Merge pull request #905 from cloudskiff/fix/listedTypeAlerts

Include resource ID in scanning errors to ignore a particular resource

pkg/cmd/scan/output/console.go

@@ -9,14 +9,14 @@ import (
 	"strings"
 
 	"github.com/aws/aws-sdk-go/aws/awsutil"
+	"github.com/cloudskiff/driftctl/pkg/remote/alerts"
 	"github.com/fatih/color"
 	"github.com/mattn/go-isatty"
 	"github.com/r3labs/diff/v2"
 	"github.com/yudai/gojsondiff"
 	"github.com/yudai/gojsondiff/formatter"
 
 	"github.com/cloudskiff/driftctl/pkg/analyser"
-	"github.com/cloudskiff/driftctl/pkg/remote"
 	"github.com/cloudskiff/driftctl/pkg/resource"
 )
 
@@ -117,10 +117,10 @@ func (c *Console) Write(analysis *analyser.Analysis) error {
 	c.writeSummary(analysis)
 
 	enumerationErrorMessage := ""
-	for _, alerts := range analysis.Alerts() {
-		for _, alert := range alerts {
+	for _, a := range analysis.Alerts() {
+		for _, alert := range a {
 			fmt.Println(color.YellowString(alert.Message()))
-			if alert, ok := alert.(*remote.RemoteAccessDeniedAlert); ok && enumerationErrorMessage == "" {
+			if alert, ok := alert.(*alerts.RemoteAccessDeniedAlert); ok && enumerationErrorMessage == "" {
 				enumerationErrorMessage = alert.GetProviderMessage()
 			}
 		}

pkg/cmd/scan/output/output_test.go

@@ -8,9 +8,8 @@ import (
 	"github.com/cloudskiff/driftctl/pkg/alerter"
 	"github.com/cloudskiff/driftctl/pkg/analyser"
 	"github.com/cloudskiff/driftctl/pkg/output"
-	"github.com/cloudskiff/driftctl/pkg/remote"
-	"github.com/cloudskiff/driftctl/pkg/remote/aws"
-	"github.com/cloudskiff/driftctl/pkg/remote/github"
+	"github.com/cloudskiff/driftctl/pkg/remote/alerts"
+	"github.com/cloudskiff/driftctl/pkg/remote/common"
 	"github.com/cloudskiff/driftctl/pkg/resource"
 	testresource "github.com/cloudskiff/driftctl/test/resource"
 	"github.com/r3labs/diff/v2"
@@ -91,9 +90,9 @@ func fakeAnalysisWithAlerts() *analyser.Analysis {
 	a := fakeAnalysis()
 	a.SetAlerts(alerter.Alerts{
 		"": []alerter.Alert{
-			remote.NewRemoteAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_vpc", "aws_vpc", remote.EnumerationPhase),
-			remote.NewRemoteAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_sqs", "aws_sqs", remote.EnumerationPhase),
-			remote.NewRemoteAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_sns", "aws_sns", remote.EnumerationPhase),
+			alerts.NewRemoteAccessDeniedAlert(common.RemoteAWSTerraform, "aws_vpc", "aws_vpc", alerts.EnumerationPhase),
+			alerts.NewRemoteAccessDeniedAlert(common.RemoteAWSTerraform, "aws_sqs", "aws_sqs", alerts.EnumerationPhase),
+			alerts.NewRemoteAccessDeniedAlert(common.RemoteAWSTerraform, "aws_sns", "aws_sns", alerts.EnumerationPhase),
 		},
 	})
 	a.ProviderVersion = "3.19.0"
@@ -349,9 +348,9 @@ func fakeAnalysisWithAWSEnumerationError() *analyser.Analysis {
 	a := analyser.Analysis{}
 	a.SetAlerts(alerter.Alerts{
 		"": []alerter.Alert{
-			remote.NewRemoteAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_vpc", "aws_vpc", remote.EnumerationPhase),
-			remote.NewRemoteAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_sqs", "aws_sqs", remote.EnumerationPhase),
-			remote.NewRemoteAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_sns", "aws_sns", remote.EnumerationPhase),
+			alerts.NewRemoteAccessDeniedAlert(common.RemoteAWSTerraform, "aws_vpc", "aws_vpc", alerts.EnumerationPhase),
+			alerts.NewRemoteAccessDeniedAlert(common.RemoteAWSTerraform, "aws_sqs", "aws_sqs", alerts.EnumerationPhase),
+			alerts.NewRemoteAccessDeniedAlert(common.RemoteAWSTerraform, "aws_sns", "aws_sns", alerts.EnumerationPhase),
 		},
 	})
 	a.ProviderName = "AWS"
@@ -363,8 +362,8 @@ func fakeAnalysisWithGithubEnumerationError() *analyser.Analysis {
 	a := analyser.Analysis{}
 	a.SetAlerts(alerter.Alerts{
 		"": []alerter.Alert{
-			remote.NewRemoteAccessDeniedAlert(github.RemoteGithubTerraform, "github_team", "github_team", remote.EnumerationPhase),
-			remote.NewRemoteAccessDeniedAlert(github.RemoteGithubTerraform, "github_team_membership", "github_team", remote.EnumerationPhase),
+			alerts.NewRemoteAccessDeniedAlert(common.RemoteGithubTerraform, "github_team", "github_team", alerts.EnumerationPhase),
+			alerts.NewRemoteAccessDeniedAlert(common.RemoteGithubTerraform, "github_team_membership", "github_team", alerts.EnumerationPhase),
 		},
 	})
 	a.ProviderName = "AWS"

