in internal/pkg/manifest/validate_env.go [30:75]
func (e EnvironmentConfig) validate() error {
if err := e.Network.validate(); err != nil {
return fmt.Errorf(`validate "network": %w`, err)
}
if err := e.Observability.validate(); err != nil {
return fmt.Errorf(`validate "observability": %w`, err)
}
if err := e.HTTPConfig.validate(); err != nil {
return fmt.Errorf(`validate "http config": %w`, err)
}
if err := e.Network.VPC.SecurityGroupConfig.validate(); err != nil {
return fmt.Errorf(`validate "security_group": %w`, err)
}
if err := e.CDNConfig.validate(); err != nil {
return fmt.Errorf(`validate "cdn": %w`, err)
}
if e.IsPublicLBIngressRestrictedToCDN() && !e.CDNEnabled() {
return errors.New("CDN must be enabled to limit security group ingress to CloudFront")
}
if e.CDNEnabled() {
cdnCert := e.CDNConfig.Config.Certificate
if e.HTTPConfig.Public.Certificates == nil {
if cdnCert != nil && !aws.BoolValue(e.CDNConfig.Config.TerminateTLS) {
return errors.New(`"cdn.terminate_tls" must be true if "cdn.certificate" is set without "http.public.certificates"`)
}
} else {
if cdnCert == nil {
return &errFieldMustBeSpecified{
missingField: "cdn.certificate",
conditionalFields: []string{"http.public.certificates", "cdn"},
allMustBeSpecified: true,
}
}
}
}
if e.HTTPConfig.Private.InternalALBSubnets != nil {
if !e.Network.VPC.imported() {
return errors.New("in order to specify internal ALB subnet placement, subnets must be imported")
}
if err := e.validateInternalALBSubnets(); err != nil {
return err
}
}
return nil
}