package org.sonar.iac.terraform.checks;

import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.Predicate;
import org.sonar.check.Rule;
import org.sonar.check.RuleProperty;
import org.sonar.iac.common.api.checks.SecondaryLocation;
import org.sonar.iac.common.checks.TextUtils;
import org.sonar.iac.terraform.api.tree.ExpressionTree;
import org.sonar.iac.terraform.checks.utils.ExpressionPredicate;
import org.sonar.iac.terraform.symbols.AttributeSymbol;
import org.sonar.iac.terraform.symbols.BlockSymbol;
import org.sonar.iac.terraform.symbols.ResourceSymbol;

@Rule(key = "S6364")
/* loaded from: input_file:org/sonar/iac/terraform/checks/ShortBackupRetentionCheck.class */
public class ShortBackupRetentionCheck extends AbstractNewResourceCheck {
    public static final String MESSAGE = "Make sure that defining a short backup retention duration is safe here.";
    public static final String OMITTING_MESSAGE = "Omitting \"%s\" results in a short backup retention duration. Make sure it is safe here.";
    public static final int DEFAULT = 7;
    private static final Set<String> ENGINES_EXCEPTION = Set.of("aurora", "aurora-mysql", "aurora-postgresql");

    @RuleProperty(key = "backup_retention_duration", defaultValue = "7", description = "Minimum backup retention duration in days")
    int backupRetentionDuration = 7;

    @Override // org.sonar.iac.terraform.checks.AbstractNewResourceCheck
    protected void registerResourceConsumer() {
        register("aws_db_instance", resourceSymbol -> {
            if (!resourceSymbol.attribute("source_db_instance_identifier").isAbsent() || resourceSymbol.attribute("engine").is(isEngineException())) {
                return;
            }
            checkAwsRetentionRate(resourceSymbol);
        });
        register("aws_rds_cluster", this::checkAwsRetentionRate);
        register("azurerm_backup_policy_file_share", resourceSymbol2 -> {
            resourceSymbol2.block("retention_daily").attribute("count").reportIf(ExpressionPredicate.lessThan(this.backupRetentionDuration), MESSAGE, new SecondaryLocation[0]);
        });
        register("azurerm_cosmosdb_account", resourceSymbol3 -> {
            ((BlockSymbol) resourceSymbol3.block("backup").reportIfAbsent(String.format(OMITTING_MESSAGE, "backup.retention_in_hours"), new SecondaryLocation[0])).attribute("retention_in_hours").reportIfAbsent(OMITTING_MESSAGE, new SecondaryLocation[0]).reportIf(ExpressionPredicate.lessThan(this.backupRetentionDuration * 24), MESSAGE, new SecondaryLocation[0]);
        });
        register("azurerm_app_service", resourceSymbol4 -> {
            BlockSymbol blockSymbol = (BlockSymbol) resourceSymbol4.block("backup").reportIfAbsent(OMITTING_MESSAGE, new SecondaryLocation[0]);
            AttributeSymbol attribute = blockSymbol.attribute("enabled");
            if (attribute.isPresent()) {
                attribute.reportIf(ExpressionPredicate.isFalse(), "Make sure disabling backup is safe here.", new SecondaryLocation[0]);
                if (attribute.is(ExpressionPredicate.isTrue())) {
                    blockSymbol.block("schedule").attribute("retention_period_in_days").reportIf(ExpressionPredicate.lessThan(this.backupRetentionDuration), MESSAGE, new SecondaryLocation[0]);
                }
            }
        });
    }

    private static Predicate<ExpressionTree> isEngineException() {
        return expressionTree -> {
            Optional value = TextUtils.getValue(expressionTree);
            Set<String> set = ENGINES_EXCEPTION;
            Objects.requireNonNull(set);
            return value.filter((v1) -> {
                return r1.contains(v1);
            }).isPresent();
        };
    }

    private void checkAwsRetentionRate(ResourceSymbol resourceSymbol) {
        AttributeSymbol attributeSymbol = (AttributeSymbol) resourceSymbol.attribute("backup_retention_period").reportIf(ExpressionPredicate.lessThan(this.backupRetentionDuration), MESSAGE, new SecondaryLocation[0]);
        if (!attributeSymbol.isAbsent() || this.backupRetentionDuration == 1) {
            return;
        }
        attributeSymbol.reportIfAbsent(OMITTING_MESSAGE, new SecondaryLocation[0]);
    }
}
