test: resource error handling

snyk · Aug 3, 2021 · f239459 · f239459
1 parent e7c93cb
commit f239459
Show file tree

Hide file tree

Showing 4 changed files with 91 additions and 56 deletions.
diff --git a/pkg/cmd/scan/output/output_test.go b/pkg/cmd/scan/output/output_test.go
@@ -8,9 +8,8 @@ import (
 	"github.com/cloudskiff/driftctl/pkg/alerter"
 	"github.com/cloudskiff/driftctl/pkg/analyser"
 	"github.com/cloudskiff/driftctl/pkg/output"
-	"github.com/cloudskiff/driftctl/pkg/remote"
-	"github.com/cloudskiff/driftctl/pkg/remote/aws"
-	"github.com/cloudskiff/driftctl/pkg/remote/github"
+	"github.com/cloudskiff/driftctl/pkg/remote/alerts"
+	"github.com/cloudskiff/driftctl/pkg/remote/common"
 	"github.com/cloudskiff/driftctl/pkg/resource"
 	testresource "github.com/cloudskiff/driftctl/test/resource"
 	"github.com/r3labs/diff/v2"
@@ -91,9 +90,9 @@ func fakeAnalysisWithAlerts() *analyser.Analysis {
 	a := fakeAnalysis()
 	a.SetAlerts(alerter.Alerts{
 		"": []alerter.Alert{
-			remote.NewRemoteAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_vpc", "aws_vpc", remote.EnumerationPhase),
-			remote.NewRemoteAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_sqs", "aws_sqs", remote.EnumerationPhase),
-			remote.NewRemoteAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_sns", "aws_sns", remote.EnumerationPhase),
+			alerts.NewRemoteAccessDeniedAlert(common.RemoteAWSTerraform, "aws_vpc", "aws_vpc", alerts.EnumerationPhase),
+			alerts.NewRemoteAccessDeniedAlert(common.RemoteAWSTerraform, "aws_sqs", "aws_sqs", alerts.EnumerationPhase),
+			alerts.NewRemoteAccessDeniedAlert(common.RemoteAWSTerraform, "aws_sns", "aws_sns", alerts.EnumerationPhase),
 		},
 	})
 	a.ProviderVersion = "3.19.0"
@@ -349,9 +348,9 @@ func fakeAnalysisWithAWSEnumerationError() *analyser.Analysis {
 	a := analyser.Analysis{}
 	a.SetAlerts(alerter.Alerts{
 		"": []alerter.Alert{
-			remote.NewRemoteAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_vpc", "aws_vpc", remote.EnumerationPhase),
-			remote.NewRemoteAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_sqs", "aws_sqs", remote.EnumerationPhase),
-			remote.NewRemoteAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_sns", "aws_sns", remote.EnumerationPhase),
+			alerts.NewRemoteAccessDeniedAlert(common.RemoteAWSTerraform, "aws_vpc", "aws_vpc", alerts.EnumerationPhase),
+			alerts.NewRemoteAccessDeniedAlert(common.RemoteAWSTerraform, "aws_sqs", "aws_sqs", alerts.EnumerationPhase),
+			alerts.NewRemoteAccessDeniedAlert(common.RemoteAWSTerraform, "aws_sns", "aws_sns", alerts.EnumerationPhase),
 		},
 	})
 	a.ProviderName = "AWS"
@@ -363,8 +362,8 @@ func fakeAnalysisWithGithubEnumerationError() *analyser.Analysis {
 	a := analyser.Analysis{}
 	a.SetAlerts(alerter.Alerts{
 		"": []alerter.Alert{
-			remote.NewRemoteAccessDeniedAlert(github.RemoteGithubTerraform, "github_team", "github_team", remote.EnumerationPhase),
-			remote.NewRemoteAccessDeniedAlert(github.RemoteGithubTerraform, "github_team_membership", "github_team", remote.EnumerationPhase),
+			alerts.NewRemoteAccessDeniedAlert(common.RemoteGithubTerraform, "github_team", "github_team", alerts.EnumerationPhase),
+			alerts.NewRemoteAccessDeniedAlert(common.RemoteGithubTerraform, "github_team_membership", "github_team", alerts.EnumerationPhase),
 		},
 	})
 	a.ProviderName = "AWS"

diff --git a/pkg/remote/resource_enumeration_error_handler_test.go b/pkg/remote/resource_enumeration_error_handler_test.go
@@ -4,9 +4,9 @@ import (
 	"errors"
 	"testing"
 
