@mondaydotcomorg/monday-authorization 3.5.1 → 3.5.3-feat-shaime-support-entity-attributes-in-authorization-sdk-127d99a

package/dist/esm/authorization-attributes-service.d.ts

@@ -1,54 +1,33 @@
-import { FetcherConfig, HttpClient } from '@mondaydotcomorg/trident-backend-api';
-import { RecursivePartial } from '@mondaydotcomorg/monday-fetch-api';
-import { ResourceAttributeAssignment, ResourceAttributeResponse, ResourceAttributesOperation } from './types/authorization-attributes-contracts';
-import { Resource } from './types/general';
+import { IAuthorizationAttributesService } from './types/authorization-attributes-service.interface';
+/**
+ * Main service class for managing resource and entity attributes.
+ * Provides access to both direct (MS) and SNS operations.
+ *
+ * @example
+ * ```typescript
+ * const service = new AuthorizationAttributesService();
+ *
+ * // Use direct operations
+ * await service.direct().upsertResourceAttributes(accountId, assignments);
+ *
+ * // Use SNS operations
+ * await service.sns().upsertResourceAttributes(accountId, assignments, appName, actionId);
+ * ```
+ */
 export declare class AuthorizationAttributesService {
-    private static LOG_TAG;
-    private static API_PATHS;
-    private httpClient;
-    private fetchOptions;
-    private snsArn;
+    private _directService;
+    private _snsService;
     /**
-     * Public constructor to create the AuthorizationAttributesService instance.
-     * @param httpClient The HTTP client to use for API requests, if not provided, the default HTTP client from Api will be used.
-     * @param fetchOptions The fetch options to use for API requests, if not provided, the default fetch options will be used.
+     * Gets the direct (MS) service instance.
+     * Initializes the service on first access (lazy initialization).
+     * @returns IAuthorizationAttributesService instance
      */
-    constructor(httpClient?: HttpClient, fetchOptions?: RecursivePartial<FetcherConfig>);
+    direct(): IAuthorizationAttributesService;
     /**
-     * Upsert resource attributes synchronously, performing http call to the authorization MS to assign the given attributes to the given resource.
-     * @param accountId
-     * @param resourceAttributeAssignments - Array of resource (resourceType, resourceId) and attribute (key, value) pairs to upsert in the authorization MS.
-     * e.g. [{ resourceType: 'board', resourceId: 123, key: 'board_kind', value: 'private' }]
-     * @returns ResourceAttributeResponse - The affected (created and updated_ resource attributes assignments in the `attributes` field.
+     * Gets the SNS service instance.
+     * Initializes the service on first access (lazy initialization).
+     * @returns IAuthorizationAttributesService instance
      */
-    upsertResourceAttributes(accountId: number, resourceAttributeAssignments: ResourceAttributeAssignment[]): Promise<ResourceAttributeResponse>;
-    /**
-     * Delete resource attributes assignments synchronously, performing http call to the authorization MS to delete the given attributes from the given singular resource.
-     * @param accountId
-     * @param resource - The resource (resourceType, resourceId) to delete the attributes for.
-     * @param attributeKeys - Array of attribute keys to delete for the resource.
-     * @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
-     */
-    deleteResourceAttributes(accountId: number, resource: Resource, attributeKeys: string[]): Promise<ResourceAttributeResponse>;
-    /**
-     *  Async function, this function only send the updates request to SNS and return before the change actually took place
-     * @param accountId
-     * @param appName - App name of the calling app
-     * @param callerActionIdentifier - action identifier
-     * @param resourceAttributeOperations - Array of operations to do on resource attributes.
-     * @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
-     *  */
-    updateResourceAttributesAsync(accountId: number, appName: string, callerActionIdentifier: string, resourceAttributeOperations: ResourceAttributesOperation[]): Promise<ResourceAttributesOperation[]>;
-    private sendSingleSnsMessage;
-    private static getSnsTopicArn;
-    /**
-     * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
-     * This function can be used as health check for services that updating resource attributes in async is crucial.
-     * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
-     * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
-     * However, this is the best we can do without actually push dummy messages to the SNS.
-     * @return {Promise<boolean>} - true if succeeded
-     */
-    asyncResourceAttributesHealthCheck(): Promise<boolean>;
+    sns(): IAuthorizationAttributesService;
 }
 //# sourceMappingURL=authorization-attributes-service.d.ts.map

