1 | exports.types = {
|
2 | ResourceArn: {
|
3 | type: 'String',
|
4 | },
|
5 | }
|
6 |
|
7 | exports.custom = function(data, store) {
|
8 | if (data.ResourceArn == null) {
|
9 | return 'Invalid TableArn'
|
10 | }
|
11 |
|
12 | if (!/^.+:.+:.+:.+:.+:.+\/.+$/.test(data.ResourceArn)) {
|
13 | var username = 'dynalite'
|
14 |
|
15 | var accessDeniedError = new Error
|
16 | accessDeniedError.statusCode = 400
|
17 | accessDeniedError.body = {
|
18 | __type: 'com.amazon.coral.service#AccessDeniedException',
|
19 | Message: 'User: arn:aws:iam::' + store.tableDb.awsAccountId + ':' + username + ' is not authorized to perform: ' +
|
20 | 'dynamodb:ListTagsOfResource on resource: ' + (data.ResourceArn || '*'),
|
21 | }
|
22 | throw accessDeniedError
|
23 | }
|
24 |
|
25 | if (!/^arn:aws:dynamodb:.+:\d+:table\/[^/]{2}[^/]+$/.test(data.ResourceArn)) {
|
26 | return 'Invalid TableArn: Invalid ResourceArn provided as input ' + data.ResourceArn
|
27 | }
|
28 | }
|