@mondaydotcomorg/monday-authorization 3.6.0-feat-shaime-support-entity-attributes-1-f58d933 → 3.6.0-feat-shaime-support-entity-attributes-3-0d092e0

package/src/authorization-attributes-service.ts

@@ -1,234 +1,46 @@
-import chunk from 'lodash/chunk.js';
-import { Api, FetcherConfig, HttpClient } from '@mondaydotcomorg/trident-backend-api';
-import { getTopicAttributes, sendToSns } from '@mondaydotcomorg/monday-sns';
-import { HttpFetcherError, RecursivePartial } from '@mondaydotcomorg/monday-fetch-api';
-import {
-  ResourceAttributeAssignment,
-  ResourceAttributeResponse,
-  ResourceAttributeUpsertOperation,
-} from './types/authorization-attributes-contracts';
-import { Resource } from './types/general';
-import { logger } from './authorization-internal-service';
-import { getAttributionsFromApi } from './attributions-service';
-import {
-  ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE,
-  RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND,
-  SNS_ARN_ENV_VAR_NAME,
-  SNS_DEV_TEST_NAME,
-} from './constants/sns';
-import { APP_NAME, DEFAULT_FETCH_OPTIONS, ERROR_MESSAGES } from './constants';
-import type { TopicAttributesMap } from 'aws-sdk/clients/sns';
-
+import { AuthorizationAttributesMsService } from './authorization-attributes-ms-service';
+import { AuthorizationAttributesSnsService } from './authorization-attributes-sns-service';
+import { AuthorizationAttributesService as IAuthorizationAttributesService } from './types/authorization-attributes-service.interface';
+
+/**
+ * Main service class for managing resource and entity attributes.
+ * Provides access to both direct (MS) and SNS operations.
+ *
+ * @example
+ * const service = new AuthorizationAttributesService();
+ *
+ * // Use direct operations
+ * await service.direct().upsertResourceAttributes(accountId, assignments);
+ *
+ * // Use SNS operations
+ * await service.sns().upsertResourceAttributes(accountId, assignments, appName, actionId);
+ * ```
+ */
 export class AuthorizationAttributesService {
-  private static LOG_TAG = 'authorization_attributes';
-  private static API_PATHS = {
-    UPSERT_RESOURCE_ATTRIBUTES: '/attributes/{accountId}/resource',
-    DELETE_RESOURCE_ATTRIBUTES: '/attributes/{accountId}/resource/{resourceType}/{resourceId}',
-  } as const;
-  private httpClient: HttpClient;
-  private fetchOptions: RecursivePartial<FetcherConfig>;
-  private snsArn: string;
-
-  /**
-   * Public constructor to create the AuthorizationAttributesService instance.
-   * @param httpClient The HTTP client to use for API requests, if not provided, the default HTTP client from Api will be used.
-   * @param fetchOptions The fetch options to use for API requests, if not provided, the default fetch options will be used.
-   */
-  constructor(httpClient?: HttpClient, fetchOptions?: RecursivePartial<FetcherConfig>) {
-    if (!httpClient) {
-      httpClient = Api.getPart('httpClient');
-      if (!httpClient) {
-        throw new Error(ERROR_MESSAGES.HTTP_CLIENT_NOT_INITIALIZED);
-      }
-    }
-
-    if (!fetchOptions) {
-      fetchOptions = DEFAULT_FETCH_OPTIONS;
-    } else {
-      fetchOptions = {
-        ...DEFAULT_FETCH_OPTIONS,
-        ...fetchOptions,
-      };
-    }
-    this.httpClient = httpClient;
-    this.fetchOptions = fetchOptions;
-    this.snsArn = AuthorizationAttributesService.getSnsTopicArn();
-  }
-
-  /**
-   * Upsert resource attributes synchronously, performing http call to the authorization MS to assign the given attributes to the given resource.
-   * @param accountId
-   * @param resourceAttributeAssignments - Array of resource (resourceType, resourceId) and attribute (key, value) pairs to upsert in the authorization MS.
-   * e.g. [{ resourceType: 'board', resourceId: 123, key: 'board_kind', value: 'private' }]
-   * @returns ResourceAttributeResponse - The affected (created and updated_ resource attributes assignments in the `attributes` field.
-   */
-  async upsertResourceAttributes(
-    accountId: number,
-    resourceAttributeAssignments: ResourceAttributeAssignment[]
-  ): Promise<ResourceAttributeResponse> {
-    const attributionHeaders = getAttributionsFromApi();
-    try {
-      return await this.httpClient.fetch<ResourceAttributeResponse>(
-        {
-          url: {
-            appName: APP_NAME,
-            path: AuthorizationAttributesService.API_PATHS.UPSERT_RESOURCE_ATTRIBUTES.replace(
-              '{accountId}',
-              accountId.toString()
-            ),
-          },
-          method: 'POST',
-          headers: {
-            'Content-Type': 'application/json',
-            ...attributionHeaders,
-          },
-          body: JSON.stringify({ resourceAttributeAssignments }),
-        },
-        this.fetchOptions
-      );
-    } catch (err) {
-      if (err instanceof HttpFetcherError) {
-        throw new Error(ERROR_MESSAGES.REQUEST_FAILED('upsertResourceAttributes', err.status, err.message));
-      }
-      throw err;
-    }
-  }
+  private _directService: AuthorizationAttributesMsService | null = null;
+  private _snsService: AuthorizationAttributesSnsService | null = null;
 
