@mondaydotcomorg/monday-authorization 3.6.0-feat-shaime-support-entity-attributes-1-4c8e283 → 3.6.0-feat-shaime-support-entity-attributes-3-78dca48

package/dist/esm/authorization-attributes-ms-service.mjs

@@ -0,0 +1,261 @@
+import { Api } from '@mondaydotcomorg/trident-backend-api';
+import { signAuthorizationHeader } from '@mondaydotcomorg/monday-jwt';
+import { ResourceAttributeAssignment } from './resource-attribute-assignment.mjs';
+import { EntityAttributeAssignment } from './entity-attribute-assignment.mjs';
+import { AttributeOperation } from './types/authorization-attributes-contracts.mjs';
+import { logger, AuthorizationInternalService } from './authorization-internal-service.mjs';
+import { getAttributionsFromApi } from './attributions-service.mjs';
+import { APP_NAME } from './constants.mjs';
+import { ValidationUtils } from './utils/validation.mjs';
+
+const INTERNAL_APP_NAME = 'internal_ms';
+const UPSERT_RESOURCE_ATTRIBUTES_PATH = '/attributes/{accountId}/resource';
+const DELETE_RESOURCE_ATTRIBUTES_PATH = '/attributes/{accountId}/resource/{resourceType}/{resourceId}';
+const UPSERT_ENTITY_ATTRIBUTES_PATH = '/attributes/{accountId}/entity';
+const DELETE_ENTITY_ATTRIBUTES_PATH = '/attributes/{accountId}/entity/{entityType}/{entityId}';
+/**
+ * Service class for managing resource attributes in the authorization microservice.
+ * Provides synchronous HTTP operations to create/update and delete attributes on resources.
+ */
+class AuthorizationAttributesMsService {
+    static LOG_TAG = 'authorization_attributes_ms';
+    static httpClient = Api.getPart('httpClient');
+    constructor() {
+        if (!AuthorizationAttributesMsService.httpClient) {
+            AuthorizationAttributesMsService.httpClient = Api.getPart('httpClient');
+            if (!AuthorizationAttributesMsService.httpClient) {
+                throw new Error('HTTP client is not initialized');
+            }
+        }
+    }
+    /**
+     * Deletes a specific attribute from a resource synchronously.
+     * @param accountId The account ID
+     * @param resource Object with resourceType (string) and resourceId (number)
+     * @param attributeKey Attribute key string to delete
+     * @returns Promise<ResourceAttributeDeleteOperation>
+     */
+    async deleteResourceAttributes(accountId, resource, attributeKey, _appName, _callerActionIdentifier) {
+        ValidationUtils.validateResource(resource);
+        ValidationUtils.validatDeleteResourceAssignment({
+            resourceType: resource.type,
+            resourceId: resource.id,
+            key: attributeKey,
+        });
+        await AuthorizationAttributesMsService.executeDeleteRequest(accountId, DELETE_RESOURCE_ATTRIBUTES_PATH, {
+            resourceType: resource.type,
+            resourceId: resource.id,
+        }, [attributeKey], 'resource', 'deleteResourceAttributesSync');
+        return {
+            resourceType: resource.type,
+            resourceId: resource.id,
+            key: attributeKey,
+            operationType: AttributeOperation.DELETE,
+        };
+    }
+    /**
+     * Deletes a specific attribute from an entity synchronously.
+     * @param accountId The account ID
+     * @param entityType The entity type
+     * @param entityId The entity ID
+     * @param attributeKey Attribute key string to delete
+     * @returns Promise<EntityAttributeDeleteOperation>
+     */
+    async deleteEntityAttributes(accountId, entityType, entityId, attributeKey, _appName, _callerActionIdentifier) {
+        ValidationUtils.validateInteger(accountId);
+        await AuthorizationAttributesMsService.executeDeleteRequest(accountId, DELETE_ENTITY_ATTRIBUTES_PATH, {
+            entityType,
+            entityId,
+        }, [attributeKey], 'entity', 'deleteEntityAttributesSync');
+        return {
+            entityType,
+            entityId,
+            key: attributeKey,
+            operationType: AttributeOperation.DELETE,
+        };
+    }
+    /**
+     * Updates a resource attribute (single operation - upsert only).