package/dist/esm/authorization-attributes-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-attributes-service.d.ts","sourceRoot":"","sources":["../../src/authorization-attributes-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAO,aAAa,EAAE,UAAU,EAAE,MAAM,sCAAsC,CAAC;AAEtF,OAAO,EAAoB,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACvF,OAAO,EACL,2BAA2B,EAC3B,yBAAyB,EACzB,2BAA2B,EAC5B,MAAM,4CAA4C,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAY3C,qBAAa,8BAA8B;IACzC,OAAO,CAAC,MAAM,CAAC,OAAO,CAA8B;IACpD,OAAO,CAAC,MAAM,CAAC,SAAS,CAGb;IACX,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,YAAY,CAAkC;IACtD,OAAO,CAAC,MAAM,CAAS;IAEvB;;;;OAIG;gBACS,UAAU,CAAC,EAAE,UAAU,EAAE,YAAY,CAAC,EAAE,gBAAgB,CAAC,aAAa,CAAC;IAqBnF;;;;;;OAMG;IACG,wBAAwB,CAC5B,SAAS,EAAE,MAAM,EACjB,4BAA4B,EAAE,2BAA2B,EAAE,GAC1D,OAAO,CAAC,yBAAyB,CAAC;IA6BrC;;;;;;OAMG;IACG,wBAAwB,CAC5B,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,QAAQ,EAClB,aAAa,EAAE,MAAM,EAAE,GACtB,OAAO,CAAC,yBAAyB,CAAC;IAkCrC;;;;;;;UAOM;IACA,6BAA6B,CACjC,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,sBAAsB,EAAE,MAAM,EAC9B,2BAA2B,EAAE,2BAA2B,EAAE,GACzD,OAAO,CAAC,2BAA2B,EAAE,CAAC;YAY3B,oBAAoB;IA4BlC,OAAO,CAAC,MAAM,CAAC,cAAc;IAW7B;;;;;;;OAOG;IACG,kCAAkC,IAAI,OAAO,CAAC,OAAO,CAAC;CAoB7D"}
+{"version":3,"file":"authorization-attributes-service.d.ts","sourceRoot":"","sources":["../../src/authorization-attributes-service.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,+BAA+B,EAAE,MAAM,oDAAoD,CAAC;AAErG;;;;;;;;;;;;;;GAcG;AACH,qBAAa,8BAA8B;IACzC,OAAO,CAAC,cAAc,CAAiD;IACvE,OAAO,CAAC,WAAW,CAAkD;IAErE;;;;OAIG;IACH,MAAM,IAAI,+BAA+B;IAOzC;;;;OAIG;IACH,GAAG,IAAI,+BAA+B;CAMvC"}

package/dist/esm/authorization-attributes-service.mjs

@@ -1,179 +1,45 @@
-import chunk from 'lodash/chunk.js';
-import { Api } from '@mondaydotcomorg/trident-backend-api';
-import { sendToSns, getTopicAttributes } from '@mondaydotcomorg/monday-sns';
-import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
-import { logger } from './authorization-internal-service.mjs';
-import { getAttributionsFromApi } from './attributions-service.mjs';
-import { ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE, SNS_ARN_ENV_VAR_NAME, SNS_DEV_TEST_NAME, RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND } from './constants/sns.mjs';
-import { ERROR_MESSAGES, DEFAULT_FETCH_OPTIONS, APP_NAME } from './constants.mjs';
+import { AuthorizationAttributesMsService } from './authorization-attributes-ms-service.mjs';
+import { AuthorizationAttributesSnsService } from './authorization-attributes-sns-service.mjs';
 
