UNPKG

@alicloud/fun/lib/error-message.js

Version:

4.94 kBJavaScriptView Raw

1'use strict';
2var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
  return new (P || (P = Promise))(function (resolve, reject) {
      function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
      function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
      function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }
      step((generator = generator.apply(thisArg, _arguments || [])).next());
  });
9};
10const { getProfile } = require('./profile');
11const { red } = require('colors');
12function throwProcessedException(ex, policyName) {
  if (ex.code === 'Forbidden.RAM') {
      console.error(`\n${ex.message}`);
      throw new Error(`\nMaybe you need grant ${policyName} policy to the sub-account or use the primary account.\nIf you don’t want use the ${policyName} policy or primary account, you can also specify the Role property for Service.`);
  }
  throw ex;
18}
19function throwProcessedPopPermissionError(ex, action) {
  return __awaiter(this, void 0, void 0, function* () {
      if (!ex.code || !ex.url || (ex.code !== 'NoPermission' && ex.code !== 'Forbidden.RAM' && !ex.code.includes('Forbbiden'))) { // NAS 返回的权限错误码是 Forbbiden.ram
          throw ex;
      }
      const productRegex = new RegExp(/https?:\/\/([a-zA-Z]*).(.*)aliyuncs.com/);
      const productRegexRes = productRegex.exec(ex.url);
      if (!productRegexRes) {
          throw ex;
      }
      const product = productRegexRes[1];
      action = `${product}:${action}`;
      let resource = '*';
      if (ex.data && ex.data.Message) {
          const regex = new RegExp(/Resource: (.*) Action: (.*)/);
          const res = regex.exec(ex.data.Message);
          if (res) {
              resource = res[1];
              action = res[2];
          }
      }
      const policyName = generatePolicyName(action);
      printPermissionTip(policyName, action, resource);
      throw ex;
  });
44}
45function throwProcessedFCPermissionError(ex, ...resourceArr) {
  return __awaiter(this, void 0, void 0, function* () {
      if (!ex.code || ex.code !== 'AccessDenied' || !ex.message) {
          throw ex;
      }
      const regex = new RegExp(/the caller is not authorized to perform '(.*)' on resource '(.*)'/);
      const res = regex.exec(ex.message);
      if (!res) {
          throw ex;
      }
      const profile = yield getProfile();
      const action = res[1];
      const resource = res[2];
      const policyName = generatePolicyName(action, profile.defaultRegion, ...resourceArr);
      printPermissionTip(policyName, action, resource);
      throw ex;
  });
62}
63function throwProcessedSLSPermissionError(ex) {
  return __awaiter(this, void 0, void 0, function* () {
      if (!ex.code || ex.code !== 'Unauthorized' || !ex.message) {
          throw ex;
      }
      const regex = new RegExp(/action: (.*), resource: (.*)/);
      const res = regex.exec(ex.message);
      if (!res) {
          throw ex;
      }
      const action = res[1];
      const resource = res[2];
      const policyName = generatePolicyName(action);
      printPermissionTip(policyName, action, resource);
      throw ex;
  });
79}
80function printPermissionTip(policyName, action, resource) {
  const policy = {
      'Version': '1',
      'Statement': [
          {
              'Effect': 'Allow',
              'Action': [
                  action
              ],
              'Resource': [
                  resource
              ]
          }
      ]
  };
  console.error(red(`\nYou can run the following commands to grant permission '${action}' on '${resource}' `));
  console.error(red('Via the link:  https://shell.aliyun.com/ or aliyun cli'));
  console.error(red('(Note: aliyun cli tool needs to be configured with credentials that have related RAM permissions, such as primary account\'s AK)'));
  console.error(red('\n1. Create Policy'));
  console.error(red(`aliyun ram CreatePolicy --PolicyName ${policyName} --PolicyDocument "${JSON.stringify(policy).replace(/"/g, '\\"')}"`));
  console.error(red('\n2. Attach Policy To User'));
  console.error(red(`aliyun ram AttachPolicyToUser --PolicyName ${policyName} --PolicyType "Custom" --UserName "YOUR_USER_NAME"\n`));
102}
103function generatePolicyName(action, ...resourceArr) {
  const resource = resourceArr && resourceArr.length ? resourceArr.join('-') : Math.random().toString(36).slice(-8);
  return `fun-generated-${action.replace(/:/g, '-')}-${resource}`;
106}
107module.exports = {
  throwProcessedException,
  throwProcessedPopPermissionError,
  throwProcessedFCPermissionError,
  throwProcessedSLSPermissionError
112};

