@mondaydotcomorg/monday-authorization 3.5.1 → 3.5.2-feat-shaime-support-entity-attributes-3-6202ab7

package/src/authorization-attributes-ms-service.ts

@@ -0,0 +1,414 @@
+import { Api, HttpClient } from '@mondaydotcomorg/trident-backend-api';
+import { signAuthorizationHeader } from '@mondaydotcomorg/monday-jwt';
+import { ResourceAttributeAssignment } from './resource-attribute-assignment';
+import { EntityAttributeAssignment } from './entity-attribute-assignment';
+import {
+  AttributeOperation,
+  ResourceAttributeOperation,
+  EntityAttributeOperation,
+  ResourceAttributeResponse,
+} from './types/authorization-attributes-contracts';
+import { EntityType } from './entity-attributes-constants';
+import { AuthorizationInternalService, logger } from './authorization-internal-service';
+import { getAttributionsFromApi } from './attributions-service';
+import { APP_NAME } from './constants';
+import { ValidationUtils } from './utils/validation';
+import { AuthorizationAttributesService } from './types/authorization-attributes-service.interface';
+import { Resource } from './types/general';
+
+const INTERNAL_APP_NAME = 'internal_ms';
+const UPSERT_RESOURCE_ATTRIBUTES_PATH = '/attributes/{accountId}/resource';
+const DELETE_RESOURCE_ATTRIBUTES_PATH = '/attributes/{accountId}/resource/{resourceType}/{resourceId}';
+const UPSERT_ENTITY_ATTRIBUTES_PATH = '/attributes/{accountId}/entity';
+const DELETE_ENTITY_ATTRIBUTES_PATH = '/attributes/{accountId}/entity/{entityType}/{entityId}';
+
+interface DeleteRequestBody {
+  keys: string[];
+}
+
+/**
+ * Service class for managing resource attributes in the authorization microservice.
+ * Provides synchronous HTTP operations to create/update and delete attributes on resources.
+ */
+export class AuthorizationAttributesMsService implements AuthorizationAttributesService {
+  private static LOG_TAG = 'authorization_attributes_ms';
+  private static httpClient: HttpClient | undefined = Api.getPart('httpClient');
+
+  /**
+   * Deletes specific attributes from a resource synchronously.
+   * @param accountId The account ID
+   * @param resource Object with resourceType (string) and resourceId (number)
+   * @param attributeKeys Array of attribute key strings to delete
+   * @returns Promise<void>
+   */
+  async deleteResourceAttributes(
+    accountId: number,
+    resource: Resource,
+    attributeKeys: string[],
+    _appName?: string,
+    _callerActionIdentifier?: string
+  ): Promise<void> {
+    ValidationUtils.validateResource(resource);
+    return AuthorizationAttributesMsService.executeDeleteRequest(
+      accountId,
+      DELETE_RESOURCE_ATTRIBUTES_PATH,
+      {
+        resourceType: resource.type,
+        resourceId: resource.id,
+      },
+      attributeKeys,
+      'resource',
+      'deleteResourceAttributesSync'
+    );
+  }
+
+  /**
+   * Deletes specific attributes from an entity synchronously.
+   * @param accountId The account ID
+   * @param entityType The entity type
+   * @param entityId The entity ID
+   * @param attributeKeys Array of attribute key strings to delete
+   * @returns Promise<void>
+   */
+  async deleteEntityAttributes(
+    accountId: number,
+    entityType: EntityType,
+    entityId: number,
+    attributeKeys: string[],
+    _appName?: string,
+    _callerActionIdentifier?: string
+  ): Promise<void> {
+    ValidationUtils.validateInteger(accountId);
+    return AuthorizationAttributesMsService.executeDeleteRequest(
+      accountId,
+      DELETE_ENTITY_ATTRIBUTES_PATH,
+      {
+        entityType,
+        entityId,
+      },
+      attributeKeys,
+      'entity',
+      'deleteEntityAttributesSync'
+    );
+  }
+
+  /**
+   * Updates resource attributes (batch operations).
+   * Note: MS service does not support batch operations directly.
+   * This method processes operations sequentially using upsert/delete methods.
