chore: add verbose writer to show preflight progress messages (#1728)

PengyuanZhao · web-flow · commit 0050d4279411 · 2025-06-20T14:51:49.000-04:00
diff --git a/lwpreflight/aws/aws.go b/lwpreflight/aws/aws.go
@@ -2,10 +2,12 @@ package aws
 
 import (
 	"context"
+	"fmt"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/config"
 	"github.com/aws/aws-sdk-go-v2/credentials"
+	"github.com/lacework/go-sdk/v2/lwpreflight/verbosewriter"
 )
 
 type Preflight struct {
@@ -19,6 +21,8 @@ type Preflight struct {
 	caller  Caller
 	details Details
 	errors  map[IntegrationType][]string
+
+	verboseWriter verbosewriter.WriteCloser
 }
 
 type Result struct {
@@ -90,15 +94,24 @@ func New(params Params) (*Preflight, error) {
 		tasks:                   tasks,
 		details:                 Details{},
 		errors:                  map[IntegrationType][]string{},
+		verboseWriter:           verbosewriter.New(),
 	}
 
 	return preflight, nil
 }
 
+// Overwrite the default verbose writer
+func (p *Preflight) SetVerboseWriter(vw verbosewriter.WriteCloser) {
+	p.verboseWriter = vw
+}
+
 func (p *Preflight) Run() (*Result, error) {
+	defer p.verboseWriter.Close()
+
 	for _, task := range p.tasks {
 		err := task(p)
 		if err != nil {
+			p.verboseWriter.Write(fmt.Sprintf("Error running preflight task: %s", err.Error()))
 			return nil, err
 		}
 	}
diff --git a/lwpreflight/aws/caller.go b/lwpreflight/aws/caller.go
@@ -21,6 +21,8 @@ func (c *Caller) IsAssumedRole() bool {
 }
 
 func FetchCaller(p *Preflight) error {
+	p.verboseWriter.Write("Discovering caller information")
+
 	stsSvc := sts.NewFromConfig(p.awsConfig)
 
 	caller, err := stsSvc.GetCallerIdentity(context.Background(), nil)
diff --git a/lwpreflight/aws/detail.go b/lwpreflight/aws/detail.go
@@ -76,6 +76,8 @@ func FetchDetails(p *Preflight) error {
 }
 
 func fetchOrg(p *Preflight) error {
+	p.verboseWriter.Write("Discovering organization information")
+
 	ctx := context.Background()
 	orgSvc := organizations.NewFromConfig(p.awsConfig)
 
@@ -101,6 +103,8 @@ func fetchOrg(p *Preflight) error {
 	p.details.IsManagementAccount = *orgOutput.Organization.MasterAccountId == p.caller.AccountID
 	p.details.OrgID = *orgOutput.Organization.Id
 
+	p.verboseWriter.Write("Discovering all accounts in the organization")
+
 	// Get account IDs in the org
 	accountsOutput, err := orgSvc.ListAccounts(ctx, nil)
 	if err != nil {
@@ -110,12 +114,16 @@ func fetchOrg(p *Preflight) error {
 		p.details.OrgAccountIDs = append(p.details.OrgAccountIDs, *a.Id)
 	}
 
+	p.verboseWriter.Write("Discovering root organization unit")
+
 	// Get root org unit ID and all org unit IDs
 	rootsOutput, err := orgSvc.ListRoots(ctx, nil)
 	if err != nil {
 		return err
 	}
 	if len(rootsOutput.Roots) > 0 {
+		p.verboseWriter.Write("Discovering all organization units")
+
 		p.details.RootOrgUnitID = *rootsOutput.Roots[0].Id
 		orgUnitsOutput, err := orgSvc.ListOrganizationalUnitsForParent(
 			ctx,
@@ -131,6 +139,8 @@ func fetchOrg(p *Preflight) error {
 		}
 	}
 