-	"github.com/cloudskiff/driftctl/pkg/remote/aws"
+	"github.com/cloudskiff/driftctl/pkg/remote/alerts"
+	"github.com/cloudskiff/driftctl/pkg/remote/common"
 	remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
-	"github.com/cloudskiff/driftctl/pkg/remote/github"
 	resourcegithub "github.com/cloudskiff/driftctl/pkg/resource/github"
 
 	"github.com/stretchr/testify/assert"
@@ -27,25 +27,19 @@ func TestHandleAwsEnumerationErrors(t *testing.T) {
 	}{
 		{
 			name:       "Handled error 403",
-			err:        remoteerror.NewResourceScanningError(awserr.NewRequestFailure(awserr.New("", "", errors.New("")), 403, ""), resourceaws.AwsVpcResourceType),
-			wantAlerts: alerter.Alerts{"aws_vpc": []alerter.Alert{NewRemoteAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_vpc", "aws_vpc", EnumerationPhase)}},
+			err:        remoteerror.NewResourceListingError(awserr.NewRequestFailure(awserr.New("", "", errors.New("")), 403, ""), resourceaws.AwsVpcResourceType),
+			wantAlerts: alerter.Alerts{"aws_vpc": []alerter.Alert{alerts.NewRemoteAccessDeniedAlert(common.RemoteAWSTerraform, "aws_vpc", "aws_vpc", alerts.EnumerationPhase)}},
 			wantErr:    false,
 		},
 		{
 			name:       "Handled error AccessDenied",
-			err:        remoteerror.NewResourceScanningError(awserr.NewRequestFailure(awserr.New("AccessDeniedException", "", errors.New("")), 403, ""), resourceaws.AwsDynamodbTableResourceType),
-			wantAlerts: alerter.Alerts{"aws_dynamodb_table": []alerter.Alert{NewRemoteAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_dynamodb_table", "aws_dynamodb_table", EnumerationPhase)}},
+			err:        remoteerror.NewResourceListingError(awserr.NewRequestFailure(awserr.New("AccessDeniedException", "", errors.New("")), 403, ""), resourceaws.AwsDynamodbTableResourceType),
+			wantAlerts: alerter.Alerts{"aws_dynamodb_table": []alerter.Alert{alerts.NewRemoteAccessDeniedAlert(common.RemoteAWSTerraform, "aws_dynamodb_table", "aws_dynamodb_table", alerts.EnumerationPhase)}},
 			wantErr:    false,
 		},
 		{
 			name:       "Not Handled error code",
-			err:        remoteerror.NewResourceScanningError(awserr.NewRequestFailure(awserr.New("", "", errors.New("")), 404, ""), resourceaws.AwsVpcResourceType),
-			wantAlerts: map[string][]alerter.Alert{},
-			wantErr:    true,
-		},
-		{
-			name:       "Not Handled supplier error",
-			err:        remoteerror.NewSupplierError(awserr.NewRequestFailure(awserr.New("", "", errors.New("")), 403, ""), map[string]string{}, resourceaws.AwsVpcResourceType),
+			err:        remoteerror.NewResourceListingError(awserr.NewRequestFailure(awserr.New("", "", errors.New("")), 404, ""), resourceaws.AwsVpcResourceType),
 			wantAlerts: map[string][]alerter.Alert{},
 			wantErr:    true,
 		},
@@ -57,14 +51,20 @@ func TestHandleAwsEnumerationErrors(t *testing.T) {
 		},
 		{
 			name:       "Not Handled root error type",
-			err:        remoteerror.NewResourceScanningError(errors.New("error"), resourceaws.AwsVpcResourceType),
+			err:        remoteerror.NewResourceListingError(errors.New("error"), resourceaws.AwsVpcResourceType),
 			wantAlerts: map[string][]alerter.Alert{},
 			wantErr:    true,
 		},
 		{
