@mondaydotcomorg/monday-authorization 3.5.1 → 3.5.2-feat-shaime-support-entity-attributes-3-6202ab7

package/dist/esm/authorization-attributes-service.mjs

@@ -1,179 +1,44 @@
-import chunk from 'lodash/chunk.js';
-import { Api } from '@mondaydotcomorg/trident-backend-api';
-import { sendToSns, getTopicAttributes } from '@mondaydotcomorg/monday-sns';
-import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
-import { logger } from './authorization-internal-service.mjs';
-import { getAttributionsFromApi } from './attributions-service.mjs';
-import { ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE, SNS_ARN_ENV_VAR_NAME, SNS_DEV_TEST_NAME, RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND } from './constants/sns.mjs';
-import { ERROR_MESSAGES, DEFAULT_FETCH_OPTIONS, APP_NAME } from './constants.mjs';
+import { AuthorizationAttributesMsService } from './authorization-attributes-ms-service.mjs';
+import { AuthorizationAttributesSnsService } from './authorization-attributes-sns-service.mjs';
 
+/**
+ * Main service class for managing resource and entity attributes.
+ * Provides access to both direct (MS) and SNS operations.
+ *
+ * @example
+ * const service = new AuthorizationAttributesService();
+ *
+ * // Use direct operations
+ * await service.direct().upsertResourceAttributes(accountId, assignments);
+ *
+ * // Use SNS operations
+ * await service.sns().upsertResourceAttributes(accountId, assignments, appName, actionId);
+ * ```
+ */
 class AuthorizationAttributesService {
-    static LOG_TAG = 'authorization_attributes';
-    static API_PATHS = {
-        UPSERT_RESOURCE_ATTRIBUTES: '/attributes/{accountId}/resource',
-        DELETE_RESOURCE_ATTRIBUTES: '/attributes/{accountId}/resource/{resourceType}/{resourceId}',
-    };
-    httpClient;
-    fetchOptions;
-    snsArn;
+    _directService = null;
+    _snsService = null;
     /**
-     * Public constructor to create the AuthorizationAttributesService instance.
-     * @param httpClient The HTTP client to use for API requests, if not provided, the default HTTP client from Api will be used.
-     * @param fetchOptions The fetch options to use for API requests, if not provided, the default fetch options will be used.
+     * Gets the direct (MS) service instance.
+     * Initializes the service on first access (lazy initialization).
+     * @returns IAuthorizationAttributesService instance
      */
-    constructor(httpClient, fetchOptions) {
-        if (!httpClient) {
-            httpClient = Api.getPart('httpClient');
-            if (!httpClient) {
-                throw new Error(ERROR_MESSAGES.HTTP_CLIENT_NOT_INITIALIZED);
-            }
-        }
-        if (!fetchOptions) {
-            fetchOptions = DEFAULT_FETCH_OPTIONS;
-        }
-        else {
-            fetchOptions = {
-                ...DEFAULT_FETCH_OPTIONS,
-                ...fetchOptions,
-            };
-        }
-        this.httpClient = httpClient;
-        this.fetchOptions = fetchOptions;
-        this.snsArn = AuthorizationAttributesService.getSnsTopicArn();
-    }
-    /**
-     * Upsert resource attributes synchronously, performing http call to the authorization MS to assign the given attributes to the given resource.
-     * @param accountId
-     * @param resourceAttributeAssignments - Array of resource (resourceType, resourceId) and attribute (key, value) pairs to upsert in the authorization MS.
-     * e.g. [{ resourceType: 'board', resourceId: 123, key: 'board_kind', value: 'private' }]
-     * @returns ResourceAttributeResponse - The affected (created and updated_ resource attributes assignments in the `attributes` field.
-     */
-    async upsertResourceAttributes(accountId, resourceAttributeAssignments) {
-        const attributionHeaders = getAttributionsFromApi();
-        try {
-            return await this.httpClient.fetch({
-                url: {
-                    appName: APP_NAME,
-                    path: AuthorizationAttributesService.API_PATHS.UPSERT_RESOURCE_ATTRIBUTES.replace('{accountId}', accountId.toString()),
-                },
-                method: 'POST',
-                headers: {
-                    'Content-Type': 'application/json',
-                    ...attributionHeaders,
-                },
-                body: JSON.stringify({ resourceAttributeAssignments }),
-            }, this.fetchOptions);
-        }
-        catch (err) {
-            if (err instanceof HttpFetcherError) {
-                throw new Error(ERROR_MESSAGES.REQUEST_FAILED('upsertResourceAttributes', err.status, err.message));
-            }
-            throw err;
+    direct() {
+        if (this._directService === null) {
+            this._directService = new AuthorizationAttributesMsService();
         }
+        return this._directService;
     }
     /**
-     * Delete resource attributes assignments synchronously, performing http call to the authorization MS to delete the given attributes from the given singular resource.
-     * @param accountId
-     * @param resource - The resource (resourceType, resourceId) to delete the attributes for.