+     * @param accountId The account ID
+     * @param appName App name (required for interface compatibility, but not used in MS service)
+     * @param callerActionIdentifier Action identifier (required for interface compatibility, but not used in MS service)
+     * @param resourceAttributeOperation Operation to perform (must be UPSERT)
+     * @returns Promise<ResourceAttributeUpsertOperation> Processed operation
+     */
+    async updateResourceAttributes(accountId, _appName, _callerActionIdentifier, resourceAttributeOperation) {
+        ValidationUtils.validatUpsertResourceAssignment({
+            resourceId: resourceAttributeOperation.resourceId,
+            resourceType: resourceAttributeOperation.resourceType,
+            key: resourceAttributeOperation.key,
+            value: resourceAttributeOperation.value,
+        });
+        await AuthorizationAttributesMsService.executeUpsertRequest(accountId, [
+            new ResourceAttributeAssignment(resourceAttributeOperation.resourceId, resourceAttributeOperation.resourceType, resourceAttributeOperation.key, resourceAttributeOperation.value || ''),
+        ], UPSERT_RESOURCE_ATTRIBUTES_PATH, 'resourceAttributeAssignments', 'resource', 'updateResourceAttributesSync');
+        return resourceAttributeOperation;
+    }
+    /**
+     * Updates an entity attribute (single operation - upsert only).
+     * @param accountId The account ID
+     * @param appName App name (required for interface compatibility, but not used in MS service)
+     * @param callerActionIdentifier Action identifier (required for interface compatibility, but not used in MS service)
+     * @param entityAttributeOperation Operation to perform (must be UPSERT)
+     * @returns Promise<EntityAttributeUpsertOperation> Processed operation
+     */
+    async updateEntityAttributes(accountId, _appName, _callerActionIdentifier, entityAttributeOperation) {
+        // Validate before processing
+        ValidationUtils.validatUpsertEntityAssignment({
+            entityId: entityAttributeOperation.entityId,
+            entityType: entityAttributeOperation.entityType,
+            key: entityAttributeOperation.key,
+            value: entityAttributeOperation.value,
+        });
+        await AuthorizationAttributesMsService.executeUpsertRequest(accountId, [
+            new EntityAttributeAssignment(entityAttributeOperation.entityId, entityAttributeOperation.entityType, entityAttributeOperation.key, entityAttributeOperation.value),
+        ], UPSERT_ENTITY_ATTRIBUTES_PATH, 'entityAttributeAssignments', 'entity', 'upsertEntityAttributesSync');
+        return entityAttributeOperation;
+    }
+    /**
+     * Replaces path template parameters with actual values
+     * @param template Path template with placeholders like {accountId}
+     * @param params Object with parameter names and values
+     * @returns Path with all placeholders replaced
+     */
+    static replacePathParams(template, params) {
+        let path = template;
+        for (const [key, value] of Object.entries(params)) {
+            path = path.replace(`{${key}}`, String(value));
+        }
+        return path;
+    }
+    /**
+     * Generic helper for executing delete requests
+     */
+    static async executeDeleteRequest(accountId, pathTemplate, pathParams, keys, logPrefix, methodName) {
+        // Validate inputs
+        ValidationUtils.validateInteger(accountId);
+        ValidationUtils.validateStringArray(keys);
+        if (!keys.length) {
+            logger.warn({ tag: this.LOG_TAG, accountId, ...pathParams }, `${methodName} called with empty keys array`);
+            return;
+        }
+        const requestBody = { keys };
+        if (!AuthorizationAttributesMsService.httpClient) {
+            throw new Error('AuthorizationAttributesMsService: HTTP client is not initialized');
+        }
+        const path = AuthorizationAttributesMsService.replacePathParams(pathTemplate, { accountId, ...pathParams });
+        const headers = AuthorizationAttributesMsService.getRequestHeaders(accountId);
+        try {
+            logger.info({ tag: AuthorizationAttributesMsService.LOG_TAG, accountId, ...pathParams, keys }, `Deleting ${logPrefix} attributes`);
+            await AuthorizationAttributesMsService.httpClient.fetch({
+                url: {
+                    appName: APP_NAME,
+                    path,
+                },
+                method: 'DELETE',
+                headers,
+                body: JSON.stringify(requestBody),
+            }, {
+                timeout: AuthorizationInternalService.getRequestTimeout(),
+                retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
+            });
+            logger.debug({ tag: AuthorizationAttributesMsService.LOG_TAG, accountId, ...pathParams, keys }, `Successfully deleted ${logPrefix} attributes`);
+        }
+        catch (err) {
+            logger.error({
