@mondaydotcomorg/monday-authorization 3.5.1-fix-authorize-profile-picker-7481de0 → 3.5.2-feat-shaime-support-entity-attributes-4-ddec1d3

package/dist/authorization-attributes-service.js

@@ -1,185 +1,46 @@
 Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
 
-const chunk = require('lodash/chunk.js');
-const tridentBackendApi = require('@mondaydotcomorg/trident-backend-api');
-const mondaySns = require('@mondaydotcomorg/monday-sns');
-const mondayFetchApi = require('@mondaydotcomorg/monday-fetch-api');
-const authorizationInternalService = require('./authorization-internal-service.js');
-const attributionsService = require('./attributions-service.js');
-const constants_sns = require('./constants/sns.js');
-const constants = require('./constants.js');
-
-const _interopDefault = e => e && e.__esModule ? e : { default: e };
-
-const chunk__default = /*#__PURE__*/_interopDefault(chunk);
+const authorizationAttributesMsService = require('./authorization-attributes-ms-service.js');
+const authorizationAttributesSnsService = require('./authorization-attributes-sns-service.js');
 
+/**
+ * Main service class for managing resource and entity attributes.
+ * Provides access to both direct (MS) and SNS operations.
+ *
+ * @example
+ * const service = new AuthorizationAttributesService();
+ *
+ * // Use direct operations
+ * await service.direct().upsertResourceAttributes(accountId, assignments);
+ *
+ * // Use SNS operations
+ * await service.sns().upsertResourceAttributes(accountId, assignments, appName, actionId);
+ * ```
+ */
 class AuthorizationAttributesService {
-    static LOG_TAG = 'authorization_attributes';
-    static API_PATHS = {
-        UPSERT_RESOURCE_ATTRIBUTES: '/attributes/{accountId}/resource',
-        DELETE_RESOURCE_ATTRIBUTES: '/attributes/{accountId}/resource/{resourceType}/{resourceId}',
-    };
-    httpClient;
-    fetchOptions;
-    snsArn;
+    _directService = null;
+    _snsService = null;
     /**
-     * Public constructor to create the AuthorizationAttributesService instance.
-     * @param httpClient The HTTP client to use for API requests, if not provided, the default HTTP client from Api will be used.
-     * @param fetchOptions The fetch options to use for API requests, if not provided, the default fetch options will be used.
+     * Gets the direct (MS) service instance.
+     * Initializes the service on first access (lazy initialization).
+     * @returns IAuthorizationAttributesService instance
      */
-    constructor(httpClient, fetchOptions) {
-        if (!httpClient) {
-            httpClient = tridentBackendApi.Api.getPart('httpClient');
-            if (!httpClient) {
-                throw new Error(constants.ERROR_MESSAGES.HTTP_CLIENT_NOT_INITIALIZED);
-            }
-        }
-        if (!fetchOptions) {
-            fetchOptions = constants.DEFAULT_FETCH_OPTIONS;
-        }
-        else {
-            fetchOptions = {
-                ...constants.DEFAULT_FETCH_OPTIONS,
-                ...fetchOptions,
-            };
+    direct() {
+        if (this._directService === null) {
+            this._directService = new authorizationAttributesMsService.AuthorizationAttributesMsService();
         }
-        this.httpClient = httpClient;
-        this.fetchOptions = fetchOptions;
-        this.snsArn = AuthorizationAttributesService.getSnsTopicArn();
+        return this._directService;
     }
     /**
-     * Upsert resource attributes synchronously, performing http call to the authorization MS to assign the given attributes to the given resource.
-     * @param accountId
-     * @param resourceAttributeAssignments - Array of resource (resourceType, resourceId) and attribute (key, value) pairs to upsert in the authorization MS.
-     * e.g. [{ resourceType: 'board', resourceId: 123, key: 'board_kind', value: 'private' }]
-     * @returns ResourceAttributeResponse - The affected (created and updated_ resource attributes assignments in the `attributes` field.
+     * Gets the SNS service instance.
+     * Initializes the service on first access (lazy initialization).
+     * @returns IAuthorizationAttributesService instance
      */
-    async upsertResourceAttributes(accountId, resourceAttributeAssignments) {
-        const attributionHeaders = attributionsService.getAttributionsFromApi();
-        try {
-            return await this.httpClient.fetch({
-                url: {
-                    appName: constants.APP_NAME,
-                    path: AuthorizationAttributesService.API_PATHS.UPSERT_RESOURCE_ATTRIBUTES.replace('{accountId}', accountId.toString()),
-                },
-                method: 'POST',
-                headers: {
-                    'Content-Type': 'application/json',
-                    ...attributionHeaders,
-                },
-                body: JSON.stringify({ resourceAttributeAssignments }),
-            }, this.fetchOptions);
-        }
-        catch (err) {
-            if (err instanceof mondayFetchApi.HttpFetcherError) {
-                throw new Error(constants.ERROR_MESSAGES.REQUEST_FAILED('upsertResourceAttributes', err.status, err.message));
-            }
-            throw err;
-        }
-    }
-    /**
-     * Delete resource attributes assignments synchronously, performing http call to the authorization MS to delete the given attributes from the given singular resource.