   /**
-   * Delete resource attributes assignments synchronously, performing http call to the authorization MS to delete the given attributes from the given singular resource.
-   * @param accountId
-   * @param resource - The resource (resourceType, resourceId) to delete the attributes for.
-   * @param attributeKeys - Array of attribute keys to delete for the resource.
-   * @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
+   * Gets the direct (MS) service instance.
+   * Initializes the service on first access (lazy initialization).
+   * @returns IAuthorizationAttributesService instance
    */
-  async deleteResourceAttributes(
-    accountId: number,
-    resource: Resource,
-    attributeKeys: string[]
-  ): Promise<ResourceAttributeResponse> {
-    const attributionHeaders = getAttributionsFromApi();
-    if (!resource.id) {
-      throw new Error('Resource ID is required');
-    }
-    try {
-      return await this.httpClient.fetch<ResourceAttributeResponse>(
-        {
-          url: {
-            appName: APP_NAME,
-            path: AuthorizationAttributesService.API_PATHS.DELETE_RESOURCE_ATTRIBUTES.replace(
-              '{accountId}',
-              accountId.toString()
-            )
-              .replace('{resourceType}', resource.type)
-              .replace('{resourceId}', resource.id.toString()),
-          },
-          method: 'DELETE',
-          headers: {
-            'Content-Type': 'application/json',
-            ...attributionHeaders,
-          },
-          body: JSON.stringify({ keys: attributeKeys }),
-        },
-        this.fetchOptions
-      );
-    } catch (err) {
-      if (err instanceof HttpFetcherError) {
-        throw new Error(ERROR_MESSAGES.REQUEST_FAILED('deleteResourceAttributes', err.status, err.message));
-      }
-      throw err;
-    }
-  }
-
-  /**
-   *  Async function, this function only send the updates request to SNS and return before the change actually took place
-   * @param accountId
-   * @param appName - App name of the calling app
-   * @param callerActionIdentifier - action identifier
-   * @param resourceAttributeOperations - Array of operations to do on resource attributes.
-   * @return {Promise<ResourceAttributesOperation[]>} Array of sent operations
-   *  */
-  async updateResourceAttributesAsync(
-    accountId: number,
-    appName: string,
-    callerActionIdentifier: string,
-    resourceAttributeOperations: ResourceAttributeUpsertOperation[]
-  ): Promise<ResourceAttributeUpsertOperation[]> {
-    const topicArn: string = this.snsArn;
-    const sendToSnsPromises: Promise<ResourceAttributeAssignment[]>[] = [];
-    const operationChucks = chunk(resourceAttributeOperations, ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE);
-    for (const operationsChunk of operationChucks) {
-      sendToSnsPromises.push(
-        this.sendSingleSnsMessage(topicArn, accountId, appName, callerActionIdentifier, operationsChunk)
-      );
-    }
-    return (await Promise.all(sendToSnsPromises)).flat() as ResourceAttributeUpsertOperation[];
-  }
-
-  private async sendSingleSnsMessage(
-    topicArn: string,
-    accountId: number,
-    appName: string,
-    callerActionIdentifier: string,
-    operations: ResourceAttributeAssignment[]
-  ): Promise<ResourceAttributeAssignment[]> {
-    const payload = {
-      kind: RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND,
-      payload: {
-        accountId: accountId,
-        callerAppName: appName,
-        callerActionIdentifier: callerActionIdentifier,
-        operations: operations,
-      },
-    };
-    try {
-      await sendToSns(payload, topicArn);
-      return operations;
-    } catch (error) {
-      logger.error(
-        { error, tag: AuthorizationAttributesService.LOG_TAG },
-        'Authorization resource attributes async update: failed to send operations to SNS'
-      );
-      return [];
-    }
-  }
-
-  private static getSnsTopicArn(): string {
-    const arnFromEnv: string | undefined = process.env[SNS_ARN_ENV_VAR_NAME];
-    if (arnFromEnv) {
-      return arnFromEnv;
-    }
-    if (process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'test') {
-      return SNS_DEV_TEST_NAME;
+  direct(): IAuthorizationAttributesService {
+    if (this._directService === null) {
+      this._directService = new AuthorizationAttributesMsService();
     }
-    throw new Error('Unable to get sns topic arn from env variable');
+    return this._directService;
   }
 
