@mondaydotcomorg/monday-authorization 3.5.3-feat-shaime-support-entity-attributes-in-authorization-sdk-a77c130 → 3.6.0-feat-shaime-support-entity-attributes-1-4c8e283

package/dist/utils/validation.js

@@ -1,117 +1,62 @@
 Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
 
-const zod = require('zod');
+const Ajv = require('ajv');
 const errors_argumentError = require('../errors/argument-error.js');
+const utils_assigmentSchema = require('./assigment-schema.js');
+
+const _interopDefault = e => e && e.__esModule ? e : { default: e };
+
+const Ajv__default = /*#__PURE__*/_interopDefault(Ajv);
 
 /**
- * Utility class for common validation operations using Zod
+ * Utility class for common validation operations using AJV
  */
 class ValidationUtils {
-    /**
-     * Validates that a value is an integer
-     * @param value The value to validate
-     * @param fieldName The name of the field for error messages
-     * @throws ArgumentError if value is not an integer
-     */
-    static validateInteger(value, fieldName) {
-        const schema = zod.z.number().int();
-        try {
-            schema.parse(value);
-        }
-        catch (error) {
-            if (error instanceof zod.z.ZodError) {
-                throw new errors_argumentError.ArgumentError(`${fieldName} must be an integer, got: ${value}`);
-            }
-            throw error;
+    static ajv = new Ajv__default.default({ allErrors: true });
+    static integerValidator = this.ajv.compile({ type: 'number', multipleOf: 1 });
+    static stringValidator = this.ajv.compile({ type: 'string', minLength: 1 });
+    static stringArrayValidator = this.ajv.compile({
+        type: 'array',
+        items: { type: 'string' },
+    });
+    static validateInteger(value) {
+        const valid = this.integerValidator(value);
+        if (!valid) {
+            throw new errors_argumentError.ArgumentError('Invalid integer');
         }
     }
-    /**
-     * Validates that a value is a non-empty string
-     * @param value The value to validate
-     * @param fieldName The name of the field for error messages
-     * @throws ArgumentError if value is not a string or is empty
-     */
-    static validateString(value, fieldName) {
-        const schema = zod.z.string().min(1);
-        try {
-            schema.parse(value);
-        }
-        catch (error) {
-            if (error instanceof zod.z.ZodError) {
-                if (typeof value !== 'string') {
-                    throw new errors_argumentError.ArgumentError(`${fieldName} must be a string, got: ${typeof value}`);
-                }
-                throw new errors_argumentError.ArgumentError(`${fieldName} must be a non-empty string`);
-            }
-            throw error;
+    static validateString(value) {
+        const valid = this.stringValidator(value);
+        if (!valid) {
+            throw new errors_argumentError.ArgumentError('Invalid string');
         }
     }
-    /**
-     * Validates that a value is an array and optionally checks minimum length
-     * @param value The value to validate
-     * @param fieldName The name of the field for error messages
-     * @param minLength Minimum required length (default: 0)
-     * @returns The validated array
-     * @throws ArgumentError if value is not an array or doesn't meet minimum length
-     */
-    static validateArray(value, fieldName, minLength = 0) {
-        const schema = zod.z.array(zod.z.any()).min(minLength);
-        try {
-            return schema.parse(value);
-        }
-        catch (error) {
-            if (error instanceof zod.z.ZodError) {
-                if (!Array.isArray(value)) {
-                    throw new errors_argumentError.ArgumentError(`${fieldName} must be an array`);
-                }
-                throw new errors_argumentError.ArgumentError(`${fieldName} must have at least ${minLength} items`);
-            }
-            throw error;