pkg/remote/alerts/alerts.go

@@ -0,0 +1,80 @@
+package alerts
+
+import (
+	"fmt"
+
+	"github.com/cloudskiff/driftctl/pkg/alerter"
+	"github.com/cloudskiff/driftctl/pkg/remote/common"
+	remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
+	"github.com/sirupsen/logrus"
+)
+
+type ScanningPhase int
+
+const (
+	EnumerationPhase ScanningPhase = iota
+	DetailsFetchingPhase
+)
+
+type RemoteAccessDeniedAlert struct {
+	message       string
+	provider      string
+	scanningPhase ScanningPhase
+}
+
+func NewRemoteAccessDeniedAlert(provider, resource, listedTypeError string, scanningPhase ScanningPhase) *RemoteAccessDeniedAlert {
+	var message string
+	switch scanningPhase {
+	case EnumerationPhase:
+		message = fmt.Sprintf("Ignoring %s from drift calculation: Listing %s is forbidden.", resource, listedTypeError)
+	case DetailsFetchingPhase:
+		message = fmt.Sprintf("Ignoring %s from drift calculation: Reading details of %s is forbidden.", resource, listedTypeError)
+	default:
+		message = fmt.Sprintf("Ignoring %s from drift calculation: %s", resource, listedTypeError)
+	}
+	return &RemoteAccessDeniedAlert{message, provider, scanningPhase}
+}
+
+func (e *RemoteAccessDeniedAlert) Message() string {
+	return e.message
+}
+
+func (e *RemoteAccessDeniedAlert) ShouldIgnoreResource() bool {
+	return true
+}
+
+func (e *RemoteAccessDeniedAlert) GetProviderMessage() string {
+	var message string
+	if e.scanningPhase == DetailsFetchingPhase {
+		message = "It seems that we got access denied exceptions while reading details of resources.\n"
+	}
+	if e.scanningPhase == EnumerationPhase {
+		message = "It seems that we got access denied exceptions while listing resources.\n"
+	}
+
+	switch e.provider {
+	case common.RemoteGithubTerraform:
+		message += "Please be sure that your Github token has the right permissions, check the last up-to-date documentation there: https://docs.driftctl.com/github/policy"
+	case common.RemoteAWSTerraform:
+		message += "The latest minimal read-only IAM policy for driftctl is always available here, please update yours: https://docs.driftctl.com/aws/policy"
+	default:
+		return ""
+	}
+	return message
+}
+
+func sendRemoteAccessDeniedAlert(provider string, alerter alerter.AlerterInterface, listError *remoteerror.ResourceScanningError, p ScanningPhase) {
+	logrus.WithFields(logrus.Fields{
+		"resource":    listError.Resource(),
+		"listed_type": listError.ListedTypeError(),
+	}).Debugf("Got an access denied error: %+v", listError.String())
+	alerter.SendAlert(listError.Resource(), NewRemoteAccessDeniedAlert(provider, listError.Resource(), listError.ListedTypeError(), p))
+}
+
+func SendEnumerationAlert(provider string, alerter alerter.AlerterInterface, listError *remoteerror.ResourceScanningError) {
+	sendRemoteAccessDeniedAlert(provider, alerter, listError, EnumerationPhase)
+}
+
+func SendDetailsFetchingAlert(provider string, alerter alerter.AlerterInterface, listError *remoteerror.ResourceScanningError) {
+	sendRemoteAccessDeniedAlert(provider, alerter, listError, DetailsFetchingPhase)
+}

