@mondaydotcomorg/monday-authorization 3.5.1-feat-shaime-support-entity-attributes-in-authorization-sdk-d2be13e → 3.5.1-fix-authorize-profile-picker-9fcaf6a

package/dist/attributions-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../src/attributions-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;AAStF,oBAAY,eAAe;IACzB,YAAY,iBAAiB;IAC7B,IAAI,SAAS;IACb,QAAQ,aAAa;IACrB,GAAG,QAAQ;CACZ;AAED,wBAAgB,UAAU,mFAiBzB;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,gBAAgB,CAEtE;AAED,wBAAgB,sBAAsB,IAAI;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAyClE"}
+{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../src/attributions-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;AAStF,oBAAY,eAAe;IACzB,YAAY,iBAAiB;IAC7B,IAAI,SAAS;IACb,QAAQ,aAAa;IACrB,GAAG,QAAQ;CACZ;AAED,wBAAgB,UAAU,mFAiBzB;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,gBAAgB,CAEtE;AAED,wBAAgB,sBAAsB,IAAI;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAqClE"}

package/dist/attributions-service.js

@@ -46,7 +46,6 @@ function getAttributionsFromApi() {
         const { runtimeAttributions } = tridentContext;
         const runtimeAttributionsOutgoingHeaders = runtimeAttributions?.buildOutgoingHeaders('HTTP_INTERNAL');
         if (!runtimeAttributionsOutgoingHeaders) {
-            authorizationInternalService.logger.info({ tag: 'authorization-service', runtimeAttributionsOutgoingHeaders }, 'No runtime attributions outgoing headers');
             return callerAppNameFromSdk;
         }
         const attributionsHeaders = Object.fromEntries(runtimeAttributionsOutgoingHeaders);

package/dist/authorization-attributes-service.d.ts

@@ -0,0 +1,54 @@
+import { FetcherConfig, HttpClient } from '@mondaydotcomorg/trident-backend-api';
+import { RecursivePartial } from '@mondaydotcomorg/monday-fetch-api';
+import { ResourceAttributeAssignment, ResourceAttributeResponse, ResourceAttributesOperation } from './types/authorization-attributes-contracts';
+import { Resource } from './types/general';
+export declare class AuthorizationAttributesService {
+    private static LOG_TAG;
+    private static API_PATHS;
+    private httpClient;
+    private fetchOptions;
+    private snsArn;
+    /**
+     * Public constructor to create the AuthorizationAttributesService instance.
+     * @param httpClient The HTTP client to use for API requests, if not provided, the default HTTP client from Api will be used.
+     * @param fetchOptions The fetch options to use for API requests, if not provided, the default fetch options will be used.
+     */
+    constructor(httpClient?: HttpClient, fetchOptions?: RecursivePartial<FetcherConfig>);
+    /**
+     * Upsert resource attributes synchronously, performing http call to the authorization MS to assign the given attributes to the given resource.
+     * @param accountId
+     * @param resourceAttributeAssignments - Array of resource (resourceType, resourceId) and attribute (key, value) pairs to upsert in the authorization MS.
+     * e.g. [{ resourceType: 'board', resourceId: 123, key: 'board_kind', value: 'private' }]
+     * @returns ResourceAttributeResponse - The affected (created and updated_ resource attributes assignments in the `attributes` field.
+     */
+    upsertResourceAttributes(accountId: number, resourceAttributeAssignments: ResourceAttributeAssignment[]): Promise<ResourceAttributeResponse>;
+    /**
+     * Delete resource attributes assignments synchronously, performing http call to the authorization MS to delete the given attributes from the given singular resource.
+     * @param accountId
+     * @param resource - The resource (resourceType, resourceId) to delete the attributes for.
+     * @param attributeKeys - Array of attribute keys to delete for the resource.
+     * @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
+     */
+    deleteResourceAttributes(accountId: number, resource: Resource, attributeKeys: string[]): Promise<ResourceAttributeResponse>;
+    /**
+     *  Async function, this function only send the updates request to SNS and return before the change actually took place
+     * @param accountId
+     * @param appName - App name of the calling app
+     * @param callerActionIdentifier - action identifier
+     * @param resourceAttributeOperations - Array of operations to do on resource attributes.
+     * @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
+     *  */
+    updateResourceAttributesAsync(accountId: number, appName: string, callerActionIdentifier: string, resourceAttributeOperations: ResourceAttributesOperation[]): Promise<ResourceAttributesOperation[]>;
+    private sendSingleSnsMessage;
+    private static getSnsTopicArn;
+    /**
+     * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
+     * This function can be used as health check for services that updating resource attributes in async is crucial.
+     * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
+     * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
+     * However, this is the best we can do without actually push dummy messages to the SNS.
+     * @return {Promise<boolean>} - true if succeeded
+     */
+    asyncResourceAttributesHealthCheck(): Promise<boolean>;
+}
+//# sourceMappingURL=authorization-attributes-service.d.ts.map