+    static validateStringArray(value) {
+        const valid = this.stringArrayValidator(value);
+        if (!valid) {
+            throw new errors_argumentError.ArgumentError('Invalid string array');
         }
     }
     /**
-     * Validates that a value is one of the allowed enum values
-     * @param value The value to validate
-     * @param validValues Array of valid values
-     * @param fieldName The name of the field for error messages
-     * @returns The validated value as the enum type
-     * @throws ArgumentError if value is not in validValues
+     * Validates an attribute assignment object using a single AJV schema.
+     * Preserves legacy error messages for each field.
      */
-    static validateEnum(value, validValues, fieldName) {
-        const schema = zod.z.enum(validValues);
-        try {
-            return schema.parse(value);
-        }
-        catch (error) {
-            if (error instanceof zod.z.ZodError) {
-                throw new errors_argumentError.ArgumentError(`${fieldName} must be one of [${validValues.join(', ')}], got: ${value}`);
-            }
-            throw error;
+    static validateResourceAssignment(resource) {
+        const valid = utils_assigmentSchema.resourceAssignmentSchema(resource);
+        if (!valid) {
+            const errorMessages = (utils_assigmentSchema.resourceAssignmentSchema.errors || [])
+                .map(err => err.message || 'validation failed')
+                .join(', ');
+            throw new errors_argumentError.ArgumentError(`Invalid resource attribute assignment: ${errorMessages}`);
         }
     }
-    /**
-     * Validates that all items in an array are strings
-     * @param value Array to validate
-     * @param fieldName The name of the field for error messages
-     * @throws ArgumentError if any item is not a string
-     */
-    static validateStringArray(value, fieldName) {
-        const schema = zod.z.array(zod.z.string());
-        try {
-            schema.parse(value);
-        }
-        catch (error) {
-            if (error instanceof zod.z.ZodError) {
-                const zodError = error;
-                const firstError = zodError.issues[0];
-                // Check if it's an array item validation error
-                if (firstError.path.length > 0 && typeof firstError.path[0] === 'number') {
-                    const index = firstError.path[0];
-                    throw new errors_argumentError.ArgumentError(`All ${fieldName} must be strings, but item at index ${index} is not`);
-                }
-                throw new errors_argumentError.ArgumentError(`${fieldName} must be an array`);
-            }
-            throw error;
+    static validateEntityAssignment(entity) {
+        const valid = utils_assigmentSchema.entityAssignmentSchema(entity);
+        if (!valid) {
+            const errorMessages = (utils_assigmentSchema.entityAssignmentSchema.errors || [])
+                .map(err => err.message || 'validation failed')
+                .join(', ');
+            throw new errors_argumentError.ArgumentError(`Invalid entity attribute assignment: ${errorMessages}`);
         }
     }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mondaydotcomorg/monday-authorization",
-  "version": "3.5.3-feat-shaime-support-entity-attributes-in-authorization-sdk-a77c130",
+  "version": "3.6.0-feat-shaime-support-entity-attributes-1-4c8e283",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "license": "BSD-3-Clause",
@@ -28,11 +28,11 @@
     "@mondaydotcomorg/monday-observability-kit": "^1.5.3",
     "@mondaydotcomorg/monday-sns": "^1.2.1",
     "@mondaydotcomorg/trident-backend-api": "^0.24.3",
+    "ajv": "^8.12.0",
     "lodash": "^4.17.21",
     "node-fetch": "^2.6.7",
     "on-headers": "^1.0.2",
-    "ts-node": "^10.0.0",
-    "zod": "^4.1.13"
+    "ts-node": "^10.0.0"
   },
   "devDependencies": {
     "@mondaydotcomorg/trident-library": "^1.1.44",