1	`'use strict';`
2	`var __awaiter = (this && this.__awaiter) \|\| function (thisArg, _arguments, P, generator) {`
3	`return new (P \|\| (P = Promise))(function (resolve, reject) {`
4	`function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }`
5	`function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }`
6	`function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }`
7	`step((generator = generator.apply(thisArg, _arguments \|\| [])).next());`
8	`});`
9	`};`
10	`const { getProfile } = require('./profile');`
11	`const { red } = require('colors');`
12	`function throwProcessedException(ex, policyName) {`
13	`if (ex.code === 'Forbidden.RAM') {`
14	console.error(`\n${ex.message}`);
15	throw new Error(`\nMaybe you need grant ${policyName} policy to the sub-account or use the primary account.\nIf you don’t want use the ${policyName} policy or primary account, you can also specify the Role property for Service.`);
16	`}`
17	`throw ex;`
18	`}`
19	`function throwProcessedPopPermissionError(ex, action) {`
20	`return __awaiter(this, void 0, void 0, function* () {`
21	`if (!ex.code \|\| !ex.url \|\| (ex.code !== 'NoPermission' && ex.code !== 'Forbidden.RAM' && !ex.code.includes('Forbbiden'))) { // NAS 返回的权限错误码是 Forbbiden.ram`
22	`throw ex;`
23	`}`
24	`const productRegex = new RegExp(/https?:\/\/([a-zA-Z]).(.)aliyuncs.com/);`
25	`const productRegexRes = productRegex.exec(ex.url);`
26	`if (!productRegexRes) {`
27	`throw ex;`
28	`}`
29	`const product = productRegexRes[1];`
30	action = `${product}:${action}`;
31	`let resource = '*';`
32	`if (ex.data && ex.data.Message) {`
33	`const regex = new RegExp(/Resource: (.) Action: (.)/);`
34	`const res = regex.exec(ex.data.Message);`
35	`if (res) {`
36	`resource = res[1];`
37	`action = res[2];`
38	`}`
39	`}`
40	`const policyName = generatePolicyName(action);`
41	`printPermissionTip(policyName, action, resource);`
42	`throw ex;`
43	`});`
44	`}`
45	`function throwProcessedFCPermissionError(ex, ...resourceArr) {`
46	`return __awaiter(this, void 0, void 0, function* () {`
47	`if (!ex.code \|\| ex.code !== 'AccessDenied' \|\| !ex.message) {`
48	`throw ex;`
49	`}`
50	`const regex = new RegExp(/the caller is not authorized to perform '(.)' on resource '(.)'/);`
51	`const res = regex.exec(ex.message);`
52	`if (!res) {`
53	`throw ex;`
54	`}`
55	`const profile = yield getProfile();`
56	`const action = res[1];`
57	`const resource = res[2];`
58	`const policyName = generatePolicyName(action, profile.defaultRegion, ...resourceArr);`
59	`printPermissionTip(policyName, action, resource);`
60	`throw ex;`
61	`});`
62	`}`
63	`function throwProcessedSLSPermissionError(ex) {`
64	`return __awaiter(this, void 0, void 0, function* () {`
65	`if (!ex.code \|\| ex.code !== 'Unauthorized' \|\| !ex.message) {`
66	`throw ex;`
67	`}`
68	`const regex = new RegExp(/action: (.), resource: (.)/);`
69	`const res = regex.exec(ex.message);`
70	`if (!res) {`
71	`throw ex;`
72	`}`
73	`const action = res[1];`
74	`const resource = res[2];`
75	`const policyName = generatePolicyName(action);`
76	`printPermissionTip(policyName, action, resource);`
77	`throw ex;`
78	`});`
79	`}`
80	`function printPermissionTip(policyName, action, resource) {`
81	`const policy = {`
82	`'Version': '1',`
83	`'Statement': [`
84	`{`
85	`'Effect': 'Allow',`
86	`'Action': [`
87	`action`
88	`],`
89	`'Resource': [`
90	`resource`
91	`]`
92	`}`
93	`]`
94	`};`
95	console.error(red(`\nYou can run the following commands to grant permission '${action}' on '${resource}' `));
96	`console.error(red('Via the link: https://shell.aliyun.com/ or aliyun cli'));`
97	`console.error(red('(Note: aliyun cli tool needs to be configured with credentials that have related RAM permissions, such as primary account\'s AK)'));`
98	`console.error(red('\n1. Create Policy'));`
99	console.error(red(`aliyun ram CreatePolicy --PolicyName ${policyName} --PolicyDocument "${JSON.stringify(policy).replace(/"/g, '\\"')}"`));
100	`console.error(red('\n2. Attach Policy To User'));`
101	console.error(red(`aliyun ram AttachPolicyToUser --PolicyName ${policyName} --PolicyType "Custom" --UserName "YOUR_USER_NAME"\n`));
102	`}`
103	`function generatePolicyName(action, ...resourceArr) {`
104	`const resource = resourceArr && resourceArr.length ? resourceArr.join('-') : Math.random().toString(36).slice(-8);`
105	return `fun-generated-${action.replace(/:/g, '-')}-${resource}`;
106	`}`
107	`module.exports = {`
108	`throwProcessedException,`
109	`throwProcessedPopPermissionError,`
110	`throwProcessedFCPermissionError,`
111	`throwProcessedSLSPermissionError`
112	`};`