feat(delete): add --skip flag and confirmation prompt to all write ac… (#61)

Author: sbldevnet

cmd/delete.go

@@ -28,6 +28,7 @@ func Delete(newRM func(context.Context) (rootmanager.RootManager, error)) *cobra
 	cmd.AddCommand(deleteSubcommand(newRM, "certificates", "Delete root user Signin Certificates", "Delete existing root user Signing Certificates for specific AWS Organization member accounts."))
 	cmd.AddCommand(DeleteS3BucketPolicy(newRM))
 	cmd.AddCommand(DeleteSQSQueuePolicy(newRM))
+	cmd.PersistentFlags().BoolVar(&skipFlag, "skip", false, "Skip the confirmation prompt")
 	return cmd
 }
 
@@ -71,6 +72,17 @@ func runDelete(newRM func(context.Context) (rootmanager.RootManager, error), w i
 	}
 	slog.Debug("selected accounts", "accounts", strings.Join(auditAccounts, ", "))
 
+	if outputFlag == "table" && !skipFlag {
+		confirmed, err := ui.Confirm(fmt.Sprintf("Delete %s root credentials for %d account(s)?", credentialType, len(auditAccounts)))
+		if err != nil {
+			return err
+		}
+		if !confirmed {
+			fmt.Fprintln(w, "Aborted.")
+			return nil
+		}
+	}
+
 	audit, err := rm.AuditAccounts(ctx, auditAccounts)
 	if err != nil {
 		return err

cmd/delete_s3_bucket_policy.go

@@ -72,13 +72,15 @@ func runDeleteS3BucketPolicy(newRM func(context.Context) (rootmanager.RootManage
 		fmt.Fprintf(w, "Current bucket policy for %s:\n\n", bucketName)
 		output.RenderPolicy(w, policy)
 
-		confirmed, err := ui.Confirm("Delete this policy?")
-		if err != nil {
-			return err
-		}
-		if !confirmed {
-			fmt.Fprintln(w, "Aborted.")
-			return nil
+		if !skipFlag {
+			confirmed, err := ui.Confirm("Delete this policy?")
+			if err != nil {
+				return err
+			}
+			if !confirmed {
+				fmt.Fprintln(w, "Aborted.")
+				return nil
+			}
 		}
 	}
 

cmd/delete_sqs_queue_policy.go

@@ -71,13 +71,15 @@ func runDeleteSQSQueuePolicy(newRM func(context.Context) (rootmanager.RootManage
 		fmt.Fprintf(w, "Current queue policy for %s:\n\n", queueUrl)
 		output.RenderPolicy(w, policy)
 
-		confirmed, err := ui.Confirm("Delete this policy?")
-		if err != nil {
-			return err
-		}
-		if !confirmed {
-			fmt.Fprintln(w, "Aborted.")
-			return nil
+		if !skipFlag {
+			confirmed, err := ui.Confirm("Delete this policy?")
+			if err != nil {
+				return err
+			}
+			if !confirmed {
+				fmt.Fprintln(w, "Aborted.")
+				return nil
+			}
 		}
 	}
 

cmd/delete_test.go

@@ -23,7 +23,7 @@ func TestDeleteCommand_Success(t *testing.T) {
 	var buf bytes.Buffer
 	cmd := Delete(newMockFactory(mock))
 	cmd.SetOut(&buf)
-	cmd.SetArgs([]string{"all", "--accounts", "123456789012"})
+	cmd.SetArgs([]string{"all", "--accounts", "123456789012", "--skip"})
 
 	require.NoError(t, cmd.Execute())
 	assert.NotEmpty(t, buf.String())
@@ -42,7 +42,7 @@ func TestDeleteCommand_CertificatesSubcommand(t *testing.T) {
 	var buf bytes.Buffer
 	cmd := Delete(newMockFactory(mock))
 	cmd.SetOut(&buf)
-	cmd.SetArgs([]string{"certificates", "--accounts", "123456789012"})
+	cmd.SetArgs([]string{"certificates", "--accounts", "123456789012", "--skip"})
 