pkg/remote/aws/cloudfront_distribution_enumerator.go

@@ -26,7 +26,7 @@ func (e *CloudfrontDistributionEnumerator) SupportedType() resource.ResourceType
 func (e *CloudfrontDistributionEnumerator) Enumerate() ([]resource.Resource, error) {
 	distributions, err := e.repository.ListAllDistributions()
 	if err != nil {
-		return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
+		return nil, remoteerror.NewResourceListingError(err, string(e.SupportedType()))
 	}
 
 	results := make([]resource.Resource, len(distributions))

pkg/remote/aws/default_vpc_enumerator.go

@@ -28,7 +28,7 @@ func (e *DefaultVPCEnumerator) SupportedType() resource.ResourceType {
 func (e *DefaultVPCEnumerator) Enumerate() ([]resource.Resource, error) {
 	_, defaultVPCs, err := e.repo.ListAllVPCs()
 	if err != nil {
-		return nil, remoteerror.NewResourceScanningError(err, aws.AwsDefaultVpcResourceType)
+		return nil, remoteerror.NewResourceListingError(err, string(e.SupportedType()))
 	}
 
 	results := make([]resource.Resource, 0, len(defaultVPCs))

pkg/remote/aws/dynamodb_table_details_fetcher.go

@@ -28,7 +28,7 @@ func (r *DynamoDBTableDetailsFetcher) ReadDetails(res resource.Resource) (resour
 		},
 	})
 	if err != nil {
-		return nil, remoteerror.NewResourceScanningError(err, res.TerraformType())
+		return nil, remoteerror.NewResourceScanningError(err, res.TerraformType(), res.TerraformId())
 	}
 	deserializedRes, err := r.deserializer.DeserializeOne(aws.AwsDynamodbTableResourceType, *ctyVal)
 	if err != nil {

pkg/remote/aws/dynamodb_table_enumerator.go

@@ -26,7 +26,7 @@ func (e *DynamoDBTableEnumerator) SupportedType() resource.ResourceType {
 func (e *DynamoDBTableEnumerator) Enumerate() ([]resource.Resource, error) {
 	tables, err := e.repository.ListAllTables()
 	if err != nil {
-		return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
+		return nil, remoteerror.NewResourceListingError(err, string(e.SupportedType()))
 	}
 
 	results := make([]resource.Resource, len(tables))

pkg/remote/aws/ec2_ami_enumerator.go

@@ -26,7 +26,7 @@ func (e *EC2AmiEnumerator) SupportedType() resource.ResourceType {
 func (e *EC2AmiEnumerator) Enumerate() ([]resource.Resource, error) {
 	images, err := e.repository.ListAllImages()
 	if err != nil {
-		return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
+		return nil, remoteerror.NewResourceListingError(err, string(e.SupportedType()))
 	}
 
 	results := make([]resource.Resource, len(images))

