aws-cloudformation#241 First pass at CloudFormation parameter validation

guard-examples/external-cfn-parameters/check-wellformed-parameters-tests.yaml

@@ -0,0 +1,30 @@
+---
+- name: DoesNotApplyToEmptyFiles
+  input: []
+  expectations:
+    rules:
+      has_correct_keys: SKIP
+- name: FindsRequiredKeys
+  input: [
+    {"ParameterKey": "pIgnore", "ParameterValue": "arn:aws:s3:::bucket_name/key_name"}
+  ]
+  expectations:
+    rules:
+      has_correct_keys: PASS
+      has_likely_valid_arn: PASS
+- name: FindsMalformedArn
+  input: [
+    {"ParameterKey": "pIgnore", "ParameterValue": "arn:aws:foo:bar:baz"}
+  ]
+  expectations:
+    rules:
+      has_correct_keys: PASS
+      has_likely_valid_arn: FAIL
+- name: ChecksForMissingKeys
+  input: [
+    {"ParameterKey": "pIgnore", "ParmeterValue": "arn:aws:s3:::bucket_name/key_name"}
+  ]
+  expectations:
+    rules:
+      has_correct_keys: FAIL
+      has_likely_valid_arn: SKIP

guard-examples/external-cfn-parameters/check-wellformed-parameters.guard

@@ -0,0 +1,20 @@
+let all_parameters = this[*]
+let arn_parameters = this[ParameterValue == /^arn:aws/]
+
+rule has_correct_keys when %all_parameters !empty {
+    %all_parameters[*] {
+        ParameterKey exists
+        ParameterValue exists
+        << Required keys exist >>
+    }
+}
+
+# Check that parameters that contain an ARN value conform to
+# defined ARN format:
+# arn:partition:service:region:namespace:relative-id
+rule has_likely_valid_arn when %arn_parameters !empty {
+    %arn_parameters.ParameterValue {
+        this == /^arn:\w+:\w+:[^:]*:[^:]*:\S+$/
+        << ARN parameter appears valid >>
+    }
+}