   /**
-   * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
-   * This function can be used as health check for services that updating resource attributes in async is crucial.
-   * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
-   * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
-   * However, this is the best we can do without actually push dummy messages to the SNS.
-   * @return {Promise<boolean>} - true if succeeded
+   * Gets the SNS service instance.
+   * Initializes the service on first access (lazy initialization).
+   * @returns IAuthorizationAttributesService instance
    */
-  async asyncResourceAttributesHealthCheck(): Promise<boolean> {
-    try {
-      const requestedTopicArn: string = this.snsArn;
-      const attributes: TopicAttributesMap = await getTopicAttributes(requestedTopicArn);
-      const isHealthy = !(!attributes || !('TopicArn' in attributes) || attributes.TopicArn !== requestedTopicArn);
-      if (!isHealthy) {
-        logger.error(
-          { requestedTopicArn, snsReturnedAttributes: attributes, tag: AuthorizationAttributesService.LOG_TAG },
-          'authorization-attributes-service failed in health check'
-        );
-      }
-      return isHealthy;
-    } catch (error) {
-      logger.error(
-        { error, tag: AuthorizationAttributesService.LOG_TAG },
-        'authorization-attributes-service got error during health check'
-      );
-      return false;
+  sns(): IAuthorizationAttributesService {
+    if (this._snsService === null) {
+      this._snsService = new AuthorizationAttributesSnsService();
     }
+    return this._snsService;
   }
 }