-     * @param accountId
-     * @param resource - The resource (resourceType, resourceId) to delete the attributes for.
-     * @param attributeKeys - Array of attribute keys to delete for the resource.
-     * @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
-     */
-    async deleteResourceAttributes(accountId, resource, attributeKeys) {
-        const attributionHeaders = attributionsService.getAttributionsFromApi();
-        if (!resource.id) {
-            throw new Error('Resource ID is required');
-        }
-        try {
-            return await this.httpClient.fetch({
-                url: {
-                    appName: constants.APP_NAME,
-                    path: AuthorizationAttributesService.API_PATHS.DELETE_RESOURCE_ATTRIBUTES.replace('{accountId}', accountId.toString())
-                        .replace('{resourceType}', resource.type)
-                        .replace('{resourceId}', resource.id.toString()),
-                },
-                method: 'DELETE',
-                headers: {
-                    'Content-Type': 'application/json',
-                    ...attributionHeaders,
-                },
-                body: JSON.stringify({ keys: attributeKeys }),
-            }, this.fetchOptions);
-        }
-        catch (err) {
-            if (err instanceof mondayFetchApi.HttpFetcherError) {
-                throw new Error(constants.ERROR_MESSAGES.REQUEST_FAILED('deleteResourceAttributes', err.status, err.message));
-            }
-            throw err;
-        }
-    }
-    /**
-     *  Async function, this function only send the updates request to SNS and return before the change actually took place
-     * @param accountId
-     * @param appName - App name of the calling app
-     * @param callerActionIdentifier - action identifier
-     * @param resourceAttributeOperations - Array of operations to do on resource attributes.
-     * @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
-     *  */
-    async updateResourceAttributesAsync(accountId, appName, callerActionIdentifier, resourceAttributeOperations) {
-        const topicArn = this.snsArn;
-        const sendToSnsPromises = [];
-        const operationChucks = chunk__default.default(resourceAttributeOperations, constants_sns.ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE);
-        for (const operationsChunk of operationChucks) {
-            sendToSnsPromises.push(this.sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operationsChunk));
-        }
-        return (await Promise.all(sendToSnsPromises)).flat();
-    }
-    async sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operations) {
-        const payload = {
-            kind: constants_sns.RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND,
-            payload: {
-                accountId: accountId,
-                callerAppName: appName,
-                callerActionIdentifier: callerActionIdentifier,
-                operations: operations,
-            },
-        };
-        try {
-            await mondaySns.sendToSns(payload, topicArn);
-            return operations;
-        }
-        catch (error) {
-            authorizationInternalService.logger.error({ error, tag: AuthorizationAttributesService.LOG_TAG }, 'Authorization resource attributes async update: failed to send operations to SNS');
-            return [];
-        }
-    }
-    static getSnsTopicArn() {
-        const arnFromEnv = process.env[constants_sns.SNS_ARN_ENV_VAR_NAME];
-        if (arnFromEnv) {
-            return arnFromEnv;
-        }
-        if (process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'test') {
-            return constants_sns.SNS_DEV_TEST_NAME;
-        }
-        throw new Error('Unable to get sns topic arn from env variable');
-    }
-    /**
-     * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
-     * This function can be used as health check for services that updating resource attributes in async is crucial.
-     * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
-     * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
-     * However, this is the best we can do without actually push dummy messages to the SNS.
-     * @return {Promise<boolean>} - true if succeeded
-     */
-    async asyncResourceAttributesHealthCheck() {
-        try {
-            const requestedTopicArn = this.snsArn;
-            const attributes = await mondaySns.getTopicAttributes(requestedTopicArn);
-            const isHealthy = !(!attributes || !('TopicArn' in attributes) || attributes.TopicArn !== requestedTopicArn);
-            if (!isHealthy) {
-                authorizationInternalService.logger.error({ requestedTopicArn, snsReturnedAttributes: attributes, tag: AuthorizationAttributesService.LOG_TAG }, 'authorization-attributes-service failed in health check');
-            }
-            return isHealthy;
-        }
-        catch (error) {
-            authorizationInternalService.logger.error({ error, tag: AuthorizationAttributesService.LOG_TAG }, 'authorization-attributes-service got error during health check');
-            return false;
+    sns() {
+        if (this._snsService === null) {
+            this._snsService = new authorizationAttributesSnsService.AuthorizationAttributesSnsService();
         }
+        return this._snsService;
     }
 }
 

