package org.sonar.iac.terraform.checks.azure;

import java.util.Objects;
import java.util.Set;
import org.sonar.check.Rule;
import org.sonar.iac.common.api.checks.CheckContext;
import org.sonar.iac.common.checks.PropertyUtils;
import org.sonar.iac.common.checks.TextUtils;
import org.sonar.iac.terraform.api.tree.AttributeTree;
import org.sonar.iac.terraform.api.tree.BlockTree;
import org.sonar.iac.terraform.api.tree.ExpressionTree;
import org.sonar.iac.terraform.checks.AbstractResourceCheck;

@Rule(key = "S6381")
/* loaded from: input_file:org/sonar/iac/terraform/checks/azure/HighPrivilegedRoleCheck.class */
public class HighPrivilegedRoleCheck extends AbstractResourceCheck {
    private static final String MESSAGE = "Make sure that assigning the %s role is safe here.";
    private static final Set<String> HIGH_PRIVILEGED_ROLES = Set.of("Owner", "Contributor", "User Access Administrator");

    @Override // org.sonar.iac.terraform.checks.AbstractResourceCheck
    protected void registerResourceChecks() {
        register(HighPrivilegedRoleCheck::checkRoleDefinitionName, "azurerm_role_assignment");
    }

    private static void checkRoleDefinitionName(CheckContext checkContext, BlockTree blockTree) {
        PropertyUtils.get(blockTree, "role_definition_name", AttributeTree.class).filter(attributeTree -> {
            ExpressionTree mo0value = attributeTree.mo0value();
            Set<String> set = HIGH_PRIVILEGED_ROLES;
            Objects.requireNonNull(set);
            return TextUtils.matchesValue(mo0value, (v1) -> {
                return r1.contains(v1);
            }).isTrue();
        }).ifPresent(attributeTree2 -> {
            checkContext.reportIssue(attributeTree2, String.format(MESSAGE, attributeTree2.mo0value().value()));
        });
    }
}