package/src/authorization-attributes-sns-service.ts

@@ -0,0 +1,321 @@
+import chunk from 'lodash/chunk.js';
+import { getTopicAttributes, sendToSns } from '@mondaydotcomorg/monday-sns';
+import {
+  AttributeOperation,
+  ResourceAttributeUpsertOperation,
+  EntityAttributeUpsertOperation,
+  EntityAttributeDeleteOperation,
+  ResourceAttributeDeleteOperation,
+} from './types/authorization-attributes-contracts';
+import { Resource } from './types/general';
+import { logger } from './authorization-internal-service';
+import {
+  ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE,
+  ASYNC_ENTITY_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE,
+  RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND,
+  ENTITY_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND,
+  RESOURCE_SNS_ARN_ENV_VAR_NAME,
+  ENTITY_SNS_ARN_ENV_VAR_NAME,
+  RESOURCE_SNS_DEV_TEST_NAME,
+  ENTITY_SNS_DEV_TEST_NAME,
+  SnsTopicType,
+} from './constants/sns';
+import { AuthorizationAttributesService } from './types/authorization-attributes-service.interface';
+import { EntityType } from './entity-attributes-constants';
+import { ValidationUtils } from './utils/validation';
+import type { TopicAttributesMap } from 'aws-sdk/clients/sns';
+
+/**
+ * Service class for managing resource attributes asynchronously via SNS.
+ * Provides asynchronous operations to create/update and delete attributes on resources.
+ */
+export class AuthorizationAttributesSnsService implements AuthorizationAttributesService {
+  private static LOG_TAG = 'authorization_attributes';
+  private resourceSnsArn: string;
+  private entitySnsArn: string;
+
+  /**
+   * Public constructor to create the AuthorizationAttributesSnsService instance.
+   */
+  constructor() {
+    this.resourceSnsArn = AuthorizationAttributesSnsService.getSnsTopicArn(SnsTopicType.RESOURCE);
+    this.entitySnsArn = AuthorizationAttributesSnsService.getSnsTopicArn(SnsTopicType.ENTITY);
+  }
+
+  /**
+   * Async function to delete a resource attribute using SNS.
+   * Sends the delete request to SNS and returns before the change actually took place.
+   * @param accountId The account ID
+   * @param resource The resource (resourceType, resourceId)
+   * @param attributeKey Attribute key to delete
+   * @param appName App name of the calling app
+   * @param callerActionIdentifier Action identifier
+   * @return Promise with sent operation
+   */
+  async deleteResourceAttributes(
+    accountId: number,
+    resource: Resource,
+    attributeKey: string,
+    appName?: string,
+    callerActionIdentifier?: string
+  ): Promise<ResourceAttributeDeleteOperation> {
+    if (!appName || !callerActionIdentifier) {
+      throw new Error('appName and callerActionIdentifier are required for SNS service');
+    }
+    ValidationUtils.validatDeleteResourceAssignment({
+      resourceType: resource.type,
+      resourceId: resource.id,
+      key: attributeKey,
+    });
+    const operation: ResourceAttributeDeleteOperation = {
+      resourceType: resource.type,
+      resourceId: resource.id,
+      key: attributeKey,
+      operationType: AttributeOperation.DELETE,
+    };
+    const [result] = await this.sendOperationsToSns(
+      this.resourceSnsArn,
+      accountId,
+      appName,
+      callerActionIdentifier,
+      [operation],
+      ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE,
+      RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND,
+      'Authorization resource attributes async delete: failed to send operations to SNS'
+    );
+    return result;
+  }
+
+  /**
+   * Async function to delete an entity attribute using SNS.
+   * Sends the delete request to SNS and returns before the change actually took place.
+   * @param accountId The account ID
+   * @param entityType The entity type
+   * @param entityId The entity ID
+   * @param attributeKey Attribute key to delete
+   * @param appName App name of the calling app
+   * @param callerActionIdentifier Action identifier
+   * @return Promise with sent operation
+   */
+  async deleteEntityAttributes(
+    accountId: number,
+    entityType: EntityType,
+    entityId: number,
+    attributeKey: string,
+    appName?: string,
+    callerActionIdentifier?: string
+  ): Promise<EntityAttributeDeleteOperation> {
+    if (!appName || !callerActionIdentifier) {
+      throw new Error('appName and callerActionIdentifier are required for SNS service');
+    }
+    ValidationUtils.validatDeleteEntityAssignment({ entityId, entityType, key: attributeKey });
+    const operation: EntityAttributeDeleteOperation = {
+      entityType: entityType,
+      entityId,
+      key: attributeKey,
+      operationType: AttributeOperation.DELETE,
+    };
+    const [result] = await this.sendOperationsToSns(
+      this.entitySnsArn,
+      accountId,
+      appName,
+      callerActionIdentifier,
+      [operation],
+      ASYNC_ENTITY_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE,
+      ENTITY_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND,
+      'Authorization entity attributes async delete: failed to send operations to SNS'
+    );
+    return result;
+  }
+
+  /**
+   *  Async function, this function only send the update request to SNS and return before the change actually took place
+   * @param accountId
+   * @param appName - App name of the calling app
+   * @param callerActionIdentifier - action identifier
+   * @param resourceAttributeOperation - Operation to do on resource attribute.
+   * @return {Promise<ResourceAttributeUpsertOperation>} Sent operation
+   *  */
+  async updateResourceAttributes(
+    accountId: number,
+    appName: string,
+    callerActionIdentifier: string,
+    resourceAttributeOperation: ResourceAttributeUpsertOperation
+  ): Promise<ResourceAttributeUpsertOperation> {
+    ValidationUtils.validatUpsertResourceAssignment(resourceAttributeOperation);
+    const [result] = await this.sendOperationsToSns(
+      this.resourceSnsArn,
+      accountId,
+      appName,
+      callerActionIdentifier,
+      [resourceAttributeOperation],
+      ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE,