package/dist/authorization-attributes-sns-service.d.ts

@@ -0,0 +1,91 @@
+import { ResourceAttributeAssignment, ResourceAttributeOperation, EntityAttributeOperation } from './types/authorization-attributes-contracts';
+import { EntityAttributeAssignment } from './entity-attribute-assignment';
+import { Resource } from './types/general';
+import { AuthorizationAttributesService } from './types/authorization-attributes-service.interface';
+import { EntityType } from './entity-attributes-constants';
+/**
+ * Service class for managing resource attributes asynchronously via SNS.
+ * Provides asynchronous operations to create/update and delete attributes on resources.
+ */
+export declare class AuthorizationAttributesSnsService implements AuthorizationAttributesService {
+    private static LOG_TAG;
+    private resourceSnsArn;
+    private entitySnsArn;
+    /**
+     * Public constructor to create the AuthorizationAttributesSnsService instance.
+     */
+    constructor();
+    /**
+     * Async function to upsert resource attributes using SNS.
+     * Sends the updates request to SNS and returns before the change actually took place.
+     * @param accountId The account ID
+     * @param appName App name of the calling app
+     * @param callerActionIdentifier Action identifier
+     * @param resourceAttributeAssignments Array of resource attribute assignments to upsert
+     * @return Promise with array of sent operations
+     */
+    upsertResourceAttributes(accountId: number, resourceAttributeAssignments: ResourceAttributeAssignment[], appName?: string, callerActionIdentifier?: string): Promise<ResourceAttributeOperation[]>;
+    /**
+     * Async function to delete resource attributes using SNS.
+     * Sends the updates request to SNS and returns before the change actually took place.
+     * @param accountId The account ID
+     * @param appName App name of the calling app
+     * @param callerActionIdentifier Action identifier
+     * @param resource The resource (resourceType, resourceId)
+     * @param attributeKeys Array of attribute keys to delete
+     * @return Promise with array of sent operations
+     */
+    deleteResourceAttributes(accountId: number, resource: Resource, attributeKeys: string[], appName?: string, callerActionIdentifier?: string): Promise<ResourceAttributeOperation[]>;
+    /**
+     * Async function to upsert entity attributes using SNS.
+     * Sends the updates request to SNS and returns before the change actually took place.
+     * @param accountId The account ID
+     * @param appName App name of the calling app
+     * @param callerActionIdentifier Action identifier
+     * @param entityAttributeAssignments Array of entity attribute assignments to upsert
+     * @return Promise with array of sent operations
+     */
+    upsertEntityAttributes(accountId: number, entityAttributeAssignments: EntityAttributeAssignment[], appName?: string, callerActionIdentifier?: string): Promise<EntityAttributeOperation[]>;
+    /**
+     * Async function to delete entity attributes using SNS.
+     * Sends the updates request to SNS and returns before the change actually took place.
+     * @param accountId The account ID
+     * @param appName App name of the calling app
+     * @param callerActionIdentifier Action identifier
+     * @param entityType The entity type
+     * @param entityId The entity ID
+     * @param attributeKeys Array of attribute keys to delete
+     * @return Promise with array of sent operations
+     */
+    deleteEntityAttributes(accountId: number, entityType: EntityType | string, entityId: number, attributeKeys: string[], appName?: string, callerActionIdentifier?: string): Promise<EntityAttributeOperation[]>;
+    /**
+     *  Async function, this function only send the updates request to SNS and return before the change actually took place
+     * @param accountId
+     * @param appName - App name of the calling app
+     * @param callerActionIdentifier - action identifier
+     * @param resourceAttributeOperations - Array of operations to do on resource attributes.
+     * @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
+     *  */
+    updateResourceAttributes(accountId: number, appName: string, callerActionIdentifier: string, resourceAttributeOperations: ResourceAttributeOperation[]): Promise<ResourceAttributeOperation[]>;
+    /**
+     *  Async function, this function only send the updates request to SNS and return before the change actually took place
+     * @param accountId
+     * @param appName - App name of the calling app
+     * @param callerActionIdentifier - action identifier
+     * @param entityAttributeOperations - Array of operations to do on entity attributes.
+     * @return {Promise<EntityAttributeOperation[]>} Array of sent operations
+     *  */
+    updateEntityAttributes(accountId: number, appName: string, callerActionIdentifier: string, entityAttributeOperations: EntityAttributeOperation[]): Promise<EntityAttributeOperation[]>;
+    private sendSingleSnsMessage;
+    private static getSnsTopicArn;
+    /**
+     * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
+     * This function can be used as health check for services that updating resource attributes in async is crucial.
+     * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
+     * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
+     * However, this is the best we can do without actually push dummy messages to the SNS.
+     * @return {Promise<boolean>} - true if succeeded
+     */
+    asyncResourceAttributesHealthCheck(): Promise<boolean>;
+}
+//# sourceMappingURL=authorization-attributes-sns-service.d.ts.map