+   * @param accountId The account ID
+   * @param appName App name (required for interface compatibility, but not used in MS service)
+   * @param callerActionIdentifier Action identifier (required for interface compatibility, but not used in MS service)
+   * @param resourceAttributeOperations Array of operations to perform
+   * @returns Promise<ResourceAttributesOperation[]> Array of processed operations
+   */
+  async updateResourceAttributes(
+    accountId: number,
+    _appName: string,
+    _callerActionIdentifier: string,
+    resourceAttributeOperations: ResourceAttributeOperation[]
+  ): Promise<ResourceAttributeOperation[]> {
+    // Process all operations in parallel using Promise.all
+    await Promise.all(
+      resourceAttributeOperations.map(async operation => {
+        ValidationUtils.validateResourceAssignment({
+          resourceId: operation.resourceId,
+          resourceType: operation.resourceType,
+          key: operation.key,
+          value: operation.value || '',
+        });
+        if (operation.operationType === AttributeOperation.UPSERT) {
+          await this.upsertResourceAttributes(accountId, [
+            new ResourceAttributeAssignment(
+              operation.resourceId,
+              operation.resourceType,
+              operation.key,
+              operation.value || ''
+            ),
+          ]);
+        } else if (operation.operationType === AttributeOperation.DELETE) {
+          await this.deleteResourceAttributes(
+            accountId,
+            {
+              type: operation.resourceType,
+              id: operation.resourceId,
+            },
+            [operation.key]
+          );
+        }
+      })
+    );
+
+    return resourceAttributeOperations;
+  }
+
+  /**
+   * Updates entity attributes (batch operations).
+   * Note: MS service does not support batch operations directly.
+   * This method processes operations sequentially using upsert/delete methods.
+   * @param accountId The account ID
+   * @param appName App name (required for interface compatibility, but not used in MS service)
+   * @param callerActionIdentifier Action identifier (required for interface compatibility, but not used in MS service)
+   * @param entityAttributeOperations Array of operations to perform
+   * @returns Promise<EntityAttributesOperation[]> Array of processed operations
+   */
+  async updateEntityAttributes(
+    accountId: number,
+    _appName: string,
+    _callerActionIdentifier: string,
+    entityAttributeOperations: EntityAttributeOperation[]
+  ): Promise<EntityAttributeOperation[]> {
+    // Process all operations in parallel using Promise.all
+    await Promise.all(
+      entityAttributeOperations.map(async operation => {
+        // Validate before processing
+        ValidationUtils.validateEntityAssignment({
+          entityId: operation.entityId,
+          entityType: operation.entityType,
+          key: operation.key,
+          value: operation.value || '',
+        });
+
+        if (operation.operationType === 'upsert') {
+          await AuthorizationAttributesMsService.executeUpsertRequest(
+            accountId,
+            [
+              new EntityAttributeAssignment(
+                operation.entityId,
+                operation.entityType,
+                operation.key,
+                operation.value || ''
+              ),
+            ],
+            UPSERT_ENTITY_ATTRIBUTES_PATH,
+            'entityAttributeAssignments',
+            'entity',
+            'upsertEntityAttributesSync'
+          );
+        } else if (operation.operationType === 'delete') {
+          await this.deleteEntityAttributes(accountId, operation.entityType, operation.entityId, [operation.key]);
+        }
+      })
+    );
+
+    return entityAttributeOperations;
+  }
+
+  /**
+   * Replaces path template parameters with actual values
+   * @param template Path template with placeholders like {accountId}
+   * @param params Object with parameter names and values
+   * @returns Path with all placeholders replaced
+   */
+  private static replacePathParams(template: string, params: Record<string, string | number>): string {
+    let path = template;
+    for (const [key, value] of Object.entries(params)) {
+      path = path.replace(`{${key}}`, String(value));
+    }
+    return path;
+  }
+
+  /**
+   * Generic helper for executing delete requests
+   */
+  private static async executeDeleteRequest(
+    accountId: number,
+    pathTemplate: string,
+    pathParams: Record<string, string | number>,