+      RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND,
+      'Authorization resource attributes async update: failed to send operations to SNS'
+    );
+    return result;
+  }
+
+  /**
+   *  Async function, this function only send the update request to SNS and return before the change actually took place
+   * @param accountId
+   * @param appName - App name of the calling app
+   * @param callerActionIdentifier - action identifier
+   * @param entityAttributeOperation - Operation to do on entity attribute.
+   * @return {Promise<EntityAttributeUpsertOperation>} Sent operation
+   *  */
+  async updateEntityAttributes(
+    accountId: number,
+    appName: string,
+    callerActionIdentifier: string,
+    entityAttributeOperation: EntityAttributeUpsertOperation
+  ): Promise<EntityAttributeUpsertOperation> {
+    ValidationUtils.validatUpsertEntityAssignment(entityAttributeOperation);
+    const [result] = await this.sendOperationsToSns(
+      this.entitySnsArn,
+      accountId,
+      appName,
+      callerActionIdentifier,
+      [entityAttributeOperation],
+      ASYNC_ENTITY_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE,
+      ENTITY_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND,
+      'Authorization entity attributes async update: failed to send operations to SNS'
+    );
+    return result;
+  }
+
+  /**
+   * Base function to send attribute operations to SNS.
+   * Chunks operations and sends them in parallel.
+   * @param topicArn The SNS topic ARN to send messages to
+   * @param accountId The account ID
+   * @param appName App name of the calling app
+   * @param callerActionIdentifier Action identifier
+   * @param operations Array of operations to send
+   * @param chunkSize Maximum number of operations per message
+   * @param messageKind The kind of message being sent
+   * @param errorLogMessage Error message to log if sending fails
+   * @return Promise with array of sent operations
+   */
+  private async sendOperationsToSns<
+    T extends
+      | ResourceAttributeUpsertOperation
+      | ResourceAttributeDeleteOperation
+      | EntityAttributeUpsertOperation
+      | EntityAttributeDeleteOperation
+  >(
+    topicArn: string,
+    accountId: number,
+    appName: string,
+    callerActionIdentifier: string,
+    operations: T[],
+    chunkSize: number,
+    messageKind: string,
+    errorLogMessage: string
+  ): Promise<T[]> {
+    const sendToSnsPromises: Promise<T[]>[] = [];
+    const operationChunks = chunk(operations, chunkSize);
+    for (const operationsChunk of operationChunks) {
+      sendToSnsPromises.push(
+        this.sendSingleSnsMessage(
+          topicArn,
+          accountId,
+          appName,
+          callerActionIdentifier,
+          operationsChunk,
+          messageKind,
+          errorLogMessage
+        )
+      );
+    }
+    return (await Promise.all(sendToSnsPromises)).flat();
+  }
+
+  private async sendSingleSnsMessage<
+    T extends
+      | ResourceAttributeUpsertOperation
+      | ResourceAttributeDeleteOperation
+      | EntityAttributeUpsertOperation
+      | EntityAttributeDeleteOperation
+  >(
+    topicArn: string,
+    accountId: number,
+    appName: string,
+    callerActionIdentifier: string,
+    operations: T[],
+    kind: string,
+    errorLogMessage: string
+  ): Promise<T[]> {
+    const payload = {
+      kind,
+      payload: {
+        accountId: accountId,
+        callerAppName: appName,
+        callerActionIdentifier: callerActionIdentifier,
+        operations: operations,
+      },
+    };
+    try {
+      await sendToSns(payload, topicArn);
+      return operations;
+    } catch (error) {
+      logger.error({ error, tag: AuthorizationAttributesSnsService.LOG_TAG }, errorLogMessage);
+      return [];
+    }
+  }
+
+  private static getSnsTopicArn(type: SnsTopicType): string {
+    let envVarName: string;
+    let devTestName: string;
+
+    switch (type) {
+      case SnsTopicType.ENTITY:
+        envVarName = ENTITY_SNS_ARN_ENV_VAR_NAME;
+        devTestName = ENTITY_SNS_DEV_TEST_NAME;
+        break;
+      default:
+        // Default to resource SNS constants
+        envVarName = RESOURCE_SNS_ARN_ENV_VAR_NAME;
+        devTestName = RESOURCE_SNS_DEV_TEST_NAME;
+        break;
+    }
+
+    const arnFromEnv: string | undefined = process.env[envVarName];
+    if (arnFromEnv) {
+      return arnFromEnv;
+    }
+    if (process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'test') {
+      return devTestName;
+    }
+    throw new Error(`Unable to get ${type} sns topic arn from env variable`);
+  }
+
+  /**
+   * Checks we can contact the required SNS topic that used to send attribute updates to Authorization MS.
+   * This function can be used as health check for services that updating resource attributes in async is crucial.
+   * Note this function only verify the POD can contact AWS SDK and the topic exists, but the user still might get
+   * errors when pushing for the SNS (e.g: in case the AWS role of the POD don't have permissions to push messages).
+   * However, this is the best we can do without actually push dummy messages to the SNS.
+   * @return {Promise<boolean>} - true if succeeded
+   */
+  async asyncResourceAttributesHealthCheck(): Promise<boolean> {
+    try {
+      const requestedTopicArn: string = this.resourceSnsArn;
+      const attributes: TopicAttributesMap = await getTopicAttributes(requestedTopicArn);
+      const isHealthy = !(!attributes || !('TopicArn' in attributes) || attributes.TopicArn !== requestedTopicArn);
+      if (!isHealthy) {
+        logger.error(
+          { requestedTopicArn, snsReturnedAttributes: attributes, tag: AuthorizationAttributesSnsService.LOG_TAG },
+          'authorization-attributes-service failed in health check'
+        );
+      }
+      return isHealthy;
+    } catch (error) {
+      logger.error(
+        { error, tag: AuthorizationAttributesSnsService.LOG_TAG },
+        'authorization-attributes-service got error during health check'
+      );
+      return false;
+    }
+  }
+}

