Expose Authz GetModified

src/main/java/com/descope/literals/Routes.java

@@ -176,5 +176,6 @@ public static class ManagementEndPoints {
     public static final String MANAGEMENT_AUTHZ_RE_RESOURCE = "/v1/mgmt/authz/re/resource";
     public static final String MANAGEMENT_AUTHZ_RE_TARGETS = "/v1/mgmt/authz/re/targets";
     public static final String MANAGEMENT_AUTHZ_RE_TARGET_ALL = "/v1/mgmt/authz/re/targetall";
+    public static final String MANAGEMENT_AUTHZ_GET_MODIFIED = "/v1/mgmt/authz/getmodified";
   }
 }

src/main/java/com/descope/model/authz/Modified.java

@@ -0,0 +1,20 @@
+package com.descope.model.authz;
+
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonInclude.Include;
+import java.util.List;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+@JsonInclude(Include.NON_NULL)
+public class Modified {
+  List<String> resources;
+  List<String> targets;
+  boolean schemaChanged;
+}

src/main/java/com/descope/sdk/mgmt/AuthzService.java

@@ -1,11 +1,13 @@
 package com.descope.sdk.mgmt;
 
 import com.descope.exception.DescopeException;
+import com.descope.model.authz.Modified;
 import com.descope.model.authz.Namespace;
 import com.descope.model.authz.Relation;
 import com.descope.model.authz.RelationDefinition;
 import com.descope.model.authz.RelationQuery;
 import com.descope.model.authz.Schema;
+import java.time.Instant;
 import java.util.List;
 
 /** Provides ReBAC authorization service APIs. */
@@ -149,4 +151,14 @@ void saveRelationDefinition(RelationDefinition relationDefinition, String namesp
    * @throws DescopeException If there occurs any exception, a subtype of this exception will be thrown.
    */
   List<Relation> whatCanTargetAccess(String target) throws DescopeException;
+
+  /**
+   * Return list of targets and resources changed since the given date.
+   * Should be used to invalidate local caches.
+   *
+   * @param since return the changes since this instant
+   * @return {@link Modified} including resources and targets changed
+   * @throws DescopeException If there occurs any exception, a subtype of this exception will be thrown.
+   */
+  Modified getModified(Instant since) throws DescopeException;
 }

src/main/java/com/descope/sdk/mgmt/impl/AuthzServiceImpl.java

@@ -1,5 +1,6 @@
 package com.descope.sdk.mgmt.impl;
 
+import static com.descope.literals.Routes.ManagementEndPoints.MANAGEMENT_AUTHZ_GET_MODIFIED;
 import static com.descope.literals.Routes.ManagementEndPoints.MANAGEMENT_AUTHZ_NS_DELETE;
 import static com.descope.literals.Routes.ManagementEndPoints.MANAGEMENT_AUTHZ_NS_SAVE;
 import static com.descope.literals.Routes.ManagementEndPoints.MANAGEMENT_AUTHZ_RD_DELETE;
@@ -21,6 +22,7 @@
 import com.descope.exception.ServerCommonException;
 import com.descope.model.authz.HasRelationsResponse;
 import com.descope.model.authz.LoadSchemaResponse;
+import com.descope.model.authz.Modified;
 import com.descope.model.authz.Namespace;
 import com.descope.model.authz.Relation;
 import com.descope.model.authz.RelationDefinition;
@@ -31,6 +33,8 @@
 import com.descope.model.client.Client;
 import com.descope.proxy.ApiProxy;
 import com.descope.sdk.mgmt.AuthzService;
+import java.time.Instant;
+import java.time.Period;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
@@ -231,4 +235,18 @@ public List<Relation> whatCanTargetAccess(String target) throws DescopeException
     RelationsResponse resp = apiProxy.post(getUri(MANAGEMENT_AUTHZ_RE_TARGET_ALL), request, RelationsResponse.class);
     return resp.getRelations();
   }
+
+  @Override
+  public Modified getModified(Instant since) throws DescopeException {
+    Instant now = Instant.now();
+    if (since != null && (since.isBefore(now.minus(Period.ofDays(1))) || since.isAfter(now))) {
+      throw ServerCommonException.invalidArgument("since");
+    }
+    Map<String, Object> request = new HashMap<>();
+    if (since != null) {
+      request.put("since", since.toEpochMilli());
+    }
+    ApiProxy apiProxy = getApiProxy();
+    return apiProxy.post(getUri(MANAGEMENT_AUTHZ_GET_MODIFIED), request, Modified.class);
+  }
 }

src/test/java/com/descope/sdk/mgmt/impl/AuthzServiceImplTest.java

@@ -15,6 +15,7 @@
 import com.descope.exception.ServerCommonException;
 import com.descope.model.authz.HasRelationsResponse;
 import com.descope.model.authz.LoadSchemaResponse;
+import com.descope.model.authz.Modified;
 import com.descope.model.authz.Namespace;
 import com.descope.model.authz.Relation;
 import com.descope.model.authz.RelationDefinition;
@@ -31,6 +32,8 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
 import java.io.File;
+import java.time.Instant;
+import java.time.Period;
 import java.util.Arrays;
 import java.util.List;
 import org.junit.jupiter.api.BeforeEach;
@@ -399,6 +402,28 @@ void testWhatCanUserAccessForSuccess() {
     }
   }
 
+  @Test
+  void testGetModifiedForWrongSince() {
+    ServerCommonException thrown =
+        assertThrows(
+            ServerCommonException.class,
+            () -> authzService.getModified(Instant.now().minus(Period.ofDays(2))));
+    assertNotNull(thrown);
+    assertEquals("The since argument is invalid", thrown.getMessage());
+  }
+
+  @Test
+  void testGetModifiedForSuccess() {
+    ApiProxy apiProxy = mock(ApiProxy.class);
+    doReturn(new Modified(null, null, true)).when(apiProxy).post(any(), any(), any());
+    try (MockedStatic<ApiProxyBuilder> mockedApiProxyBuilder = mockStatic(ApiProxyBuilder.class)) {
+      mockedApiProxyBuilder.when(
+        () -> ApiProxyBuilder.buildProxy(any(), any())).thenReturn(apiProxy);
+      Modified modified = authzService.getModified(null);
+      assertTrue(modified.isSchemaChanged());
+    }
+  }
+
   @RetryingTest(value = 3, suspendForMs = 30000, onExceptions = RateLimitExceededException.class)
   void testFunctionalFullCycle() throws Exception {
     ObjectMapper mapper = new ObjectMapper(new YAMLFactory());