAAO,CAAC,MAAM,CAAC,cAAc;IAW7B;;;;;;;OAOG;IACG,kCAAkC,IAAI,OAAO,CAAC,OAAO,CAAC;CAoB7D"}

package/dist/esm/authorization-attributes-service.mjs

@@ -1,180 +0,0 @@
-import chunk from 'lodash/chunk.js';
-import { Api } from '@mondaydotcomorg/trident-backend-api';
-import { sendToSns, getTopicAttributes } from '@mondaydotcomorg/monday-sns';
-import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
-import { logger } from './authorization-internal-service.mjs';
-import { getAttributionsFromApi } from './attributions-service.mjs';
-import { ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE, SNS_ARN_ENV_VAR_NAME, SNS_DEV_TEST_NAME, RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND } from './constants/sns.mjs';
-import { ERROR_MESSAGES, DEFAULT_FETCH_OPTIONS, APP_NAME } from './constants.mjs';
-
-class AuthorizationAttributesService {
-    static LOG_TAG = 'authorization_attributes';
-    static API_PATHS = {
-        UPSERT_RESOURCE_ATTRIBUTES: '/attributes/{accountId}/resource',
-        DELETE_RESOURCE_ATTRIBUTES: '/attributes/{accountId}/resource/{resourceType}/{resourceId}',
-    };
-    httpClient;
-    fetchOptions;
-    snsArn;
-    /**
-     * Public constructor to create the AuthorizationAttributesService instance.
-     * @param httpClient The HTTP client to use for API requests, if not provided, the default HTTP client from Api will be used.
-     * @param fetchOptions The fetch options to use for API requests, if not provided, the default fetch options will be used.
-     */
-    constructor(httpClient, fetchOptions) {
-        if (!httpClient) {
-            httpClient = Api.getPart('httpClient');
-            if (!httpClient) {
-                throw new Error(ERROR_MESSAGES.HTTP_CLIENT_NOT_INITIALIZED);
-            }
-        }
-        if (!fetchOptions) {
-            fetchOptions = DEFAULT_FETCH_OPTIONS;
-        }
-        else {
-            fetchOptions = {
-                ...DEFAULT_FETCH_OPTIONS,
-                ...fetchOptions,
-            };
-        }
-        this.httpClient = httpClient;
-        this.fetchOptions = fetchOptions;
-        this.snsArn = AuthorizationAttributesService.getSnsTopicArn();
-    }
-    /**
-     * Upsert resource attributes synchronously, performing http call to the authorization MS to assign the given attributes to the given resource.
-     * @param accountId
-     * @param resourceAttributeAssignments - Array of resource (resourceType, resourceId) and attribute (key, value) pairs to upsert in the authorization MS.
-     * e.g. [{ resourceType: 'board', resourceId: 123, key: 'board_kind', value: 'private' }]
-     * @returns ResourceAttributeResponse - The affected (created and updated_ resource attributes assignments in the `attributes` field.
-     */
-    async upsertResourceAttributes(accountId, resourceAttributeAssignments) {
-        const attributionHeaders = getAttributionsFromApi();
-        try {
-            return await this.httpClient.fetch({
-                url: {
-                    appName: APP_NAME,
-                    path: AuthorizationAttributesService.API_PATHS.UPSERT_RESOURCE_ATTRIBUTES.replace('{accountId}', accountId.toString()),
-                },
-                method: 'POST',
-                headers: {
-                    'Content-Type': 'application/json',
-                    ...attributionHeaders,
-                },
-                body: JSON.stringify({ resourceAttributeAssignments }),
-            }, this.fetchOptions);
-        }
-        catch (err) {
-            if (err instanceof HttpFetcherError) {
-                throw new Error(ERROR_MESSAGES.REQUEST_FAILED('upsertResourceAttributes', err.status, err.message));
-            }
-            throw err;
-        }
-    }
-    /**
-     * Delete resource attributes assignments synchronously, performing http call to the authorization MS to delete the given attributes from the given singular resource.
