Refactor/rootmanager api and internal layout

cmd/audit.go

@@ -3,76 +3,73 @@ package cmd
 import (
 	"context"
 	"fmt"
+	"log/slog"
 	"strings"
 
-	"github.com/unicrons/aws-root-manager/pkg/aws"
-	"github.com/unicrons/aws-root-manager/pkg/logger"
-	"github.com/unicrons/aws-root-manager/pkg/output"
-	"github.com/unicrons/aws-root-manager/pkg/service"
+	"github.com/unicrons/aws-root-manager/internal/cli/output"
+	"github.com/unicrons/aws-root-manager/internal/cli/ui"
+	"github.com/unicrons/aws-root-manager/internal/service"
 
 	"github.com/spf13/cobra"
 )
 
-var auditCmd = &cobra.Command{
-	Use:          "audit",
-	Short:        "Retrieve root user credentials",
-	Long:         `Retrieve available root user credentials for all member accounts within an AWS Organization.`,
-	SilenceUsage: true,
-	RunE: func(cmd *cobra.Command, args []string) error {
-		logger.Trace("cmd.audit", "audit called")
+func Audit() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:          "audit",
+		Short:        "Retrieve root user credentials",
+		Long:         `Retrieve available root user credentials for all member accounts within an AWS Organization.`,
+		SilenceUsage: true,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			slog.Debug("audit called")
 
-		ctx := context.Background()
-		awscfg, err := aws.LoadAWSConfig(ctx)
-		if err != nil {
-			logger.Error("cmd.audit", err, "failed to load aws config")
-			return err
-		}
-
-		auditAccounts, err := service.GetTargetAccounts(ctx, accountsFlags)
-		if err != nil {
-			logger.Error("cmd.audit", err, "failed to get accounts to audit")
-			return err
-		}
-		if len(auditAccounts) == 0 {
-			logger.Info("cmd.audit", "no accounts selected")
-			return nil
-		}
-		logger.Debug("cmd.audit", "selected accounts: %s", strings.Join(auditAccounts, ", "))
+			ctx := context.Background()
+			rm, err := service.NewRootManagerFromConfig(ctx)
+			if err != nil {
+				slog.Error("failed to initialize root manager", "error", err)
+				return err
+			}
 
-		iam := aws.NewIamClient(awscfg)
-		sts := aws.NewStsClient(awscfg)
-		audit, err := service.AuditAccounts(ctx, iam, sts, auditAccounts)
-		if err != nil {
-			logger.Error("cmd.audit", err, "failed to audit accounts")
-			return err
-		}
+			auditAccounts, err := ui.SelectTargetAccounts(ctx, accountsFlags)
+			if err != nil {
+				slog.Error("failed to get accounts to audit", "error", err)
+				return err
+			}
+			if len(auditAccounts) == 0 {
+				slog.Info("no accounts selected")
+				return nil
+			}
+			slog.Debug("selected accounts", "accounts", strings.Join(auditAccounts, ", "))
 
-		var skipped int
-		headers := []string{"Account", "LoginProfile", "AccessKeys", "MFA Devices", "Signing Certificates"}
-		var data [][]any
-		for i, acc := range audit {
-			if acc.Error != "" {
-				skipped++
-				continue
+			audit, err := rm.AuditAccounts(ctx, auditAccounts)
+			if err != nil {
+				slog.Error("failed to audit accounts", "error", err)
+				return err
 			}
-			data = append(data, []any{
-				auditAccounts[i],
-				acc.LoginProfile,
-				acc.AccessKeys,
-				acc.MfaDevices,
-				acc.SigningCertificates,
-			})
-		}
-		output.HandleOutput(outputFlag, headers, data)
 