package/dist/authorization-attributes-service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorization-attributes-service.d.ts","sourceRoot":"","sources":["../src/authorization-attributes-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAO,aAAa,EAAE,UAAU,EAAE,MAAM,sCAAsC,CAAC;AAEtF,OAAO,EAAoB,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACvF,OAAO,EACL,2BAA2B,EAC3B,yBAAyB,EACzB,2BAA2B,EAC5B,MAAM,4CAA4C,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAY3C,qBAAa,8BAA8B;IACzC,OAAO,CAAC,MAAM,CAAC,OAAO,CAA8B;IACpD,OAAO,CAAC,MAAM,CAAC,SAAS,CAGb;IACX,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,YAAY,CAAkC;IACtD,OAAO,CAAC,MAAM,CAAS;IAEvB;;;;OAIG;gBACS,UAAU,CAAC,EAAE,UAAU,EAAE,YAAY,CAAC,EAAE,gBAAgB,CAAC,aAAa,CAAC;IAqBnF;;;;;;OAMG;IACG,wBAAwB,CAC5B,SAAS,EAAE,MAAM,EACjB,4BAA4B,EAAE,2BAA2B,EAAE,GAC1D,OAAO,CAAC,yBAAyB,CAAC;IA6BrC;;;;;;OAMG;IACG,wBAAwB,CAC5B,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,QAAQ,EAClB,aAAa,EAAE,MAAM,EAAE,GACtB,OAAO,CAAC,yBAAyB,CAAC;IAkCrC;;;;;;;UAOM;IACA,6BAA6B,CACjC,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,sBAAsB,EAAE,MAAM,EAC9B,2BAA2B,EAAE,2BAA2B,EAAE,GACzD,OAAO,CAAC,2BAA2B,EAAE,CAAC;YAY3B,oBAAoB;IA4BlC,OAAO,CAAC,MAAM,CAAC,cAAc;IAW7B;;;;;;;OAOG;IACG,kCAAkC,IAAI,OAAO,CAAC,OAAO,CAAC;CAoB7D"}