-     * @param attributeKeys - Array of attribute keys to delete for the resource.
-     * @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
+     * Gets the SNS service instance.
+     * Initializes the service on first access (lazy initialization).
+     * @returns IAuthorizationAttributesService instance
      */
-    async deleteResourceAttributes(accountId, resource, attributeKeys) {
-        const attributionHeaders = getAttributionsFromApi();
-        if (!resource.id) {
-            throw new Error('Resource ID is required');
-        }
-        try {
-            return await this.httpClient.fetch({
-                url: {
-                    appName: APP_NAME,
-                    path: AuthorizationAttributesService.API_PATHS.DELETE_RESOURCE_ATTRIBUTES.replace('{accountId}', accountId.toString())
-                        .replace('{resourceType}', resource.type)
-                        .replace('{resourceId}', resource.id.toString()),
-                },
-                method: 'DELETE',
-                headers: {
-                    'Content-Type': 'application/json',
-                    ...attributionHeaders,
-                },
-                body: JSON.stringify({ keys: attributeKeys }),
-            }, this.fetchOptions);
-        }
-        catch (err) {
-            if (err instanceof HttpFetcherError) {
-                throw new Error(ERROR_MESSAGES.REQUEST_FAILED('deleteResourceAttributes', err.status, err.message));
-            }
-            throw err;
-        }
-    }
-    /**
-     *  Async function, this function only send the updates request to SNS and return before the change actually took place
-     * @param accountId
-     * @param appName - App name of the calling app
-     * @param callerActionIdentifier - action identifier
-     * @param resourceAttributeOperations - Array of operations to do on resource attributes.
-     * @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
-     *  */
-    async updateResourceAttributesAsync(accountId, appName, callerActionIdentifier, resourceAttributeOperations) {
-        const topicArn = this.snsArn;
-        const sendToSnsPromises = [];
-        const operationChucks = chunk(resourceAttributeOperations, ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE);
-        for (const operationsChunk of operationChucks) {
-            sendToSnsPromises.push(this.sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operationsChunk));
-        }
-        return (await Promise.all(sendToSnsPromises)).flat();
-    }
-    async sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operations) {
-        const payload = {
-            kind: RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND,
-            payload: {
-                accountId: accountId,
-                callerAppName: appName,
-                callerActionIdentifier: callerActionIdentifier,
-                operations: operations,
-            },
-        };
-        try {
-            await sendToSns(payload, topicArn);
-            return operations;
-        }
-        catch (error) {
-            logger.error({ error, tag: AuthorizationAttributesService.LOG_TAG }, 'Authorization resource attributes async update: failed to send operations to SNS');
-            return [];
-        }
-    }
-    static getSnsTopicArn() {
-        const arnFromEnv = process.env[SNS_ARN_ENV_VAR_NAME];
-        if (arnFromEnv) {
-            return arnFromEnv;
-        }
-        if (process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'test') {
-            return SNS_DEV_TEST_NAME;
-        }
-        throw new Error('Unable to get sns topic arn from env variable');
-    }
-    /**
-     * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
-     * This function can be used as health check for services that updating resource attributes in async is crucial.
-     * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
-     * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
-     * However, this is the best we can do without actually push dummy messages to the SNS.
-     * @return {Promise<boolean>} - true if succeeded
-     */
-    async asyncResourceAttributesHealthCheck() {
-        try {
-            const requestedTopicArn = this.snsArn;
-            const attributes = await getTopicAttributes(requestedTopicArn);
-            const isHealthy = !(!attributes || !('TopicArn' in attributes) || attributes.TopicArn !== requestedTopicArn);
-            if (!isHealthy) {
-                logger.error({ requestedTopicArn, snsReturnedAttributes: attributes, tag: AuthorizationAttributesService.LOG_TAG }, 'authorization-attributes-service failed in health check');
-            }
-            return isHealthy;
-        }
-        catch (error) {
-            logger.error({ error, tag: AuthorizationAttributesService.LOG_TAG }, 'authorization-attributes-service got error during health check');
-            return false;
+    sns() {
+        if (this._snsService === null) {
+            this._snsService = new AuthorizationAttributesSnsService();
         }
+        return this._snsService;
     }
 }
 