package/src/authorization-attributes-service.ts

@@ -1,47 +1,235 @@
-import { AuthorizationAttributesMsService } from './authorization-attributes-ms-service';
-import { AuthorizationAttributesSnsService } from './authorization-attributes-sns-service';
-import { IAuthorizationAttributesService } from './types/authorization-attributes-service.interface';
-
-/**
- * Main service class for managing resource and entity attributes.
- * Provides access to both direct (MS) and SNS operations.
- *
- * @example
- * ```typescript
- * const service = new AuthorizationAttributesService();
- *
- * // Use direct operations
- * await service.direct().upsertResourceAttributes(accountId, assignments);
- *
- * // Use SNS operations
- * await service.sns().upsertResourceAttributes(accountId, assignments, appName, actionId);
- * ```
- */
+import chunk from 'lodash/chunk.js';
+import { Api, FetcherConfig, HttpClient } from '@mondaydotcomorg/trident-backend-api';
+import { getTopicAttributes, sendToSns } from '@mondaydotcomorg/monday-sns';
+import { HttpFetcherError, RecursivePartial } from '@mondaydotcomorg/monday-fetch-api';
+import {
+  ResourceAttributeAssignment,
+  ResourceAttributeResponse,
+  ResourceAttributeUpsertOperation,
+} from './types/authorization-attributes-contracts';
+import { Resource } from './types/general';
+import { logger } from './authorization-internal-service';
+import { getAttributionsFromApi } from './attributions-service';
+import {
+  ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE,
+  RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND,
+  SNS_ARN_ENV_VAR_NAME,
+  SNS_DEV_TEST_NAME,
+} from './constants/sns';
+import { APP_NAME, DEFAULT_FETCH_OPTIONS, ERROR_MESSAGES } from './constants';
+import type { TopicAttributesMap } from 'aws-sdk/clients/sns';
+
 export class AuthorizationAttributesService {
-  private _directService: AuthorizationAttributesMsService | null = null;
-  private _snsService: AuthorizationAttributesSnsService | null = null;
+  private static LOG_TAG = 'authorization_attributes';
+  private static API_PATHS = {
+    UPSERT_RESOURCE_ATTRIBUTES: '/attributes/{accountId}/resource',
+    DELETE_RESOURCE_ATTRIBUTES: '/attributes/{accountId}/resource/{resourceType}/{resourceId}',
+  } as const;
+  private httpClient: HttpClient;
+  private fetchOptions: RecursivePartial<FetcherConfig>;
+  private snsArn: string;
+
+  /**
+   * Public constructor to create the AuthorizationAttributesService instance.
+   * @param httpClient The HTTP client to use for API requests, if not provided, the default HTTP client from Api will be used.
+   * @param fetchOptions The fetch options to use for API requests, if not provided, the default fetch options will be used.
+   */
+  constructor(httpClient?: HttpClient, fetchOptions?: RecursivePartial<FetcherConfig>) {
+    console.log(1);
+    if (!httpClient) {
+      httpClient = Api.getPart('httpClient');
+      if (!httpClient) {
+        throw new Error(ERROR_MESSAGES.HTTP_CLIENT_NOT_INITIALIZED);
+      }
+    }
+
+    if (!fetchOptions) {
+      fetchOptions = DEFAULT_FETCH_OPTIONS;
+    } else {
+      fetchOptions = {
+        ...DEFAULT_FETCH_OPTIONS,
+        ...fetchOptions,
+      };
+    }
+    this.httpClient = httpClient;
+    this.fetchOptions = fetchOptions;
+    this.snsArn = AuthorizationAttributesService.getSnsTopicArn();
+  }
+
+  /**
+   * Upsert resource attributes synchronously, performing http call to the authorization MS to assign the given attributes to the given resource.
+   * @param accountId
+   * @param resourceAttributeAssignments - Array of resource (resourceType, resourceId) and attribute (key, value) pairs to upsert in the authorization MS.
+   * e.g. [{ resourceType: 'board', resourceId: 123, key: 'board_kind', value: 'private' }]
+   * @returns ResourceAttributeResponse - The affected (created and updated_ resource attributes assignments in the `attributes` field.
+   */
+  async upsertResourceAttributes(
+    accountId: number,
+    resourceAttributeAssignments: ResourceAttributeAssignment[]
+  ): Promise<ResourceAttributeResponse> {
+    const attributionHeaders = getAttributionsFromApi();
+    try {
+      return await this.httpClient.fetch<ResourceAttributeResponse>(
+        {
+          url: {
+            appName: APP_NAME,
+            path: AuthorizationAttributesService.API_PATHS.UPSERT_RESOURCE_ATTRIBUTES.replace(
+              '{accountId}',
+              accountId.toString()
+            ),
+          },
+          method: 'POST',
+          headers: {
+            'Content-Type': 'application/json',
+            ...attributionHeaders,
+          },
+          body: JSON.stringify({ resourceAttributeAssignments }),
+        },
+        this.fetchOptions
+      );
+    } catch (err) {
+      if (err instanceof HttpFetcherError) {
+        throw new Error(ERROR_MESSAGES.REQUEST_FAILED('upsertResourceAttributes', err.status, err.message));
+      }
+      throw err;
+    }
+  }
 