 	require.NoError(t, cmd.Execute())
 	assert.NotEmpty(t, buf.String())
@@ -72,7 +72,7 @@ func TestDeleteCommand_DeleteFailure(t *testing.T) {
 
 	cmd := Delete(newMockFactory(mock))
 	cmd.SilenceErrors = true
-	cmd.SetArgs([]string{"all", "--accounts", "123456789012"})
+	cmd.SetArgs([]string{"all", "--accounts", "123456789012", "--skip"})
 
 	require.Error(t, cmd.Execute())
 }

cmd/recovery.go

@@ -15,6 +15,7 @@ import (
 )
 
 func Recovery(newRM func(context.Context) (rootmanager.RootManager, error)) *cobra.Command {
+	var skip bool
 	cmd := &cobra.Command{
 		Use:   "recovery",
 		Short: "Allow root password recovery",
@@ -44,6 +45,17 @@ func Recovery(newRM func(context.Context) (rootmanager.RootManager, error)) *cob
 			}
 			slog.Debug("selected accounts", "accounts", strings.Join(targetAccounts, ", "))
 
+			if outputFlag == "table" && !skip {
+				confirmed, err := ui.Confirm(fmt.Sprintf("Restore root password for %d account(s)?", len(targetAccounts)))
+				if err != nil {
+					return err
+				}
+				if !confirmed {
+					fmt.Fprintln(cmd.OutOrStdout(), "Aborted.")
+					return nil
+				}
+			}
+
 			results, err := rm.RecoverRootPassword(ctx, targetAccounts)
 			if err != nil {
 				slog.Error("failed to recover root password", "error", err)
@@ -78,5 +90,6 @@ func Recovery(newRM func(context.Context) (rootmanager.RootManager, error)) *cob
 		},
 	}
 	cmd.PersistentFlags().StringSliceVarP(&accountsFlags, "accounts", "a", []string{}, "List of tarjet AWS account IDs (comma-separated). Use \"all\" to select all accounts.")
+	cmd.Flags().BoolVar(&skip, "skip", false, "Skip the confirmation prompt")
 	return cmd
 }

cmd/recovery_test.go

@@ -20,7 +20,7 @@ func TestRecoveryCommand_Success(t *testing.T) {
 	var buf bytes.Buffer
 	cmd := Recovery(newMockFactory(mock))
 	cmd.SetOut(&buf)
-	cmd.SetArgs([]string{"--accounts", "123456789012"})
+	cmd.SetArgs([]string{"--accounts", "123456789012", "--skip"})
 
 	require.NoError(t, cmd.Execute())
 	assert.NotEmpty(t, buf.String())
@@ -36,7 +36,7 @@ func TestRecoveryCommand_AlreadyExists(t *testing.T) {
 	var buf bytes.Buffer
 	cmd := Recovery(newMockFactory(mock))
 	cmd.SetOut(&buf)
-	cmd.SetArgs([]string{"--accounts", "123456789012"})
+	cmd.SetArgs([]string{"--accounts", "123456789012", "--skip"})
 
 	require.NoError(t, cmd.Execute())
 	assert.Contains(t, buf.String(), "already exists")
@@ -65,7 +65,7 @@ func TestRecoveryCommand_RecoveryFailure(t *testing.T) {
 	cmd := Recovery(newMockFactory(mock))
 	cmd.SilenceErrors = true
 	cmd.SilenceUsage = true
-	cmd.SetArgs([]string{"--accounts", "123456789012"})
+	cmd.SetArgs([]string{"--accounts", "123456789012", "--skip"})
 
 	require.Error(t, cmd.Execute())
 }

cmd/root.go

@@ -12,6 +12,7 @@ import (
 var (
 	accountsFlags []string
 	outputFlag    string
+	skipFlag      bool
 )
 
 var rootCmd = &cobra.Command{