package/dist/esm/authorization-attributes-sns-service.d.ts

@@ -0,0 +1,70 @@
+import { ResourceAttributeOperation, EntityAttributeOperation } from './types/authorization-attributes-contracts';
+import { Resource } from './types/general';
+import { AuthorizationAttributesService } from './types/authorization-attributes-service.interface';
+import { EntityType } from './entity-attributes-constants';
+/**
+ * Service class for managing resource attributes asynchronously via SNS.
+ * Provides asynchronous operations to create/update and delete attributes on resources.
+ */
+export declare class AuthorizationAttributesSnsService implements AuthorizationAttributesService {
+    private static LOG_TAG;
+    private resourceSnsArn;
+    private entitySnsArn;
+    /**
+     * Public constructor to create the AuthorizationAttributesSnsService instance.
+     */
+    constructor();
+    /**
+     * Async function to delete resource attributes using SNS.
+     * Sends the updates request to SNS and returns before the change actually took place.
+     * @param accountId The account ID
+     * @param appName App name of the calling app
+     * @param callerActionIdentifier Action identifier
+     * @param resource The resource (resourceType, resourceId)
+     * @param attributeKeys Array of attribute keys to delete
+     * @return Promise with array of sent operations
+     */
+    deleteResourceAttributes(accountId: number, resource: Resource, attributeKeys: string[], appName?: string, callerActionIdentifier?: string): Promise<ResourceAttributeOperation[]>;
+    /**
+     * Async function to delete entity attributes using SNS.
+     * Sends the updates request to SNS and returns before the change actually took place.
+     * @param accountId The account ID
+     * @param appName App name of the calling app
+     * @param callerActionIdentifier Action identifier
+     * @param entityType The entity type
+     * @param entityId The entity ID
+     * @param attributeKeys Array of attribute keys to delete
+     * @return Promise with array of sent operations
+     */
+    deleteEntityAttributes(accountId: number, entityType: EntityType, entityId: number, attributeKeys: string[], appName?: string, callerActionIdentifier?: string): Promise<EntityAttributeOperation[]>;
+    /**
+     *  Async function, this function only send the updates request to SNS and return before the change actually took place
+     * @param accountId
+     * @param appName - App name of the calling app
+     * @param callerActionIdentifier - action identifier
+     * @param resourceAttributeOperations - Array of operations to do on resource attributes.
+     * @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
+     *  */
+    updateResourceAttributes(accountId: number, appName: string, callerActionIdentifier: string, resourceAttributeOperations: ResourceAttributeOperation[]): Promise<ResourceAttributeOperation[]>;
+    /**
+     *  Async function, this function only send the updates request to SNS and return before the change actually took place
+     * @param accountId
+     * @param appName - App name of the calling app
+     * @param callerActionIdentifier - action identifier
+     * @param entityAttributeOperations - Array of operations to do on entity attributes.
+     * @return {Promise<EntityAttributeOperation[]>} Array of sent operations
+     *  */
+    updateEntityAttributes(accountId: number, appName: string, callerActionIdentifier: string, entityAttributeOperations: EntityAttributeOperation[]): Promise<EntityAttributeOperation[]>;
+    private sendSingleSnsMessage;
+    private static getSnsTopicArn;
+    /**
+     * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
+     * This function can be used as health check for services that updating resource attributes in async is crucial.
+     * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
+     * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
+     * However, this is the best we can do without actually push dummy messages to the SNS.
+     * @return {Promise<boolean>} - true if succeeded
+     */
+    asyncResourceAttributesHealthCheck(): Promise<boolean>;
+}
+//# sourceMappingURL=authorization-attributes-sns-service.d.ts.map