package/dist/authorization-attributes-service.js

@@ -0,0 +1,186 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+
+const chunk = require('lodash/chunk.js');
+const tridentBackendApi = require('@mondaydotcomorg/trident-backend-api');
+const mondaySns = require('@mondaydotcomorg/monday-sns');
+const mondayFetchApi = require('@mondaydotcomorg/monday-fetch-api');
+const authorizationInternalService = require('./authorization-internal-service.js');
+const attributionsService = require('./attributions-service.js');
+const constants_sns = require('./constants/sns.js');
+const constants = require('./constants.js');
+
+const _interopDefault = e => e && e.__esModule ? e : { default: e };
+
+const chunk__default = /*#__PURE__*/_interopDefault(chunk);
+
+class AuthorizationAttributesService {
+    static LOG_TAG = 'authorization_attributes';
+    static API_PATHS = {
+        UPSERT_RESOURCE_ATTRIBUTES: '/attributes/{accountId}/resource',
+        DELETE_RESOURCE_ATTRIBUTES: '/attributes/{accountId}/resource/{resourceType}/{resourceId}',
+    };
+    httpClient;
+    fetchOptions;
+    snsArn;
+    /**
+     * Public constructor to create the AuthorizationAttributesService instance.
+     * @param httpClient The HTTP client to use for API requests, if not provided, the default HTTP client from Api will be used.
+     * @param fetchOptions The fetch options to use for API requests, if not provided, the default fetch options will be used.
+     */
+    constructor(httpClient, fetchOptions) {
+        if (!httpClient) {
+            httpClient = tridentBackendApi.Api.getPart('httpClient');
+            if (!httpClient) {
+                throw new Error(constants.ERROR_MESSAGES.HTTP_CLIENT_NOT_INITIALIZED);
+            }
+        }
+        if (!fetchOptions) {
+            fetchOptions = constants.DEFAULT_FETCH_OPTIONS;
+        }
+        else {
+            fetchOptions = {
+                ...constants.DEFAULT_FETCH_OPTIONS,
+                ...fetchOptions,
+            };
+        }
+        this.httpClient = httpClient;
+        this.fetchOptions = fetchOptions;
+        this.snsArn = AuthorizationAttributesService.getSnsTopicArn();
+    }
+    /**
+     * Upsert resource attributes synchronously, performing http call to the authorization MS to assign the given attributes to the given resource.
+     * @param accountId
+     * @param resourceAttributeAssignments - Array of resource (resourceType, resourceId) and attribute (key, value) pairs to upsert in the authorization MS.
+     * e.g. [{ resourceType: 'board', resourceId: 123, key: 'board_kind', value: 'private' }]
+     * @returns ResourceAttributeResponse - The affected (created and updated_ resource attributes assignments in the `attributes` field.
+     */
+    async upsertResourceAttributes(accountId, resourceAttributeAssignments) {
+        const attributionHeaders = attributionsService.getAttributionsFromApi();
+        try {
+            return await this.httpClient.fetch({
+                url: {
+                    appName: constants.APP_NAME,
+                    path: AuthorizationAttributesService.API_PATHS.UPSERT_RESOURCE_ATTRIBUTES.replace('{accountId}', accountId.toString()),
+                },
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                    ...attributionHeaders,
+                },
+                body: JSON.stringify({ resourceAttributeAssignments }),
+            }, this.fetchOptions);
+        }
+        catch (err) {
+            if (err instanceof mondayFetchApi.HttpFetcherError) {
+                throw new Error(constants.ERROR_MESSAGES.REQUEST_FAILED('upsertResourceAttributes', err.status, err.message));
+            }
+            throw err;
+        }
+    }
+    /**
+     * Delete resource attributes assignments synchronously, performing http call to the authorization MS to delete the given attributes from the given singular resource.
+     * @param accountId
+     * @param resource - The resource (resourceType, resourceId) to delete the attributes for.
+     * @param attributeKeys - Array of attribute keys to delete for the resource.
+     * @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
+     */
+    async deleteResourceAttributes(accountId, resource, attributeKeys) {
+        const attributionHeaders = attributionsService.getAttributionsFromApi();
+        if (!resource.id) {
+            throw new Error('Resource ID is required');
+        }
+        try {
+            return await this.httpClient.fetch({
+                url: {
+                    appName: constants.APP_NAME,
