@mondaydotcomorg/monday-authorization 3.6.0-feat-shaime-support-entity-attributes-1-f58d933 → 3.6.0-feat-shaime-support-entity-attributes-3-0d092e0

package/dist/utils/validation.js

@@ -2,7 +2,8 @@ Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
 
 const Ajv = require('ajv');
 const errors_argumentError = require('../errors/argument-error.js');
-const utils_assigmentSchema = require('./assigment-schema.js');
+const utils_assignmentSchema = require('./assignment-schema.js');
+const utils_resourceSchema = require('./resource-schema.js');
 
 const _interopDefault = e => e && e.__esModule ? e : { default: e };
 
@@ -37,27 +38,63 @@ class ValidationUtils {
             throw new errors_argumentError.ArgumentError('Invalid string array');
         }
     }
+    static validateResource(resource) {
+        const isValid = utils_resourceSchema.resourceSchema(resource);
+        if (!isValid) {
+            const errorMessage = this.formatValidationErrors(utils_resourceSchema.resourceSchema.errors);
+            throw new errors_argumentError.ArgumentError(errorMessage ? `Invalid resource: ${errorMessage}` : 'Invalid resource');
+        }
+    }
     /**
      * Validates an attribute assignment object using a single AJV schema.
      * Preserves legacy error messages for each field.
      */
-    static validateResourceAssignment(resource) {
-        const valid = utils_assigmentSchema.resourceAssignmentSchema(resource);
+    static validatUpsertResourceAssignment(resource) {
+        const valid = utils_assignmentSchema.resourceUpsertAssignmentSchema(resource);
+        if (!valid) {
+            const errorMessage = this.formatValidationErrors(utils_assignmentSchema.resourceUpsertAssignmentSchema.errors);
+            throw new errors_argumentError.ArgumentError(errorMessage
+                ? `Invalid resource attribute assignment: ${errorMessage}`
+                : 'Invalid resource attribute assignment');
+        }
+    }
+    static validatDeleteResourceAssignment(resource) {
+        const valid = utils_assignmentSchema.resourceDeleteAssignmentSchema(resource);
+        if (!valid) {
+            const errorMessage = this.formatValidationErrors(utils_assignmentSchema.resourceUpsertAssignmentSchema.errors);
+            throw new errors_argumentError.ArgumentError(errorMessage
+                ? `Invalid resource attribute assignment: ${errorMessage}`
+                : 'Invalid resource attribute assignment');
+        }
+    }
+    static validatUpsertEntityAssignment(entity) {
+        const valid = utils_assignmentSchema.entityUpsertAssignmentSchema(entity);
         if (!valid) {
-            const errorMessages = (utils_assigmentSchema.resourceAssignmentSchema.errors || [])
-                .map(err => err.message || 'validation failed')
-                .join(', ');
-            throw new errors_argumentError.ArgumentError(`Invalid resource attribute assignment: ${errorMessages}`);
+            const errorMessage = this.formatValidationErrors(utils_assignmentSchema.entityUpsertAssignmentSchema.errors);
+            throw new errors_argumentError.ArgumentError(errorMessage ? `Invalid entity attribute assignment: ${errorMessage}` : 'Invalid entity attribute assignment');
         }
     }
-    static validateEntityAssignment(entity) {
-        const valid = utils_assigmentSchema.entityAssignmentSchema(entity);
+    static validatDeleteEntityAssignment(entity) {
+        const valid = utils_assignmentSchema.entityDeleteAssignmentSchema(entity);
         if (!valid) {
-            const errorMessages = (utils_assigmentSchema.entityAssignmentSchema.errors || [])
-                .map(err => err.message || 'validation failed')