package/dist/esm/authorization-attributes-sns-service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorization-attributes-sns-service.d.ts","sourceRoot":"","sources":["../../src/authorization-attributes-sns-service.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,0BAA0B,EAC1B,wBAAwB,EAEzB,MAAM,4CAA4C,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAa3C,OAAO,EAAE,8BAA8B,EAAE,MAAM,oDAAoD,CAAC;AACpG,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAI3D;;;GAGG;AACH,qBAAa,iCAAkC,YAAW,8BAA8B;IACtF,OAAO,CAAC,MAAM,CAAC,OAAO,CAA8B;IACpD,OAAO,CAAC,cAAc,CAAS;IAC/B,OAAO,CAAC,YAAY,CAAS;IAE7B;;OAEG;;IAMH;;;;;;;;;OASG;IACG,wBAAwB,CAC5B,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,QAAQ,EAClB,aAAa,EAAE,MAAM,EAAE,EACvB,OAAO,CAAC,EAAE,MAAM,EAChB,sBAAsB,CAAC,EAAE,MAAM,GAC9B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAgBxC;;;;;;;;;;OAUG;IACG,sBAAsB,CAC1B,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,UAAU,EACtB,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,MAAM,EAAE,EACvB,OAAO,CAAC,EAAE,MAAM,EAChB,sBAAsB,CAAC,EAAE,MAAM,GAC9B,OAAO,CAAC,wBAAwB,EAAE,CAAC;IAiBtC;;;;;;;UAOM;IACA,wBAAwB,CAC5B,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,sBAAsB,EAAE,MAAM,EAC9B,2BAA2B,EAAE,0BAA0B,EAAE,GACxD,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAoBxC;;;;;;;UAOM;IACA,sBAAsB,CAC1B,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,sBAAsB,EAAE,MAAM,EAC9B,yBAAyB,EAAE,wBAAwB,EAAE,GACpD,OAAO,CAAC,wBAAwB,EAAE,CAAC;YAoBxB,oBAAoB;IA2BlC,OAAO,CAAC,MAAM,CAAC,cAAc;IA0B7B;;;;;;;OAOG;IACG,kCAAkC,IAAI,OAAO,CAAC,OAAO,CAAC;CAoB7D"}