+                tag: AuthorizationAttributesMsService.LOG_TAG,
+                method: methodName,
+                accountId,
+                ...pathParams,
+                error: err instanceof Error ? err.message : String(err),
+            }, `Failed in ${methodName}`);
+            throw err;
+        }
+    }
+    /**
+     * Gets request headers including Authorization, Content-Type, and optional attribution headers
+     */
+    static getRequestHeaders(accountId, userId) {
+        const headers = {
+            'Content-Type': 'application/json',
+        };
+        // Generate Authorization token
+        const authToken = signAuthorizationHeader({
+            appName: INTERNAL_APP_NAME,
+            accountId,
+            userId,
+        });
+        headers.Authorization = authToken;
+        // Add attribution headers if available
+        const attributionHeaders = getAttributionsFromApi();
+        for (const key in attributionHeaders) {
+            if (Object.prototype.hasOwnProperty.call(attributionHeaders, key)) {
+                headers[key] = attributionHeaders[key];
+            }
+        }
+        // Add X-REQUEST-ID if available from context
+        try {
+            const tridentContext = Api.getPart('context');
+            if (tridentContext?.runtimeAttributions) {
+                const outgoingHeaders = tridentContext.runtimeAttributions.buildOutgoingHeaders('HTTP_INTERNAL');
+                if (outgoingHeaders) {
+                    const attributionHeadersMap = {};
+                    for (const [key, value] of outgoingHeaders) {
+                        attributionHeadersMap[key] = value;
+                    }
+                    if (attributionHeadersMap['x-request-id']) {
+                        headers['X-REQUEST-ID'] = attributionHeadersMap['x-request-id'];
+                    }
+                }
+            }
+        }
+        catch (error) {
+            // Silently fail if context is not available
+            logger.debug({ tag: AuthorizationAttributesMsService.LOG_TAG, error }, 'Failed to get request ID from context');
+        }
+        // Add X-REQUEST-START timestamp
+        headers['X-REQUEST-START'] = Math.floor(Date.now() / 1000).toString();
+        return headers;
+    }
+    /**
+     * Generic helper for executing upsert requests
+     */
+    static async executeUpsertRequest(accountId, assignments, pathTemplate, requestBodyKey, logPrefix, methodName) {
+        const assignmentDto = assignments.map(assignment => assignment.toDataTransferObject());
+        const requestBody = requestBodyKey === 'resourceAttributeAssignments'
+            ? { resourceAttributeAssignments: assignmentDto }
+            : { entityAttributeAssignments: assignmentDto };
+        if (!AuthorizationAttributesMsService.httpClient) {
+            throw new Error('AuthorizationAttributesMsService: HTTP client is not initialized');
+        }
+        const path = AuthorizationAttributesMsService.replacePathParams(pathTemplate, { accountId });
+        const headers = AuthorizationAttributesMsService.getRequestHeaders(accountId);
+        try {
+            logger.info({ tag: AuthorizationAttributesMsService.LOG_TAG, accountId, count: assignments.length }, `Upserting ${logPrefix} attributes`);
+            await AuthorizationAttributesMsService.httpClient.fetch({
+                url: {
+                    appName: APP_NAME,
+                    path,
+                },
+                method: 'POST',
+                headers,
+                body: JSON.stringify(requestBody),
+            }, {
+                timeout: AuthorizationInternalService.getRequestTimeout(),
+                retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
+            });
+            logger.debug({ tag: AuthorizationAttributesMsService.LOG_TAG, accountId, count: assignments.length }, `Successfully upserted ${logPrefix} attributes`);
+        }
+        catch (err) {
+            logger.error({
+                tag: AuthorizationAttributesMsService.LOG_TAG,
+                method: methodName,
+                accountId,
+                error: err instanceof Error ? err.message : String(err),
+            }, `Failed in ${methodName}`);
+            throw err;
+        }
+    }
+}
+
+export { AuthorizationAttributesMsService };

package/dist/esm/authorization-attributes-service.d.ts

@@ -1,54 +1,32 @@
-import { FetcherConfig, HttpClient } from '@mondaydotcomorg/trident-backend-api';
-import { RecursivePartial } from '@mondaydotcomorg/monday-fetch-api';
-import { ResourceAttributeAssignment, ResourceAttributeResponse, ResourceAttributeUpsertOperation } from './types/authorization-attributes-contracts';
-import { Resource } from './types/general';
+import { AuthorizationAttributesService as IAuthorizationAttributesService } from './types/authorization-attributes-service.interface';
+/**
+ * Main service class for managing resource and entity attributes.