package/dist/authorization-attributes-sns-service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorization-attributes-sns-service.d.ts","sourceRoot":"","sources":["../src/authorization-attributes-sns-service.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,2BAA2B,EAC3B,0BAA0B,EAC1B,wBAAwB,EAEzB,MAAM,4CAA4C,CAAC;AACpD,OAAO,EAAE,yBAAyB,EAAE,MAAM,+BAA+B,CAAC;AAC1E,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAc3C,OAAO,EAAE,8BAA8B,EAAE,MAAM,oDAAoD,CAAC;AACpG,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAE3D;;;GAGG;AACH,qBAAa,iCAAkC,YAAW,8BAA8B;IACtF,OAAO,CAAC,MAAM,CAAC,OAAO,CAA8B;IACpD,OAAO,CAAC,cAAc,CAAS;IAC/B,OAAO,CAAC,YAAY,CAAS;IAE7B;;OAEG;;IAMH;;;;;;;;OAQG;IACG,wBAAwB,CAC5B,SAAS,EAAE,MAAM,EACjB,4BAA4B,EAAE,2BAA2B,EAAE,EAC3D,OAAO,CAAC,EAAE,MAAM,EAChB,sBAAsB,CAAC,EAAE,MAAM,GAC9B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAWxC;;;;;;;;;OASG;IACG,wBAAwB,CAC5B,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,QAAQ,EAClB,aAAa,EAAE,MAAM,EAAE,EACvB,OAAO,CAAC,EAAE,MAAM,EAChB,sBAAsB,CAAC,EAAE,MAAM,GAC9B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAgBxC;;;;;;;;OAQG;IACG,sBAAsB,CAC1B,SAAS,EAAE,MAAM,EACjB,0BAA0B,EAAE,yBAAyB,EAAE,EACvD,OAAO,CAAC,EAAE,MAAM,EAChB,sBAAsB,CAAC,EAAE,MAAM,GAC9B,OAAO,CAAC,wBAAwB,EAAE,CAAC;IAgBtC;;;;;;;;;;OAUG;IACG,sBAAsB,CAC1B,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,UAAU,GAAG,MAAM,EAC/B,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,MAAM,EAAE,EACvB,OAAO,CAAC,EAAE,MAAM,EAChB,sBAAsB,CAAC,EAAE,MAAM,GAC9B,OAAO,CAAC,wBAAwB,EAAE,CAAC;IAgBtC;;;;;;;UAOM;IACA,wBAAwB,CAC5B,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,sBAAsB,EAAE,MAAM,EAC9B,2BAA2B,EAAE,0BAA0B,EAAE,GACxD,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAoBxC;;;;;;;UAOM;IACA,sBAAsB,CAC1B,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,sBAAsB,EAAE,MAAM,EAC9B,yBAAyB,EAAE,wBAAwB,EAAE,GACpD,OAAO,CAAC,wBAAwB,EAAE,CAAC;YAoBxB,oBAAoB;IA2BlC,OAAO,CAAC,MAAM,CAAC,cAAc;IA0B7B;;;;;;;OAOG;IACG,kCAAkC,IAAI,OAAO,CAAC,OAAO,CAAC;CAoB7D"}

