forked from alibaba/funcraft
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy patherror-message.js
109 lines (100 loc) · 3.63 KB
/
error-message.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
'use strict';
const {
getProfile
} = require('./profile');
const { red } = require('colors');
function throwProcessedException(ex, policyName) {
if (ex.code === 'Forbidden.RAM') {
console.error(`\n${ex.message}`);
throw new Error(`\nMaybe you need grant ${policyName} policy to the sub-account or use the primary account.\nIf you don’t want use the ${policyName} policy or primary account, you can also specify the Role property for Service.`);
}
throw ex;
}
async function throwProcessedPopPermissionError(ex, action) {
if (!ex.code || !ex.url || (ex.code !== 'NoPermission' && ex.code !== 'Forbidden.RAM' && !ex.code.includes('Forbbiden'))) { // NAS 返回的权限错误码是 Forbbiden.ram
throw ex;
}
const productRegex = new RegExp(/https?:\/\/([a-zA-Z]*).(.*)aliyuncs.com/);
const productRegexRes = productRegex.exec(ex.url);
if (!productRegexRes) {
throw ex;
}
const product = productRegexRes[1];
action = `${product}:${action}`;
let resource = '*';
if (ex.data && ex.data.Message) {
const regex = new RegExp(/Resource: (.*) Action: (.*)/);
const res = regex.exec(ex.data.Message);
if (res) {
resource = res[1];
action = res[2];
}
}
const policyName = generatePolicyName(action);
printPermissionTip(policyName, action, resource);
throw ex;
}
async function throwProcessedFCPermissionError(ex, ...resourceArr) {
if (!ex.code || ex.code !== 'AccessDenied' || !ex.message) {
throw ex;
}
const regex = new RegExp(/the caller is not authorized to perform '(.*)' on resource '(.*)'/);
const res = regex.exec(ex.message);
if (!res) {
throw ex;
}
const profile = await getProfile();
const action = res[1];
const resource = res[2];
const policyName = generatePolicyName(action, profile.defaultRegion, ...resourceArr);
printPermissionTip(policyName, action, resource);
throw ex;
}
async function throwProcessedSLSPermissionError(ex) {
if (!ex.code || ex.code !== 'Unauthorized' || !ex.message) {
throw ex;
}
const regex = new RegExp(/action: (.*), resource: (.*)/);
const res = regex.exec(ex.message);
if (!res) {
throw ex;
}
const action = res[1];
const resource = res[2];
const policyName = generatePolicyName(action);
printPermissionTip(policyName, action, resource);
throw ex;
}
function printPermissionTip(policyName, action, resource) {
const policy = {
'Version': '1',
'Statement': [
{
'Effect': 'Allow',
'Action': [
action
],
'Resource': [
resource
]
}
]
};
console.error(red(`\nYou can run the following commands to grant permission '${action}' on '${resource}' `));
console.error(red('Via the link: https://shell.aliyun.com/ or aliyun cli'));
console.error(red('(Note: aliyun cli tool needs to be configured with credentials that have related RAM permissions, such as primary account\'s AK)'));
console.error(red('\n1. Create Policy'));
console.error(red(`aliyun ram CreatePolicy --PolicyName ${policyName} --PolicyDocument "${JSON.stringify(policy).replace(/"/g, '\\"')}"`));
console.error(red('\n2. Attach Policy To User'));
console.error(red(`aliyun ram AttachPolicyToUser --PolicyName ${policyName} --PolicyType "Custom" --UserName "YOUR_USER_NAME"\n`));
}
function generatePolicyName(action, ...resourceArr) {
const resource = resourceArr && resourceArr.length ? resourceArr.join('-') : Math.random().toString(36).slice(-8);
return `fun-generated-${action.replace(/:/g, '-')}-${resource}`;
}
module.exports = {
throwProcessedException,
throwProcessedPopPermissionError,
throwProcessedFCPermissionError,
throwProcessedSLSPermissionError
};