package/dist/esm/authorization-attributes-sns-service.mjs

@@ -0,0 +1,173 @@
+import chunk from 'lodash/chunk.js';
+import { sendToSns, getTopicAttributes } from '@mondaydotcomorg/monday-sns';
+import { AttributeOperation } from './types/authorization-attributes-contracts.mjs';
+import { logger } from './authorization-internal-service.mjs';
+import { SnsTopicType, ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE, RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND, ASYNC_ENTITY_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE, ENTITY_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND, RESOURCE_SNS_ARN_ENV_VAR_NAME, RESOURCE_SNS_DEV_TEST_NAME, ENTITY_SNS_ARN_ENV_VAR_NAME, ENTITY_SNS_DEV_TEST_NAME } from './constants/sns.mjs';
+import { ValidationUtils } from './utils/validation.mjs';
+
+/**
+ * Service class for managing resource attributes asynchronously via SNS.
+ * Provides asynchronous operations to create/update and delete attributes on resources.
+ */
+class AuthorizationAttributesSnsService {
+    static LOG_TAG = 'authorization_attributes';
+    resourceSnsArn;
+    entitySnsArn;
+    /**
+     * Public constructor to create the AuthorizationAttributesSnsService instance.
+     */
+    constructor() {
+        this.resourceSnsArn = AuthorizationAttributesSnsService.getSnsTopicArn(SnsTopicType.RESOURCE);
+        this.entitySnsArn = AuthorizationAttributesSnsService.getSnsTopicArn(SnsTopicType.ENTITY);
+    }
+    /**
+     * Async function to delete resource attributes using SNS.
+     * Sends the updates request to SNS and returns before the change actually took place.
+     * @param accountId The account ID
+     * @param appName App name of the calling app
+     * @param callerActionIdentifier Action identifier
+     * @param resource The resource (resourceType, resourceId)
+     * @param attributeKeys Array of attribute keys to delete
+     * @return Promise with array of sent operations
+     */
+    async deleteResourceAttributes(accountId, resource, attributeKeys, appName, callerActionIdentifier) {
+        if (!appName || !callerActionIdentifier) {
+            throw new Error('appName and callerActionIdentifier are required for SNS service');
+        }
+        const operations = attributeKeys.map(key => ({
+            resourceType: resource.type,
+            resourceId: resource.id,
+            key,
+            operationType: AttributeOperation.DELETE,
+        }));
+        return this.updateResourceAttributes(accountId, appName, callerActionIdentifier, operations);
+    }
+    /**
+     * Async function to delete entity attributes using SNS.
+     * Sends the updates request to SNS and returns before the change actually took place.
+     * @param accountId The account ID
+     * @param appName App name of the calling app
+     * @param callerActionIdentifier Action identifier
+     * @param entityType The entity type
+     * @param entityId The entity ID
+     * @param attributeKeys Array of attribute keys to delete
+     * @return Promise with array of sent operations
+     */
+    async deleteEntityAttributes(accountId, entityType, entityId, attributeKeys, appName, callerActionIdentifier) {
+        if (!appName || !callerActionIdentifier) {
+            throw new Error('appName and callerActionIdentifier are required for SNS service');
+        }
+        const operations = attributeKeys.map(key => {
+            ValidationUtils.validateEntityAssignment({ entityId, entityType, key, value: '' });
+            return {
+                entityType: entityType,
+                entityId,
+                key,
+                operationType: AttributeOperation.DELETE,
+                value: '',
+            };
+        });
+        return this.updateEntityAttributes(accountId, appName, callerActionIdentifier, operations);
+    }
+    /**
+     *  Async function, this function only send the updates request to SNS and return before the change actually took place
+     * @param accountId
+     * @param appName - App name of the calling app
+     * @param callerActionIdentifier - action identifier
+     * @param resourceAttributeOperations - Array of operations to do on resource attributes.
+     * @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
+     *  */
+    async updateResourceAttributes(accountId, appName, callerActionIdentifier, resourceAttributeOperations) {
+        const topicArn = this.resourceSnsArn;
+        const sendToSnsPromises = [];
+        const operationChucks = chunk(resourceAttributeOperations, ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE);
+        for (const operationsChunk of operationChucks) {
+            sendToSnsPromises.push(this.sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operationsChunk, RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND, 'Authorization resource attributes async update: failed to send operations to SNS'));
+        }
+        return (await Promise.all(sendToSnsPromises)).flat();
+    }
+    /**
+     *  Async function, this function only send the updates request to SNS and return before the change actually took place
+     * @param accountId
+     * @param appName - App name of the calling app
+     * @param callerActionIdentifier - action identifier
+     * @param entityAttributeOperations - Array of operations to do on entity attributes.
+     * @return {Promise<EntityAttributeOperation[]>} Array of sent operations
+     *  */
+    async updateEntityAttributes(accountId, appName, callerActionIdentifier, entityAttributeOperations) {
+        const topicArn = this.entitySnsArn;
+        const sendToSnsPromises = [];
+        const operationChucks = chunk(entityAttributeOperations, ASYNC_ENTITY_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE);
+        for (const operationsChunk of operationChucks) {
+            sendToSnsPromises.push(this.sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operationsChunk, ENTITY_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND, 'Authorization entity attributes async update: failed to send operations to SNS'));
+        }
+        return (await Promise.all(sendToSnsPromises)).flat();
+    }
+    async sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operations, kind, errorLogMessage) {
+        const payload = {
+            kind,
+            payload: {
+                accountId: accountId,
+                callerAppName: appName,
+                callerActionIdentifier: callerActionIdentifier,
+                operations: operations,
+            },
+        };
+        try {
+            await sendToSns(payload, topicArn);
+            return operations;
+        }
+        catch (error) {
+            logger.error({ error, tag: AuthorizationAttributesSnsService.LOG_TAG }, errorLogMessage);
+            return [];
+        }
+    }
+    static getSnsTopicArn(type) {
+        let envVarName;
+        let devTestName;
+        switch (type) {
+            case SnsTopicType.ENTITY:
+                envVarName = ENTITY_SNS_ARN_ENV_VAR_NAME;
+                devTestName = ENTITY_SNS_DEV_TEST_NAME;
+                break;
+            default:
+                // Default to resource SNS constants
+                envVarName = RESOURCE_SNS_ARN_ENV_VAR_NAME;
+                devTestName = RESOURCE_SNS_DEV_TEST_NAME;
+                break;
+        }
+        const arnFromEnv = process.env[envVarName];
+        if (arnFromEnv) {
+            return arnFromEnv;
+        }
+        if (process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'test') {
+            return devTestName;
+        }
+        throw new Error(`Unable to get ${type} sns topic arn from env variable`);
+    }
+    /**
+     * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
+     * This function can be used as health check for services that updating resource attributes in async is crucial.
+     * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
+     * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
+     * However, this is the best we can do without actually push dummy messages to the SNS.
+     * @return {Promise<boolean>} - true if succeeded
+     */
+    async asyncResourceAttributesHealthCheck() {
+        try {
+            const requestedTopicArn = this.resourceSnsArn;
+            const attributes = await getTopicAttributes(requestedTopicArn);
+            const isHealthy = !(!attributes || !('TopicArn' in attributes) || attributes.TopicArn !== requestedTopicArn);
+            if (!isHealthy) {
+                logger.error({ requestedTopicArn, snsReturnedAttributes: attributes, tag: AuthorizationAttributesSnsService.LOG_TAG }, 'authorization-attributes-service failed in health check');
+            }
+            return isHealthy;
+        }
+        catch (error) {
+            logger.error({ error, tag: AuthorizationAttributesSnsService.LOG_TAG }, 'authorization-attributes-service got error during health check');
+            return false;
+        }
+    }
+}
+
+export { AuthorizationAttributesSnsService };

