From b75c625ddcc0b3110699d8e6175681ef157b25df Mon Sep 17 00:00:00 2001
From: xiaojunnuo <xiaojunnuo@qq.com>
Date: Thu, 7 May 2026 22:18:34 +0800
Subject: [PATCH] =?UTF-8?q?fix(aliyun-access):=20=E6=B7=BB=E5=8A=A0?=
 =?UTF-8?q?=E9=98=BF=E9=87=8C=E4=BA=91=E5=AF=86=E9=92=A5=E6=A0=A1=E9=AA=8C?=
 =?UTF-8?q?=E5=A4=B1=E8=B4=A5=E7=9A=84=E9=94=99=E8=AF=AF=E5=A4=84=E7=90=86?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

在测试阿里云访问密钥时，增加对STS错误响应的处理逻辑
添加相关测试用例验证错误处理和正常情况
---
 .../aliyun/access/aliyun-access.test.ts       | 41 +++++++++++++++++++
 .../plugin-lib/aliyun/access/aliyun-access.ts |  7 +++-
 2 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 packages/ui/certd-server/src/plugins/plugin-lib/aliyun/access/aliyun-access.test.ts

diff --git a/packages/ui/certd-server/src/plugins/plugin-lib/aliyun/access/aliyun-access.test.ts b/packages/ui/certd-server/src/plugins/plugin-lib/aliyun/access/aliyun-access.test.ts
new file mode 100644
index 000000000..f8713bc16
--- /dev/null
+++ b/packages/ui/certd-server/src/plugins/plugin-lib/aliyun/access/aliyun-access.test.ts
@@ -0,0 +1,41 @@
+/// <reference types="mocha" />
+
+import assert from "node:assert/strict";
+
+import { AliyunAccess } from "./aliyun-access.js";
+
+function createAccess(result: Record<string, unknown>) {
+  const access = new AliyunAccess();
+  access.ctx = {
+    logger: {
+      log() {},
+    },
+  } as any;
+  access.getStsClient = async () =>
+    ({
+      getCallerIdentity: async () => result,
+    }) as any;
+  return access;
+}
+
+describe("AliyunAccess", () => {
+  it("rejects STS error responses when testing access keys", async () => {
+    const access = createAccess({
+      Code: "InvalidAccessKeyId.NotFound",
+      Message: "Specified access key is not found.",
+      RequestId: "request-id",
+    });
+
+    await assert.rejects(() => access.onTestRequest(), /InvalidAccessKeyId\.NotFound/);
+  });
+
+  it("returns ok for valid STS identity responses", async () => {
+    const access = createAccess({
+      AccountId: "123456789",
+      Arn: "acs:ram::123456789:user/test",
+      UserId: "test-user",
+    });
+
+    assert.equal(await access.onTestRequest(), "ok");
+  });
+});
diff --git a/packages/ui/certd-server/src/plugins/plugin-lib/aliyun/access/aliyun-access.ts b/packages/ui/certd-server/src/plugins/plugin-lib/aliyun/access/aliyun-access.ts
index 4ecf5a7f3..1b7857458 100644
--- a/packages/ui/certd-server/src/plugins/plugin-lib/aliyun/access/aliyun-access.ts
+++ b/packages/ui/certd-server/src/plugins/plugin-lib/aliyun/access/aliyun-access.ts
@@ -41,7 +41,7 @@ export class AliyunAccess extends BaseAccess {
 
   async onTestRequest() {
     await this.getCallerIdentity();
-    return "ok"
+    return "ok";
   }
 
 
@@ -64,6 +64,11 @@ export class AliyunAccess extends BaseAccess {
     const sts = await this.getStsClient();
     // 调用 GetCallerIdentity 接口
     const result = await sts.getCallerIdentity();
+    if (result.Code || !result.AccountId) {
+      const message = result.Message || "阿里云密钥校验失败";
+      const code = result.Code ? `[${result.Code}] ` : "";
+      throw new Error(`${code}${message}`);
+    }
 
     this.ctx.logger.log("✅ 密钥有效！");
     this.ctx.logger.log(`   账户ID: ${result.AccountId}`);