+ * Provides access to both direct (MS) and SNS operations.
+ *
+ * @example
+ * const service = new AuthorizationAttributesService();
+ *
+ * // Use direct operations
+ * await service.direct().upsertResourceAttributes(accountId, assignments);
+ *
+ * // Use SNS operations
+ * await service.sns().upsertResourceAttributes(accountId, assignments, appName, actionId);
+ * ```
+ */
 export declare class AuthorizationAttributesService {
-    private static LOG_TAG;
-    private static API_PATHS;
-    private httpClient;
-    private fetchOptions;
-    private snsArn;
+    private _directService;
+    private _snsService;
     /**
-     * Public constructor to create the AuthorizationAttributesService instance.
-     * @param httpClient The HTTP client to use for API requests, if not provided, the default HTTP client from Api will be used.
-     * @param fetchOptions The fetch options to use for API requests, if not provided, the default fetch options will be used.
+     * Gets the direct (MS) service instance.
+     * Initializes the service on first access (lazy initialization).
+     * @returns IAuthorizationAttributesService instance
      */
-    constructor(httpClient?: HttpClient, fetchOptions?: RecursivePartial<FetcherConfig>);
+    direct(): IAuthorizationAttributesService;
     /**
-     * Upsert resource attributes synchronously, performing http call to the authorization MS to assign the given attributes to the given resource.
-     * @param accountId
-     * @param resourceAttributeAssignments - Array of resource (resourceType, resourceId) and attribute (key, value) pairs to upsert in the authorization MS.
-     * e.g. [{ resourceType: 'board', resourceId: 123, key: 'board_kind', value: 'private' }]
-     * @returns ResourceAttributeResponse - The affected (created and updated_ resource attributes assignments in the `attributes` field.
+     * Gets the SNS service instance.
+     * Initializes the service on first access (lazy initialization).
+     * @returns IAuthorizationAttributesService instance
      */
-    upsertResourceAttributes(accountId: number, resourceAttributeAssignments: ResourceAttributeAssignment[]): Promise<ResourceAttributeResponse>;
-    /**
-     * Delete resource attributes assignments synchronously, performing http call to the authorization MS to delete the given attributes from the given singular resource.
-     * @param accountId
-     * @param resource - The resource (resourceType, resourceId) to delete the attributes for.
-     * @param attributeKeys - Array of attribute keys to delete for the resource.
-     * @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
-     */
-    deleteResourceAttributes(accountId: number, resource: Resource, attributeKeys: string[]): Promise<ResourceAttributeResponse>;
-    /**
-     *  Async function, this function only send the updates request to SNS and return before the change actually took place
-     * @param accountId
-     * @param appName - App name of the calling app
-     * @param callerActionIdentifier - action identifier
-     * @param resourceAttributeOperations - Array of operations to do on resource attributes.
-     * @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
-     *  */
-    updateResourceAttributesAsync(accountId: number, appName: string, callerActionIdentifier: string, resourceAttributeOperations: ResourceAttributeUpsertOperation[]): Promise<ResourceAttributeUpsertOperation[]>;
-    private sendSingleSnsMessage;
-    private static getSnsTopicArn;
-    /**
-     * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
-     * This function can be used as health check for services that updating resource attributes in async is crucial.
-     * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
-     * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
-     * However, this is the best we can do without actually push dummy messages to the SNS.