-                .join(', ');
-            throw new errors_argumentError.ArgumentError(`Invalid entity attribute assignment: ${errorMessages}`);
+            const errorMessage = this.formatValidationErrors(utils_assignmentSchema.entityDeleteAssignmentSchema.errors);
+            throw new errors_argumentError.ArgumentError(errorMessage ? `Invalid entity attribute assignment: ${errorMessage}` : 'Invalid entity attribute assignment');
+        }
+    }
+    /**
+     * Formats AJV validation errors into a readable error message
+     */
+    static formatValidationErrors(errors) {
+        if (!errors || errors.length === 0) {
+            return '';
         }
+        return errors
+            .map(err => {
+            const path = err.instancePath || (err.params && 'missingProperty' in err.params ? `/${err.params.missingProperty}` : '');
+            const message = err.message || 'validation failed';
+            return path ? `${path}: ${message}` : message;
+        })
+            .join('; ');
     }
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mondaydotcomorg/monday-authorization",
-  "version": "3.6.0-feat-shaime-support-entity-attributes-1-f58d933",
+  "version": "3.6.0-feat-shaime-support-entity-attributes-3-0d092e0",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "license": "BSD-3-Clause",

package/src/authorization-attributes-ms-service.ts

@@ -0,0 +1,397 @@
+import { Api, HttpClient } from '@mondaydotcomorg/trident-backend-api';
+import { signAuthorizationHeader } from '@mondaydotcomorg/monday-jwt';
+import { ResourceAttributeAssignment } from './resource-attribute-assignment';
+import { EntityAttributeAssignment } from './entity-attribute-assignment';
+import {
+  AttributeOperation,
+  ResourceAttributeUpsertOperation,
+  ResourceAttributeDeleteOperation,
+  EntityAttributeUpsertOperation,
+  EntityAttributeDeleteOperation,
+} from './types/authorization-attributes-contracts';
+import { EntityType } from './entity-attributes-constants';
+import { AuthorizationInternalService, logger } from './authorization-internal-service';
+import { getAttributionsFromApi } from './attributions-service';
+import { APP_NAME } from './constants';
+import { ValidationUtils } from './utils/validation';
+import { AuthorizationAttributesService } from './types/authorization-attributes-service.interface';
+import { Resource } from './types/general';
+
+const INTERNAL_APP_NAME = 'internal_ms';
+const UPSERT_RESOURCE_ATTRIBUTES_PATH = '/attributes/{accountId}/resource';
+const DELETE_RESOURCE_ATTRIBUTES_PATH = '/attributes/{accountId}/resource/{resourceType}/{resourceId}';
+const UPSERT_ENTITY_ATTRIBUTES_PATH = '/attributes/{accountId}/entity';
+const DELETE_ENTITY_ATTRIBUTES_PATH = '/attributes/{accountId}/entity/{entityType}/{entityId}';
+
+interface DeleteRequestBody {
+  keys: string[];
+}
+
+/**
+ * Service class for managing resource attributes in the authorization microservice.
+ * Provides synchronous HTTP operations to create/update and delete attributes on resources.
+ */
+export class AuthorizationAttributesMsService implements AuthorizationAttributesService {
+  private static LOG_TAG = 'authorization_attributes_ms';
+  private static httpClient: HttpClient | undefined = Api.getPart('httpClient');
+
+  constructor() {
+    if (!AuthorizationAttributesMsService.httpClient) {
+      AuthorizationAttributesMsService.httpClient = Api.getPart('httpClient');
+      if (!AuthorizationAttributesMsService.httpClient) {
+        throw new Error('HTTP client is not initialized');
+      }
+    }
+  }
+
+  /**
+   * Deletes a specific attribute from a resource synchronously.
