package org.sonar.iac.terraform.checks.azure;

import org.sonar.check.Rule;
import org.sonar.iac.common.api.checks.CheckContext;
import org.sonar.iac.common.checks.PropertyUtils;
import org.sonar.iac.common.checks.TextUtils;
import org.sonar.iac.terraform.api.tree.AttributeTree;
import org.sonar.iac.terraform.api.tree.BlockTree;
import org.sonar.iac.terraform.checks.AbstractResourceCheck;

@Rule(key = "S6379")
/* loaded from: input_file:org/sonar/iac/terraform/checks/azure/ResourceSpecificAdminAccountCheck.class */
public class ResourceSpecificAdminAccountCheck extends AbstractResourceCheck {
    private static final String MESSAGE = "Make sure that enabling an administrative account or administrative permissions is safe here.";

    @Override // org.sonar.iac.terraform.checks.AbstractResourceCheck
    protected void registerResourceChecks() {
        register(ResourceSpecificAdminAccountCheck::checkContainerRegistry, "azurerm_container_registry");
        register(ResourceSpecificAdminAccountCheck::checkBatchPool, "azurerm_batch_pool");
    }

    private static void checkContainerRegistry(CheckContext checkContext, BlockTree blockTree) {
        PropertyUtils.get(blockTree, "admin_enabled", AttributeTree.class).filter(attributeTree -> {
            return TextUtils.isValueTrue(attributeTree.mo0value());
        }).ifPresent(attributeTree2 -> {
            checkContext.reportIssue(attributeTree2, MESSAGE);
        });
    }

    private static void checkBatchPool(CheckContext checkContext, BlockTree blockTree) {
        PropertyUtils.get(blockTree, "start_task", BlockTree.class).flatMap(blockTree2 -> {
            return PropertyUtils.get(blockTree2, "user_identity", BlockTree.class);
        }).flatMap(blockTree3 -> {
            return PropertyUtils.get(blockTree3, "auto_user", BlockTree.class);
        }).flatMap(blockTree4 -> {
            return PropertyUtils.get(blockTree4, "elevation_level", AttributeTree.class);
        }).filter(attributeTree -> {
            return TextUtils.isValue(attributeTree.mo0value(), "Admin").isTrue();
        }).ifPresent(attributeTree2 -> {
            checkContext.reportIssue(attributeTree2, MESSAGE);
        });
    }
}