-     * @return {Promise<boolean>} - true if succeeded
-     */
-    asyncResourceAttributesHealthCheck(): Promise<boolean>;
+    sns(): IAuthorizationAttributesService;
 }
 //# sourceMappingURL=authorization-attributes-service.d.ts.map

package/dist/esm/authorization-attributes-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-attributes-service.d.ts","sourceRoot":"","sources":["../../src/authorization-attributes-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAO,aAAa,EAAE,UAAU,EAAE,MAAM,sCAAsC,CAAC;AAEtF,OAAO,EAAoB,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACvF,OAAO,EACL,2BAA2B,EAC3B,yBAAyB,EACzB,gCAAgC,EACjC,MAAM,4CAA4C,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAY3C,qBAAa,8BAA8B;IACzC,OAAO,CAAC,MAAM,CAAC,OAAO,CAA8B;IACpD,OAAO,CAAC,MAAM,CAAC,SAAS,CAGb;IACX,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,YAAY,CAAkC;IACtD,OAAO,CAAC,MAAM,CAAS;IAEvB;;;;OAIG;gBACS,UAAU,CAAC,EAAE,UAAU,EAAE,YAAY,CAAC,EAAE,gBAAgB,CAAC,aAAa,CAAC;IAsBnF;;;;;;OAMG;IACG,wBAAwB,CAC5B,SAAS,EAAE,MAAM,EACjB,4BAA4B,EAAE,2BAA2B,EAAE,GAC1D,OAAO,CAAC,yBAAyB,CAAC;IA6BrC;;;;;;OAMG;IACG,wBAAwB,CAC5B,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,QAAQ,EAClB,aAAa,EAAE,MAAM,EAAE,GACtB,OAAO,CAAC,yBAAyB,CAAC;IAkCrC;;;;;;;UAOM;IACA,6BAA6B,CACjC,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,sBAAsB,EAAE,MAAM,EAC9B,2BAA2B,EAAE,gCAAgC,EAAE,GAC9D,OAAO,CAAC,gCAAgC,EAAE,CAAC;YAYhC,oBAAoB;IA4BlC,OAAO,CAAC,MAAM,CAAC,cAAc;IAW7B;;;;;;;OAOG;IACG,kCAAkC,IAAI,OAAO,CAAC,OAAO,CAAC;CAoB7D"}
+{"version":3,"file":"authorization-attributes-service.d.ts","sourceRoot":"","sources":["../../src/authorization-attributes-service.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,8BAA8B,IAAI,+BAA+B,EAAE,MAAM,oDAAoD,CAAC;AAEvI;;;;;;;;;;;;;GAaG;AACH,qBAAa,8BAA8B;IACzC,OAAO,CAAC,cAAc,CAAiD;IACvE,OAAO,CAAC,WAAW,CAAkD;IAErE;;;;OAIG;IACH,MAAM,IAAI,+BAA+B;IAOzC;;;;OAIG;IACH,GAAG,IAAI,+BAA+B;CAMvC"}

package/dist/esm/authorization-attributes-service.mjs

@@ -1,180 +1,44 @@
-import chunk from 'lodash/chunk.js';
-import { Api } from '@mondaydotcomorg/trident-backend-api';
-import { sendToSns, getTopicAttributes } from '@mondaydotcomorg/monday-sns';
-import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
-import { logger } from './authorization-internal-service.mjs';
-import { getAttributionsFromApi } from './attributions-service.mjs';
-import { ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE, SNS_ARN_ENV_VAR_NAME, SNS_DEV_TEST_NAME, RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND } from './constants/sns.mjs';
-import { ERROR_MESSAGES, DEFAULT_FETCH_OPTIONS, APP_NAME } from './constants.mjs';
+import { AuthorizationAttributesMsService } from './authorization-attributes-ms-service.mjs';
+import { AuthorizationAttributesSnsService } from './authorization-attributes-sns-service.mjs';
 
+/**
+ * Main service class for managing resource and entity attributes.
+ * Provides access to both direct (MS) and SNS operations.
+ *
+ * @example
+ * const service = new AuthorizationAttributesService();
+ *
+ * // Use direct operations
+ * await service.direct().upsertResourceAttributes(accountId, assignments);
+ *
+ * // Use SNS operations
+ * await service.sns().upsertResourceAttributes(accountId, assignments, appName, actionId);
+ * ```
+ */
 class AuthorizationAttributesService {
-    static LOG_TAG = 'authorization_attributes';
-    static API_PATHS = {
-        UPSERT_RESOURCE_ATTRIBUTES: '/attributes/{accountId}/resource',
-        DELETE_RESOURCE_ATTRIBUTES: '/attributes/{accountId}/resource/{resourceType}/{resourceId}',
-    };
-    httpClient;
-    fetchOptions;
-    snsArn;
+    _directService = null;
+    _snsService = null;
     /**
-     * Public constructor to create the AuthorizationAttributesService instance.
-     * @param httpClient The HTTP client to use for API requests, if not provided, the default HTTP client from Api will be used.
-     * @param fetchOptions The fetch options to use for API requests, if not provided, the default fetch options will be used.
+     * Gets the direct (MS) service instance.
+     * Initializes the service on first access (lazy initialization).