+    keys: string[],
+    logPrefix: string,
+    methodName: string
+  ): Promise<void> {
+    // Validate inputs
+    ValidationUtils.validateInteger(accountId);
+    ValidationUtils.validateStringArray(keys);
+
+    if (!keys.length) {
+      logger.warn({ tag: this.LOG_TAG, accountId, ...pathParams }, `${methodName} called with empty keys array`);
+      return;
+    }
+    const requestBody: DeleteRequestBody = { keys };
+
+    if (!AuthorizationAttributesMsService.httpClient) {
+      throw new Error('AuthorizationAttributesMsService: HTTP client is not initialized');
+    }
+    const path = AuthorizationAttributesMsService.replacePathParams(pathTemplate, { accountId, ...pathParams });
+    const headers = AuthorizationAttributesMsService.getRequestHeaders(accountId);
+
+    try {
+      logger.info(
+        { tag: AuthorizationAttributesMsService.LOG_TAG, accountId, ...pathParams, keys },
+        `Deleting ${logPrefix} attributes`
+      );
+
+      await AuthorizationAttributesMsService.httpClient.fetch(
+        {
+          url: {
+            appName: APP_NAME,
+            path,
+          },
+          method: 'DELETE',
+          headers,
+          body: JSON.stringify(requestBody),
+        },
+        {
+          timeout: AuthorizationInternalService.getRequestTimeout(),
+          retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
+        }
+      );
+
+      logger.debug(
+        { tag: AuthorizationAttributesMsService.LOG_TAG, accountId, ...pathParams, keys },
+        `Successfully deleted ${logPrefix} attributes`
+      );
+    } catch (err) {
+      logger.error(
+        {
+          tag: AuthorizationAttributesMsService.LOG_TAG,
+          method: methodName,
+          accountId,
+          ...pathParams,
+          error: err instanceof Error ? err.message : String(err),
+        },
+        `Failed in ${methodName}`
+      );
+      throw err;
+    }
+  }
+
+  /**
+   * Gets request headers including Authorization, Content-Type, and optional attribution headers
+   */
+  private static getRequestHeaders(accountId: number, userId?: number): Record<string, string> {
+    const headers: Record<string, string> = {
+      'Content-Type': 'application/json',
+    };
+
+    // Generate Authorization token
+    const authToken = signAuthorizationHeader({
+      appName: INTERNAL_APP_NAME,
+      accountId,
+      userId,
+    });
+    headers.Authorization = authToken;
+
+    // Add attribution headers if available
+    const attributionHeaders = getAttributionsFromApi();
+    for (const key in attributionHeaders) {
+      if (Object.prototype.hasOwnProperty.call(attributionHeaders, key)) {
+        headers[key] = attributionHeaders[key];
+      }
+    }
+
+    // Add X-REQUEST-ID if available from context
+    try {
+      const tridentContext = Api.getPart('context');
+      if (tridentContext?.runtimeAttributions) {
+        const outgoingHeaders = tridentContext.runtimeAttributions.buildOutgoingHeaders('HTTP_INTERNAL');
+        if (outgoingHeaders) {
+          const attributionHeadersMap: Record<string, string> = {};
+          for (const [key, value] of outgoingHeaders) {
+            attributionHeadersMap[key] = value;
+          }
+          if (attributionHeadersMap['x-request-id']) {
+            headers['X-REQUEST-ID'] = attributionHeadersMap['x-request-id'];
+          }
+        }
+      }
+    } catch (error) {
+      // Silently fail if context is not available
+      logger.debug({ tag: AuthorizationAttributesMsService.LOG_TAG, error }, 'Failed to get request ID from context');
+    }
+
+    // Add X-REQUEST-START timestamp
+    headers['X-REQUEST-START'] = Math.floor(Date.now() / 1000).toString();
+
+    return headers;
+  }
+
+  /**
+   * Generic helper for executing upsert requests
+   */
+  private static async executeUpsertRequest<T extends ResourceAttributeAssignment | EntityAttributeAssignment>(
+    accountId: number,
+    assignments: T[],
+    pathTemplate: string,
+    requestBodyKey: 'resourceAttributeAssignments' | 'entityAttributeAssignments',
+    logPrefix: string,
+    methodName: string
+  ): Promise<void> {
+    const assignmentDto = assignments.map(assignment => assignment.toDataTransferObject());
+
+    const requestBody =
+      requestBodyKey === 'resourceAttributeAssignments'
+        ? { resourceAttributeAssignments: assignmentDto }
+        : { entityAttributeAssignments: assignmentDto };
+
+    if (!AuthorizationAttributesMsService.httpClient) {