   /**
-   * Gets the direct (MS) service instance.
-   * Initializes the service on first access (lazy initialization).
-   * @returns IAuthorizationAttributesService instance
+   * Delete resource attributes assignments synchronously, performing http call to the authorization MS to delete the given attributes from the given singular resource.
+   * @param accountId
+   * @param resource - The resource (resourceType, resourceId) to delete the attributes for.
+   * @param attributeKeys - Array of attribute keys to delete for the resource.
+   * @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
    */
-  direct(): IAuthorizationAttributesService {
-    if (this._directService === null) {
-      this._directService = new AuthorizationAttributesMsService();
+  async deleteResourceAttributes(
+    accountId: number,
+    resource: Resource,
+    attributeKeys: string[]
+  ): Promise<ResourceAttributeResponse> {
+    const attributionHeaders = getAttributionsFromApi();
+    if (!resource.id) {
+      throw new Error('Resource ID is required');
+    }
+    try {
+      return await this.httpClient.fetch<ResourceAttributeResponse>(
+        {
+          url: {
+            appName: APP_NAME,
+            path: AuthorizationAttributesService.API_PATHS.DELETE_RESOURCE_ATTRIBUTES.replace(
+              '{accountId}',
+              accountId.toString()
+            )
+              .replace('{resourceType}', resource.type)
+              .replace('{resourceId}', resource.id.toString()),
+          },
+          method: 'DELETE',
+          headers: {
+            'Content-Type': 'application/json',
+            ...attributionHeaders,
+          },
+          body: JSON.stringify({ keys: attributeKeys }),
+        },
+        this.fetchOptions
+      );
+    } catch (err) {
+      if (err instanceof HttpFetcherError) {
+        throw new Error(ERROR_MESSAGES.REQUEST_FAILED('deleteResourceAttributes', err.status, err.message));
+      }
+      throw err;
+    }
+  }
+
+  /**
+   *  Async function, this function only send the updates request to SNS and return before the change actually took place
+   * @param accountId
+   * @param appName - App name of the calling app
+   * @param callerActionIdentifier - action identifier
+   * @param resourceAttributeOperations - Array of operations to do on resource attributes.
+   * @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
+   *  */
+  async updateResourceAttributesAsync(
+    accountId: number,
+    appName: string,
+    callerActionIdentifier: string,
+    resourceAttributeOperations: ResourceAttributeUpsertOperation[]
+  ): Promise<ResourceAttributeUpsertOperation[]> {
+    const topicArn: string = this.snsArn;
+    const sendToSnsPromises: Promise<ResourceAttributeAssignment[]>[] = [];
+    const operationChucks = chunk(resourceAttributeOperations, ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE);
+    for (const operationsChunk of operationChucks) {
+      sendToSnsPromises.push(
+        this.sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operationsChunk)
+      );
+    }
+    return (await Promise.all(sendToSnsPromises)).flat() as ResourceAttributeUpsertOperation[];
+  }
+
+  private async sendSingleSnsMessage(
+    topicArn: string,
+    accountId: number,
+    appName: string,
+    callerActionIdentifier: string,
+    operations: ResourceAttributeAssignment[]
+  ): Promise<ResourceAttributeAssignment[]> {
+    const payload = {
+      kind: RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND,
+      payload: {
+        accountId: accountId,
+        callerAppName: appName,
+        callerActionIdentifier: callerActionIdentifier,
+        operations: operations,
+      },
+    };
+    try {
+      await sendToSns(payload, topicArn);
+      return operations;
+    } catch (error) {
+      logger.error(
+        { error, tag: AuthorizationAttributesService.LOG_TAG },
+        'Authorization resource attributes async update: failed to send operations to SNS'
+      );
+      return [];
+    }
+  }
+
+  private static getSnsTopicArn(): string {
+    const arnFromEnv: string | undefined = process.env[SNS_ARN_ENV_VAR_NAME];
+    if (arnFromEnv) {
+      return arnFromEnv;
+    }
+    if (process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'test') {
+      return SNS_DEV_TEST_NAME;
     }
-    return this._directService;
+    throw new Error('Unable to get sns topic arn from env variable');
   }
 
   /**
-   * Gets the SNS service instance.
-   * Initializes the service on first access (lazy initialization).
-   * @returns IAuthorizationAttributesService instance
+   * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
+   * This function can be used as health check for services that updating resource attributes in async is crucial.
+   * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
+   * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
+   * However, this is the best we can do without actually push dummy messages to the SNS.
+   * @return {Promise<boolean>} - true if succeeded
    */
-  sns(): IAuthorizationAttributesService {
-    if (this._snsService === null) {
-      this._snsService = new AuthorizationAttributesSnsService();
+  async asyncResourceAttributesHealthCheck(): Promise<boolean> {
+    try {
+      const requestedTopicArn: string = this.snsArn;
+      const attributes: TopicAttributesMap = await getTopicAttributes(requestedTopicArn);
+      const isHealthy = !(!attributes || !('TopicArn' in attributes) || attributes.TopicArn !== requestedTopicArn);
+      if (!isHealthy) {
+        logger.error(
+          { requestedTopicArn, snsReturnedAttributes: attributes, tag: AuthorizationAttributesService.LOG_TAG },
+          'authorization-attributes-service failed in health check'
+        );
+      }
+      return isHealthy;
+    } catch (error) {
+      logger.error(
+        { error, tag: AuthorizationAttributesService.LOG_TAG },
+        'authorization-attributes-service got error during health check'
+      );
+      return false;
     }
-    return this._snsService;
   }
 }