package/src/constants/sns.ts

@@ -1,5 +1,22 @@
-export const SNS_ARN_ENV_VAR_NAME = 'SHARED_AUTHORIZATION_SNS_ENDPOINT_RESOURCE_ATTRIBUTES';
-export const SNS_DEV_TEST_NAME =
+export enum SnsTopicType {
+  RESOURCE = 'resource',
+  ENTITY = 'entity',
+}
+
+// Resource SNS constants
+export const RESOURCE_SNS_ARN_ENV_VAR_NAME = 'SHARED_AUTHORIZATION_SNS_ENDPOINT_RESOURCE_ATTRIBUTES';
+export const RESOURCE_SNS_DEV_TEST_NAME =
   'arn:aws:sns:us-east-1:000000000000:monday-authorization-resource-attributes-sns-local';
+
+// Entity SNS constants
+export const ENTITY_SNS_ARN_ENV_VAR_NAME = 'SHARED_AUTHORIZATION_SNS_ENDPOINT_ENTITY_ATTRIBUTES';
+export const ENTITY_SNS_DEV_TEST_NAME =
+  'arn:aws:sns:us-east-1:000000000000:monday-authorization-entity-attributes-sns-local';
 export const RESOURCE_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND = 'resourceAttributeModification';
+export const ENTITY_ATTRIBUTES_SNS_UPDATE_OPERATION_MESSAGE_KIND = 'entityAttributeModification';
 export const ASYNC_RESOURCE_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE = 100;
+export const ASYNC_ENTITY_ATTRIBUTES_MAX_OPERATIONS_PER_MESSAGE = 100;
+
+// Legacy exports for backward compatibility
+export const SNS_ARN_ENV_VAR_NAME = RESOURCE_SNS_ARN_ENV_VAR_NAME;
+export const SNS_DEV_TEST_NAME = RESOURCE_SNS_DEV_TEST_NAME;