+      throw new Error('AuthorizationAttributesMsService: HTTP client is not initialized');
+    }
+    const path = AuthorizationAttributesMsService.replacePathParams(pathTemplate, { accountId });
+    const headers = AuthorizationAttributesMsService.getRequestHeaders(accountId);
+
+    try {
+      logger.info(
+        { tag: AuthorizationAttributesMsService.LOG_TAG, accountId, count: assignments.length },
+        `Upserting ${logPrefix} attributes`
+      );
+
+      await AuthorizationAttributesMsService.httpClient.fetch(
+        {
+          url: {
+            appName: APP_NAME,
+            path,
+          },
+          method: 'POST',
+          headers,
+          body: JSON.stringify(requestBody),
+        },
+        {
+          timeout: AuthorizationInternalService.getRequestTimeout(),
+          retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
+        }
+      );
+
+      logger.debug(
+        { tag: AuthorizationAttributesMsService.LOG_TAG, accountId, count: assignments.length },
+        `Successfully upserted ${logPrefix} attributes`
+      );
+    } catch (err) {
+      logger.error(
+        {
+          tag: AuthorizationAttributesMsService.LOG_TAG,
+          method: methodName,
+          accountId,
+          error: err instanceof Error ? err.message : String(err),
+        },
+        `Failed in ${methodName}`
+      );
+      throw err;
+    }
+  }
+
+  private async upsertResourceAttributes(
+    accountId: number,
+    resourceAttributeAssignments: ResourceAttributeAssignment[]
+  ): Promise<ResourceAttributeResponse> {
+    const attributionHeaders = getAttributionsFromApi();
+    if (!AuthorizationAttributesMsService.httpClient) {
+      throw new Error('AuthorizationAttributesMsService: HTTP client is not initialized');
+    }
+    return await AuthorizationAttributesMsService.httpClient.fetch<ResourceAttributeResponse>({
+      url: {
+        appName: APP_NAME,
+        path: UPSERT_RESOURCE_ATTRIBUTES_PATH.replace('{accountId}', accountId.toString()),
+      },
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        ...attributionHeaders,
+      },
+      body: JSON.stringify({ resourceAttributeAssignments }),
+    });
+  }
+}

package/src/authorization-attributes-service.ts

@@ -1,234 +1,46 @@
-import chunk from 'lodash/chunk.js';
-import { Api, FetcherConfig, HttpClient } from '@mondaydotcomorg/trident-backend-api';
-import { getTopicAttributes, sendToSns } from '@mondaydotcomorg/monday-sns';
-import { HttpFetcherError, RecursivePartial } from '@mondaydotcomorg/monday-fetch-api';
-import {
-  ResourceAttributeAssignment,
-  ResourceAttributeResponse,
-  ResourceAttributesOperation,
-} from './types/authorization-attributes-contracts';
-import { Resource } from './types/general';
-import { logger } from './authorization-internal-service';
-import { getAttributionsFromApi } from './attributions-service';
-import {
-  ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE,
-  RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND,
-  SNS_ARN_ENV_VAR_NAME,
-  SNS_DEV_TEST_NAME,
-} from './constants/sns';
-import { APP_NAME, DEFAULT_FETCH_OPTIONS, ERROR_MESSAGES } from './constants';
-import type { TopicAttributesMap } from 'aws-sdk/clients/sns';
-
+import { AuthorizationAttributesMsService } from './authorization-attributes-ms-service';
+import { AuthorizationAttributesSnsService } from './authorization-attributes-sns-service';
+import { AuthorizationAttributesService as IAuthorizationAttributesService } from './types/authorization-attributes-service.interface';
+
+/**
+ * Main service class for managing resource and entity attributes.
+ * Provides access to both direct (MS) and SNS operations.
+ *
+ * @example
+ * const service = new AuthorizationAttributesService();
+ *
+ * // Use direct operations
+ * await service.direct().upsertResourceAttributes(accountId, assignments);
+ *
+ * // Use SNS operations
+ * await service.sns().upsertResourceAttributes(accountId, assignments, appName, actionId);
+ * ```
+ */
 export class AuthorizationAttributesService {
-  private static LOG_TAG = 'authorization_attributes';
-  private static API_PATHS = {
-    UPSERT_RESOURCE_ATTRIBUTES: '/attributes/{accountId}/resource',
-    DELETE_RESOURCE_ATTRIBUTES: '/attributes/{accountId}/resource/{resourceType}/{resourceId}',
-  } as const;
-  private httpClient: HttpClient;
-  private fetchOptions: RecursivePartial<FetcherConfig>;
-  private snsArn: string;
-
-  /**
-   * Public constructor to create the AuthorizationAttributesService instance.