package/dist/authorization-attributes-sns-service.js

@@ -0,0 +1,217 @@
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+
+const chunk = require('lodash/chunk.js');
+const mondaySns = require('@mondaydotcomorg/monday-sns');
+const types_authorizationAttributesContracts = require('./types/authorization-attributes-contracts.js');
+const authorizationInternalService = require('./authorization-internal-service.js');
+const constants_sns = require('./constants/sns.js');
+
+const _interopDefault = e => e && e.__esModule ? e : { default: e };
+
+const chunk__default = /*#__PURE__*/_interopDefault(chunk);
+
+/**
+ * Service class for managing resource attributes asynchronously via SNS.
+ * Provides asynchronous operations to create/update and delete attributes on resources.
+ */
+class AuthorizationAttributesSnsService {
+    static LOG_TAG = 'authorization_attributes';
+    resourceSnsArn;
+    entitySnsArn;
+    /**
+     * Public constructor to create the AuthorizationAttributesSnsService instance.
+     */
+    constructor() {
+        this.resourceSnsArn = AuthorizationAttributesSnsService.getSnsTopicArn(constants_sns.SnsTopicType.RESOURCE);
+        this.entitySnsArn = AuthorizationAttributesSnsService.getSnsTopicArn(constants_sns.SnsTopicType.ENTITY);
+    }
+    /**
+     * Async function to upsert resource attributes using SNS.
+     * Sends the updates request to SNS and returns before the change actually took place.
+     * @param accountId The account ID
+     * @param appName App name of the calling app
+     * @param callerActionIdentifier Action identifier
+     * @param resourceAttributeAssignments Array of resource attribute assignments to upsert
+     * @return Promise with array of sent operations
+     */
+    async upsertResourceAttributes(accountId, resourceAttributeAssignments, appName, callerActionIdentifier) {
+        if (!appName || !callerActionIdentifier) {
+            throw new Error('appName and callerActionIdentifier are required for SNS service');
+        }
+        const operations = resourceAttributeAssignments.map(assignment => ({
+            ...assignment,
+            operationType: types_authorizationAttributesContracts.AttributeOperation.UPSERT,
+        }));
+        return this.updateResourceAttributes(accountId, appName, callerActionIdentifier, operations);
+    }
+    /**
+     * Async function to delete resource attributes using SNS.
+     * Sends the updates request to SNS and returns before the change actually took place.
+     * @param accountId The account ID
+     * @param appName App name of the calling app
+     * @param callerActionIdentifier Action identifier
+     * @param resource The resource (resourceType, resourceId)
+     * @param attributeKeys Array of attribute keys to delete
+     * @return Promise with array of sent operations
+     */
+    async deleteResourceAttributes(accountId, resource, attributeKeys, appName, callerActionIdentifier) {
+        if (!appName || !callerActionIdentifier) {
+            throw new Error('appName and callerActionIdentifier are required for SNS service');
+        }
+        const operations = attributeKeys.map(key => ({
+            resourceType: resource.type,
+            resourceId: resource.id,
+            key,
+            operationType: types_authorizationAttributesContracts.AttributeOperation.DELETE,
+        }));
+        return this.updateResourceAttributes(accountId, appName, callerActionIdentifier, operations);
+    }
+    /**
+     * Async function to upsert entity attributes using SNS.
+     * Sends the updates request to SNS and returns before the change actually took place.
+     * @param accountId The account ID
+     * @param appName App name of the calling app
+     * @param callerActionIdentifier Action identifier
+     * @param entityAttributeAssignments Array of entity attribute assignments to upsert
+     * @return Promise with array of sent operations
+     */
+    async upsertEntityAttributes(accountId, entityAttributeAssignments, appName, callerActionIdentifier) {
+        if (!appName || !callerActionIdentifier) {
+            throw new Error('appName and callerActionIdentifier are required for SNS service');
+        }
+        const operations = entityAttributeAssignments.map(assignment => {
+            return {
+                entityId: assignment.entityId,
+                entityType: assignment.entityType,
+                key: assignment.attributeKey,
+                value: assignment.attributeValue,
+                operationType: types_authorizationAttributesContracts.AttributeOperation.UPSERT,
+            };
+        });
+        return this.updateEntityAttributes(accountId, appName, callerActionIdentifier, operations);
+    }
+    /**
+     * Async function to delete entity attributes using SNS.
+     * Sends the updates request to SNS and returns before the change actually took place.
+     * @param accountId The account ID
+     * @param appName App name of the calling app
+     * @param callerActionIdentifier Action identifier
+     * @param entityType The entity type
+     * @param entityId The entity ID
+     * @param attributeKeys Array of attribute keys to delete
+     * @return Promise with array of sent operations
+     */
+    async deleteEntityAttributes(accountId, entityType, entityId, attributeKeys, appName, callerActionIdentifier) {
+        if (!appName || !callerActionIdentifier) {
+            throw new Error('appName and callerActionIdentifier are required for SNS service');
+        }
+        const operations = attributeKeys.map(key => ({
+            entityType: entityType,
+            entityId,
+            key,