package/src/entity-attribute-assignment.ts

@@ -1,14 +1,12 @@
 import { EntityType } from './entity-attributes-constants';
 import { BaseAttributeAssignment } from './base-attribute-assignment';
 import { EntityAttributeAssignment as EntityAttributeAssignmentContract } from './types/authorization-attributes-contracts';
-import { ValidationUtils } from './utils/validation';
 
 export class EntityAttributeAssignment extends BaseAttributeAssignment<EntityType, EntityAttributeAssignmentContract> {
   public readonly entityId: number;
   public readonly entityType: EntityType;
 
   constructor(entityId: number, entityType: EntityType, key: string, value: string) {
-    ValidationUtils.validateEntityAssignment({ entityId, entityType, key, value });
     super(entityId, entityType, key, value);
     this.entityId = entityId;
     this.entityType = entityType;

package/src/index.ts

@@ -58,6 +58,10 @@ export {
 } from './authorization-middleware';
 export { AuthorizationService, AuthorizeResponse } from './authorization-service';
 export { AuthorizationAttributesService } from './authorization-attributes-service';
+export * from './resource-attributes-constants';
+export * from './entity-attributes-constants';
+export { ResourceAttributeAssignment } from './resource-attribute-assignment';
+export { EntityAttributeAssignment } from './entity-attribute-assignment';
 export { RolesService } from './roles-service';
 export { MembershipsService } from './memberships';
 export { AuthorizationObject, Resource, BaseRequest, ResourceGetter, ContextGetter } from './types/general';
@@ -68,5 +72,18 @@ export {
   ScopedActionPermit,
 } from './types/scoped-actions-contracts';
 export { CustomRole, BasicRole, RoleType, RoleCreateRequest, RoleUpdateRequest, RolesResponse } from './types/roles';
+export {
+  AttributeAssignment,
+  AttributeOperation,
+  ResourceAttributeDeleteAssignment,
+  ResourceAttributeUpsertOperation,
+  ResourceAttributeDeleteOperation,
+  EntityAttributeDeleteAssignment,
+  EntityAttributeUpsertOperation,
+  EntityAttributeDeleteOperation,
+  ResourceAttributeAssignment as ResourceAttributeAssignmentContract,
+  EntityAttributeAssignment as EntityAttributeAssignmentContract,
+} from './types/authorization-attributes-contracts';
+export { AuthorizationAttributesService as IAuthorizationAttributesService } from './types/authorization-attributes-service.interface';
 
 export { TestKit };

package/src/resource-attribute-assignment.ts

@@ -1,7 +1,6 @@
 import { ResourceType } from './resource-attributes-constants';
 import { BaseAttributeAssignment } from './base-attribute-assignment';
 import { ResourceAttributeAssignment as ResourceAttributeAssignmentContract } from './types/authorization-attributes-contracts';
-import { ValidationUtils } from './utils/validation';
 
 export class ResourceAttributeAssignment extends BaseAttributeAssignment<
   ResourceType,
@@ -11,7 +10,6 @@ export class ResourceAttributeAssignment extends BaseAttributeAssignment<
   public readonly resourceType: ResourceType;
 
   constructor(resourceId: number, resourceType: ResourceType, attributeKey: string, attributeValue: string) {
-    ValidationUtils.validateResourceAssignment({ resourceId, resourceType, key: attributeKey, value: attributeValue });
     super(resourceId, resourceType, attributeKey, attributeValue);
     this.resourceId = resourceId;
     this.resourceType = this.type;