+/**
+ * Main service class for managing resource and entity attributes.
+ * Provides access to both direct (MS) and SNS operations.
+ *
+ * @example
+ * ```typescript
+ * const service = new AuthorizationAttributesService();
+ *
+ * // Use direct operations
+ * await service.direct().upsertResourceAttributes(accountId, assignments);
+ *
+ * // Use SNS operations
+ * await service.sns().upsertResourceAttributes(accountId, assignments, appName, actionId);
+ * ```
+ */
 class AuthorizationAttributesService {
-    static LOG_TAG = 'authorization_attributes';
-    static API_PATHS = {
-        UPSERT_RESOURCE_ATTRIBUTES: '/attributes/{accountId}/resource',
-        DELETE_RESOURCE_ATTRIBUTES: '/attributes/{accountId}/resource/{resourceType}/{resourceId}',
-    };
-    httpClient;
-    fetchOptions;
-    snsArn;
+    _directService = null;
+    _snsService = null;
     /**
-     * Public constructor to create the AuthorizationAttributesService instance.
-     * @param httpClient The HTTP client to use for API requests, if not provided, the default HTTP client from Api will be used.
-     * @param fetchOptions The fetch options to use for API requests, if not provided, the default fetch options will be used.
+     * Gets the direct (MS) service instance.
+     * Initializes the service on first access (lazy initialization).
+     * @returns IAuthorizationAttributesService instance
      */
-    constructor(httpClient, fetchOptions) {
-        if (!httpClient) {
-            httpClient = Api.getPart('httpClient');
-            if (!httpClient) {
-                throw new Error(ERROR_MESSAGES.HTTP_CLIENT_NOT_INITIALIZED);
-            }
-        }
-        if (!fetchOptions) {
-            fetchOptions = DEFAULT_FETCH_OPTIONS;
-        }
-        else {
-            fetchOptions = {
-                ...DEFAULT_FETCH_OPTIONS,
-                ...fetchOptions,
-            };
-        }
-        this.httpClient = httpClient;
-        this.fetchOptions = fetchOptions;
-        this.snsArn = AuthorizationAttributesService.getSnsTopicArn();
-    }
-    /**
-     * Upsert resource attributes synchronously, performing http call to the authorization MS to assign the given attributes to the given resource.
-     * @param accountId
-     * @param resourceAttributeAssignments - Array of resource (resourceType, resourceId) and attribute (key, value) pairs to upsert in the authorization MS.
-     * e.g. [{ resourceType: 'board', resourceId: 123, key: 'board_kind', value: 'private' }]
-     * @returns ResourceAttributeResponse - The affected (created and updated_ resource attributes assignments in the `attributes` field.
-     */
-    async upsertResourceAttributes(accountId, resourceAttributeAssignments) {
-        const attributionHeaders = getAttributionsFromApi();
-        try {
-            return await this.httpClient.fetch({
-                url: {
-                    appName: APP_NAME,
-                    path: AuthorizationAttributesService.API_PATHS.UPSERT_RESOURCE_ATTRIBUTES.replace('{accountId}', accountId.toString()),
-                },
-                method: 'POST',
-                headers: {
-                    'Content-Type': 'application/json',
-                    ...attributionHeaders,
-                },
-                body: JSON.stringify({ resourceAttributeAssignments }),
-            }, this.fetchOptions);
-        }
-        catch (err) {
-            if (err instanceof HttpFetcherError) {
-                throw new Error(ERROR_MESSAGES.REQUEST_FAILED('upsertResourceAttributes', err.status, err.message));
-            }
-            throw err;
+    direct() {
+        if (this._directService === null) {
+            this._directService = new AuthorizationAttributesMsService();
         }
+        return this._directService;
     }
     /**
-     * Delete resource attributes assignments synchronously, performing http call to the authorization MS to delete the given attributes from the given singular resource.
-     * @param accountId
-     * @param resource - The resource (resourceType, resourceId) to delete the attributes for.
-     * @param attributeKeys - Array of attribute keys to delete for the resource.
-     * @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
+     * Gets the SNS service instance.
+     * Initializes the service on first access (lazy initialization).
+     * @returns IAuthorizationAttributesService instance
      */
-    async deleteResourceAttributes(accountId, resource, attributeKeys) {
-        const attributionHeaders = getAttributionsFromApi();
-        if (!resource.id) {
-            throw new Error('Resource ID is required');
-        }
-        try {
-            return await this.httpClient.fetch({
-                url: {
-                    appName: APP_NAME,
-                    path: AuthorizationAttributesService.API_PATHS.DELETE_RESOURCE_ATTRIBUTES.replace('{accountId}', accountId.toString())
-                        .replace('{resourceType}', resource.type)
-                        .replace('{resourceId}', resource.id.toString()),
-                },
-                method: 'DELETE',
-                headers: {
-                    'Content-Type': 'application/json',
-                    ...attributionHeaders,
-                },
-                body: JSON.stringify({ keys: attributeKeys }),
-            }, this.fetchOptions);
-        }
-        catch (err) {
-            if (err instanceof HttpFetcherError) {
-                throw new Error(ERROR_MESSAGES.REQUEST_FAILED('deleteResourceAttributes', err.status, err.message));
-            }
-            throw err;
-        }
-    }
-    /**
-     *  Async function, this function only send the updates request to SNS and return before the change actually took place
-     * @param accountId
-     * @param appName - App name of the calling app
-     * @param callerActionIdentifier - action identifier
-     * @param resourceAttributeOperations - Array of operations to do on resource attributes.
-     * @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
-     *  */
-    async updateResourceAttributesAsync(accountId, appName, callerActionIdentifier, resourceAttributeOperations) {
-        const topicArn = this.snsArn;
-        const sendToSnsPromises = [];
-        const operationChucks = chunk(resourceAttributeOperations, ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE);
-        for (const operationsChunk of operationChucks) {
-            sendToSnsPromises.push(this.sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operationsChunk));
-        }
-        return (await Promise.all(sendToSnsPromises)).flat();
-    }
-    async sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operations) {
-        const payload = {
-            kind: RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND,
-            payload: {
-                accountId: accountId,
-                callerAppName: appName,
-                callerActionIdentifier: callerActionIdentifier,
-                operations: operations,
-            },
-        };
-        try {
-            await sendToSns(payload, topicArn);
-            return operations;
-        }
-        catch (error) {
-            logger.error({ error, tag: AuthorizationAttributesService.LOG_TAG }, 'Authorization resource attributes async update: failed to send operations to SNS');
-            return [];
-        }
-    }
-    static getSnsTopicArn() {
-        const arnFromEnv = process.env[SNS_ARN_ENV_VAR_NAME];
-        if (arnFromEnv) {
-            return arnFromEnv;
-        }
-        if (process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'test') {
-            return SNS_DEV_TEST_NAME;
-        }
-        throw new Error('Unable to get sns topic arn from env variable');
-    }
-    /**
-     * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
-     * This function can be used as health check for services that updating resource attributes in async is crucial.
-     * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
-     * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
-     * However, this is the best we can do without actually push dummy messages to the SNS.
-     * @return {Promise<boolean>} - true if succeeded
-     */
-    async asyncResourceAttributesHealthCheck() {
-        try {
-            const requestedTopicArn = this.snsArn;
-            const attributes = await getTopicAttributes(requestedTopicArn);
-            const isHealthy = !(!attributes || !('TopicArn' in attributes) || attributes.TopicArn !== requestedTopicArn);
-            if (!isHealthy) {
-                logger.error({ requestedTopicArn, snsReturnedAttributes: attributes, tag: AuthorizationAttributesService.LOG_TAG }, 'authorization-attributes-service failed in health check');
-            }
-            return isHealthy;
-        }
-        catch (error) {
-            logger.error({ error, tag: AuthorizationAttributesService.LOG_TAG }, 'authorization-attributes-service got error during health check');
-            return false;
+    sns() {
+        if (this._snsService === null) {
+            this._snsService = new AuthorizationAttributesSnsService();
         }
+        return this._snsService;
     }
 }
 