+                    path: AuthorizationAttributesService.API_PATHS.DELETE_RESOURCE_ATTRIBUTES.replace('{accountId}', accountId.toString())
+                        .replace('{resourceType}', resource.type)
+                        .replace('{resourceId}', resource.id.toString()),
+                },
+                method: 'DELETE',
+                headers: {
+                    'Content-Type': 'application/json',
+                    ...attributionHeaders,
+                },
+                body: JSON.stringify({ keys: attributeKeys }),
+            }, this.fetchOptions);
+        }
+        catch (err) {
+            if (err instanceof mondayFetchApi.HttpFetcherError) {
+                throw new Error(constants.ERROR_MESSAGES.REQUEST_FAILED('deleteResourceAttributes', err.status, err.message));
+            }
+            throw err;
+        }
+    }
+    /**
+     *  Async function, this function only send the updates request to SNS and return before the change actually took place
+     * @param accountId
+     * @param appName - App name of the calling app
+     * @param callerActionIdentifier - action identifier
+     * @param resourceAttributeOperations - Array of operations to do on resource attributes.
+     * @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
+     *  */
+    async updateResourceAttributesAsync(accountId, appName, callerActionIdentifier, resourceAttributeOperations) {
+        const topicArn = this.snsArn;
+        const sendToSnsPromises = [];
+        const operationChucks = chunk__default.default(resourceAttributeOperations, constants_sns.ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE);
+        for (const operationsChunk of operationChucks) {
+            sendToSnsPromises.push(this.sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operationsChunk));
+        }
+        return (await Promise.all(sendToSnsPromises)).flat();
+    }
+    async sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operations) {
+        const payload = {
+            kind: constants_sns.RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND,
+            payload: {
+                accountId: accountId,
+                callerAppName: appName,
+                callerActionIdentifier: callerActionIdentifier,
+                operations: operations,
+            },
+        };
+        try {
+            await mondaySns.sendToSns(payload, topicArn);
+            return operations;
+        }
+        catch (error) {
+            authorizationInternalService.logger.error({ error, tag: AuthorizationAttributesService.LOG_TAG }, 'Authorization resource attributes async update: failed to send operations to SNS');
+            return [];
+        }
+    }
+    static getSnsTopicArn() {
+        const arnFromEnv = process.env[constants_sns.SNS_ARN_ENV_VAR_NAME];
+        if (arnFromEnv) {
+            return arnFromEnv;
+        }
+        if (process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'test') {
+            return constants_sns.SNS_DEV_TEST_NAME;
+        }
+        throw new Error('Unable to get sns topic arn from env variable');
+    }
+    /**
+     * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
+     * This function can be used as health check for services that updating resource attributes in async is crucial.
+     * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
+     * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
+     * However, this is the best we can do without actually push dummy messages to the SNS.
+     * @return {Promise<boolean>} - true if succeeded
+     */
+    async asyncResourceAttributesHealthCheck() {
+        try {
+            const requestedTopicArn = this.snsArn;
+            const attributes = await mondaySns.getTopicAttributes(requestedTopicArn);
+            const isHealthy = !(!attributes || !('TopicArn' in attributes) || attributes.TopicArn !== requestedTopicArn);
+            if (!isHealthy) {
+                authorizationInternalService.logger.error({ requestedTopicArn, snsReturnedAttributes: attributes, tag: AuthorizationAttributesService.LOG_TAG }, 'authorization-attributes-service failed in health check');
+            }
+            return isHealthy;
+        }
+        catch (error) {
+            authorizationInternalService.logger.error({ error, tag: AuthorizationAttributesService.LOG_TAG }, 'authorization-attributes-service got error during health check');
+            return false;
+        }
+    }
+}
+
+exports.AuthorizationAttributesService = AuthorizationAttributesService;

