secretsmanager enforce suffix

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secret.html#cfn-secretsmanager-secret-name https://stackoverflow.com/a/71275532/362110
link2aws · Aug 29, 2024 · 4980e53 · 4980e53
1 parent 18436fe
commit 4980e53
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 8 deletions.
diff --git a/link2aws.js b/link2aws.js
@@ -979,14 +979,11 @@ class ARN {
             },
             "secretsmanager": { // AWS Secrets Manager
                 "secret": () => {
-                    if (this.resource.indexOf("-") === -1) {
-                        // all the secrets I've seen have a "-" delimited suffix
-                        // in the ARN that isn't part of the secret name. For
-                        // now just throwing if the suffix is missing, please
-                        // update if needed.
-                        throw Error(`Secret ARN for ${this.resource} missing suffix`);
+                    const arnSuffix = /-\w{6}$/;
+                    if (!arnSuffix.test(this.resource)) {
+                        throw Error(`Secret ARN for "${this.resource}" appears invalid, should end with ${arnSuffix}`);
                     }
-                    const name = this.resource.split('-').slice(0, -1).join('-');
+                    const name = this.resource.replace(arnSuffix, "");
                     return `https://${this.region}.${this.console}/${this.service}/${this.resource_type}?name=${name}`;
                 },
             },

diff --git a/testcases/aws-negative.json b/testcases/aws-negative.json
@@ -39,5 +39,5 @@
     "arn:aws:ec2:us-ea*st-1:123456789012:instance/asdf",
     "arn:aws:ec2:us-ea#st-1:123456789012:instance/asdf",
     "arn:aws:ec2:us-ea\\st-1:123456789012:instance/asdf",
-    "arn:aws:secretsmanager:us-west-2:123456789012:secret:MySecret9A3F29"
+    "arn:aws:secretsmanager:us-west-2:123456789012:secret:MySecret9A3F29-adf"
 ]