-   * @param httpClient The HTTP client to use for API requests, if not provided, the default HTTP client from Api will be used.
-   * @param fetchOptions The fetch options to use for API requests, if not provided, the default fetch options will be used.
-   */
-  constructor(httpClient?: HttpClient, fetchOptions?: RecursivePartial<FetcherConfig>) {
-    if (!httpClient) {
-      httpClient = Api.getPart('httpClient');
-      if (!httpClient) {
-        throw new Error(ERROR_MESSAGES.HTTP_CLIENT_NOT_INITIALIZED);
-      }
-    }
-
-    if (!fetchOptions) {
-      fetchOptions = DEFAULT_FETCH_OPTIONS;
-    } else {
-      fetchOptions = {
-        ...DEFAULT_FETCH_OPTIONS,
-        ...fetchOptions,
-      };
-    }
-    this.httpClient = httpClient;
-    this.fetchOptions = fetchOptions;
-    this.snsArn = AuthorizationAttributesService.getSnsTopicArn();
-  }
-
-  /**
-   * Upsert resource attributes synchronously, performing http call to the authorization MS to assign the given attributes to the given resource.
-   * @param accountId
-   * @param resourceAttributeAssignments - Array of resource (resourceType, resourceId) and attribute (key, value) pairs to upsert in the authorization MS.
-   * e.g. [{ resourceType: 'board', resourceId: 123, key: 'board_kind', value: 'private' }]
-   * @returns ResourceAttributeResponse - The affected (created and updated_ resource attributes assignments in the `attributes` field.
-   */
-  async upsertResourceAttributes(
-    accountId: number,
-    resourceAttributeAssignments: ResourceAttributeAssignment[]
-  ): Promise<ResourceAttributeResponse> {
-    const attributionHeaders = getAttributionsFromApi();
-    try {
-      return await this.httpClient.fetch<ResourceAttributeResponse>(
-        {
-          url: {
-            appName: APP_NAME,
-            path: AuthorizationAttributesService.API_PATHS.UPSERT_RESOURCE_ATTRIBUTES.replace(
-              '{accountId}',
-              accountId.toString()
-            ),
-          },
-          method: 'POST',
-          headers: {
-            'Content-Type': 'application/json',
-            ...attributionHeaders,
-          },
-          body: JSON.stringify({ resourceAttributeAssignments }),
-        },
-        this.fetchOptions
-      );
-    } catch (err) {
-      if (err instanceof HttpFetcherError) {
-        throw new Error(ERROR_MESSAGES.REQUEST_FAILED('upsertResourceAttributes', err.status, err.message));
-      }
-      throw err;
-    }
-  }
+  private _directService: AuthorizationAttributesMsService | null = null;
+  private _snsService: AuthorizationAttributesSnsService | null = null;
 
   /**
-   * Delete resource attributes assignments synchronously, performing http call to the authorization MS to delete the given attributes from the given singular resource.
-   * @param accountId
-   * @param resource - The resource (resourceType, resourceId) to delete the attributes for.
-   * @param attributeKeys - Array of attribute keys to delete for the resource.
-   * @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
+   * Gets the direct (MS) service instance.
+   * Initializes the service on first access (lazy initialization).