+     * @returns IAuthorizationAttributesService instance
      */
-    constructor(httpClient, fetchOptions) {
-        console.log(1);
-        if (!httpClient) {
-            httpClient = Api.getPart('httpClient');
-            if (!httpClient) {
-                throw new Error(ERROR_MESSAGES.HTTP_CLIENT_NOT_INITIALIZED);
-            }
-        }
-        if (!fetchOptions) {
-            fetchOptions = DEFAULT_FETCH_OPTIONS;
-        }
-        else {
-            fetchOptions = {
-                ...DEFAULT_FETCH_OPTIONS,
-                ...fetchOptions,
-            };
-        }
-        this.httpClient = httpClient;
-        this.fetchOptions = fetchOptions;
-        this.snsArn = AuthorizationAttributesService.getSnsTopicArn();
-    }
-    /**
-     * Upsert resource attributes synchronously, performing http call to the authorization MS to assign the given attributes to the given resource.
-     * @param accountId
-     * @param resourceAttributeAssignments - Array of resource (resourceType, resourceId) and attribute (key, value) pairs to upsert in the authorization MS.
-     * e.g. [{ resourceType: 'board', resourceId: 123, key: 'board_kind', value: 'private' }]
-     * @returns ResourceAttributeResponse - The affected (created and updated_ resource attributes assignments in the `attributes` field.
-     */
-    async upsertResourceAttributes(accountId, resourceAttributeAssignments) {
-        const attributionHeaders = getAttributionsFromApi();
-        try {
-            return await this.httpClient.fetch({
-                url: {
-                    appName: APP_NAME,
-                    path: AuthorizationAttributesService.API_PATHS.UPSERT_RESOURCE_ATTRIBUTES.replace('{accountId}', accountId.toString()),
-                },
-                method: 'POST',
-                headers: {
-                    'Content-Type': 'application/json',
-                    ...attributionHeaders,
-                },
-                body: JSON.stringify({ resourceAttributeAssignments }),
-            }, this.fetchOptions);
-        }
-        catch (err) {
-            if (err instanceof HttpFetcherError) {
-                throw new Error(ERROR_MESSAGES.REQUEST_FAILED('upsertResourceAttributes', err.status, err.message));
-            }
-            throw err;
+    direct() {
+        if (this._directService === null) {
+            this._directService = new AuthorizationAttributesMsService();
         }
+        return this._directService;
     }
     /**
-     * Delete resource attributes assignments synchronously, performing http call to the authorization MS to delete the given attributes from the given singular resource.
-     * @param accountId
-     * @param resource - The resource (resourceType, resourceId) to delete the attributes for.
-     * @param attributeKeys - Array of attribute keys to delete for the resource.
-     * @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
+     * Gets the SNS service instance.
+     * Initializes the service on first access (lazy initialization).
+     * @returns IAuthorizationAttributesService instance
      */
-    async deleteResourceAttributes(accountId, resource, attributeKeys) {
-        const attributionHeaders = getAttributionsFromApi();
-        if (!resource.id) {
-            throw new Error('Resource ID is required');
-        }
-        try {
-            return await this.httpClient.fetch({
-                url: {
-                    appName: APP_NAME,
-                    path: AuthorizationAttributesService.API_PATHS.DELETE_RESOURCE_ATTRIBUTES.replace('{accountId}', accountId.toString())
-                        .replace('{resourceType}', resource.type)
-                        .replace('{resourceId}', resource.id.toString()),
-                },
-                method: 'DELETE',
-                headers: {
-                    'Content-Type': 'application/json',
-                    ...attributionHeaders,
-                },
-                body: JSON.stringify({ keys: attributeKeys }),
-            }, this.fetchOptions);
-        }
-        catch (err) {
-            if (err instanceof HttpFetcherError) {
-                throw new Error(ERROR_MESSAGES.REQUEST_FAILED('deleteResourceAttributes', err.status, err.message));
-            }
-            throw err;
-        }
-    }
-    /**
-     *  Async function, this function only send the updates request to SNS and return before the change actually took place
-     * @param accountId
-     * @param appName - App name of the calling app
-     * @param callerActionIdentifier - action identifier
-     * @param resourceAttributeOperations - Array of operations to do on resource attributes.
