From 18436fe3cd93c59f9cd1dd94e121eb8df38c49d8 Mon Sep 17 00:00:00 2001
From: Daniel Leavitt <daniel.leavitt@gmail.com>
Date: Wed, 28 Aug 2024 17:45:26 -0700
Subject: [PATCH 1/2] Add secretsmanager

At least for the secrets in my account, the resource segment of the ARN has an extra trailing "-xyZ12" piece that isn't part of the secret name and can't be included in the console URL.

For now just throwing an error if that suffix is missing, but please update / LMK if there are secrets without the suffix in the ARN and what their console URLs are so we can make the helper work for them.
---
 link2aws.js                 | 12 +++++++++++-
 testcases/aws-negative.json |  3 ++-
 testcases/aws.json          |  3 ++-
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/link2aws.js b/link2aws.js
index 13ba1a6..3062f47 100644
--- a/link2aws.js
+++ b/link2aws.js
@@ -978,7 +978,17 @@ class ARN {
                 "domain": null,
             },
             "secretsmanager": { // AWS Secrets Manager
-                "secret": null,
+                "secret": () => {
+                    if (this.resource.indexOf("-") === -1) {
+                        // all the secrets I've seen have a "-" delimited suffix
+                        // in the ARN that isn't part of the secret name. For
+                        // now just throwing if the suffix is missing, please
+                        // update if needed.
+                        throw Error(`Secret ARN for ${this.resource} missing suffix`);
+                    }
+                    const name = this.resource.split('-').slice(0, -1).join('-');
+                    return `https://${this.region}.${this.console}/${this.service}/${this.resource_type}?name=${name}`;
+                },
             },
             "securityhub": { // AWS Security Hub
                 "hub": null,
diff --git a/testcases/aws-negative.json b/testcases/aws-negative.json
index 21c1b3b..4d05058 100644
--- a/testcases/aws-negative.json
+++ b/testcases/aws-negative.json
@@ -38,5 +38,6 @@
     "arn:aws:ec2:us-ea st-1:123456789012:instance/asdf",
     "arn:aws:ec2:us-ea*st-1:123456789012:instance/asdf",
     "arn:aws:ec2:us-ea#st-1:123456789012:instance/asdf",
-    "arn:aws:ec2:us-ea\\st-1:123456789012:instance/asdf"
+    "arn:aws:ec2:us-ea\\st-1:123456789012:instance/asdf",
+    "arn:aws:secretsmanager:us-west-2:123456789012:secret:MySecret9A3F29"
 ]
\ No newline at end of file
diff --git a/testcases/aws.json b/testcases/aws.json
index 368f019..515d36b 100644
--- a/testcases/aws.json
+++ b/testcases/aws.json
@@ -86,6 +86,7 @@
     "arn:aws:firehose:us-east-1:123456789012:deliverystream/test-stream": "https://console.aws.amazon.com/firehose/home?region=us-east-1#/details/test-stream/monitoring",
 
     "arn:aws:codeconnections:us-west-2:384862141196:connection/f8234ecc-8990-4e63-b25a-ec36764b7701": "https://us-west-2.console.aws.amazon.com/codesuite/settings/384862141196/us-west-2/codeconnections/connections/f8234ecc-8990-4e63-b25a-ec36764b7701",
-    "arn:aws:codestar-connections:us-west-2:384862141196:connection/f8234ecc-8990-4e63-b25a-ec36764b7701": "https://us-west-2.console.aws.amazon.com/codesuite/settings/384862141196/us-west-2/codestar-connections/connections/f8234ecc-8990-4e63-b25a-ec36764b7701"
+    "arn:aws:codestar-connections:us-west-2:384862141196:connection/f8234ecc-8990-4e63-b25a-ec36764b7701": "https://us-west-2.console.aws.amazon.com/codesuite/settings/384862141196/us-west-2/codestar-connections/connections/f8234ecc-8990-4e63-b25a-ec36764b7701",
 
+    "arn:aws:secretsmanager:us-west-2:123456789012:secret:MySecret9A3F29-vdHtS43BP1i1-knwb3S": "https://us-west-2.console.aws.amazon.com/secretsmanager/secret?name=MySecret9A3F29-vdHtS43BP1i1"
 }
\ No newline at end of file

From 4980e53a3cbff934d37bcb9bdff76a44ba586558 Mon Sep 17 00:00:00 2001
From: Daniel Leavitt <daniel.leavitt@gmail.com>
Date: Wed, 28 Aug 2024 18:04:20 -0700
Subject: [PATCH 2/2] secretsmanager enforce suffix

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secret.html#cfn-secretsmanager-secret-name

https://stackoverflow.com/a/71275532/362110
---
 link2aws.js                 | 11 ++++-------
 testcases/aws-negative.json |  2 +-
 2 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/link2aws.js b/link2aws.js
index 3062f47..121286a 100644
--- a/link2aws.js
+++ b/link2aws.js
@@ -979,14 +979,11 @@ class ARN {
             },
             "secretsmanager": { // AWS Secrets Manager
                 "secret": () => {
-                    if (this.resource.indexOf("-") === -1) {
-                        // all the secrets I've seen have a "-" delimited suffix
-                        // in the ARN that isn't part of the secret name. For
-                        // now just throwing if the suffix is missing, please
-                        // update if needed.
-                        throw Error(`Secret ARN for ${this.resource} missing suffix`);
+                    const arnSuffix = /-\w{6}$/;
+                    if (!arnSuffix.test(this.resource)) {
+                        throw Error(`Secret ARN for "${this.resource}" appears invalid, should end with ${arnSuffix}`);
                     }
-                    const name = this.resource.split('-').slice(0, -1).join('-');
+                    const name = this.resource.replace(arnSuffix, "");
                     return `https://${this.region}.${this.console}/${this.service}/${this.resource_type}?name=${name}`;
                 },
             },
diff --git a/testcases/aws-negative.json b/testcases/aws-negative.json
index 4d05058..d05ecb4 100644
--- a/testcases/aws-negative.json
+++ b/testcases/aws-negative.json
@@ -39,5 +39,5 @@
     "arn:aws:ec2:us-ea*st-1:123456789012:instance/asdf",
     "arn:aws:ec2:us-ea#st-1:123456789012:instance/asdf",
     "arn:aws:ec2:us-ea\\st-1:123456789012:instance/asdf",
-    "arn:aws:secretsmanager:us-west-2:123456789012:secret:MySecret9A3F29"
+    "arn:aws:secretsmanager:us-west-2:123456789012:secret:MySecret9A3F29-adf"
 ]
\ No newline at end of file