package/dist/authorization-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAsBZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA4CnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
+{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WA+DZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA+DnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}

package/dist/authorization-service.js

@@ -96,15 +96,33 @@ class AuthorizationService {
             authorizationInternalService.logger.error({ tag: 'authorization-service' }, 'AuthorizationService: igniteClient is not set, failing request');
             throw new Error('AuthorizationService: igniteClient is not set, failing request');
         }
-        if (this.igniteClient.configuration.getObjectValue(ALLOWED_SDK_PLATFORM_PROFILES_KEY, []).includes(appName)) {
-            return attributionsService.getProfile();
+        const allowedProfiles = this.igniteClient.configuration.getObjectValue(ALLOWED_SDK_PLATFORM_PROFILES_KEY, []);
+        const isAllowedProfile = allowedProfiles.includes(appName);
+        authorizationInternalService.logger.info({ tag: 'auth-debug', accountId, userId, appName, allowedProfiles, isAllowedProfile }, 'AuthorizationService.getProfile: checking allowed profiles');
+        if (isAllowedProfile) {
+            const profile = attributionsService.getProfile();
+            authorizationInternalService.logger.info({ tag: 'auth-debug', accountId, userId, appName, profile }, 'AuthorizationService.getProfile: selected profile via allowed profiles');
+            return profile;
         }
-        if (this.igniteClient.configuration
-            .getObjectValue(IN_RELEASE_SDK_PLATFORM_PROFILES_KEY, [])
-            .includes(appName) &&
-            this.igniteClient.isReleased(PLATFORM_PROFILE_RELEASE_FF, { accountId, userId })) {
-            return attributionsService.getProfile();
+        const inReleaseProfiles = this.igniteClient.configuration.getObjectValue(IN_RELEASE_SDK_PLATFORM_PROFILES_KEY, []);
+        const isInReleaseProfile = inReleaseProfiles.includes(appName);
+        const isFeatureFlagReleased = this.igniteClient.isReleased(PLATFORM_PROFILE_RELEASE_FF, { accountId, userId });
+        authorizationInternalService.logger.info({
+            tag: 'auth-debug',
+            accountId,
+            userId,
+            appName,
+            inReleaseProfiles,
+            isInReleaseProfile,
+            isFeatureFlagReleased,
+            featureFlag: PLATFORM_PROFILE_RELEASE_FF,
+        }, 'AuthorizationService.getProfile: checking feature flag release');
+        if (isInReleaseProfile && isFeatureFlagReleased) {
+            const profile = attributionsService.getProfile();
+            authorizationInternalService.logger.info({ tag: 'auth-debug', accountId, userId, appName, profile }, 'AuthorizationService.getProfile: selected profile via feature flag release');
+            return profile;
         }
+        authorizationInternalService.logger.info({ tag: 'auth-debug', accountId, userId, appName, profile: attributionsService.PlatformProfile.APP }, 'AuthorizationService.getProfile: selected default APP profile');
         return attributionsService.PlatformProfile.APP;
     }
     static async canActionInScopeMultiple(accountId, userId, scopedActions) {
@@ -112,15 +130,24 @@ class AuthorizationService {
             return [];
         }
         const shouldNavigateToGraph = Boolean(this.igniteClient?.isReleased(NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF, { accountId, userId }));
+        authorizationInternalService.logger.info({
+            tag: 'auth-debug',
+            accountId,
+            userId,
+            shouldNavigateToGraph,
+            featureFlag: NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF,
+        }, 'AuthorizationService.canActionInScopeMultiple: determining which API flow to use');
         const startTime = perf_hooks.performance.now();
         let scopedActionResponseObjects;
         let apiType;
         if (shouldNavigateToGraph) {
             apiType = 'graph';
+            authorizationInternalService.logger.info({ tag: 'auth-debug', accountId, userId, apiType }, 'AuthorizationService.canActionInScopeMultiple: using graph API flow');
             scopedActionResponseObjects = await this.graphApi.checkPermissions(accountId, userId, scopedActions);
         }
         else {
             apiType = 'platform';
+            authorizationInternalService.logger.info({ tag: 'auth-debug', accountId, userId, apiType }, 'AuthorizationService.canActionInScopeMultiple: using platform API flow');
             const profile = this.getProfile(accountId, userId);
             const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
             scopedActionResponseObjects = await this.platformApi.checkPermissions(profile, internalAuthToken, userId, scopedActions);