+            operationType: types_authorizationAttributesContracts.AttributeOperation.DELETE,
+        }));
+        return this.updateEntityAttributes(accountId, appName, callerActionIdentifier, operations);
+    }
+    /**
+     *  Async function, this function only send the updates request to SNS and return before the change actually took place
+     * @param accountId
+     * @param appName - App name of the calling app
+     * @param callerActionIdentifier - action identifier
+     * @param resourceAttributeOperations - Array of operations to do on resource attributes.
+     * @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
+     *  */
+    async updateResourceAttributes(accountId, appName, callerActionIdentifier, resourceAttributeOperations) {
+        const topicArn = this.resourceSnsArn;
+        const sendToSnsPromises = [];
+        const operationChucks = chunk__default.default(resourceAttributeOperations, constants_sns.ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE);
+        for (const operationsChunk of operationChucks) {
+            sendToSnsPromises.push(this.sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operationsChunk, constants_sns.RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND, 'Authorization resource attributes async update: failed to send operations to SNS'));
+        }
+        return (await Promise.all(sendToSnsPromises)).flat();
+    }
+    /**
+     *  Async function, this function only send the updates request to SNS and return before the change actually took place
+     * @param accountId
+     * @param appName - App name of the calling app
+     * @param callerActionIdentifier - action identifier
+     * @param entityAttributeOperations - Array of operations to do on entity attributes.
+     * @return {Promise<EntityAttributeOperation[]>} Array of sent operations
+     *  */
+    async updateEntityAttributes(accountId, appName, callerActionIdentifier, entityAttributeOperations) {
+        const topicArn = this.entitySnsArn;
+        const sendToSnsPromises = [];
+        const operationChucks = chunk__default.default(entityAttributeOperations, constants_sns.ASYNC_ENTITY_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE);
+        for (const operationsChunk of operationChucks) {
+            sendToSnsPromises.push(this.sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operationsChunk, constants_sns.ENTITY_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND, 'Authorization entity attributes async update: failed to send operations to SNS'));
+        }
+        return (await Promise.all(sendToSnsPromises)).flat();
+    }
+    async sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operations, kind, errorLogMessage) {
+        const payload = {
+            kind,
+            payload: {
+                accountId: accountId,
+                callerAppName: appName,
+                callerActionIdentifier: callerActionIdentifier,
+                operations: operations,
+            },
+        };
+        try {
+            await mondaySns.sendToSns(payload, topicArn);
+            return operations;
+        }
+        catch (error) {
+            authorizationInternalService.logger.error({ error, tag: AuthorizationAttributesSnsService.LOG_TAG }, errorLogMessage);
+            return [];
+        }
+    }
+    static getSnsTopicArn(type) {
+        let envVarName;
+        let devTestName;
+        switch (type) {
+            case constants_sns.SnsTopicType.ENTITY:
+                envVarName = constants_sns.ENTITY_SNS_ARN_ENV_VAR_NAME;
+                devTestName = constants_sns.ENTITY_SNS_DEV_TEST_NAME;
+                break;
+            default:
+                // Default to resource SNS constants
+                envVarName = constants_sns.RESOURCE_SNS_ARN_ENV_VAR_NAME;
+                devTestName = constants_sns.RESOURCE_SNS_DEV_TEST_NAME;
+                break;
+        }
+        const arnFromEnv = process.env[envVarName];
+        if (arnFromEnv) {
+            return arnFromEnv;
+        }
+        if (process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'test') {
+            return devTestName;
+        }
+        throw new Error(`Unable to get ${type} sns topic arn from env variable`);
+    }
+    /**
+     * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
+     * This function can be used as health check for services that updating resource attributes in async is crucial.
+     * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
+     * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
+     * However, this is the best we can do without actually push dummy messages to the SNS.
+     * @return {Promise<boolean>} - true if succeeded
+     */
+    async asyncResourceAttributesHealthCheck() {
+        try {
+            const requestedTopicArn = this.resourceSnsArn;
+            const attributes = await mondaySns.getTopicAttributes(requestedTopicArn);
+            const isHealthy = !(!attributes || !('TopicArn' in attributes) || attributes.TopicArn !== requestedTopicArn);
+            if (!isHealthy) {
+                authorizationInternalService.logger.error({ requestedTopicArn, snsReturnedAttributes: attributes, tag: AuthorizationAttributesSnsService.LOG_TAG }, 'authorization-attributes-service failed in health check');
+            }
+            return isHealthy;
+        }
+        catch (error) {
+            authorizationInternalService.logger.error({ error, tag: AuthorizationAttributesSnsService.LOG_TAG }, 'authorization-attributes-service got error during health check');
+            return false;
+        }
+    }
+}
+
+exports.AuthorizationAttributesSnsService = AuthorizationAttributesSnsService;