-		if skipped > 0 {
-			return fmt.Errorf("audit skipped for %d account(s)", skipped)
-		}
-		return nil
-	},
-}
+			var skipped int
+			headers := []string{"Account", "LoginProfile", "AccessKeys", "MFA Devices", "Signing Certificates"}
+			var data [][]any
+			for i, acc := range audit {
+				if acc.Error != "" {
+					skipped++
+					continue
+				}
+				data = append(data, []any{
+					auditAccounts[i],
+					acc.LoginProfile,
+					acc.AccessKeys,
+					acc.MfaDevices,
+					acc.SigningCertificates,
+				})
+			}
+			output.HandleOutput(outputFlag, headers, data)
 
-func init() {
-	rootCmd.AddCommand(auditCmd)
-	auditCmd.PersistentFlags().StringSliceVarP(&accountsFlags, "accounts", "a", []string{}, "List of AWS account IDs to audit (comma-separated). Use \"all\" to audit all accounts.")
+			if skipped > 0 {
+				return fmt.Errorf("audit skipped for %d account(s)", skipped)
+			}
+			return nil
+		},
+	}
+	cmd.PersistentFlags().StringSliceVarP(&accountsFlags, "accounts", "a", []string{}, "List of AWS account IDs to audit (comma-separated). Use \"all\" to audit all accounts.")
+	return cmd
 }

cmd/check.go

@@ -2,47 +2,44 @@ package cmd
 
 import (
 	"context"
+	"log/slog"
 	"strconv"
 
-	"github.com/unicrons/aws-root-manager/pkg/aws"
-	"github.com/unicrons/aws-root-manager/pkg/logger"
-	"github.com/unicrons/aws-root-manager/pkg/output"
-	"github.com/unicrons/aws-root-manager/pkg/service"
+	"github.com/unicrons/aws-root-manager/internal/cli/output"
+	"github.com/unicrons/aws-root-manager/internal/service"
 
 	"github.com/spf13/cobra"
 )
 
-var checkCmd = &cobra.Command{
-	Use:   "check",
-	Short: "Check if centralized root access is enabled.",
-	Long:  `Retrieve the status of centralized root access settings for an AWS Organization.`,
-	Run: func(cmd *cobra.Command, args []string) {
-		logger.Trace("cmd.check", "check called")
-
-		ctx := context.Background()
-		awscfg, err := aws.LoadAWSConfig(ctx)
-		if err != nil {
-			logger.Error("cmd.check", err, "failed to load aws config")
-			return
-		}
-
-		iam := aws.NewIamClient(awscfg)
-		test, err := service.CheckRootAccess(ctx, iam)
-		if err != nil {
-			logger.Error("cmd.check", err, "failed to check root access configuration")
-			return
-		}
-
-		headers := []string{"Name", "Status"}
-		data := [][]any{
-			{"TrustedAccess", strconv.FormatBool(test.TrustedAccess)},
-			{"RootCredentialsManagement", strconv.FormatBool(test.RootCredentialsManagement)},
-			{"RootSessions", strconv.FormatBool(test.RootSessions)},
-		}
-		output.HandleOutput(outputFlag, headers, data)
-	},
-}
-
-func init() {
-	rootCmd.AddCommand(checkCmd)
+func Check() *cobra.Command {
+	return &cobra.Command{
+		Use:   "check",
+		Short: "Check if centralized root access is enabled.",
+		Long:  `Retrieve the status of centralized root access settings for an AWS Organization.`,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			slog.Debug("check called")
+
+			ctx := context.Background()
+			rm, err := service.NewRootManagerFromConfig(ctx)
+			if err != nil {
+				slog.Error("failed to initialize root manager", "error", err)
+				return err
+			}
+
+			status, err := rm.CheckRootAccess(ctx)
+			if err != nil {
+				slog.Error("failed to check root access configuration", "error", err)
+				return err
+			}
+
+			headers := []string{"Name", "Status"}
+			data := [][]any{
+				{"TrustedAccess", strconv.FormatBool(status.TrustedAccess)},
+				{"RootCredentialsManagement", strconv.FormatBool(status.RootCredentialsManagement)},
+				{"RootSessions", strconv.FormatBool(status.RootSessions)},
+			}
+			output.HandleOutput(outputFlag, headers, data)
+			return nil
+		},
+	}
 }