package com.yahoo.vespa.model.application.validation;

import com.yahoo.config.model.ConfigModelContext;
import com.yahoo.vespa.model.application.validation.Validation;
import com.yahoo.vespa.model.container.ApplicationContainerCluster;
import com.yahoo.vespa.model.container.Container;
import com.yahoo.vespa.model.container.ContainerCluster;
import com.yahoo.vespa.model.container.IdentityProvider;
import com.yahoo.vespa.model.container.component.Component;
import java.util.Iterator;

/* loaded from: input_file:com/yahoo/vespa/model/application/validation/SecretStoreValidator.class */
public class SecretStoreValidator implements Validator {
    @Override // com.yahoo.vespa.model.application.validation.Validator
    public void validate(Validation.Context context) {
        if (context.deployState().isHosted() && context.model().getAdmin().getApplicationType() == ConfigModelContext.ApplicationType.DEFAULT) {
            for (ApplicationContainerCluster applicationContainerCluster : context.model().getContainerClusters().values()) {
                if (applicationContainerCluster.getSecretStore().isPresent() && !hasIdentityProvider(applicationContainerCluster)) {
                    context.illegal(String.format("Container cluster '%s' uses a secret store, so an Athenz domain and an Athenz service must be declared in deployment.xml.", applicationContainerCluster.getName()));
                }
            }
        }
    }

    private boolean hasIdentityProvider(ContainerCluster<? extends Container> containerCluster) {
        Iterator<Component<?, ?>> it = containerCluster.getAllComponents().iterator();
        while (it.hasNext()) {
            if (it.next() instanceof IdentityProvider) {
                return true;
            }
        }
        return false;
    }
}