+   * @param accountId The account ID
+   * @param resource Object with resourceType (string) and resourceId (number)
+   * @param attributeKey Attribute key string to delete
+   * @returns Promise<ResourceAttributeDeleteOperation>
+   */
+  async deleteResourceAttributes(
+    accountId: number,
+    resource: Resource,
+    attributeKey: string,
+    _appName?: string,
+    _callerActionIdentifier?: string
+  ): Promise<ResourceAttributeDeleteOperation> {
+    ValidationUtils.validateResource(resource);
+    ValidationUtils.validatDeleteResourceAssignment({
+      resourceType: resource.type,
+      resourceId: resource.id,
+      key: attributeKey,
+    });
+    await AuthorizationAttributesMsService.executeDeleteRequest(
+      accountId,
+      DELETE_RESOURCE_ATTRIBUTES_PATH,
+      {
+        resourceType: resource.type,
+        resourceId: resource.id,
+      },
+      [attributeKey],
+      'resource',
+      'deleteResourceAttributesSync'
+    );
+    return {
+      resourceType: resource.type,
+      resourceId: resource.id,
+      key: attributeKey,
+      operationType: AttributeOperation.DELETE,
+    };
+  }
+
+  /**
+   * Deletes a specific attribute from an entity synchronously.
+   * @param accountId The account ID
+   * @param entityType The entity type
+   * @param entityId The entity ID
+   * @param attributeKey Attribute key string to delete
+   * @returns Promise<EntityAttributeDeleteOperation>
+   */
+  async deleteEntityAttributes(
+    accountId: number,
+    entityType: EntityType,
+    entityId: number,
+    attributeKey: string,
+    _appName?: string,
+    _callerActionIdentifier?: string
+  ): Promise<EntityAttributeDeleteOperation> {
+    ValidationUtils.validateInteger(accountId);
+    await AuthorizationAttributesMsService.executeDeleteRequest(
+      accountId,
+      DELETE_ENTITY_ATTRIBUTES_PATH,
+      {
+        entityType,
+        entityId,
+      },
+      [attributeKey],
+      'entity',
+      'deleteEntityAttributesSync'
+    );
+    return {
+      entityType,
+      entityId,
+      key: attributeKey,
+      operationType: AttributeOperation.DELETE,
+    };
+  }
+
+  /**
+   * Updates a resource attribute (single operation - upsert only).
+   * @param accountId The account ID
+   * @param appName App name (required for interface compatibility, but not used in MS service)
+   * @param callerActionIdentifier Action identifier (required for interface compatibility, but not used in MS service)
+   * @param resourceAttributeOperation Operation to perform (must be UPSERT)
+   * @returns Promise<ResourceAttributeUpsertOperation> Processed operation
+   */
+  async updateResourceAttributes(
+    accountId: number,
+    _appName: string,
+    _callerActionIdentifier: string,
+    resourceAttributeOperation: ResourceAttributeUpsertOperation
+  ): Promise<ResourceAttributeUpsertOperation> {
+    ValidationUtils.validatUpsertResourceAssignment({
+      resourceId: resourceAttributeOperation.resourceId,
+      resourceType: resourceAttributeOperation.resourceType,
+      key: resourceAttributeOperation.key,
+      value: resourceAttributeOperation.value,
+    });
+    await AuthorizationAttributesMsService.executeUpsertRequest(
+      accountId,
+      [
+        new ResourceAttributeAssignment(
+          resourceAttributeOperation.resourceId,
+          resourceAttributeOperation.resourceType,
+          resourceAttributeOperation.key,
+          resourceAttributeOperation.value || ''
+        ),
+      ],
+      UPSERT_RESOURCE_ATTRIBUTES_PATH,
+      'resourceAttributeAssignments',
+      'resource',
+      'updateResourceAttributesSync'
+    );
+
+    return resourceAttributeOperation;
+  }
+
+  /**
+   * Updates an entity attribute (single operation - upsert only).