package/dist/esm/authorization-attributes-sns-service.d.ts

@@ -0,0 +1,90 @@
+import { ResourceAttributeAssignment, ResourceAttributeOperation, EntityAttributeOperation, EntityType } from './types/authorization-attributes-contracts';
+import { EntityAttributeAssignment } from './entity-attribute-assignment';
+import { Resource } from './types/general';
+import { IAuthorizationAttributesService } from './types/authorization-attributes-service.interface';
+/**
+ * Service class for managing resource attributes asynchronously via SNS.
+ * Provides asynchronous operations to create/update and delete attributes on resources.
+ */
+export declare class AuthorizationAttributesSnsService implements IAuthorizationAttributesService {
+    private static LOG_TAG;
+    private resourceSnsArn;
+    private entitySnsArn;
+    /**
+     * Public constructor to create the AuthorizationAttributesSnsService instance.
+     */
+    constructor();
+    /**
+     * Async function to upsert resource attributes using SNS.
+     * Sends the updates request to SNS and returns before the change actually took place.
+     * @param accountId The account ID
+     * @param appName App name of the calling app
+     * @param callerActionIdentifier Action identifier
+     * @param resourceAttributeAssignments Array of resource attribute assignments to upsert
+     * @return Promise with array of sent operations
+     */
+    upsertResourceAttributes(accountId: number, resourceAttributeAssignments: ResourceAttributeAssignment[], appName?: string, callerActionIdentifier?: string): Promise<ResourceAttributeOperation[]>;
+    /**
+     * Async function to delete resource attributes using SNS.
+     * Sends the updates request to SNS and returns before the change actually took place.
+     * @param accountId The account ID
+     * @param appName App name of the calling app
+     * @param callerActionIdentifier Action identifier
+     * @param resource The resource (resourceType, resourceId)
+     * @param attributeKeys Array of attribute keys to delete
+     * @return Promise with array of sent operations
+     */
+    deleteResourceAttributes(accountId: number, resource: Resource, attributeKeys: string[], appName?: string, callerActionIdentifier?: string): Promise<ResourceAttributeOperation[]>;
+    /**
+     * Async function to upsert entity attributes using SNS.
+     * Sends the updates request to SNS and returns before the change actually took place.
+     * @param accountId The account ID
+     * @param appName App name of the calling app
+     * @param callerActionIdentifier Action identifier
+     * @param entityAttributeAssignments Array of entity attribute assignments to upsert
+     * @return Promise with array of sent operations
+     */
+    upsertEntityAttributes(accountId: number, entityAttributeAssignments: EntityAttributeAssignment[], appName?: string, callerActionIdentifier?: string): Promise<EntityAttributeOperation[]>;
+    /**
+     * Async function to delete entity attributes using SNS.
+     * Sends the updates request to SNS and returns before the change actually took place.
+     * @param accountId The account ID
+     * @param appName App name of the calling app
+     * @param callerActionIdentifier Action identifier
+     * @param entityType The entity type
+     * @param entityId The entity ID
+     * @param attributeKeys Array of attribute keys to delete
+     * @return Promise with array of sent operations
+     */
+    deleteEntityAttributes(accountId: number, entityType: EntityType | string, entityId: number, attributeKeys: string[], appName?: string, callerActionIdentifier?: string): Promise<EntityAttributeOperation[]>;
+    /**
+     *  Async function, this function only send the updates request to SNS and return before the change actually took place
+     * @param accountId
+     * @param appName - App name of the calling app
+     * @param callerActionIdentifier - action identifier
+     * @param resourceAttributeOperations - Array of operations to do on resource attributes.
+     * @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
+     *  */
+    updateResourceAttributes(accountId: number, appName: string, callerActionIdentifier: string, resourceAttributeOperations: ResourceAttributeOperation[]): Promise<ResourceAttributeOperation[]>;
+    /**
+     *  Async function, this function only send the updates request to SNS and return before the change actually took place
+     * @param accountId
+     * @param appName - App name of the calling app
+     * @param callerActionIdentifier - action identifier
+     * @param entityAttributeOperations - Array of operations to do on entity attributes.
+     * @return {Promise<EntityAttributeOperation[]>} Array of sent operations
+     *  */
+    updateEntityAttributes(accountId: number, appName: string, callerActionIdentifier: string, entityAttributeOperations: EntityAttributeOperation[]): Promise<EntityAttributeOperation[]>;
+    private sendSingleSnsMessage;
+    private static getSnsTopicArn;
+    /**
+     * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
+     * This function can be used as health check for services that updating resource attributes in async is crucial.
+     * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
+     * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
+     * However, this is the best we can do without actually push dummy messages to the SNS.
+     * @return {Promise<boolean>} - true if succeeded
+     */
+    asyncResourceAttributesHealthCheck(): Promise<boolean>;
+}
+//# sourceMappingURL=authorization-attributes-sns-service.d.ts.map