package/src/authorization-middleware.ts

@@ -1,13 +1,13 @@
 import onHeaders from 'on-headers';
 import { AuthorizationInternalService } from './authorization-internal-service';
 import { AuthorizationService, createAuthorizationParams } from './authorization-service';
-import { BaseRequest, BaseResponse, Context, ContextGetter, ResourceGetter } from './types/general';
+import { Action, BaseRequest, BaseResponse, Context, ContextGetter, ResourceGetter } from './types/general';
 import type { NextFunction } from 'express';
 
 // getAuthorizationMiddleware is duplicated in testKit/index.ts
 // If you are making changes to this function, please make sure to update the other file as well
 export function getAuthorizationMiddleware(
-  action: string,
+  action: Action,
   resourceGetter: ResourceGetter,
   contextGetter?: ContextGetter
 ) {

package/src/authorization-service.ts

@@ -3,7 +3,7 @@ import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
 import { Api } from '@mondaydotcomorg/trident-backend-api';
 import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
 import { getIgniteClient, IgniteClient } from '@mondaydotcomorg/ignite-sdk';
-import { AuthorizationObject, AuthorizationParams, Resource } from './types/general';
+import { Action, AuthorizationObject, AuthorizationParams, Resource } from './types/general';
 import { sendAuthorizationCheckResponseTimeMetric } from './prometheus-service';
 import { recordAuthorizationTiming } from './metrics-service';
 import {
@@ -74,7 +74,7 @@ export class AuthorizationService {
     accountId: number,
     userId: number,
     resources: Resource[],
-    action: string
+    action: Action
   ): Promise<AuthorizeResponse>;
 
   static async isAuthorized(
@@ -223,7 +223,7 @@ export class AuthorizationService {
     accountId: number,
     userId: number,
     resources: Resource[],
-    action: string
+    action: Action
   ): Promise<AuthorizeResponse> {
     const { authorizationObjects } = createAuthorizationParams(resources, action);
     return this.isAuthorizedMultiple(accountId, userId, authorizationObjects);
@@ -338,7 +338,7 @@ export async function setIgniteClient() {
   AuthorizationInternalService.setIgniteClient(igniteClient);
 }
 
-export function createAuthorizationParams(resources: Resource[], action: string): AuthorizationParams {
+export function createAuthorizationParams(resources: Resource[], action: Action): AuthorizationParams {
   const params = {
     authorizationObjects: resources.map((resource: Resource) => {
       const authorizationObject: AuthorizationObject = {

package/src/base-attribute-assignment.ts

@@ -1,37 +1,18 @@
-import { ValidationUtils } from './utils/validation';
+import isEqual from 'lodash/isEqual.js';
 
 /**
  * Base class for attribute assignments (Resource or Entity)
  * Provides common validation and functionality
  */
-export abstract class BaseAttributeAssignment<TId extends number, TType extends string> {
-  public readonly id: TId;
-  public readonly type: TType;
+export abstract class BaseAttributeAssignment<T, R> {
+  public readonly id: number;
+  public readonly type: T;
   public readonly attributeKey: string;
   public readonly attributeValue: string;
 
-  constructor(
-    id: TId,
-    type: string,
-    attributeKey: string,
-    attributeValue: string,
-    validTypes: readonly string[],
-    idFieldName: string,
-    typeFieldName: string
-  ) {
-    // Validate id
-    ValidationUtils.validateInteger(id, idFieldName);
-
-    // Validate type
-    this.type = ValidationUtils.validateEnum(type, validTypes as readonly TType[], typeFieldName) as TType;
-
-    // Validate attributeKey
-    ValidationUtils.validateString(attributeKey, 'attributeKey');
-
-    // Validate attributeValue
-    ValidationUtils.validateString(attributeValue, 'attributeValue');
-
+  constructor(id: number, type: T, attributeKey: string, attributeValue: string) {
     this.id = id;
+    this.type = type;
     this.attributeKey = attributeKey;
     this.attributeValue = attributeValue;
   }
@@ -41,15 +22,9 @@ export abstract class BaseAttributeAssignment<TId extends number, TType extends
    * @param other Another assignment instance
    * @returns true if all properties are equal
    */
-  equals(other: BaseAttributeAssignment<TId, TType>): boolean {
-    if (!(other instanceof this.constructor)) {
-      return false;
-    }
-    return (
-      this.id === other.id &&
-      this.type === other.type &&
-      this.attributeKey === other.attributeKey &&
-      this.attributeValue === other.attributeValue
-    );
+  equals(other: BaseAttributeAssignment<T, R>): boolean {
+    return isEqual(this, other);
   }
+
+  abstract toDataTransferObject(): R;
 }