package/dist/authorization-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WA+DZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA+DnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
+{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAsBZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA4CnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}

package/dist/authorization-service.js

@@ -96,33 +96,15 @@ class AuthorizationService {
             authorizationInternalService.logger.error({ tag: 'authorization-service' }, 'AuthorizationService: igniteClient is not set, failing request');
             throw new Error('AuthorizationService: igniteClient is not set, failing request');
         }
-        const allowedProfiles = this.igniteClient.configuration.getObjectValue(ALLOWED_SDK_PLATFORM_PROFILES_KEY, []);
-        const isAllowedProfile = allowedProfiles.includes(appName);
-        authorizationInternalService.logger.error({ tag: 'auth-debug', accountId, userId, appName, allowedProfiles, isAllowedProfile }, 'AuthorizationService.getProfile: checking allowed profiles');
-        if (isAllowedProfile) {
-            const profile = attributionsService.getProfile();
-            authorizationInternalService.logger.error({ tag: 'auth-debug', accountId, userId, appName, profile }, 'AuthorizationService.getProfile: selected profile via allowed profiles');
-            return profile;
+        if (this.igniteClient.configuration.getObjectValue(ALLOWED_SDK_PLATFORM_PROFILES_KEY, []).includes(appName)) {
+            return attributionsService.getProfile();
         }
-        const inReleaseProfiles = this.igniteClient.configuration.getObjectValue(IN_RELEASE_SDK_PLATFORM_PROFILES_KEY, []);
-        const isInReleaseProfile = inReleaseProfiles.includes(appName);
-        const isFeatureFlagReleased = this.igniteClient.isReleased(PLATFORM_PROFILE_RELEASE_FF, { accountId, userId });
-        authorizationInternalService.logger.error({
-            tag: 'auth-debug',
-            accountId,
-            userId,
-            appName,
-            inReleaseProfiles,
-            isInReleaseProfile,
-            isFeatureFlagReleased,
-            featureFlag: PLATFORM_PROFILE_RELEASE_FF,
-        }, 'AuthorizationService.getProfile: checking feature flag release');
-        if (isInReleaseProfile && isFeatureFlagReleased) {
-            const profile = attributionsService.getProfile();
-            authorizationInternalService.logger.error({ tag: 'auth-debug', accountId, userId, appName, profile }, 'AuthorizationService.getProfile: selected profile via feature flag release');
-            return profile;
+        if (this.igniteClient.configuration
+            .getObjectValue(IN_RELEASE_SDK_PLATFORM_PROFILES_KEY, [])
+            .includes(appName) &&
+            this.igniteClient.isReleased(PLATFORM_PROFILE_RELEASE_FF, { accountId, userId })) {
+            return attributionsService.getProfile();
         }
-        authorizationInternalService.logger.error({ tag: 'auth-debug', accountId, userId, appName, profile: attributionsService.PlatformProfile.APP }, 'AuthorizationService.getProfile: selected default APP profile');
         return attributionsService.PlatformProfile.APP;
     }
     static async canActionInScopeMultiple(accountId, userId, scopedActions) {
@@ -130,24 +112,15 @@ class AuthorizationService {
             return [];
         }
         const shouldNavigateToGraph = Boolean(this.igniteClient?.isReleased(NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF, { accountId, userId }));
-        authorizationInternalService.logger.error({
-            tag: 'auth-debug',
-            accountId,
-            userId,
-            shouldNavigateToGraph,
-            featureFlag: NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF,
-        }, 'AuthorizationService.canActionInScopeMultiple: determining which API flow to use');
         const startTime = perf_hooks.performance.now();
         let scopedActionResponseObjects;
         let apiType;
         if (shouldNavigateToGraph) {
             apiType = 'graph';
-            authorizationInternalService.logger.error({ tag: 'auth-debug', accountId, userId, apiType }, 'AuthorizationService.canActionInScopeMultiple: using graph API flow');
             scopedActionResponseObjects = await this.graphApi.checkPermissions(accountId, userId, scopedActions);
         }
         else {
             apiType = 'platform';
-            authorizationInternalService.logger.error({ tag: 'auth-debug', accountId, userId, apiType }, 'AuthorizationService.canActionInScopeMultiple: using platform API flow');
             const profile = this.getProfile(accountId, userId);
             const internalAuthToken = authorizationInternalService.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
             scopedActionResponseObjects = await this.platformApi.checkPermissions(profile, internalAuthToken, userId, scopedActions);