package/dist/esm/authorization-attributes-sns-service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorization-attributes-sns-service.d.ts","sourceRoot":"","sources":["../../src/authorization-attributes-sns-service.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,2BAA2B,EAC3B,0BAA0B,EAC1B,wBAAwB,EAExB,UAAU,EACX,MAAM,4CAA4C,CAAC;AACpD,OAAO,EAAE,yBAAyB,EAAE,MAAM,+BAA+B,CAAC;AAC1E,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAc3C,OAAO,EAAE,+BAA+B,EAAE,MAAM,oDAAoD,CAAC;AAErG;;;GAGG;AACH,qBAAa,iCAAkC,YAAW,+BAA+B;IACvF,OAAO,CAAC,MAAM,CAAC,OAAO,CAA8B;IACpD,OAAO,CAAC,cAAc,CAAS;IAC/B,OAAO,CAAC,YAAY,CAAS;IAE7B;;OAEG;;IAMH;;;;;;;;OAQG;IACG,wBAAwB,CAC5B,SAAS,EAAE,MAAM,EACjB,4BAA4B,EAAE,2BAA2B,EAAE,EAC3D,OAAO,CAAC,EAAE,MAAM,EAChB,sBAAsB,CAAC,EAAE,MAAM,GAC9B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAWxC;;;;;;;;;OASG;IACG,wBAAwB,CAC5B,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,QAAQ,EAClB,aAAa,EAAE,MAAM,EAAE,EACvB,OAAO,CAAC,EAAE,MAAM,EAChB,sBAAsB,CAAC,EAAE,MAAM,GAC9B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAgBxC;;;;;;;;OAQG;IACG,sBAAsB,CAC1B,SAAS,EAAE,MAAM,EACjB,0BAA0B,EAAE,yBAAyB,EAAE,EACvD,OAAO,CAAC,EAAE,MAAM,EAChB,sBAAsB,CAAC,EAAE,MAAM,GAC9B,OAAO,CAAC,wBAAwB,EAAE,CAAC;IAgBtC;;;;;;;;;;OAUG;IACG,sBAAsB,CAC1B,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,UAAU,GAAG,MAAM,EAC/B,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,MAAM,EAAE,EACvB,OAAO,CAAC,EAAE,MAAM,EAChB,sBAAsB,CAAC,EAAE,MAAM,GAC9B,OAAO,CAAC,wBAAwB,EAAE,CAAC;IAgBtC;;;;;;;UAOM;IACA,wBAAwB,CAC5B,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,sBAAsB,EAAE,MAAM,EAC9B,2BAA2B,EAAE,0BAA0B,EAAE,GACxD,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAoBxC;;;;;;;UAOM;IACA,sBAAsB,CAC1B,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,sBAAsB,EAAE,MAAM,EAC9B,yBAAyB,EAAE,wBAAwB,EAAE,GACpD,OAAO,CAAC,wBAAwB,EAAE,CAAC;YAoBxB,oBAAoB;IA2BlC,OAAO,CAAC,MAAM,CAAC,cAAc;IA0B7B;;;;;;;OAOG;IACG,kCAAkC,IAAI,OAAO,CAAC,OAAO,CAAC;CAoB7D"}

