Add resource URL handler

consoleme/handlers/v2/challenge.py

@@ -147,7 +147,13 @@ async def get(self, requested_challenge_token):
                 )
                 self.write(
                     {
-                        "message": "Your originating IP doesn't match the IP the challenge was created with."
+                        "message": (
+                            "Your originating IP doesn't match the IP the challenge was created with. "
+                            "If you are developing locally, this is probably because your CLI (Weep) made an IPv6 "
+                            "request, and your web browser made an IPv4 request. Or visa-versa. If this is the case, "
+                            "set the local configuration for "
+                            "**challenge_url.request_ip_must_match_challenge_creation_ip** to **false**."
+                        )
                     }
                 )
                 return

consoleme/handlers/v2/policies.py

@@ -4,7 +4,7 @@
 import ujson as json
 
 from consoleme.config import config
-from consoleme.exceptions.exceptions import MustBeFte
+from consoleme.exceptions.exceptions import MustBeFte, ResourceNotFound
 from consoleme.handlers.base import BaseAPIV2Handler, BaseHandler
 from consoleme.lib.aws import (
     get_all_iam_managed_policies_for_account,
@@ -134,13 +134,16 @@ async def post(self):
                 if "/" in resource_name:
                     resource_name = resource_name.split("/")[-1]
                 region = policy["arn"].split(":")[3]
-                url = await get_url_for_resource(
-                    policy["arn"],
-                    policy["technology"],
-                    policy["account_id"],
-                    region,
-                    resource_name,
-                )
+                try:
+                    url = await get_url_for_resource(
+                        policy["arn"],
+                        policy["technology"],
+                        policy["account_id"],
+                        region,
+                        resource_name,
+                    )
+                except ResourceNotFound:
+                    url = ""
                 if url:
                     policy["arn"] = f"[{policy['arn']}]({url})"
                 if not policy.get("templated"):

consoleme/handlers/v2/resources.py

@@ -3,14 +3,18 @@
 
 import sentry_sdk
 import ujson as json
+from policy_sentry.util.arns import parse_arn
 
 from consoleme.config import config
-from consoleme.exceptions.exceptions import MustBeFte
-from consoleme.handlers.base import BaseAPIV2Handler
+from consoleme.exceptions.exceptions import MustBeFte, ResourceNotFound
+from consoleme.handlers.base import BaseAPIV2Handler, BaseMtlsHandler
 from consoleme.lib.account_indexers import get_account_id_to_name_mapping
 from consoleme.lib.auth import can_admin_policies
 from consoleme.lib.aws import fetch_resource_details
 from consoleme.lib.plugins import get_plugin_by_name
+from consoleme.lib.policies import get_url_for_resource
+from consoleme.lib.web import handle_generic_error_response
+from consoleme.models import WebResponse
 
 log = config.get_logger()
 stats = get_plugin_by_name(config.get("plugins.metrics", "default_metrics"))()
@@ -112,3 +116,76 @@ async def get(self, account_id, resource_type, region=None, resource_name=None):
                 config_timeline_url=resource_details.get("config_timeline_url"),
             )
         )
+
+
+class GetResourceURLHandler(BaseMtlsHandler):
+    """consoleme CLI resource URL handler. Parameters accepted: arn."""
+
+    def initialize(self):
+        self.user: str = None
+        self.eligible_roles: list = []
+
+    async def get(self):
+        """
+        /api/v2/get_resource_url - Endpoint used to get an URL from an ARN
+        ---
+        get:
+            description: Get the resource URL for ConsoleMe, given an ARN
+            responses:
+                200:
+                    description: Returns a URL generated from the ARN in JSON form
+                400:
+                    description: Malformed Request
+                403:
+                    description: Forbidden
+        """
+        self.user: str = self.requester["email"]
+        arn: str = self.get_argument("arn", None)
+        log_data = {
+            "function": f"{__name__}.{self.__class__.__name__}.{sys._getframe().f_code.co_name}",
+            "user": self.user,
+            "arn": arn,
+            "message": "Generating URL for resource",
+            "user-agent": self.request.headers.get("User-Agent"),
+            "request_id": self.request_uuid,
+        }
+        log.debug(log_data)
+        stats.count("GetResourceURL.get", tags={"user": self.user})
+        if not arn:
+            generic_error_message: str = "Missing required parameter"
+            errors = ["arn is a required parameter"]
+            await handle_generic_error_response(
+                self, generic_error_message, errors, 404, "missing_data", log_data
+            )
+            return
+
+        try:
+            # parse_arn will raise an exception on invalid arns
+            parse_arn(arn)
+            resource_url = await get_url_for_resource(arn)
+            if not resource_url:
+                raise ValueError("This resource type is currently not supported")
+        except (ResourceNotFound, ValueError) as e:
+            generic_error_message: str = "Unsupported data"
+            errors = [str(e)]
+            await handle_generic_error_response(
+                self, generic_error_message, errors, 404, "invalid_data", log_data
+            )
+            return
+        except Exception as e:
+            generic_error_message: str = "Malformed data"
+            errors = [str(e)]
+            await handle_generic_error_response(
+                self, generic_error_message, errors, 404, "malformed_data", log_data
+            )
+            return
+
+        res = WebResponse(
+            status="success",
+            status_code=200,
+            message="Successfully generated URL for ARN",
+            data={"url": resource_url},
+        )
+
+        self.write(res.json())
+        await self.finish()