package/dist/constants/sns.d.ts

@@ -1,15 +1,5 @@
-export declare enum SnsTopicType {
-    RESOURCE = "resource",
-    ENTITY = "entity"
-}
-export declare const RESOURCE_SNS_ARN_ENV_VAR_NAME = "SHARED_AUTHORIZATION_SNS_ENDPOINT_RESOURCE_ATTRIBUTES";
-export declare const RESOURCE_SNS_DEV_TEST_NAME = "arn:aws:sns:us-east-1:000000000000:monday-authorization-resource-attributes-sns-local";
-export declare const ENTITY_SNS_ARN_ENV_VAR_NAME = "SHARED_AUTHORIZATION_SNS_ENDPOINT_ENTITY_ATTRIBUTES";
-export declare const ENTITY_SNS_DEV_TEST_NAME = "arn:aws:sns:us-east-1:000000000000:monday-authorization-entity-attributes-sns-local";
-export declare const RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND = "resourceAttributeModification";
-export declare const ENTITY_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND = "entityAttributeModification";
-export declare const ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE = 100;
-export declare const ASYNC_ENTITY_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE = 100;
 export declare const SNS_ARN_ENV_VAR_NAME = "SHARED_AUTHORIZATION_SNS_ENDPOINT_RESOURCE_ATTRIBUTES";
 export declare const SNS_DEV_TEST_NAME = "arn:aws:sns:us-east-1:000000000000:monday-authorization-resource-attributes-sns-local";
+export declare const RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND = "resourceAttributeModification";
+export declare const ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE = 100;
 //# sourceMappingURL=sns.d.ts.map

package/dist/constants/sns.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sns.d.ts","sourceRoot":"","sources":["../../src/constants/sns.ts"],"names":[],"mappings":"AAAA,oBAAY,YAAY;IACtB,QAAQ,aAAa;IACrB,MAAM,WAAW;CAClB;AAGD,eAAO,MAAM,6BAA6B,0DAA0D,CAAC;AACrG,eAAO,MAAM,0BAA0B,0FACkD,CAAC;AAG1F,eAAO,MAAM,2BAA2B,wDAAwD,CAAC;AACjG,eAAO,MAAM,wBAAwB,wFACkD,CAAC;AACxF,eAAO,MAAM,qDAAqD,kCAAkC,CAAC;AACrG,eAAO,MAAM,mDAAmD,gCAAgC,CAAC;AACjG,eAAO,MAAM,oDAAoD,MAAM,CAAC;AACxE,eAAO,MAAM,kDAAkD,MAAM,CAAC;AAGtE,eAAO,MAAM,oBAAoB,0DAAgC,CAAC;AAClE,eAAO,MAAM,iBAAiB,0FAA6B,CAAC"}
+{"version":3,"file":"sns.d.ts","sourceRoot":"","sources":["../../src/constants/sns.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,oBAAoB,0DAA0D,CAAC;AAC5F,eAAO,MAAM,iBAAiB,0FAC2D,CAAC;AAC1F,eAAO,MAAM,qDAAqD,kCAAkC,CAAC;AACrG,eAAO,MAAM,oDAAoD,MAAM,CAAC"}

package/dist/constants/sns.js

@@ -1,31 +1,11 @@
 Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
 
-exports.SnsTopicType = void 0;
-(function (SnsTopicType) {
-    SnsTopicType["RESOURCE"] = "resource";
-    SnsTopicType["ENTITY"] = "entity";
-})(exports.SnsTopicType || (exports.SnsTopicType = {}));
-// Resource SNS constants
-const RESOURCE_SNS_ARN_ENV_VAR_NAME = 'SHARED_AUTHORIZATION_SNS_ENDPOINT_RESOURCE_ATTRIBUTES';
-const RESOURCE_SNS_DEV_TEST_NAME = 'arn:aws:sns:us-east-1:000000000000:monday-authorization-resource-attributes-sns-local';
-// Entity SNS constants
-const ENTITY_SNS_ARN_ENV_VAR_NAME = 'SHARED_AUTHORIZATION_SNS_ENDPOINT_ENTITY_ATTRIBUTES';
-const ENTITY_SNS_DEV_TEST_NAME = 'arn:aws:sns:us-east-1:000000000000:monday-authorization-entity-attributes-sns-local';
+const SNS_ARN_ENV_VAR_NAME = 'SHARED_AUTHORIZATION_SNS_ENDPOINT_RESOURCE_ATTRIBUTES';
+const SNS_DEV_TEST_NAME = 'arn:aws:sns:us-east-1:000000000000:monday-authorization-resource-attributes-sns-local';
 const RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND = 'resourceAttributeModification';
-const ENTITY_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND = 'entityAttributeModification';
 const ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE = 100;
-const ASYNC_ENTITY_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE = 100;
-// Legacy exports for backward compatibility
-const SNS_ARN_ENV_VAR_NAME = RESOURCE_SNS_ARN_ENV_VAR_NAME;
-const SNS_DEV_TEST_NAME = RESOURCE_SNS_DEV_TEST_NAME;
 