package/dist/esm/authorization-attributes-sns-service.mjs

@@ -0,0 +1,211 @@
+import chunk from 'lodash/chunk.js';
+import { sendToSns, getTopicAttributes } from '@mondaydotcomorg/monday-sns';
+import { AttributeOperation } from './types/authorization-attributes-contracts.mjs';
+import { logger } from './authorization-internal-service.mjs';
+import { SnsTopicType, ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE, RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND, ASYNC_ENTITY_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE, ENTITY_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND, RESOURCE_SNS_ARN_ENV_VAR_NAME, RESOURCE_SNS_DEV_TEST_NAME, ENTITY_SNS_ARN_ENV_VAR_NAME, ENTITY_SNS_DEV_TEST_NAME } from './constants/sns.mjs';
+
+/**
+ * Service class for managing resource attributes asynchronously via SNS.
+ * Provides asynchronous operations to create/update and delete attributes on resources.
+ */
+class AuthorizationAttributesSnsService {
+    static LOG_TAG = 'authorization_attributes';
+    resourceSnsArn;
+    entitySnsArn;
+    /**
+     * Public constructor to create the AuthorizationAttributesSnsService instance.
+     */
+    constructor() {
+        this.resourceSnsArn = AuthorizationAttributesSnsService.getSnsTopicArn(SnsTopicType.RESOURCE);
+        this.entitySnsArn = AuthorizationAttributesSnsService.getSnsTopicArn(SnsTopicType.ENTITY);
+    }
+    /**
+     * Async function to upsert resource attributes using SNS.
+     * Sends the updates request to SNS and returns before the change actually took place.
+     * @param accountId The account ID
+     * @param appName App name of the calling app
+     * @param callerActionIdentifier Action identifier
+     * @param resourceAttributeAssignments Array of resource attribute assignments to upsert
+     * @return Promise with array of sent operations
+     */
+    async upsertResourceAttributes(accountId, resourceAttributeAssignments, appName, callerActionIdentifier) {
+        if (!appName || !callerActionIdentifier) {
+            throw new Error('appName and callerActionIdentifier are required for SNS service');
+        }
+        const operations = resourceAttributeAssignments.map(assignment => ({
+            ...assignment,
+            operationType: AttributeOperation.UPSERT,
+        }));
+        return this.updateResourceAttributes(accountId, appName, callerActionIdentifier, operations);
+    }
+    /**
+     * Async function to delete resource attributes using SNS.
+     * Sends the updates request to SNS and returns before the change actually took place.
+     * @param accountId The account ID
+     * @param appName App name of the calling app
+     * @param callerActionIdentifier Action identifier
+     * @param resource The resource (resourceType, resourceId)
+     * @param attributeKeys Array of attribute keys to delete
+     * @return Promise with array of sent operations
+     */
+    async deleteResourceAttributes(accountId, resource, attributeKeys, appName, callerActionIdentifier) {
+        if (!appName || !callerActionIdentifier) {
+            throw new Error('appName and callerActionIdentifier are required for SNS service');
+        }
+        const operations = attributeKeys.map(key => ({
+            resourceType: resource.type,
+            resourceId: resource.id,
+            key,
+            operationType: AttributeOperation.DELETE,
+        }));
+        return this.updateResourceAttributes(accountId, appName, callerActionIdentifier, operations);
+    }
+    /**
+     * Async function to upsert entity attributes using SNS.
+     * Sends the updates request to SNS and returns before the change actually took place.
+     * @param accountId The account ID
+     * @param appName App name of the calling app
+     * @param callerActionIdentifier Action identifier
+     * @param entityAttributeAssignments Array of entity attribute assignments to upsert
+     * @return Promise with array of sent operations
+     */
+    async upsertEntityAttributes(accountId, entityAttributeAssignments, appName, callerActionIdentifier) {
+        if (!appName || !callerActionIdentifier) {
+            throw new Error('appName and callerActionIdentifier are required for SNS service');
+        }
+        const operations = entityAttributeAssignments.map(assignment => {
+            return {
+                entityId: assignment.entityId,
+                entityType: assignment.entityType,
+                key: assignment.attributeKey,
+                value: assignment.attributeValue,
+                operationType: AttributeOperation.UPSERT,
+            };
+        });
+        return this.updateEntityAttributes(accountId, appName, callerActionIdentifier, operations);
+    }
+    /**
+     * Async function to delete entity attributes using SNS.
+     * Sends the updates request to SNS and returns before the change actually took place.
+     * @param accountId The account ID
+     * @param appName App name of the calling app
+     * @param callerActionIdentifier Action identifier
+     * @param entityType The entity type
+     * @param entityId The entity ID
+     * @param attributeKeys Array of attribute keys to delete
+     * @return Promise with array of sent operations
+     */
+    async deleteEntityAttributes(accountId, entityType, entityId, attributeKeys, appName, callerActionIdentifier) {
+        if (!appName || !callerActionIdentifier) {
+            throw new Error('appName and callerActionIdentifier are required for SNS service');