package/dist/base-attribute-assignment.d.ts

@@ -0,0 +1,20 @@
+import { EntityAttributeAssignment, ResourceAttributeDelete } from './types/authorization-attributes-contracts';
+/**
+ * Base class for attribute assignments (Resource or Entity)
+ * Provides common validation and functionality
+ */
+export declare abstract class BaseAttributeAssignment<TId extends number, TType extends string> {
+    readonly id: TId;
+    readonly type: TType;
+    readonly attributeKey: string;
+    readonly attributeValue: string;
+    constructor(id: TId, type: string, attributeKey: string, attributeValue: string, validTypes: readonly string[], idFieldName: string, typeFieldName: string);
+    /**
+     * Compares two assignments for equality
+     * @param other Another assignment instance
+     * @returns true if all properties are equal
+     */
+    equals(other: BaseAttributeAssignment<TId, TType>): boolean;
+    abstract toDataTransferObject(): EntityAttributeAssignment | ResourceAttributeDelete;
+}
+//# sourceMappingURL=base-attribute-assignment.d.ts.map

package/dist/base-attribute-assignment.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"base-attribute-assignment.d.ts","sourceRoot":"","sources":["../src/base-attribute-assignment.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,yBAAyB,EAAE,uBAAuB,EAAE,MAAM,4CAA4C,CAAC;AAEhH;;;GAGG;AACH,8BAAsB,uBAAuB,CAAC,GAAG,SAAS,MAAM,EAAE,KAAK,SAAS,MAAM;IACpF,SAAgB,EAAE,EAAE,GAAG,CAAC;IACxB,SAAgB,IAAI,EAAE,KAAK,CAAC;IAC5B,SAAgB,YAAY,EAAE,MAAM,CAAC;IACrC,SAAgB,cAAc,EAAE,MAAM,CAAC;gBAGrC,EAAE,EAAE,GAAG,EACP,IAAI,EAAE,MAAM,EACZ,YAAY,EAAE,MAAM,EACpB,cAAc,EAAE,MAAM,EACtB,UAAU,EAAE,SAAS,MAAM,EAAE,EAC7B,WAAW,EAAE,MAAM,EACnB,aAAa,EAAE,MAAM;IAcvB;;;;OAIG;IACH,MAAM,CAAC,KAAK,EAAE,uBAAuB,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,OAAO;IAI3D,QAAQ,CAAC,oBAAoB,IAAI,yBAAyB,GAAG,uBAAuB;CACrF"}