+   * @param accountId The account ID
+   * @param appName App name (required for interface compatibility, but not used in MS service)
+   * @param callerActionIdentifier Action identifier (required for interface compatibility, but not used in MS service)
+   * @param entityAttributeOperation Operation to perform (must be UPSERT)
+   * @returns Promise<EntityAttributeUpsertOperation> Processed operation
+   */
+  async updateEntityAttributes(
+    accountId: number,
+    _appName: string,
+    _callerActionIdentifier: string,
+    entityAttributeOperation: EntityAttributeUpsertOperation
+  ): Promise<EntityAttributeUpsertOperation> {
+    // Validate before processing
+    ValidationUtils.validatUpsertEntityAssignment({
+      entityId: entityAttributeOperation.entityId,
+      entityType: entityAttributeOperation.entityType,
+      key: entityAttributeOperation.key,
+      value: entityAttributeOperation.value,
+    });
+
+    await AuthorizationAttributesMsService.executeUpsertRequest(
+      accountId,
+      [
+        new EntityAttributeAssignment(
+          entityAttributeOperation.entityId,
+          entityAttributeOperation.entityType,
+          entityAttributeOperation.key,
+          entityAttributeOperation.value
+        ),
+      ],
+      UPSERT_ENTITY_ATTRIBUTES_PATH,
+      'entityAttributeAssignments',
+      'entity',
+      'upsertEntityAttributesSync'
+    );
+
+    return entityAttributeOperation;
+  }
+
+  /**
+   * Replaces path template parameters with actual values
+   * @param template Path template with placeholders like {accountId}
+   * @param params Object with parameter names and values
+   * @returns Path with all placeholders replaced
+   */
+  private static replacePathParams(template: string, params: Record<string, string | number>): string {
+    let path = template;
+    for (const [key, value] of Object.entries(params)) {
+      path = path.replace(`{${key}}`, String(value));
+    }
+    return path;
+  }
+
+  /**
+   * Generic helper for executing delete requests
+   */
+  private static async executeDeleteRequest(
+    accountId: number,
+    pathTemplate: string,
+    pathParams: Record<string, string | number>,
+    keys: string[],
+    logPrefix: string,
+    methodName: string
+  ): Promise<void> {
+    // Validate inputs
+    ValidationUtils.validateInteger(accountId);
+    ValidationUtils.validateStringArray(keys);
+
+    if (!keys.length) {
+      logger.warn({ tag: this.LOG_TAG, accountId, ...pathParams }, `${methodName} called with empty keys array`);
+      return;
+    }
+    const requestBody: DeleteRequestBody = { keys };
+
+    if (!AuthorizationAttributesMsService.httpClient) {
+      throw new Error('AuthorizationAttributesMsService: HTTP client is not initialized');
+    }
+    const path = AuthorizationAttributesMsService.replacePathParams(pathTemplate, { accountId, ...pathParams });
+    const headers = AuthorizationAttributesMsService.getRequestHeaders(accountId);
+
+    try {
+      logger.info(
+        { tag: AuthorizationAttributesMsService.LOG_TAG, accountId, ...pathParams, keys },
+        `Deleting ${logPrefix} attributes`
+      );
+
+      await AuthorizationAttributesMsService.httpClient.fetch(
+        {
+          url: {
+            appName: APP_NAME,
+            path,
+          },
+          method: 'DELETE',
+          headers,
+          body: JSON.stringify(requestBody),
+        },
+        {
+          timeout: AuthorizationInternalService.getRequestTimeout(),
+          retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
+        }
+      );
+
+      logger.debug(
+        { tag: AuthorizationAttributesMsService.LOG_TAG, accountId, ...pathParams, keys },
+        `Successfully deleted ${logPrefix} attributes`
+      );
+    } catch (err) {
+      logger.error(
+        {
+          tag: AuthorizationAttributesMsService.LOG_TAG,
+          method: methodName,
+          accountId,
+          ...pathParams,
+          error: err instanceof Error ? err.message : String(err),
+        },