pkg/remote/aws/ec2_default_route_table_details_fetcher.go

@@ -28,7 +28,7 @@ func (r *EC2DefaultRouteTableDetailsFetcher) ReadDetails(res resource.Resource)
 		},
 	})
 	if err != nil {
-		return nil, remoteerror.NewResourceScanningError(err, res.TerraformType())
+		return nil, remoteerror.NewResourceScanningError(err, res.TerraformType(), res.TerraformId())
 	}
 	deserializedRes, err := r.deserializer.DeserializeOne(aws.AwsDefaultRouteTableResourceType, *ctyVal)
 	if err != nil {

pkg/remote/aws/ec2_default_route_table_enumerator.go

@@ -26,7 +26,7 @@ func (e *EC2DefaultRouteTableEnumerator) SupportedType() resource.ResourceType {
 func (e *EC2DefaultRouteTableEnumerator) Enumerate() ([]resource.Resource, error) {
 	routeTables, err := e.repository.ListAllRouteTables()
 	if err != nil {
-		return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
+		return nil, remoteerror.NewResourceListingError(err, string(e.SupportedType()))
 	}
 
 	var results []resource.Resource

pkg/remote/aws/ec2_default_subnet_enumerator.go

@@ -26,7 +26,7 @@ func (e *EC2DefaultSubnetEnumerator) SupportedType() resource.ResourceType {
 func (e *EC2DefaultSubnetEnumerator) Enumerate() ([]resource.Resource, error) {
 	_, defaultSubnets, err := e.repository.ListAllSubnets()
 	if err != nil {
-		return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
+		return nil, remoteerror.NewResourceListingError(err, string(e.SupportedType()))
 	}
 
 	results := make([]resource.Resource, len(defaultSubnets))

pkg/remote/aws/ec2_ebs_snapshot_enumerator.go

@@ -26,7 +26,7 @@ func (e *EC2EbsSnapshotEnumerator) SupportedType() resource.ResourceType {
 func (e *EC2EbsSnapshotEnumerator) Enumerate() ([]resource.Resource, error) {
 	snapshots, err := e.repository.ListAllSnapshots()
 	if err != nil {
-		return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
+		return nil, remoteerror.NewResourceListingError(err, string(e.SupportedType()))
 	}
 
 	results := make([]resource.Resource, len(snapshots))

pkg/remote/aws/ec2_ebs_volume_enumerator.go

@@ -26,7 +26,7 @@ func (e *EC2EbsVolumeEnumerator) SupportedType() resource.ResourceType {
 func (e *EC2EbsVolumeEnumerator) Enumerate() ([]resource.Resource, error) {
 	volumes, err := e.repository.ListAllVolumes()
 	if err != nil {
-		return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
+		return nil, remoteerror.NewResourceListingError(err, string(e.SupportedType()))
 	}
 
 	results := make([]resource.Resource, len(volumes))

pkg/remote/aws/ec2_eip_association_enumerator.go

@@ -26,7 +26,7 @@ func (e *EC2EipAssociationEnumerator) SupportedType() resource.ResourceType {
 func (e *EC2EipAssociationEnumerator) Enumerate() ([]resource.Resource, error) {
 	addresses, err := e.repository.ListAllAddressesAssociation()
 	if err != nil {
-		return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
+		return nil, remoteerror.NewResourceListingError(err, string(e.SupportedType()))
 	}
 
 	results := make([]resource.Resource, 0, len(addresses))

pkg/remote/aws/ec2_eip_enumerator.go

@@ -26,7 +26,7 @@ func (e *EC2EipEnumerator) SupportedType() resource.ResourceType {
 func (e *EC2EipEnumerator) Enumerate() ([]resource.Resource, error) {
 	addresses, err := e.repository.ListAllAddresses()
 	if err != nil {
-		return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
+		return nil, remoteerror.NewResourceListingError(err, string(e.SupportedType()))
 	}
 
 	results := make([]resource.Resource, len(addresses))

pkg/remote/aws/ec2_instance_enumerator.go

@@ -26,7 +26,7 @@ func (e *EC2InstanceEnumerator) SupportedType() resource.ResourceType {
 func (e *EC2InstanceEnumerator) Enumerate() ([]resource.Resource, error) {
 	instances, err := e.repository.ListAllInstances()
 	if err != nil {
-		return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
+		return nil, remoteerror.NewResourceListingError(err, string(e.SupportedType()))
 	}
 