-     * @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
-     *  */
-    async updateResourceAttributesAsync(accountId, appName, callerActionIdentifier, resourceAttributeOperations) {
-        const topicArn = this.snsArn;
-        const sendToSnsPromises = [];
-        const operationChucks = chunk(resourceAttributeOperations, ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE);
-        for (const operationsChunk of operationChucks) {
-            sendToSnsPromises.push(this.sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operationsChunk));
-        }
-        return (await Promise.all(sendToSnsPromises)).flat();
-    }
-    async sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operations) {
-        const payload = {
-            kind: RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND,
-            payload: {
-                accountId: accountId,
-                callerAppName: appName,
-                callerActionIdentifier: callerActionIdentifier,
-                operations: operations,
-            },
-        };
-        try {
-            await sendToSns(payload, topicArn);
-            return operations;
-        }
-        catch (error) {
-            logger.error({ error, tag: AuthorizationAttributesService.LOG_TAG }, 'Authorization resource attributes async update: failed to send operations to SNS');
-            return [];
-        }
-    }
-    static getSnsTopicArn() {
-        const arnFromEnv = process.env[SNS_ARN_ENV_VAR_NAME];
-        if (arnFromEnv) {
-            return arnFromEnv;
-        }
-        if (process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'test') {
-            return SNS_DEV_TEST_NAME;
-        }
-        throw new Error('Unable to get sns topic arn from env variable');
-    }
-    /**
-     * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
-     * This function can be used as health check for services that updating resource attributes in async is crucial.
-     * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
-     * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
-     * However, this is the best we can do without actually push dummy messages to the SNS.
-     * @return {Promise<boolean>} - true if succeeded
-     */
-    async asyncResourceAttributesHealthCheck() {
-        try {
-            const requestedTopicArn = this.snsArn;
-            const attributes = await getTopicAttributes(requestedTopicArn);
-            const isHealthy = !(!attributes || !('TopicArn' in attributes) || attributes.TopicArn !== requestedTopicArn);
-            if (!isHealthy) {
-                logger.error({ requestedTopicArn, snsReturnedAttributes: attributes, tag: AuthorizationAttributesService.LOG_TAG }, 'authorization-attributes-service failed in health check');
-            }
-            return isHealthy;
-        }
-        catch (error) {
-            logger.error({ error, tag: AuthorizationAttributesService.LOG_TAG }, 'authorization-attributes-service got error during health check');
-            return false;
+    sns() {
+        if (this._snsService === null) {
+            this._snsService = new AuthorizationAttributesSnsService();
         }
+        return this._snsService;
     }
 }
 

package/dist/esm/authorization-attributes-sns-service.d.ts

@@ -0,0 +1,84 @@
+import { ResourceAttributeUpsertOperation, EntityAttributeUpsertOperation, EntityAttributeDeleteOperation, ResourceAttributeDeleteOperation } from './types/authorization-attributes-contracts';
+import { Resource } from './types/general';
+import { AuthorizationAttributesService } from './types/authorization-attributes-service.interface';
+import { EntityType } from './entity-attributes-constants';
+/**
+ * Service class for managing resource attributes asynchronously via SNS.
+ * Provides asynchronous operations to create/update and delete attributes on resources.
+ */
+export declare class AuthorizationAttributesSnsService implements AuthorizationAttributesService {
+    private static LOG_TAG;
+    private resourceSnsArn;
+    private entitySnsArn;
+    /**
+     * Public constructor to create the AuthorizationAttributesSnsService instance.
+     */
+    constructor();
+    /**
+     * Async function to delete a resource attribute using SNS.
+     * Sends the delete request to SNS and returns before the change actually took place.
+     * @param accountId The account ID
+     * @param resource The resource (resourceType, resourceId)
+     * @param attributeKey Attribute key to delete
+     * @param appName App name of the calling app
+     * @param callerActionIdentifier Action identifier
+     * @return Promise with sent operation
+     */
+    deleteResourceAttributes(accountId: number, resource: Resource, attributeKey: string, appName?: string, callerActionIdentifier?: string): Promise<ResourceAttributeDeleteOperation>;
+    /**
+     * Async function to delete an entity attribute using SNS.
+     * Sends the delete request to SNS and returns before the change actually took place.
+     * @param accountId The account ID
+     * @param entityType The entity type
+     * @param entityId The entity ID
+     * @param attributeKey Attribute key to delete
+     * @param appName App name of the calling app
+     * @param callerActionIdentifier Action identifier
+     * @return Promise with sent operation
+     */
+    deleteEntityAttributes(accountId: number, entityType: EntityType, entityId: number, attributeKey: string, appName?: string, callerActionIdentifier?: string): Promise<EntityAttributeDeleteOperation>;
+    /**
+     *  Async function, this function only send the update request to SNS and return before the change actually took place
+     * @param accountId
+     * @param appName - App name of the calling app
+     * @param callerActionIdentifier - action identifier
+     * @param resourceAttributeOperation - Operation to do on resource attribute.
