package com.yahoo.vespa.model.application.validation;

import com.yahoo.config.model.NullConfigModelRegistry;
import com.yahoo.config.model.deploy.DeployState;
import com.yahoo.config.model.deploy.TestProperties;
import com.yahoo.config.model.test.MockApplicationPackage;
import com.yahoo.config.model.test.TestUtil;
import com.yahoo.config.provision.Environment;
import com.yahoo.config.provision.RegionName;
import com.yahoo.config.provision.Zone;
import com.yahoo.vespa.model.VespaModel;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:com/yahoo/vespa/model/application/validation/SecretStoreValidatorTest.class */
public class SecretStoreValidatorTest {
    private static String servicesXml() {
        return TestUtil.joinLines(new CharSequence[]{"<services version='1.0'>", "  <container id='default' version='1.0'>", "    <secret-store type='oath-ckms'>", "      <group name='group1' environment='prod'/>", "    </secret-store>", "  </container>", "</services>"});
    }

    private static String deploymentXml(boolean z) {
        CharSequence[] charSequenceArr = new CharSequence[3];
        charSequenceArr[0] = "<deployment version='1.0' " + (z ? "athenz-domain='domain' athenz-service='service'" : "") + ">";
        charSequenceArr[1] = "  <prod />";
        charSequenceArr[2] = "</deployment>";
        return TestUtil.joinLines(charSequenceArr);
    }

    @Test
    void app_with_athenz_in_deployment_passes_validation() throws Exception {
        DeployState deployState = deployState(servicesXml(), deploymentXml(true));
        new SecretStoreValidator().validate(new VespaModel(new NullConfigModelRegistry(), deployState), deployState);
    }

    @Test
    void app_without_athenz_in_deployment_fails_validation() throws Exception {
        Assertions.assertTrue(Assertions.assertThrows(IllegalArgumentException.class, () -> {
            DeployState deployState = deployState(servicesXml(), deploymentXml(false));
            new SecretStoreValidator().validate(new VespaModel(new NullConfigModelRegistry(), deployState), deployState);
        }).getMessage().contains("Container cluster 'default' uses a secret store, so an Athenz domain and an Athenz service must be declared in deployment.xml."));
    }

    @Test
    void app_without_secret_store_passes_validation_without_athenz_in_deployment() throws Exception {
        DeployState deployState = deployState(TestUtil.joinLines(new CharSequence[]{"<services version='1.0'>", "  <container id='default' version='1.0' />", "</services>"}), deploymentXml(false));
        new SecretStoreValidator().validate(new VespaModel(new NullConfigModelRegistry(), deployState), deployState);
    }

    private static DeployState deployState(String str, String str2) {
        DeployState build = new DeployState.Builder().applicationPackage(new MockApplicationPackage.Builder().withServices(str).withDeploymentSpec(str2).build()).zone(new Zone(Environment.prod, RegionName.from("foo"))).properties(new TestProperties().setHostedVespa(true)).build();
        Assertions.assertTrue(build.isHosted(), "Test must emulate a hosted deployment.");
        return build;
    }
}
