package org.sonar.iac.terraform.checks;

import java.util.List;
import org.sonar.check.Rule;
import org.sonar.iac.common.api.checks.SecondaryLocation;
import org.sonar.iac.terraform.checks.utils.ExpressionPredicate;

@Rule(key = "S6275")
/* loaded from: input_file:org/sonar/iac/terraform/checks/UnencryptedEbsVolumeCheck.class */
public class UnencryptedEbsVolumeCheck extends AbstractNewResourceCheck {
    private static final List<String> PROPERTIES = List.of("root_block_device", "ebs_block_device");
    private static final String MESSAGE = "Make sure that using unencrypted volumes is safe here.";
    private static final String OMITTING_MESSAGE = "Omitting \"%s\" disables volumes encryption. Make sure it is safe here.";

    @Override // org.sonar.iac.terraform.checks.AbstractNewResourceCheck
    protected void registerResourceConsumer() {
        register("aws_ebs_encryption_by_default", resourceSymbol -> {
            resourceSymbol.attribute("enabled").reportIf(ExpressionPredicate.isFalse(), MESSAGE, new SecondaryLocation[0]);
        });
        register("aws_ebs_volume", resourceSymbol2 -> {
            resourceSymbol2.attribute("encrypted").reportIfAbsent2(OMITTING_MESSAGE, new SecondaryLocation[0]).reportIf(ExpressionPredicate.isFalse(), MESSAGE, new SecondaryLocation[0]);
        });
        register("aws_launch_configuration", resourceSymbol3 -> {
            PROPERTIES.forEach(str -> {
                resourceSymbol3.block(str).attribute("encrypted").reportIfAbsent2(OMITTING_MESSAGE, new SecondaryLocation[0]).reportIf(ExpressionPredicate.isFalse(), MESSAGE, new SecondaryLocation[0]);
            });
        });
    }
}
