func()

in internal/pkg/cli/deploy/lbws.go [232:291]

• 59 lines of code
• 20 McCabe index (conditional complexity)

func (d *lbWebSvcDeployer) validateRuntimeRoutingRule(rule manifest.RoutingRule) error {
	hasALBCerts := len(d.envConfig.HTTPConfig.Public.Certificates) != 0
	hasCDNCerts := d.envConfig.CDNConfig.Config.Certificate != nil
	hasImportedCerts := hasALBCerts || hasCDNCerts
	if rule.RedirectToHTTPS != nil && d.app.Domain == "" && !hasImportedCerts {
		return fmt.Errorf("cannot configure http to https redirect without having a domain associated with the app %q or importing any certificates in env %q", d.app.Name, d.env.Name)
	}
	if rule.Alias.IsEmpty() {
		if hasImportedCerts && d.lbMft.HTTPOrBool.ImportedALB == nil {
			return &errSvcWithNoALBAliasDeployingToEnvWithImportedCerts{
				name:    d.name,
				envName: d.env.Name,
			}
		}
		return nil
	}
	importedHostedZones := rule.Alias.HostedZones()
	if len(importedHostedZones) != 0 {
		if !hasImportedCerts {
			return fmt.Errorf("cannot specify alias hosted zones %v when no certificates are imported in environment %q", importedHostedZones, d.env.Name)
		}
		if d.envConfig.CDNEnabled() {
			return &errSvcWithALBAliasHostedZoneWithCDNEnabled{
				envName: d.env.Name,
			}
		}
	}
	if hasImportedCerts {
		aliases, err := rule.Alias.ToStringSlice()
		if err != nil {
			return fmt.Errorf("convert aliases to string slice: %w", err)
		}

		if hasALBCerts {
			albCertValidator := d.newAliasCertValidator(nil)
			if err := albCertValidator.ValidateCertAliases(aliases, d.envConfig.HTTPConfig.Public.Certificates); err != nil {
				return fmt.Errorf("validate aliases against the imported public ALB certificate for env %s: %w", d.env.Name, err)
			}
		}
		if hasCDNCerts {
			cfCertValidator := d.newAliasCertValidator(aws.String(cloudfront.CertRegion))
			if err := cfCertValidator.ValidateCertAliases(aliases, []string{*d.envConfig.CDNConfig.Config.Certificate}); err != nil {
				return fmt.Errorf("validate aliases against the imported CDN certificate for env %s: %w", d.env.Name, err)
			}
		}
		return nil
	}
	if d.app.Domain != "" {
		err := validateMinAppVersion(d.app.Name, aws.StringValue(d.lbMft.Name), d.appVersionGetter, version.AppTemplateMinAlias)
		if err != nil {
			return fmt.Errorf("alias not supported: %w", err)
		}
		if err := validateLBWSAlias(rule.Alias, d.app, d.env.Name); err != nil {
			return fmt.Errorf(`validate 'alias': %w`, err)
		}
		return nil
	}
	log.Errorf(ecsALBAliasUsedWithoutDomainFriendlyText)
	return fmt.Errorf(`cannot specify "alias" when application is not associated with a domain and env %s doesn't import one or more certificates`, d.env.Name)
}