 	results := make([]resource.Resource, len(instances))

pkg/remote/aws/ec2_internet_gateway_enumerator.go

@@ -26,7 +26,7 @@ func (e *EC2InternetGatewayEnumerator) SupportedType() resource.ResourceType {
 func (e *EC2InternetGatewayEnumerator) Enumerate() ([]resource.Resource, error) {
 	internetGateways, err := e.repository.ListAllInternetGateways()
 	if err != nil {
-		return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
+		return nil, remoteerror.NewResourceListingError(err, string(e.SupportedType()))
 	}
 
 	results := make([]resource.Resource, len(internetGateways))

pkg/remote/aws/ec2_key_pair_enumerator.go

@@ -26,7 +26,7 @@ func (e *EC2KeyPairEnumerator) SupportedType() resource.ResourceType {
 func (e *EC2KeyPairEnumerator) Enumerate() ([]resource.Resource, error) {
 	keyPairs, err := e.repository.ListAllKeyPairs()
 	if err != nil {
-		return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
+		return nil, remoteerror.NewResourceListingError(err, string(e.SupportedType()))
 	}
 
 	results := make([]resource.Resource, len(keyPairs))

pkg/remote/aws/ec2_nat_gateway_enumerator.go

@@ -26,7 +26,7 @@ func (e *EC2NatGatewayEnumerator) SupportedType() resource.ResourceType {
 func (e *EC2NatGatewayEnumerator) Enumerate() ([]resource.Resource, error) {
 	natGateways, err := e.repository.ListAllNatGateways()
 	if err != nil {
-		return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
+		return nil, remoteerror.NewResourceListingError(err, string(e.SupportedType()))
 	}
 
 	results := make([]resource.Resource, len(natGateways))

pkg/remote/aws/ec2_route_details_fetcher.go

@@ -35,7 +35,7 @@ func (r *EC2RouteDetailsFetcher) ReadDetails(res resource.Resource) (resource.Re
 		Attributes: attributes,
 	})
 	if err != nil {
-		return nil, remoteerror.NewResourceScanningError(err, res.TerraformType())
+		return nil, remoteerror.NewResourceScanningError(err, res.TerraformType(), res.TerraformId())
 	}
 	deserializedRes, err := r.deserializer.DeserializeOne(aws.AwsRouteResourceType, *ctyVal)
 	if err != nil {

pkg/remote/aws/ec2_route_enumerator.go

@@ -26,7 +26,7 @@ func (e *EC2RouteEnumerator) SupportedType() resource.ResourceType {
 func (e *EC2RouteEnumerator) Enumerate() ([]resource.Resource, error) {
 	routeTables, err := e.repository.ListAllRouteTables()
 	if err != nil {
-		return nil, remoteerror.NewResourceScanningErrorWithType(err, string(e.SupportedType()), aws.AwsRouteTableResourceType)
+		return nil, remoteerror.NewResourceListingErrorWithType(err, string(e.SupportedType()), aws.AwsRouteTableResourceType)
 	}
 
 	var results []resource.Resource

pkg/remote/aws/ec2_route_table_association_details_fetcher.go

@@ -28,7 +28,7 @@ func (r *EC2RouteTableAssociationDetailsFetcher) ReadDetails(res resource.Resour
 		},
 	})
 	if err != nil {
-		return nil, remoteerror.NewResourceScanningError(err, res.TerraformType())
+		return nil, remoteerror.NewResourceScanningError(err, res.TerraformType(), res.TerraformId())
 	}
 	deserializedRes, err := r.deserializer.DeserializeOne(aws.AwsRouteTableAssociationResourceType, *ctyVal)
 	if err != nil {

pkg/remote/aws/ec2_route_table_association_enumerator.go

@@ -27,7 +27,7 @@ func (e *EC2RouteTableAssociationEnumerator) SupportedType() resource.ResourceTy
 func (e *EC2RouteTableAssociationEnumerator) Enumerate() ([]resource.Resource, error) {
 	routeTables, err := e.repository.ListAllRouteTables()
 	if err != nil {
-		return nil, remoteerror.NewResourceScanningErrorWithType(err, string(e.SupportedType()), aws.AwsRouteTableResourceType)
+		return nil, remoteerror.NewResourceListingErrorWithType(err, string(e.SupportedType()), aws.AwsRouteTableResourceType)
 	}
 