+        }
+        const operations = attributeKeys.map(key => ({
+            entityType: entityType,
+            entityId,
+            key,
+            operationType: AttributeOperation.DELETE,
+        }));
+        return this.updateEntityAttributes(accountId, appName, callerActionIdentifier, operations);
+    }
+    /**
+     *  Async function, this function only send the updates request to SNS and return before the change actually took place
+     * @param accountId
+     * @param appName - App name of the calling app
+     * @param callerActionIdentifier - action identifier
+     * @param resourceAttributeOperations - Array of operations to do on resource attributes.
+     * @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
+     *  */
+    async updateResourceAttributes(accountId, appName, callerActionIdentifier, resourceAttributeOperations) {
+        const topicArn = this.resourceSnsArn;
+        const sendToSnsPromises = [];
+        const operationChucks = chunk(resourceAttributeOperations, ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE);
+        for (const operationsChunk of operationChucks) {
+            sendToSnsPromises.push(this.sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operationsChunk, RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND, 'Authorization resource attributes async update: failed to send operations to SNS'));
+        }
+        return (await Promise.all(sendToSnsPromises)).flat();
+    }
+    /**
+     *  Async function, this function only send the updates request to SNS and return before the change actually took place
+     * @param accountId
+     * @param appName - App name of the calling app
+     * @param callerActionIdentifier - action identifier
+     * @param entityAttributeOperations - Array of operations to do on entity attributes.
+     * @return {Promise<EntityAttributeOperation[]>} Array of sent operations
+     *  */
+    async updateEntityAttributes(accountId, appName, callerActionIdentifier, entityAttributeOperations) {
+        const topicArn = this.entitySnsArn;
+        const sendToSnsPromises = [];
+        const operationChucks = chunk(entityAttributeOperations, ASYNC_ENTITY_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE);
+        for (const operationsChunk of operationChucks) {
+            sendToSnsPromises.push(this.sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operationsChunk, ENTITY_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND, 'Authorization entity attributes async update: failed to send operations to SNS'));
+        }
+        return (await Promise.all(sendToSnsPromises)).flat();
+    }
+    async sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operations, kind, errorLogMessage) {
+        const payload = {
+            kind,
+            payload: {
+                accountId: accountId,
+                callerAppName: appName,
+                callerActionIdentifier: callerActionIdentifier,
+                operations: operations,
+            },
+        };
+        try {
+            await sendToSns(payload, topicArn);
+            return operations;
+        }
+        catch (error) {
+            logger.error({ error, tag: AuthorizationAttributesSnsService.LOG_TAG }, errorLogMessage);
+            return [];
+        }
+    }
+    static getSnsTopicArn(type) {
+        let envVarName;
+        let devTestName;
+        switch (type) {
+            case SnsTopicType.ENTITY:
+                envVarName = ENTITY_SNS_ARN_ENV_VAR_NAME;
+                devTestName = ENTITY_SNS_DEV_TEST_NAME;
+                break;
+            default:
+                // Default to resource SNS constants
+                envVarName = RESOURCE_SNS_ARN_ENV_VAR_NAME;
+                devTestName = RESOURCE_SNS_DEV_TEST_NAME;
+                break;
+        }
+        const arnFromEnv = process.env[envVarName];
+        if (arnFromEnv) {
+            return arnFromEnv;
+        }
+        if (process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'test') {
+            return devTestName;
+        }
+        throw new Error(`Unable to get ${type} sns topic arn from env variable`);
+    }
+    /**
+     * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
+     * This function can be used as health check for services that updating resource attributes in async is crucial.
+     * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
+     * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
+     * However, this is the best we can do without actually push dummy messages to the SNS.
+     * @return {Promise<boolean>} - true if succeeded
+     */
+    async asyncResourceAttributesHealthCheck() {
+        try {
+            const requestedTopicArn = this.resourceSnsArn;
+            const attributes = await getTopicAttributes(requestedTopicArn);
+            const isHealthy = !(!attributes || !('TopicArn' in attributes) || attributes.TopicArn !== requestedTopicArn);
+            if (!isHealthy) {
+                logger.error({ requestedTopicArn, snsReturnedAttributes: attributes, tag: AuthorizationAttributesSnsService.LOG_TAG }, 'authorization-attributes-service failed in health check');
+            }
+            return isHealthy;
+        }
+        catch (error) {
+            logger.error({ error, tag: AuthorizationAttributesSnsService.LOG_TAG }, 'authorization-attributes-service got error during health check');
+            return false;
+        }
+    }
+}
+
+export { AuthorizationAttributesSnsService };