+	p.verboseWriter.Write("Discovering enabled services in the organization")
+
 	// Check enabled services
 	servicesOutput, err := orgSvc.ListAWSServiceAccessForOrganization(ctx, nil)
 	if err != nil {
@@ -146,6 +156,8 @@ func fetchOrg(p *Preflight) error {
 }
 
 func fetchRegions(p *Preflight) error {
+	p.verboseWriter.Write("Discovering enabled regions")
+
 	ec2Svc := ec2.NewFromConfig(p.awsConfig)
 	output, err := ec2Svc.DescribeRegions(context.Background(), nil)
 	if err != nil {
@@ -197,6 +209,8 @@ To determine if an existing trail is eligible CloudTrail integration:
  4. No need to check KMS
 */
 func fetchEligibleTrail(p *Preflight) (*cloudtrailTypes.Trail, error) {
+	p.verboseWriter.Write("Discovering existing eligible CloudTrail")
+
 	ctx := context.Background()
 
 	trailSvc := cloudtrail.NewFromConfig(p.awsConfig)
@@ -236,6 +250,8 @@ func fetchEligibleTrail(p *Preflight) (*cloudtrailTypes.Trail, error) {
 }
 
 func fetchControlTowerTrail(p *Preflight) (*cloudtrailTypes.Trail, error) {
+	p.verboseWriter.Write("Discovering existing eligible CloudTrail for Control Tower")
+
 	ctx := context.Background()
 
 	trailSvc := cloudtrail.NewFromConfig(p.awsConfig)
@@ -276,6 +292,8 @@ func fetchControlTowerTrail(p *Preflight) (*cloudtrailTypes.Trail, error) {
 }
 
 func fetchEKSClusters(p *Preflight) error {
+	p.verboseWriter.Write("Discovering EKS clusters")
+
 	var numRegions = len(p.details.Regions)
 	var wg sync.WaitGroup
 	var ch = make(chan EKSCluster, numRegions)
@@ -291,7 +309,7 @@ func fetchEKSClusters(p *Preflight) error {
 			output, err := eksSvc.ListClusters(context.Background(), nil)
 			if err != nil {
 				logger.Log.Warnf(
-					"Discovering EKS Cluster details: unable to check region %s\nERROR %s",
+					"Discovering EKS Clusters: unable to check region %s. ERROR: %s",
 					region, err.Error(),
 				)
 			} else {
diff --git a/lwpreflight/aws/permission.go b/lwpreflight/aws/permission.go
@@ -11,6 +11,8 @@ func CheckPermissions(p *Preflight) error {
 	}
 
 	for _, integrationType := range p.integrationTypes {
+		p.verboseWriter.Write(fmt.Sprintf("Checking permissions for %s", integrationType))
+
 		requiredPermissions := RequiredPermissions[integrationType]
 		for _, permission := range requiredPermissions {
 			// First check plain permission strings
diff --git a/lwpreflight/aws/policy.go b/lwpreflight/aws/policy.go
@@ -3,6 +3,7 @@ package aws
 import (
 	"context"
 	"encoding/json"
+	"fmt"
 	"net/url"
 	"strings"
 
@@ -28,37 +29,44 @@ func FetchPolicies(p *Preflight) error {
 
 	if p.caller.IsRoot {
 		logger.Log.Info("Skip fetching IAM policies for root user")
+		p.verboseWriter.Write("Skip fetching IAM policies for root user")
 		return nil
 	}
 
 	iamSvc := iam.NewFromConfig(p.awsConfig)
 	documents := []string{}
 
 	if p.caller.IsAssumedRole() {
+		p.verboseWriter.Write(fmt.Sprintf("Discovering managed IAM policies for %s", p.caller.Name))
 		docs, err := fetchManangedRolePolicies(ctx, iamSvc, p.caller.Name)
 		if err != nil {
 			return err
 		}
 		documents = append(documents, docs...)
 