-exports.ASYNC_ENTITY_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE = ASYNC_ENTITY_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE;
 exports.ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE = ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE;
-exports.ENTITY_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND = ENTITY_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND;
-exports.ENTITY_SNS_ARN_ENV_VAR_NAME = ENTITY_SNS_ARN_ENV_VAR_NAME;
-exports.ENTITY_SNS_DEV_TEST_NAME = ENTITY_SNS_DEV_TEST_NAME;
 exports.RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND = RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND;
-exports.RESOURCE_SNS_ARN_ENV_VAR_NAME = RESOURCE_SNS_ARN_ENV_VAR_NAME;
-exports.RESOURCE_SNS_DEV_TEST_NAME = RESOURCE_SNS_DEV_TEST_NAME;
 exports.SNS_ARN_ENV_VAR_NAME = SNS_ARN_ENV_VAR_NAME;
 exports.SNS_DEV_TEST_NAME = SNS_DEV_TEST_NAME;

package/dist/esm/attributions-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../../src/attributions-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;AAStF,oBAAY,eAAe;IACzB,YAAY,iBAAiB;IAC7B,IAAI,SAAS;IACb,QAAQ,aAAa;IACrB,GAAG,QAAQ;CACZ;AAED,wBAAgB,UAAU,mFAiBzB;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,gBAAgB,CAEtE;AAED,wBAAgB,sBAAsB,IAAI;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAyClE"}
+{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../../src/attributions-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;AAStF,oBAAY,eAAe;IACzB,YAAY,iBAAiB;IAC7B,IAAI,SAAS;IACb,QAAQ,aAAa;IACrB,GAAG,QAAQ;CACZ;AAED,wBAAgB,UAAU,mFAiBzB;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,gBAAgB,CAEtE;AAED,wBAAgB,sBAAsB,IAAI;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAqClE"}

package/dist/esm/attributions-service.mjs

@@ -44,7 +44,6 @@ function getAttributionsFromApi() {
         const { runtimeAttributions } = tridentContext;
         const runtimeAttributionsOutgoingHeaders = runtimeAttributions?.buildOutgoingHeaders('HTTP_INTERNAL');
         if (!runtimeAttributionsOutgoingHeaders) {
-            logger.info({ tag: 'authorization-service', runtimeAttributionsOutgoingHeaders }, 'No runtime attributions outgoing headers');
             return callerAppNameFromSdk;
         }
         const attributionsHeaders = Object.fromEntries(runtimeAttributionsOutgoingHeaders);