+     * @return {Promise<ResourceAttributeUpsertOperation>} Sent operation
+     *  */
+    updateResourceAttributes(accountId: number, appName: string, callerActionIdentifier: string, resourceAttributeOperation: ResourceAttributeUpsertOperation): Promise<ResourceAttributeUpsertOperation>;
+    /**
+     *  Async function, this function only send the update request to SNS and return before the change actually took place
+     * @param accountId
+     * @param appName - App name of the calling app
+     * @param callerActionIdentifier - action identifier
+     * @param entityAttributeOperation - Operation to do on entity attribute.
+     * @return {Promise<EntityAttributeUpsertOperation>} Sent operation
+     *  */
+    updateEntityAttributes(accountId: number, appName: string, callerActionIdentifier: string, entityAttributeOperation: EntityAttributeUpsertOperation): Promise<EntityAttributeUpsertOperation>;
+    /**
+     * Base function to send attribute operations to SNS.
+     * Chunks operations and sends them in parallel.
+     * @param topicArn The SNS topic ARN to send messages to
+     * @param accountId The account ID
+     * @param appName App name of the calling app
+     * @param callerActionIdentifier Action identifier
+     * @param operations Array of operations to send
+     * @param chunkSize Maximum number of operations per message
+     * @param messageKind The kind of message being sent
+     * @param errorLogMessage Error message to log if sending fails
+     * @return Promise with array of sent operations
+     */
+    private sendOperationsToSns;
+    private sendSingleSnsMessage;
+    private static getSnsTopicArn;
+    /**
+     * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
+     * This function can be used as health check for services that updating resource attributes in async is crucial.
+     * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
+     * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
+     * However, this is the best we can do without actually push dummy messages to the SNS.
+     * @return {Promise<boolean>} - true if succeeded
+     */
+    asyncResourceAttributesHealthCheck(): Promise<boolean>;
+}
+//# sourceMappingURL=authorization-attributes-sns-service.d.ts.map

package/dist/esm/authorization-attributes-sns-service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorization-attributes-sns-service.d.ts","sourceRoot":"","sources":["../../src/authorization-attributes-sns-service.ts"],"names":[],"mappings":"AAEA,OAAO,EAEL,gCAAgC,EAChC,8BAA8B,EAC9B,8BAA8B,EAC9B,gCAAgC,EACjC,MAAM,4CAA4C,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAa3C,OAAO,EAAE,8BAA8B,EAAE,MAAM,oDAAoD,CAAC;AACpG,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAI3D;;;GAGG;AACH,qBAAa,iCAAkC,YAAW,8BAA8B;IACtF,OAAO,CAAC,MAAM,CAAC,OAAO,CAA8B;IACpD,OAAO,CAAC,cAAc,CAAS;IAC/B,OAAO,CAAC,YAAY,CAAS;IAE7B;;OAEG;;IAMH;;;;;;;;;OASG;IACG,wBAAwB,CAC5B,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,QAAQ,EAClB,YAAY,EAAE,MAAM,EACpB,OAAO,CAAC,EAAE,MAAM,EAChB,sBAAsB,CAAC,EAAE,MAAM,GAC9B,OAAO,CAAC,gCAAgC,CAAC;IA4B5C;;;;;;;;;;OAUG;IACG,sBAAsB,CAC1B,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,UAAU,EACtB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,OAAO,CAAC,EAAE,MAAM,EAChB,sBAAsB,CAAC,EAAE,MAAM,GAC9B,OAAO,CAAC,8BAA8B,CAAC;IAwB1C;;;;;;;UAOM;IACA,wBAAwB,CAC5B,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,sBAAsB,EAAE,MAAM,EAC9B,0BAA0B,EAAE,gCAAgC,GAC3D,OAAO,CAAC,gCAAgC,CAAC;IAe5C;;;;;;;UAOM;IACA,sBAAsB,CAC1B,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,sBAAsB,EAAE,MAAM,EAC9B,wBAAwB,EAAE,8BAA8B,GACvD,OAAO,CAAC,8BAA8B,CAAC;IAe1C;;;;;;;;;;;;OAYG;YACW,mBAAmB;YAkCnB,oBAAoB;IAiClC,OAAO,CAAC,MAAM,CAAC,cAAc;IA0B7B;;;;;;;OAOG;IACG,kCAAkC,IAAI,OAAO,CAAC,OAAO,CAAC;CAoB7D"}