-     * @param accountId
-     * @param resource - The resource (resourceType, resourceId) to delete the attributes for.
-     * @param attributeKeys - Array of attribute keys to delete for the resource.
-     * @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
-     */
-    async deleteResourceAttributes(accountId, resource, attributeKeys) {
-        const attributionHeaders = getAttributionsFromApi();
-        if (!resource.id) {
-            throw new Error('Resource ID is required');
-        }
-        try {
-            return await this.httpClient.fetch({
-                url: {
-                    appName: APP_NAME,
-                    path: AuthorizationAttributesService.API_PATHS.DELETE_RESOURCE_ATTRIBUTES.replace('{accountId}', accountId.toString())
-                        .replace('{resourceType}', resource.type)
-                        .replace('{resourceId}', resource.id.toString()),
-                },
-                method: 'DELETE',
-                headers: {
-                    'Content-Type': 'application/json',
-                    ...attributionHeaders,
-                },
-                body: JSON.stringify({ keys: attributeKeys }),
-            }, this.fetchOptions);
-        }
-        catch (err) {
-            if (err instanceof HttpFetcherError) {
-                throw new Error(ERROR_MESSAGES.REQUEST_FAILED('deleteResourceAttributes', err.status, err.message));
-            }
-            throw err;
-        }
-    }
-    /**
-     *  Async function, this function only send the updates request to SNS and return before the change actually took place
-     * @param accountId
-     * @param appName - App name of the calling app
-     * @param callerActionIdentifier - action identifier
-     * @param resourceAttributeOperations - Array of operations to do on resource attributes.
-     * @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
-     *  */
-    async updateResourceAttributesAsync(accountId, appName, callerActionIdentifier, resourceAttributeOperations) {
-        const topicArn = this.snsArn;
-        const sendToSnsPromises = [];
-        const operationChucks = chunk(resourceAttributeOperations, ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE);
-        for (const operationsChunk of operationChucks) {
-            sendToSnsPromises.push(this.sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operationsChunk));
-        }
-        return (await Promise.all(sendToSnsPromises)).flat();
-    }
-    async sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operations) {
-        const payload = {
-            kind: RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND,
-            payload: {
-                accountId: accountId,
-                callerAppName: appName,
-                callerActionIdentifier: callerActionIdentifier,
-                operations: operations,
-            },
-        };
-        try {
-            await sendToSns(payload, topicArn);
-            return operations;
-        }
-        catch (error) {
-            logger.error({ error, tag: AuthorizationAttributesService.LOG_TAG }, 'Authorization resource attributes async update: failed to send operations to SNS');
-            return [];
-        }
-    }
-    static getSnsTopicArn() {
-        const arnFromEnv = process.env[SNS_ARN_ENV_VAR_NAME];
-        if (arnFromEnv) {
-            return arnFromEnv;
-        }
-        if (process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'test') {
-            return SNS_DEV_TEST_NAME;
-        }
-        throw new Error('Unable to get sns topic arn from env variable');
-    }
-    /**
-     * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
-     * This function can be used as health check for services that updating resource attributes in async is crucial.
-     * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
-     * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
-     * However, this is the best we can do without actually push dummy messages to the SNS.
-     * @return {Promise<boolean>} - true if succeeded
-     */
-    async asyncResourceAttributesHealthCheck() {
-        try {
-            const requestedTopicArn = this.snsArn;
-            const attributes = await getTopicAttributes(requestedTopicArn);
-            const isHealthy = !(!attributes || !('TopicArn' in attributes) || attributes.TopicArn !== requestedTopicArn);
-            if (!isHealthy) {
-                logger.error({ requestedTopicArn, snsReturnedAttributes: attributes, tag: AuthorizationAttributesService.LOG_TAG }, 'authorization-attributes-service failed in health check');
-            }
-            return isHealthy;
-        }
-        catch (error) {
-            logger.error({ error, tag: AuthorizationAttributesService.LOG_TAG }, 'authorization-attributes-service got error during health check');
-            return false;
-        }
-    }
-}
-
-export { AuthorizationAttributesService };