package/dist/esm/authorization-attributes-service.d.ts

@@ -0,0 +1,54 @@
+import { FetcherConfig, HttpClient } from '@mondaydotcomorg/trident-backend-api';
+import { RecursivePartial } from '@mondaydotcomorg/monday-fetch-api';
+import { ResourceAttributeAssignment, ResourceAttributeResponse, ResourceAttributesOperation } from './types/authorization-attributes-contracts';
+import { Resource } from './types/general';
+export declare class AuthorizationAttributesService {
+    private static LOG_TAG;
+    private static API_PATHS;
+    private httpClient;
+    private fetchOptions;
+    private snsArn;
+    /**
+     * Public constructor to create the AuthorizationAttributesService instance.
+     * @param httpClient The HTTP client to use for API requests, if not provided, the default HTTP client from Api will be used.
+     * @param fetchOptions The fetch options to use for API requests, if not provided, the default fetch options will be used.
+     */
+    constructor(httpClient?: HttpClient, fetchOptions?: RecursivePartial<FetcherConfig>);
+    /**
+     * Upsert resource attributes synchronously, performing http call to the authorization MS to assign the given attributes to the given resource.
+     * @param accountId
+     * @param resourceAttributeAssignments - Array of resource (resourceType, resourceId) and attribute (key, value) pairs to upsert in the authorization MS.
+     * e.g. [{ resourceType: 'board', resourceId: 123, key: 'board_kind', value: 'private' }]
+     * @returns ResourceAttributeResponse - The affected (created and updated_ resource attributes assignments in the `attributes` field.
+     */
+    upsertResourceAttributes(accountId: number, resourceAttributeAssignments: ResourceAttributeAssignment[]): Promise<ResourceAttributeResponse>;
+    /**
+     * Delete resource attributes assignments synchronously, performing http call to the authorization MS to delete the given attributes from the given singular resource.
+     * @param accountId
+     * @param resource - The resource (resourceType, resourceId) to delete the attributes for.
+     * @param attributeKeys - Array of attribute keys to delete for the resource.
+     * @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
+     */
+    deleteResourceAttributes(accountId: number, resource: Resource, attributeKeys: string[]): Promise<ResourceAttributeResponse>;
+    /**
+     *  Async function, this function only send the updates request to SNS and return before the change actually took place
+     * @param accountId
+     * @param appName - App name of the calling app
+     * @param callerActionIdentifier - action identifier
+     * @param resourceAttributeOperations - Array of operations to do on resource attributes.
+     * @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
+     *  */
+    updateResourceAttributesAsync(accountId: number, appName: string, callerActionIdentifier: string, resourceAttributeOperations: ResourceAttributesOperation[]): Promise<ResourceAttributesOperation[]>;
+    private sendSingleSnsMessage;
+    private static getSnsTopicArn;
+    /**
+     * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
+     * This function can be used as health check for services that updating resource attributes in async is crucial.
+     * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
+     * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
+     * However, this is the best we can do without actually push dummy messages to the SNS.
+     * @return {Promise<boolean>} - true if succeeded
+     */
+    asyncResourceAttributesHealthCheck(): Promise<boolean>;
+}
+//# sourceMappingURL=authorization-attributes-service.d.ts.map

package/dist/esm/authorization-attributes-service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorization-attributes-service.d.ts","sourceRoot":"","sources":["../../src/authorization-attributes-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAO,aAAa,EAAE,UAAU,EAAE,MAAM,sCAAsC,CAAC;AAEtF,OAAO,EAAoB,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACvF,OAAO,EACL,2BAA2B,EAC3B,yBAAyB,EACzB,2BAA2B,EAC5B,MAAM,4CAA4C,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAY3C,qBAAa,8BAA8B;IACzC,OAAO,CAAC,MAAM,CAAC,OAAO,CAA8B;IACpD,OAAO,CAAC,MAAM,CAAC,SAAS,CAGb;IACX,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,YAAY,CAAkC;IACtD,OAAO,CAAC,MAAM,CAAS;IAEvB;;;;OAIG;gBACS,UAAU,CAAC,EAAE,UAAU,EAAE,YAAY,CAAC,EAAE,gBAAgB,CAAC,aAAa,CAAC;IAqBnF;;;;;;OAMG;IACG,wBAAwB,CAC5B,SAAS,EAAE,MAAM,EACjB,4BAA4B,EAAE,2BAA2B,EAAE,GAC1D,OAAO,CAAC,yBAAyB,CAAC;IA6BrC;;;;;;OAMG;IACG,wBAAwB,CAC5B,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,QAAQ,EAClB,aAAa,EAAE,MAAM,EAAE,GACtB,OAAO,CAAC,yBAAyB,CAAC;IAkCrC;;;;;;;UAOM;IACA,6BAA6B,CACjC,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,sBAAsB,EAAE,MAAM,EAC9B,2BAA2B,EAAE,2BAA2B,EAAE,GACzD,OAAO,CAAC,2BAA2B,EAAE,CAAC;YAY3B,oBAAoB;IA4BlC,OAAO,CAAC,MAAM,CAAC,cAAc;IAW7B;;;;;;;OAOG;IACG,kCAAkC,IAAI,OAAO,CAAC,OAAO,CAAC;CAoB7D"}