+        `Failed in ${methodName}`
+      );
+      throw err;
+    }
+  }
+
+  /**
+   * Gets request headers including Authorization, Content-Type, and optional attribution headers
+   */
+  private static getRequestHeaders(accountId: number, userId?: number): Record<string, string> {
+    const headers: Record<string, string> = {
+      'Content-Type': 'application/json',
+    };
+
+    // Generate Authorization token
+    const authToken = signAuthorizationHeader({
+      appName: INTERNAL_APP_NAME,
+      accountId,
+      userId,
+    });
+    headers.Authorization = authToken;
+
+    // Add attribution headers if available
+    const attributionHeaders = getAttributionsFromApi();
+    for (const key in attributionHeaders) {
+      if (Object.prototype.hasOwnProperty.call(attributionHeaders, key)) {
+        headers[key] = attributionHeaders[key];
+      }
+    }
+
+    // Add X-REQUEST-ID if available from context
+    try {
+      const tridentContext = Api.getPart('context');
+      if (tridentContext?.runtimeAttributions) {
+        const outgoingHeaders = tridentContext.runtimeAttributions.buildOutgoingHeaders('HTTP_INTERNAL');
+        if (outgoingHeaders) {
+          const attributionHeadersMap: Record<string, string> = {};
+          for (const [key, value] of outgoingHeaders) {
+            attributionHeadersMap[key] = value;
+          }
+          if (attributionHeadersMap['x-request-id']) {
+            headers['X-REQUEST-ID'] = attributionHeadersMap['x-request-id'];
+          }
+        }
+      }
+    } catch (error) {
+      // Silently fail if context is not available
+      logger.debug({ tag: AuthorizationAttributesMsService.LOG_TAG, error }, 'Failed to get request ID from context');
+    }
+
+    // Add X-REQUEST-START timestamp
+    headers['X-REQUEST-START'] = Math.floor(Date.now() / 1000).toString();
+
+    return headers;
+  }
+
+  /**
+   * Generic helper for executing upsert requests
+   */
+  private static async executeUpsertRequest<T extends ResourceAttributeAssignment | EntityAttributeAssignment>(
+    accountId: number,
+    assignments: T[],
+    pathTemplate: string,
+    requestBodyKey: 'resourceAttributeAssignments' | 'entityAttributeAssignments',
+    logPrefix: string,
+    methodName: string
+  ): Promise<void> {
+    const assignmentDto = assignments.map(assignment => assignment.toDataTransferObject());
+
+    const requestBody =
+      requestBodyKey === 'resourceAttributeAssignments'
+        ? { resourceAttributeAssignments: assignmentDto }
+        : { entityAttributeAssignments: assignmentDto };
+
+    if (!AuthorizationAttributesMsService.httpClient) {
+      throw new Error('AuthorizationAttributesMsService: HTTP client is not initialized');
+    }
+    const path = AuthorizationAttributesMsService.replacePathParams(pathTemplate, { accountId });
+    const headers = AuthorizationAttributesMsService.getRequestHeaders(accountId);
+
+    try {
+      logger.info(
+        { tag: AuthorizationAttributesMsService.LOG_TAG, accountId, count: assignments.length },
+        `Upserting ${logPrefix} attributes`
+      );
+
+      await AuthorizationAttributesMsService.httpClient.fetch(
+        {
+          url: {
+            appName: APP_NAME,
+            path,
+          },
+          method: 'POST',
+          headers,
+          body: JSON.stringify(requestBody),
+        },
+        {
+          timeout: AuthorizationInternalService.getRequestTimeout(),
+          retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
+        }
+      );
+
+      logger.debug(
+        { tag: AuthorizationAttributesMsService.LOG_TAG, accountId, count: assignments.length },
+        `Successfully upserted ${logPrefix} attributes`
+      );
+    } catch (err) {
+      logger.error(
+        {
+          tag: AuthorizationAttributesMsService.LOG_TAG,
+          method: methodName,
+          accountId,
+          error: err instanceof Error ? err.message : String(err),
+        },
+        `Failed in ${methodName}`
+      );
+      throw err;
+    }
+  }
+}