package io.yupiik.bundlebee.core.command.impl.lint.builtin;

import java.util.Set;
import javax.enterprise.context.Dependent;

@Dependent
/* loaded from: input_file:io/yupiik/bundlebee/core/command/impl/lint/builtin/AccessToCreatePods.class */
public class AccessToCreatePods extends AccessToResources {
    public AccessToCreatePods() {
        super(Set.of("pods", "deployments", "statefulsets", "replicasets", "cronjob", "jobs", "daemonsets"), Set.of("create"), Set.of("ClusterRoleBinding", "RoleBinding"));
    }

    @Override // io.yupiik.bundlebee.core.command.impl.lint.LintingCheck
    public String name() {
        return "access-to-create-pods";
    }

    @Override // io.yupiik.bundlebee.core.command.impl.lint.LintingCheck
    public String description() {
        return "Indicates when a subject (Group/User/ServiceAccount) has create access to Pods.\nCIS Benchmark 5.1.4: The ability to create pods in a cluster opens up possibilities for privilege escalation and should be restricted, where possible.";
    }

    @Override // io.yupiik.bundlebee.core.command.impl.lint.LintingCheck
    public String remediation() {
        return "Where possible, remove create access to pod objects in the cluster.";
    }
}