+   * @returns IAuthorizationAttributesService instance
    */
-  async deleteResourceAttributes(
-    accountId: number,
-    resource: Resource,
-    attributeKeys: string[]
-  ): Promise<ResourceAttributeResponse> {
-    const attributionHeaders = getAttributionsFromApi();
-    if (!resource.id) {
-      throw new Error('Resource ID is required');
-    }
-    try {
-      return await this.httpClient.fetch<ResourceAttributeResponse>(
-        {
-          url: {
-            appName: APP_NAME,
-            path: AuthorizationAttributesService.API_PATHS.DELETE_RESOURCE_ATTRIBUTES.replace(
-              '{accountId}',
-              accountId.toString()
-            )
-              .replace('{resourceType}', resource.type)
-              .replace('{resourceId}', resource.id.toString()),
-          },
-          method: 'DELETE',
-          headers: {
-            'Content-Type': 'application/json',
-            ...attributionHeaders,
-          },
-          body: JSON.stringify({ keys: attributeKeys }),
-        },
-        this.fetchOptions
-      );
-    } catch (err) {
-      if (err instanceof HttpFetcherError) {
-        throw new Error(ERROR_MESSAGES.REQUEST_FAILED('deleteResourceAttributes', err.status, err.message));
-      }
-      throw err;
-    }
-  }
-
-  /**
-   *  Async function, this function only send the updates request to SNS and return before the change actually took place
-   * @param accountId
-   * @param appName - App name of the calling app
-   * @param callerActionIdentifier - action identifier
-   * @param resourceAttributeOperations - Array of operations to do on resource attributes.
-   * @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
-   *  */
-  async updateResourceAttributesAsync(
-    accountId: number,
-    appName: string,
-    callerActionIdentifier: string,
-    resourceAttributeOperations: ResourceAttributesOperation[]
-  ): Promise<ResourceAttributesOperation[]> {
-    const topicArn: string = this.snsArn;
-    const sendToSnsPromises: Promise<ResourceAttributesOperation[]>[] = [];
-    const operationChucks = chunk(resourceAttributeOperations, ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE);
-    for (const operationsChunk of operationChucks) {
-      sendToSnsPromises.push(
-        this.sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operationsChunk)
-      );
-    }
-    return (await Promise.all(sendToSnsPromises)).flat();
-  }
-
-  private async sendSingleSnsMessage(
-    topicArn: string,
-    accountId: number,
-    appName: string,
-    callerActionIdentifier: string,
-    operations: ResourceAttributesOperation[]
-  ): Promise<ResourceAttributesOperation[]> {
-    const payload = {
-      kind: RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND,
-      payload: {
-        accountId: accountId,
-        callerAppName: appName,
-        callerActionIdentifier: callerActionIdentifier,
-        operations: operations,
-      },
-    };
-    try {
-      await sendToSns(payload, topicArn);
-      return operations;
-    } catch (error) {
-      logger.error(
-        { error, tag: AuthorizationAttributesService.LOG_TAG },
-        'Authorization resource attributes async update: failed to send operations to SNS'
-      );
-      return [];
-    }
-  }
-
-  private static getSnsTopicArn(): string {
-    const arnFromEnv: string | undefined = process.env[SNS_ARN_ENV_VAR_NAME];
-    if (arnFromEnv) {
-      return arnFromEnv;
-    }
-    if (process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'test') {
-      return SNS_DEV_TEST_NAME;
+  direct(): IAuthorizationAttributesService {
+    if (this._directService === null) {
+      this._directService = new AuthorizationAttributesMsService();
     }
-    throw new Error('Unable to get sns topic arn from env variable');
+    return this._directService;
   }
 
   /**
-   * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
-   * This function can be used as health check for services that updating resource attributes in async is crucial.
-   * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
-   * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
-   * However, this is the best we can do without actually push dummy messages to the SNS.
-   * @return {Promise<boolean>} - true if succeeded
+   * Gets the SNS service instance.
+   * Initializes the service on first access (lazy initialization).
+   * @returns IAuthorizationAttributesService instance
    */
-  async asyncResourceAttributesHealthCheck(): Promise<boolean> {
-    try {
-      const requestedTopicArn: string = this.snsArn;
-      const attributes: TopicAttributesMap = await getTopicAttributes(requestedTopicArn);
-      const isHealthy = !(!attributes || !('TopicArn' in attributes) || attributes.TopicArn !== requestedTopicArn);
-      if (!isHealthy) {
-        logger.error(
-          { requestedTopicArn, snsReturnedAttributes: attributes, tag: AuthorizationAttributesService.LOG_TAG },
-          'authorization-attributes-service failed in health check'
-        );
-      }
-      return isHealthy;
-    } catch (error) {
-      logger.error(
-        { error, tag: AuthorizationAttributesService.LOG_TAG },
-        'authorization-attributes-service got error during health check'
-      );
-      return false;
+  sns(): IAuthorizationAttributesService {
+    if (this._snsService === null) {
+      this._snsService = new AuthorizationAttributesSnsService();
     }
+    return this._snsService;
   }
 }