 	var results []resource.Resource

pkg/remote/aws/ec2_route_table_enumerator.go

@@ -27,7 +27,7 @@ func (e *EC2RouteTableEnumerator) SupportedType() resource.ResourceType {
 func (e *EC2RouteTableEnumerator) Enumerate() ([]resource.Resource, error) {
 	routeTables, err := e.repository.ListAllRouteTables()
 	if err != nil {
-		return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
+		return nil, remoteerror.NewResourceListingError(err, string(e.SupportedType()))
 	}
 
 	var results []resource.Resource

pkg/remote/aws/ec2_subnet_enumerator.go

@@ -26,7 +26,7 @@ func (e *EC2SubnetEnumerator) SupportedType() resource.ResourceType {
 func (e *EC2SubnetEnumerator) Enumerate() ([]resource.Resource, error) {
 	subnets, _, err := e.repository.ListAllSubnets()
 	if err != nil {
-		return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
+		return nil, remoteerror.NewResourceListingError(err, string(e.SupportedType()))
 	}
 
 	results := make([]resource.Resource, len(subnets))

pkg/remote/aws/ecr_repository_enumerator.go

@@ -26,7 +26,7 @@ func (e *ECRRepositoryEnumerator) SupportedType() resource.ResourceType {
 func (e *ECRRepositoryEnumerator) Enumerate() ([]resource.Resource, error) {
 	repos, err := e.repository.ListAllRepositories()
 	if err != nil {
-		return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
+		return nil, remoteerror.NewResourceListingError(err, string(e.SupportedType()))
 	}
 
 	results := make([]resource.Resource, len(repos))

pkg/remote/aws/iam_access_key_details_fetcher.go

@@ -28,7 +28,7 @@ func (r *IamAccessKeyDetailsFetcher) ReadDetails(res resource.Resource) (resourc
 		},
 	})
 	if err != nil {
-		return nil, remoteerror.NewResourceScanningError(err, res.TerraformType())
+		return nil, remoteerror.NewResourceScanningError(err, res.TerraformType(), res.TerraformId())
 	}
 	deserializedRes, err := r.deserializer.DeserializeOne(aws.AwsIamAccessKeyResourceType, *ctyVal)
 	if err != nil {

pkg/remote/aws/iam_access_key_enumerator.go

@@ -26,12 +26,12 @@ func (e *IamAccessKeyEnumerator) SupportedType() resource.ResourceType {
 func (e *IamAccessKeyEnumerator) Enumerate() ([]resource.Resource, error) {
 	users, err := e.repository.ListAllUsers()
 	if err != nil {
-		return nil, remoteerror.NewResourceScanningErrorWithType(err, string(e.SupportedType()), resourceaws.AwsIamUserResourceType)
+		return nil, remoteerror.NewResourceListingErrorWithType(err, string(e.SupportedType()), resourceaws.AwsIamUserResourceType)
 	}
 
 	keys, err := e.repository.ListAllAccessKeys(users)
 	if err != nil {
-		return nil, remoteerror.NewResourceScanningError(err, resourceaws.AwsIamAccessKeyResourceType)
+		return nil, remoteerror.NewResourceListingError(err, string(e.SupportedType()))
 	}
 
 	results := make([]resource.Resource, 0)

pkg/remote/aws/iam_policy_enumerator.go

@@ -27,7 +27,7 @@ func (e *IamPolicyEnumerator) SupportedType() resource.ResourceType {
 func (e *IamPolicyEnumerator) Enumerate() ([]resource.Resource, error) {
 	policies, err := e.repository.ListAllPolicies()
 	if err != nil {
-		return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
+		return nil, remoteerror.NewResourceListingError(err, string(e.SupportedType()))
 	}
 
 	results := make([]resource.Resource, len(policies))