package com.yahoo.vespa.model.application.validation;

import com.yahoo.config.model.api.TenantVault;
import com.yahoo.vespa.model.application.validation.Validation;
import com.yahoo.vespa.model.container.ApplicationContainerCluster;
import com.yahoo.vespa.model.container.xml.CloudSecrets;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;

/* loaded from: input_file:com/yahoo/vespa/model/application/validation/TenantSecretValidator.class */
public class TenantSecretValidator implements Validator {
    @Override // com.yahoo.vespa.model.application.validation.Validator
    public void validate(Validation.Context context) {
        if (context.deployState().isHosted() && context.deployState().zone().system().isPublic()) {
            for (ApplicationContainerCluster applicationContainerCluster : context.model().getContainerClusters().values()) {
                Map map = (Map) context.deployState().getProperties().tenantVaults().stream().collect(Collectors.toMap((v0) -> {
                    return v0.name();
                }, (v0) -> {
                    return v0.secrets();
                }));
                Optional<CloudSecrets> tenantSecrets = applicationContainerCluster.getTenantSecrets();
                if (tenantSecrets.isPresent()) {
                    for (CloudSecrets.SecretConfig secretConfig : tenantSecrets.get().configuredSecrets()) {
                        if (!map.containsKey(secretConfig.vault())) {
                            context.illegal("Vault '" + secretConfig.vault() + "' does not exist, or application does not have access to it");
                        } else if (!hasSecret(secretConfig.name(), (List) map.get(secretConfig.vault()))) {
                            context.illegal("Secret '%s' is not defined in vault '%s'".formatted(secretConfig.name(), secretConfig.vault()));
                        }
                    }
                }
            }
        }
    }

    private boolean hasSecret(String str, List<TenantVault.Secret> list) {
        return list.stream().anyMatch(secret -> {
            return secret.name().equals(str);
        });
    }
}
