package io.yupiik.bundlebee.core.command.impl.lint.builtin;

import io.yupiik.bundlebee.core.command.impl.lint.LintError;
import io.yupiik.bundlebee.core.command.impl.lint.LintingCheck;
import java.util.ArrayList;
import java.util.stream.Stream;
import javax.enterprise.context.Dependent;
import javax.json.JsonObject;

@Dependent
/* loaded from: input_file:io/yupiik/bundlebee/core/command/impl/lint/builtin/RunAsNonRoot.class */
public class RunAsNonRoot extends ContainerValueValidator {
    @Override // io.yupiik.bundlebee.core.command.impl.lint.LintingCheck
    public String name() {
        return "run-as-non-root";
    }

    @Override // io.yupiik.bundlebee.core.command.impl.lint.LintingCheck
    public String description() {
        return "Indicates when containers are not set to runAsNonRoot.";
    }

    @Override // io.yupiik.bundlebee.core.command.impl.lint.LintingCheck
    public String remediation() {
        return "Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext.\nRefer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.";
    }

    @Override // io.yupiik.bundlebee.core.command.impl.lint.builtin.ContainerValueValidator
    protected boolean supportsInitContainers() {
        return true;
    }

    @Override // io.yupiik.bundlebee.core.command.impl.lint.builtin.ContainerValueValidator
    protected Stream<LintError> validate(JsonObject jsonObject, LintingCheck.LintableDescriptor lintableDescriptor) {
        JsonObject jsonObject2 = jsonObject.getJsonObject("securityContext");
        if (jsonObject2 == null) {
            return Stream.empty();
        }
        ArrayList arrayList = new ArrayList();
        if (!jsonObject2.getBoolean("runAsNonRoot", true)) {
            arrayList.add(new LintError(LintError.LintLevel.ERROR, "'runAsNonRoot' is false"));
        }
        if (0 == jsonObject2.getInt("runAsUser", 1000)) {
            arrayList.add(new LintError(LintError.LintLevel.ERROR, "'runAsUser' is 0"));
        }
        return arrayList.stream();
    }
}