+		p.verboseWriter.Write(fmt.Sprintf("Discovering inline IAM policies for %s", p.caller.Name))
 		docs, err = fetchInlineRolePolicies(ctx, iamSvc, p.caller.Name)
 		if err != nil {
 			return err
 		}
 		documents = append(documents, docs...)
 	} else {
+		p.verboseWriter.Write(fmt.Sprintf("Discovering managed IAM policies for %s", p.caller.Name))
+
 		docs, err := fetchManagedUserPolicies(ctx, iamSvc, p.caller.Name)
 		if err != nil {
 			return err
 		}
 		documents = append(documents, docs...)
 
+		p.verboseWriter.Write(fmt.Sprintf("Discovering inline IAM policies for %s", p.caller.Name))
 		docs, err = fetchInlineUserPolicies(ctx, iamSvc, p.caller.Name)
 		if err != nil {
 			return err
 		}
 		documents = append(documents, docs...)
 
+		p.verboseWriter.Write(fmt.Sprintf("Discovering IAM groups for %s", p.caller.Name))
 		docs, err = fetchUserGroupPolicies(ctx, iamSvc, p.caller.Name)
 		if err != nil {
 			return err
diff --git a/lwpreflight/azure/azure.go b/lwpreflight/azure/azure.go
@@ -5,6 +5,7 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
+	"github.com/lacework/go-sdk/v2/lwpreflight/verbosewriter"
 )
 
 type Preflight struct {
@@ -18,6 +19,8 @@ type Preflight struct {
 	caller  Caller
 	details Details
 	errors  map[IntegrationType][]string
+
+	verboseWriter verbosewriter.WriteCloser
 }
 
 type Result struct {
@@ -85,11 +88,17 @@ func New(params Params) (*Preflight, error) {
 		tasks:            tasks,
 		details:          Details{},
 		errors:           map[IntegrationType][]string{},
+		verboseWriter:    verbosewriter.New(),
 	}
 
 	return preflight, nil
 }
 
+// Overwrite the default verbose writer
+func (p *Preflight) SetVerboseWriter(vw verbosewriter.WriteCloser) {
+	p.verboseWriter = vw
+}
+
 func (p *Preflight) Run() (*Result, error) {
 	for _, task := range p.tasks {
 		err := task(p)
diff --git a/lwpreflight/azure/caller.go b/lwpreflight/azure/caller.go
@@ -23,6 +23,8 @@ type Caller struct {
 }
 
 func FetchCaller(p *Preflight) error {
+	p.verboseWriter.Write("Discovering caller information")
+
 	// Get caller identity
 	token, err := p.cred.GetToken(context.Background(), policy.TokenRequestOptions{
 		Scopes: []string{"https://management.azure.com/.default"},
diff --git a/lwpreflight/azure/detail.go b/lwpreflight/azure/detail.go
@@ -17,6 +17,8 @@ func FetchDetails(p *Preflight) error {
 		return fmt.Errorf("failed to create subscriptions client: %v", err)
 	}
 
+	p.verboseWriter.Write("Discovering available regions")
+
 	// Get available locations using the pager
 	pager := client.NewListLocationsPager(p.subscriptionID, nil)
 	regions := make([]string, 0)
diff --git a/lwpreflight/azure/permission.go b/lwpreflight/azure/permission.go
@@ -10,6 +10,8 @@ func CheckPermissions(p *Preflight) error {
 	}
 
 	for _, integrationType := range p.integrationTypes {
+		p.verboseWriter.Write(fmt.Sprintf("Checking permissions for %s", integrationType))
+
 		requiredPermissions := RequiredPermissions[integrationType]
 		for _, permission := range requiredPermissions {
 			if !p.permissions[permission] {
diff --git a/lwpreflight/azure/policy.go b/lwpreflight/azure/policy.go
@@ -19,6 +19,8 @@ func FetchPolicies(p *Preflight) error {
 		return fmt.Errorf("failed to create credential: %v", err)
 	}
 