package/dist/esm/base-attribute-assignment.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Base class for attribute assignments (Resource or Entity)
+ * Provides common validation and functionality
+ */
+export declare abstract class BaseAttributeAssignment<T, R> {
+    readonly id: number;
+    readonly type: T;
+    readonly attributeKey: string;
+    readonly attributeValue: string;
+    constructor(id: number, type: T, attributeKey: string, attributeValue: string);
+    /**
+     * Compares two assignments for equality
+     * @param other Another assignment instance
+     * @returns true if all properties are equal
+     */
+    equals(other: BaseAttributeAssignment<T, R>): boolean;
+    abstract toDataTransferObject(): R;
+}
+//# sourceMappingURL=base-attribute-assignment.d.ts.map

package/dist/esm/base-attribute-assignment.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"base-attribute-assignment.d.ts","sourceRoot":"","sources":["../../src/base-attribute-assignment.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,8BAAsB,uBAAuB,CAAC,CAAC,EAAE,CAAC;IAChD,SAAgB,EAAE,EAAE,MAAM,CAAC;IAC3B,SAAgB,IAAI,EAAE,CAAC,CAAC;IACxB,SAAgB,YAAY,EAAE,MAAM,CAAC;IACrC,SAAgB,cAAc,EAAE,MAAM,CAAC;gBAE3B,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,YAAY,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM;IAO7E;;;;OAIG;IACH,MAAM,CAAC,KAAK,EAAE,uBAAuB,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,OAAO;IAIrD,QAAQ,CAAC,oBAAoB,IAAI,CAAC;CACnC"}

package/dist/esm/base-attribute-assignment.mjs

@@ -0,0 +1,28 @@
+import isEqual from 'lodash/isEqual.js';
+
+/**
+ * Base class for attribute assignments (Resource or Entity)
+ * Provides common validation and functionality
+ */
+class BaseAttributeAssignment {
+    id;
+    type;
+    attributeKey;
+    attributeValue;
+    constructor(id, type, attributeKey, attributeValue) {
+        this.id = id;
+        this.type = type;
+        this.attributeKey = attributeKey;
+        this.attributeValue = attributeValue;
+    }
+    /**
+     * Compares two assignments for equality
+     * @param other Another assignment instance
+     * @returns true if all properties are equal
+     */
+    equals(other) {
+        return isEqual(this, other);
+    }
+}
+
+export { BaseAttributeAssignment };

package/dist/esm/constants/sns.d.ts

@@ -1,5 +1,15 @@
-export declare const SNS_ARN_ENV_VAR_NAME = "SHARED_AUTHORIZATION_SNS_ENDPOINT_RESOURCE_ATTRIBUTES";
-export declare const SNS_DEV_TEST_NAME = "arn:aws:sns:us-east-1:000000000000:monday-authorization-resource-attributes-sns-local";
+export declare enum SnsTopicType {
+    RESOURCE = "resource",
+    ENTITY = "entity"
+}
+export declare const RESOURCE_SNS_ARN_ENV_VAR_NAME = "SHARED_AUTHORIZATION_SNS_ENDPOINT_RESOURCE_ATTRIBUTES";
+export declare const RESOURCE_SNS_DEV_TEST_NAME = "arn:aws:sns:us-east-1:000000000000:monday-authorization-resource-attributes-sns-local";
+export declare const ENTITY_SNS_ARN_ENV_VAR_NAME = "SHARED_AUTHORIZATION_SNS_ENDPOINT_ENTITY_ATTRIBUTES";
+export declare const ENTITY_SNS_DEV_TEST_NAME = "arn:aws:sns:us-east-1:000000000000:monday-authorization-entity-attributes-sns-local";
 export declare const RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND = "resourceAttributeModification";
+export declare const ENTITY_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND = "entityAttributeModification";
 export declare const ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE = 100;
+export declare const ASYNC_ENTITY_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE = 100;
+export declare const SNS_ARN_ENV_VAR_NAME = "SHARED_AUTHORIZATION_SNS_ENDPOINT_RESOURCE_ATTRIBUTES";
+export declare const SNS_DEV_TEST_NAME = "arn:aws:sns:us-east-1:000000000000:monday-authorization-resource-attributes-sns-local";
 //# sourceMappingURL=sns.d.ts.map