package/dist/esm/authorization-middleware.d.ts

@@ -1,6 +1,6 @@
-import { Action, BaseRequest, BaseResponse, Context, ContextGetter, ResourceGetter } from './types/general';
+import { BaseRequest, BaseResponse, Context, ContextGetter, ResourceGetter } from './types/general';
 import type { NextFunction } from 'express';
-export declare function getAuthorizationMiddleware(action: Action, resourceGetter: ResourceGetter, contextGetter?: ContextGetter): (request: BaseRequest, response: BaseResponse, next: NextFunction) => Promise<void>;
+export declare function getAuthorizationMiddleware(action: string, resourceGetter: ResourceGetter, contextGetter?: ContextGetter): (request: BaseRequest, response: BaseResponse, next: NextFunction) => Promise<void>;
 export declare function skipAuthorizationMiddleware(request: BaseRequest, response: BaseResponse, next: NextFunction): void;
 export declare function authorizationCheckMiddleware(request: BaseRequest, response: BaseResponse, next: NextFunction): void;
 export declare function defaultContextGetter(request: BaseRequest): Context;

package/dist/esm/authorization-middleware.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-middleware.d.ts","sourceRoot":"","sources":["../../src/authorization-middleware.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAI5C,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,cAAc,EAC9B,aAAa,CAAC,EAAE,aAAa,IAG3B,SAAS,WAAW,EACpB,UAAU,YAAY,EACtB,MAAM,YAAY,KACjB,OAAO,CAAC,IAAI,CAAC,CAajB;AAED,wBAAgB,2BAA2B,CAAC,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI,CAGlH;AAED,wBAAgB,4BAA4B,CAAC,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI,CASnH;AAED,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAElE"}
+{"version":3,"file":"authorization-middleware.d.ts","sourceRoot":"","sources":["../../src/authorization-middleware.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACpG,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAI5C,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,cAAc,EAC9B,aAAa,CAAC,EAAE,aAAa,IAG3B,SAAS,WAAW,EACpB,UAAU,YAAY,EACtB,MAAM,YAAY,KACjB,OAAO,CAAC,IAAI,CAAC,CAajB;AAED,wBAAgB,2BAA2B,CAAC,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI,CAGlH;AAED,wBAAgB,4BAA4B,CAAC,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI,CASnH;AAED,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAElE"}

package/dist/esm/authorization-service.d.ts

@@ -1,6 +1,6 @@
 import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
 import { IgniteClient } from '@mondaydotcomorg/ignite-sdk';
-import { Action, AuthorizationObject, AuthorizationParams, Resource } from './types/general';
+import { AuthorizationObject, AuthorizationParams, Resource } from './types/general';
 import { ScopedAction, ScopedActionPermit, ScopedActionResponseObject, ScopeOptions } from './types/scoped-actions-contracts';
 export interface AuthorizeResponse {
     isAuthorized: boolean;
@@ -21,7 +21,7 @@ export declare class AuthorizationService {
      * @deprecated use the second form with authorizationRequestObjects instead,
      * support of this function will be dropped gradually
      */
-    static isAuthorized(accountId: number, userId: number, resources: Resource[], action: Action): Promise<AuthorizeResponse>;
+    static isAuthorized(accountId: number, userId: number, resources: Resource[], action: string): Promise<AuthorizeResponse>;
     static isAuthorized(accountId: number, userId: number, authorizationRequestObjects: AuthorizationObject[]): Promise<AuthorizeResponse>;
     /**
      * @deprecated - Please use Ignite instead: https://github.com/DaPulse/ignite-monorepo/blob/master/packages/ignite-sdk/README.md
@@ -40,5 +40,5 @@ export declare class AuthorizationService {
 }
 export declare function setRedisClient(client: any, grantedFeatureRedisExpirationInSeconds?: number): void;
 export declare function setIgniteClient(): Promise<void>;
-export declare function createAuthorizationParams(resources: Resource[], action: Action): AuthorizationParams;
+export declare function createAuthorizationParams(resources: Resource[], action: string): AuthorizationParams;
 //# sourceMappingURL=authorization-service.d.ts.map