+	p.verboseWriter.Write(fmt.Sprintf("Discovering role assigments for subscription %s", p.subscriptionID))
+
 	// Get role assignments for the caller
 	client, err := armauthorization.NewRoleAssignmentsClient(p.subscriptionID, cred, nil)
 	if err != nil {
diff --git a/lwpreflight/gcp/caller.go b/lwpreflight/gcp/caller.go
@@ -12,6 +12,8 @@ type Caller struct {
 }
 
 func FetchCaller(p *Preflight) error {
+	p.verboseWriter.Write("Discovering caller information")
+
 	oauth2Svc, err := oauth2.NewService(context.Background(), p.gcpClientOption)
 	if err != nil {
 		return err
diff --git a/lwpreflight/gcp/detail.go b/lwpreflight/gcp/detail.go
@@ -25,6 +25,8 @@ func FetchDetails(p *Preflight) error {
 }
 
 func fetchSchedulerRegions(p *Preflight) error {
+	p.verboseWriter.Write("Discovering scheduler regions")
+
 	schedulerSvc, err := scheduler.NewService(context.Background(), p.gcpClientOption)
 	if err != nil {
 		return err
diff --git a/lwpreflight/gcp/gcp.go b/lwpreflight/gcp/gcp.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"os"
 
+	"github.com/lacework/go-sdk/v2/lwpreflight/verbosewriter"
 	"golang.org/x/oauth2"
 	"google.golang.org/api/option"
 )
@@ -20,6 +21,8 @@ type Preflight struct {
 	caller  Caller
 	details Details
 	errors  map[IntegrationType][]string
+
+	verboseWriter verbosewriter.WriteCloser
 }
 
 type Result struct {
@@ -71,6 +74,7 @@ func New(params Params) (*Preflight, error) {
 		tasks:            tasks,
 		details:          Details{},
 		errors:           map[IntegrationType][]string{},
+		verboseWriter:    verbosewriter.New(),
 	}
 
 	if params.AccessToken != "" {
@@ -97,6 +101,11 @@ func New(params Params) (*Preflight, error) {
 	return preflight, nil
 }
 
+// Overwrite the default verbose writer
+func (p *Preflight) SetVerboseWriter(vw verbosewriter.WriteCloser) {
+	p.verboseWriter = vw
+}
+
 func (p *Preflight) Run() (*Result, error) {
 	for _, task := range p.tasks {
 		err := task(p)
diff --git a/lwpreflight/gcp/permission.go b/lwpreflight/gcp/permission.go
@@ -6,6 +6,8 @@ import (
 
 func CheckPermissions(p *Preflight) error {
 	for _, integrationType := range p.integrationTypes {
+		p.verboseWriter.Write(fmt.Sprintf("Checking permissions for %s", integrationType))
+
 		for _, permission := range RequiredPermissions[integrationType] {
 			if !p.permissions[permission] {
 				p.errors[integrationType] = append(
diff --git a/lwpreflight/gcp/policy.go b/lwpreflight/gcp/policy.go
@@ -18,8 +18,10 @@ func FetchPolicies(p *Preflight) error {
 	var policies []*cloudresourcemanagerV3.Policy
 
 	if p.orgID != "" {
+		p.verboseWriter.Write(fmt.Sprintf("Discovering IAM policies for organization %s", p.orgID))
 		policies, err = fetchOrgPolicies(p)
 	} else {
+		p.verboseWriter.Write(fmt.Sprintf("Discovering IAM policies for project %s", p.projectID))
 		policies, err = fetchProjectPolicies(p)
 	}
 	if err != nil {
diff --git a/lwpreflight/verbosewriter/verbosewriter.go b/lwpreflight/verbosewriter/verbosewriter.go
@@ -0,0 +1,31 @@
+package verbosewriter
+
+import (
+	"fmt"
+	"io"
+
+	"github.com/abiosoft/colima/util/terminal"
+)
+
+type WriteCloser interface {
+	Write(s string)
+	Close()
+}
+
+type VerboseWriter struct {
+	vw io.WriteCloser
+}
+
+func New() *VerboseWriter {
+	return &VerboseWriter{
+		vw: terminal.NewVerboseWriter(10),
+	}
+}
+
+func (v *VerboseWriter) Write(s string) {
+	v.vw.Write(fmt.Appendf(nil, "%s\n", s))
+}
+
+func (v *VerboseWriter) Close() {
+	v.vw.Close()
+}

Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,8 @@ func (c *Caller) IsAssumedRole() bool {`
`21`	`21`	`}`
`22`	`22`
`23`	`23`	`func FetchCaller(p *Preflight) error {`
	`24`	`+ p.verboseWriter.Write("Discovering caller information")`
	`25`	`+`
`24`	`26`	`stsSvc := sts.NewFromConfig(p.awsConfig)`
`25`	`27`
`26`	`28`	`caller, err := stsSvc.GetCallerIdentity(context.Background(), nil)`
Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,8 @@ func CheckPermissions(p *Preflight) error {`
`11`	`11`	`}`
`12`	`12`
`13`	`13`	`for _, integrationType := range p.integrationTypes {`
	`14`	`+ p.verboseWriter.Write(fmt.Sprintf("Checking permissions for %s", integrationType))`
	`15`	`+`
`14`	`16`	`requiredPermissions := RequiredPermissions[integrationType]`
`15`	`17`	`for _, permission := range requiredPermissions {`
`16`	`18`	`// First check plain permission strings`
Original file line number	Diff line number	Diff line change
`@@ -23,6 +23,8 @@ type Caller struct {`
`23`	`23`	`}`
`24`	`24`
`25`	`25`	`func FetchCaller(p *Preflight) error {`
	`26`	`+ p.verboseWriter.Write("Discovering caller information")`
	`27`	`+`
`26`	`28`	`// Get caller identity`
`27`	`29`	`token, err := p.cred.GetToken(context.Background(), policy.TokenRequestOptions{`
`28`	`30`	`Scopes: []string{"https://management.azure.com/.default"},`
Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,8 @@ func FetchDetails(p *Preflight) error {`
`17`	`17`	`return fmt.Errorf("failed to create subscriptions client: %v", err)`
`18`	`18`	`}`
`19`	`19`
	`20`	`+ p.verboseWriter.Write("Discovering available regions")`
	`21`	`+`
`20`	`22`	`// Get available locations using the pager`
`21`	`23`	`pager := client.NewListLocationsPager(p.subscriptionID, nil)`
`22`	`24`	`regions := make([]string, 0)`
Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,8 @@ func CheckPermissions(p *Preflight) error {`
`10`	`10`	`}`
`11`	`11`
`12`	`12`	`for _, integrationType := range p.integrationTypes {`
	`13`	`+ p.verboseWriter.Write(fmt.Sprintf("Checking permissions for %s", integrationType))`
	`14`	`+`
`13`	`15`	`requiredPermissions := RequiredPermissions[integrationType]`
`14`	`16`	`for _, permission := range requiredPermissions {`
`15`	`17`	`if !p.permissions[permission] {`
Original file line number	Diff line number	Diff line change
`@@ -19,6 +19,8 @@ func FetchPolicies(p *Preflight) error {`
`19`	`19`	`return fmt.Errorf("failed to create credential: %v", err)`
`20`	`20`	`}`
`21`	`21`
	`22`	`+ p.verboseWriter.Write(fmt.Sprintf("Discovering role assigments for subscription %s", p.subscriptionID))`
	`23`	`+`
`22`	`24`	`// Get role assignments for the caller`
`23`	`25`	`client, err := armauthorization.NewRoleAssignmentsClient(p.subscriptionID, cred, nil)`
`24`	`26`	`if err != nil {`