package/dist/esm/constants/sns.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sns.d.ts","sourceRoot":"","sources":["../../../src/constants/sns.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,oBAAoB,0DAA0D,CAAC;AAC5F,eAAO,MAAM,iBAAiB,0FAC2D,CAAC;AAC1F,eAAO,MAAM,qDAAqD,kCAAkC,CAAC;AACrG,eAAO,MAAM,oDAAoD,MAAM,CAAC"}
+{"version":3,"file":"sns.d.ts","sourceRoot":"","sources":["../../../src/constants/sns.ts"],"names":[],"mappings":"AAAA,oBAAY,YAAY;IACtB,QAAQ,aAAa;IACrB,MAAM,WAAW;CAClB;AAGD,eAAO,MAAM,6BAA6B,0DAA0D,CAAC;AACrG,eAAO,MAAM,0BAA0B,0FACkD,CAAC;AAG1F,eAAO,MAAM,2BAA2B,wDAAwD,CAAC;AACjG,eAAO,MAAM,wBAAwB,wFACkD,CAAC;AACxF,eAAO,MAAM,qDAAqD,kCAAkC,CAAC;AACrG,eAAO,MAAM,mDAAmD,gCAAgC,CAAC;AACjG,eAAO,MAAM,oDAAoD,MAAM,CAAC;AACxE,eAAO,MAAM,kDAAkD,MAAM,CAAC;AAGtE,eAAO,MAAM,oBAAoB,0DAAgC,CAAC;AAClE,eAAO,MAAM,iBAAiB,0FAA6B,CAAC"}

package/dist/esm/constants/sns.mjs

@@ -1,6 +1,20 @@
-const SNS_ARN_ENV_VAR_NAME = 'SHARED_AUTHORIZATION_SNS_ENDPOINT_RESOURCE_ATTRIBUTES';
-const SNS_DEV_TEST_NAME = 'arn:aws:sns:us-east-1:000000000000:monday-authorization-resource-attributes-sns-local';
+var SnsTopicType;
+(function (SnsTopicType) {
+    SnsTopicType["RESOURCE"] = "resource";
+    SnsTopicType["ENTITY"] = "entity";
+})(SnsTopicType || (SnsTopicType = {}));
+// Resource SNS constants
+const RESOURCE_SNS_ARN_ENV_VAR_NAME = 'SHARED_AUTHORIZATION_SNS_ENDPOINT_RESOURCE_ATTRIBUTES';
+const RESOURCE_SNS_DEV_TEST_NAME = 'arn:aws:sns:us-east-1:000000000000:monday-authorization-resource-attributes-sns-local';
+// Entity SNS constants
+const ENTITY_SNS_ARN_ENV_VAR_NAME = 'SHARED_AUTHORIZATION_SNS_ENDPOINT_ENTITY_ATTRIBUTES';
+const ENTITY_SNS_DEV_TEST_NAME = 'arn:aws:sns:us-east-1:000000000000:monday-authorization-entity-attributes-sns-local';
 const RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND = 'resourceAttributeModification';
+const ENTITY_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND = 'entityAttributeModification';
 const ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE = 100;
+const ASYNC_ENTITY_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE = 100;
+// Legacy exports for backward compatibility
+const SNS_ARN_ENV_VAR_NAME = RESOURCE_SNS_ARN_ENV_VAR_NAME;
+const SNS_DEV_TEST_NAME = RESOURCE_SNS_DEV_TEST_NAME;
 
-export { ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE, RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND, SNS_ARN_ENV_VAR_NAME, SNS_DEV_TEST_NAME };
+export { ASYNC_ENTITY_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE, ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE, ENTITY_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND, ENTITY_SNS_ARN_ENV_VAR_NAME, ENTITY_SNS_DEV_TEST_NAME, RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND, RESOURCE_SNS_ARN_ENV_VAR_NAME, RESOURCE_SNS_DEV_TEST_NAME, SNS_ARN_ENV_VAR_NAME, SNS_DEV_TEST_NAME, SnsTopicType };

