package io.yupiik.bundlebee.core.command.impl.lint.builtin;

import java.util.Set;
import javax.enterprise.context.Dependent;

@Dependent
/* loaded from: input_file:io/yupiik/bundlebee/core/command/impl/lint/builtin/AccessToSecrets.class */
public class AccessToSecrets extends AccessToResources {
    public AccessToSecrets() {
        super(Set.of("secrets"), Set.of("get", "list", "delete", "create", "watch", "*"), Set.of("ClusterRoleBinding", "RoleBinding"));
    }

    @Override // io.yupiik.bundlebee.core.command.impl.lint.LintingCheck
    public String name() {
        return "access-to-secrets";
    }

    @Override // io.yupiik.bundlebee.core.command.impl.lint.LintingCheck
    public String description() {
        return "Indicates when a subject (Group/User/ServiceAccount) has access to Secrets.\nCIS Benchmark 5.1.2: Access to secrets should be restricted to the smallest possible group of users to reduce the risk of privilege escalation.";
    }

    @Override // io.yupiik.bundlebee.core.command.impl.lint.LintingCheck
    public String remediation() {
        return "Where possible, remove get, list and watch access to secret objects in the cluster.";
    }
}