package/src/constants/sns.ts

@@ -1,22 +1,5 @@
-export enum SnsTopicType {
-  RESOURCE = 'resource',
-  ENTITY = 'entity',
-}
-
-// Resource SNS constants
-export const RESOURCE_SNS_ARN_ENV_VAR_NAME = 'SHARED_AUTHORIZATION_SNS_ENDPOINT_RESOURCE_ATTRIBUTES';
-export const RESOURCE_SNS_DEV_TEST_NAME =
+export const SNS_ARN_ENV_VAR_NAME = 'SHARED_AUTHORIZATION_SNS_ENDPOINT_RESOURCE_ATTRIBUTES';
+export const SNS_DEV_TEST_NAME =
   'arn:aws:sns:us-east-1:000000000000:monday-authorization-resource-attributes-sns-local';
-
-// Entity SNS constants
-export const ENTITY_SNS_ARN_ENV_VAR_NAME = 'SHARED_AUTHORIZATION_SNS_ENDPOINT_ENTITY_ATTRIBUTES';
-export const ENTITY_SNS_DEV_TEST_NAME =
-  'arn:aws:sns:us-east-1:000000000000:monday-authorization-entity-attributes-sns-local';
 export const RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND = 'resourceAttributeModification';
-export const ENTITY_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND = 'entityAttributeModification';
 export const ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE = 100;
-export const ASYNC_ENTITY_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE = 100;
-
-// Legacy exports for backward compatibility
-export const SNS_ARN_ENV_VAR_NAME = RESOURCE_SNS_ARN_ENV_VAR_NAME;
-export const SNS_DEV_TEST_NAME = RESOURCE_SNS_DEV_TEST_NAME;

package/src/entity-attribute-assignment.ts

@@ -1,17 +1,20 @@
-import { ENTITY_TYPES, EntityType } from './entity-attributes-constants';
+import { EntityType } from './entity-attributes-constants';
 import { BaseAttributeAssignment } from './base-attribute-assignment';
+import { EntityAttributeAssignment as EntityAttributeAssignmentContract } from './types/authorization-attributes-contracts';
+import { ValidationUtils } from './utils/validation';
 
-export class EntityAttributeAssignment extends BaseAttributeAssignment<number, EntityType> {
+export class EntityAttributeAssignment extends BaseAttributeAssignment<EntityType, EntityAttributeAssignmentContract> {
   public readonly entityId: number;
   public readonly entityType: EntityType;
 
-  constructor(entityId: number, entityType: string, attributeKey: string, attributeValue: string) {
-    super(entityId, entityType, attributeKey, attributeValue, Object.values(ENTITY_TYPES), 'entityId', 'entityType');
+  constructor(entityId: number, entityType: EntityType, key: string, value: string) {
+    ValidationUtils.validateEntityAssignment({ entityId, entityType, key, value });
+    super(entityId, entityType, key, value);
     this.entityId = entityId;
-    this.entityType = this.type;
+    this.entityType = entityType;
   }
 
-  toDataTransferObject() {
+  toDataTransferObject(): EntityAttributeAssignmentContract {
     return {
       entityId: this.entityId,
       entityType: this.entityType,

package/src/entity-attributes-constants.ts

@@ -1,7 +1,7 @@
-export const ENTITY_TYPES = {
-  USER: 'user',
-  TEAM: 'team',
-  ACCOUNT: 'account',
-} as const;
+export enum EntityType {
+  User = 'user',
+  Team = 'team',
+  Account = 'account',
+}
 
-export type EntityType = (typeof ENTITY_TYPES)[keyof typeof ENTITY_TYPES];
+export const ENTITY_TYPES = Object.freeze(Object.values(EntityType));

package/src/errors/argument-error.ts

@@ -2,6 +2,5 @@ export class ArgumentError extends Error {
   constructor(message: string) {
     super(message);
     this.name = 'ArgumentError';
-    Object.setPrototypeOf(this, ArgumentError.prototype);
   }
 }