Skip to content

Commit 7d88221

Browse files
gusfcarvalhogusfcarvalho
committed
fix: copilot issues
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
1 parent 750fb5c commit 7d88221

2 files changed

Lines changed: 81 additions & 1 deletion

File tree

main.go

Lines changed: 31 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -890,6 +890,9 @@ func parseNetworkDiagnosticEndpoint(value string) (networkDiagnosticEndpoint, er
890890
if err != nil {
891891
return networkDiagnosticEndpoint{}, fmt.Errorf("failed to parse network diagnostic endpoint %q: %w", original, err)
892892
}
893+
if parsed.Scheme != "" && !strings.EqualFold(parsed.Scheme, "https") {
894+
return networkDiagnosticEndpoint{}, fmt.Errorf("network diagnostic endpoint %q has unsupported scheme %q: only https endpoints are supported", original, parsed.Scheme)
895+
}
893896
host := strings.TrimSpace(parsed.Hostname())
894897
if host == "" {
895898
return networkDiagnosticEndpoint{}, fmt.Errorf("network diagnostic endpoint %q does not include a host", original)
@@ -2826,11 +2829,38 @@ func awsResourceExplorerResourceARN(payload *StandardizedResourcePayload) (strin
28262829
if !ok {
28272830
return "", "aws.s3 resource id is not a valid S3 bucket name"
28282831
}
2829-
return "arn:aws:s3:::" + bucketName, ""
2832+
return "arn:" + awsPartitionForResource(payload.Resource) + ":s3:::" + bucketName, ""
28302833
}
28312834
return "", "resource id is not an ARN"
28322835
}
28332836

2837+
func awsPartitionForResource(resource StandardizedResourceInfo) string {
2838+
if partition := awsPartitionFromARN(resource.AccountID); partition != "" {
2839+
return partition
2840+
}
2841+
return awsPartitionForRegion(resource.Region)
2842+
}
2843+
2844+
func awsPartitionFromARN(arnValue string) string {
2845+
parts := strings.SplitN(strings.TrimSpace(arnValue), ":", 3)
2846+
if len(parts) >= 2 && parts[0] == "arn" && strings.TrimSpace(parts[1]) != "" {
2847+
return strings.TrimSpace(parts[1])
2848+
}
2849+
return ""
2850+
}
2851+
2852+
func awsPartitionForRegion(region string) string {
2853+
region = strings.TrimSpace(strings.ToLower(region))
2854+
switch {
2855+
case strings.HasPrefix(region, "cn-"):
2856+
return "aws-cn"
2857+
case strings.HasPrefix(region, "us-gov-"):
2858+
return "aws-us-gov"
2859+
default:
2860+
return "aws"
2861+
}
2862+
}
2863+
28342864
func normalizeS3BucketName(resourceID string) (string, bool) {
28352865
bucketName := strings.TrimSpace(resourceID)
28362866
bucketName = strings.TrimPrefix(bucketName, "s3://")

main_test.go

Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1133,6 +1133,16 @@ func TestDiagnosticHelpers(t *testing.T) {
11331133
}
11341134
})
11351135

1136+
t.Run("rejects non https configured endpoint schemes", func(t *testing.T) {
1137+
_, _, err := awsDiagnosticEndpointsForCheck("aws.backup-vault", nil, []string{"http://vpce-123.backup.eu-west-1.vpce.amazonaws.com:80"})
1138+
if err == nil {
1139+
t.Fatalf("expected unsupported endpoint scheme error")
1140+
}
1141+
if !strings.Contains(err.Error(), "only https endpoints are supported") {
1142+
t.Fatalf("expected unsupported scheme detail, got %v", err)
1143+
}
1144+
})
1145+
11361146
t.Run("tls probe returns immediately when context is canceled", func(t *testing.T) {
11371147
ctx, cancel := context.WithCancel(context.Background())
11381148
cancel()
@@ -1752,6 +1762,46 @@ func TestAWSResourceExplorerURL(t *testing.T) {
17521762
want: "https://console.aws.amazon.com/resource-explorer/home?region=us-east-1#/search?query=id%3Aarn%3Aaws%3As3%3A%3A%3Aexample-bucket",
17531763
wantLink: true,
17541764
},
1765+
{
1766+
name: "s3 bucket in china region uses aws cn partition",
1767+
payload: &StandardizedResourcePayload{
1768+
Resource: StandardizedResourceInfo{
1769+
ID: "example-bucket",
1770+
Type: "aws.s3",
1771+
Provider: "aws",
1772+
Region: "cn-north-1",
1773+
},
1774+
},
1775+
want: "https://console.aws.amazon.com/resource-explorer/home?region=cn-north-1#/search?query=id%3Aarn%3Aaws-cn%3As3%3A%3A%3Aexample-bucket",
1776+
wantLink: true,
1777+
},
1778+
{
1779+
name: "s3 bucket in gov region uses aws us gov partition",
1780+
payload: &StandardizedResourcePayload{
1781+
Resource: StandardizedResourceInfo{
1782+
ID: "example-bucket",
1783+
Type: "aws.s3",
1784+
Provider: "aws",
1785+
Region: "us-gov-west-1",
1786+
},
1787+
},
1788+
want: "https://console.aws.amazon.com/resource-explorer/home?region=us-gov-west-1#/search?query=id%3Aarn%3Aaws-us-gov%3As3%3A%3A%3Aexample-bucket",
1789+
wantLink: true,
1790+
},
1791+
{
1792+
name: "s3 bucket uses account id arn partition hint",
1793+
payload: &StandardizedResourcePayload{
1794+
Resource: StandardizedResourceInfo{
1795+
ID: "example-bucket",
1796+
Type: "aws.s3",
1797+
Provider: "aws",
1798+
AccountID: "arn:aws-us-gov:iam::123456789012:root",
1799+
Region: "us-east-1",
1800+
},
1801+
},
1802+
want: "https://console.aws.amazon.com/resource-explorer/home?region=us-east-1#/search?query=id%3Aarn%3Aaws-us-gov%3As3%3A%3A%3Aexample-bucket",
1803+
wantLink: true,
1804+
},
17551805
{
17561806
name: "non arn non s3 resource id has no resource explorer link",
17571807
payload: &StandardizedResourcePayload{

0 commit comments

Comments
 (0)