package/dist/esm/entity-attribute-assignment.d.ts

@@ -0,0 +1,16 @@
+import { EntityType } from './entity-attributes-constants';
+import { BaseAttributeAssignment } from './base-attribute-assignment';
+import { EntityAttributeAssignment as EntityAttributeAssignmentContract } from './types/authorization-attributes-contracts';
+export declare class EntityAttributeAssignment extends BaseAttributeAssignment<EntityType, EntityAttributeAssignmentContract> {
+    readonly entityId: number;
+    readonly entityType: EntityType;
+    constructor(entityId: number, entityType: EntityType, attributeKey: string, attributeValue: string);
+    toDataTransferObject(): EntityAttributeAssignmentContract;
+    /**
+     * Compares two assignments for equality
+     * @param other Another EntityAttributeAssignment instance
+     * @returns true if all properties are equal
+     */
+    equals(other: EntityAttributeAssignment): boolean;
+}
+//# sourceMappingURL=entity-attribute-assignment.d.ts.map

package/dist/esm/entity-attribute-assignment.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"entity-attribute-assignment.d.ts","sourceRoot":"","sources":["../../src/entity-attribute-assignment.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAC3D,OAAO,EAAE,uBAAuB,EAAE,MAAM,6BAA6B,CAAC;AACtE,OAAO,EAAE,yBAAyB,IAAI,iCAAiC,EAAE,MAAM,4CAA4C,CAAC;AAG5H,qBAAa,yBAA0B,SAAQ,uBAAuB,CAAC,UAAU,EAAE,iCAAiC,CAAC;IACnH,SAAgB,QAAQ,EAAE,MAAM,CAAC;IACjC,SAAgB,UAAU,EAAE,UAAU,CAAC;gBAE3B,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM;IAOlG,oBAAoB,IAAI,iCAAiC;IAQzD;;;;OAIG;IACH,MAAM,CAAC,KAAK,EAAE,yBAAyB,GAAG,OAAO;CAGlD"}

package/dist/esm/entity-attribute-assignment.mjs

@@ -0,0 +1,31 @@
+import { BaseAttributeAssignment } from './base-attribute-assignment.mjs';
+import { ValidationUtils } from './utils/validation.mjs';
+
+class EntityAttributeAssignment extends BaseAttributeAssignment {
+    entityId;
+    entityType;
+    constructor(entityId, entityType, attributeKey, attributeValue) {
+        ValidationUtils.validateEntityAssignment({ entityId, entityType, key: attributeKey, value: attributeValue });
+        super(entityId, entityType, attributeKey, attributeValue);
+        this.entityId = entityId;
+        this.entityType = entityType;
+    }
+    toDataTransferObject() {
+        return {
+            entityId: this.entityId,
+            entityType: this.entityType,
+            key: this.attributeKey,
+            value: this.attributeValue,
+        };
+    }
+    /**
+     * Compares two assignments for equality
+     * @param other Another EntityAttributeAssignment instance
+     * @returns true if all properties are equal
+     */
+    equals(other) {
+        return super.equals(other);
+    }
+}
+
+export { EntityAttributeAssignment };

package/dist/esm/entity-attributes-constants.d.ts

@@ -0,0 +1,7 @@
+export declare enum EntityType {
+    User = "user",
+    Team = "team",
+    Account = "account"
+}
+export declare const ENTITY_TYPES: readonly EntityType[];
+//# sourceMappingURL=entity-attributes-constants.d.ts.map

package/dist/esm/entity-attributes-constants.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"entity-attributes-constants.d.ts","sourceRoot":"","sources":["../../src/entity-attributes-constants.ts"],"names":[],"mappings":"AAAA,oBAAY,UAAU;IACpB,IAAI,SAAS;IACb,IAAI,SAAS;IACb,OAAO,YAAY;CACpB;AAED,eAAO,MAAM,YAAY,uBAA2C,CAAC"}

package/dist/esm/entity-attributes-constants.mjs

@@ -0,0 +1,9 @@
+var EntityType;
+(function (EntityType) {
+    EntityType["User"] = "user";
+    EntityType["Team"] = "team";
+    EntityType["Account"] = "account";
+})(EntityType || (EntityType = {}));
+const ENTITY_TYPES = Object.freeze(Object.values(EntityType));
+
+export { ENTITY_TYPES, EntityType };

package/dist/esm/errors/argument-error.d.ts

@@ -0,0 +1,4 @@
+export declare class ArgumentError extends Error {
+    constructor(message: string);
+}
+//# sourceMappingURL=argument-error.d.ts.map

package/dist/esm/errors/argument-error.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"argument-error.d.ts","sourceRoot":"","sources":["../../../src/errors/argument-error.ts"],"names":[],"mappings":"AAAA,qBAAa,aAAc,SAAQ,KAAK;gBAC1B,OAAO,EAAE,MAAM;CAI5B"}