 			name:       "Handle AccessDenied error",
-			err:        remoteerror.NewResourceScanningError(errors.New("an error occured: AccessDenied: 403"), resourceaws.AwsVpcResourceType),
-			wantAlerts: alerter.Alerts{"aws_vpc": []alerter.Alert{NewRemoteAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_vpc", "aws_vpc", EnumerationPhase)}},
+			err:        remoteerror.NewResourceListingError(errors.New("an error occured: AccessDenied: 403"), resourceaws.AwsVpcResourceType),
+			wantAlerts: alerter.Alerts{"aws_vpc": []alerter.Alert{alerts.NewRemoteAccessDeniedAlert(common.RemoteAWSTerraform, "aws_vpc", "aws_vpc", alerts.EnumerationPhase)}},
+			wantErr:    false,
+		},
+		{
+			name:       "Access denied error on a single resource",
+			err:        remoteerror.NewResourceScanningError(errors.New("Error: AccessDenied: 403 ..."), resourceaws.AwsS3BucketResourceType, "my-bucket"),
+			wantAlerts: alerter.Alerts{"aws_s3_bucket.my-bucket": []alerter.Alert{alerts.NewRemoteAccessDeniedAlert(common.RemoteAWSTerraform, "aws_s3_bucket.my-bucket", "aws_s3_bucket", alerts.EnumerationPhase)}},
 			wantErr:    false,
 		},
 	}
@@ -91,19 +91,13 @@ func TestHandleGithubEnumerationErrors(t *testing.T) {
 	}{
 		{
 			name:       "Handled graphql error",
-			err:        remoteerror.NewResourceScanningError(errors.New("Your token has not been granted the required scopes to execute this query."), resourcegithub.GithubTeamResourceType),
-			wantAlerts: alerter.Alerts{"github_team": []alerter.Alert{NewRemoteAccessDeniedAlert(github.RemoteGithubTerraform, "github_team", "github_team", EnumerationPhase)}},
+			err:        remoteerror.NewResourceListingError(errors.New("Your token has not been granted the required scopes to execute this query."), resourcegithub.GithubTeamResourceType),
+			wantAlerts: alerter.Alerts{"github_team": []alerter.Alert{alerts.NewRemoteAccessDeniedAlert(common.RemoteGithubTerraform, "github_team", "github_team", alerts.EnumerationPhase)}},
 			wantErr:    false,
 		},
 		{
 			name:       "Not handled graphql error",
-			err:        remoteerror.NewResourceScanningError(errors.New("This is a not handler graphql error"), resourcegithub.GithubTeamResourceType),
-			wantAlerts: map[string][]alerter.Alert{},
-			wantErr:    true,
-		},
-		{
-			name:       "Not Handled supplier error",
-			err:        remoteerror.NewSupplierError(errors.New("An error from the supplier"), map[string]string{}, resourcegithub.GithubTeamResourceType),
+			err:        remoteerror.NewResourceListingError(errors.New("This is a not handler graphql error"), resourcegithub.GithubTeamResourceType),
 			wantAlerts: map[string][]alerter.Alert{},
 			wantErr:    true,
 		},
@@ -137,28 +131,34 @@ func TestHandleAwsDetailsFetchingErrors(t *testing.T) {
 	}{
 		{
 			name:       "Handle AccessDeniedException error",
-			err:        remoteerror.NewResourceScanningError(awserr.NewRequestFailure(awserr.New("AccessDeniedException", "test", errors.New("")), 403, ""), resourceaws.AwsVpcResourceType),
-			wantAlerts: alerter.Alerts{"aws_vpc": []alerter.Alert{NewRemoteAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_vpc", "aws_vpc", DetailsFetchingPhase)}},
+			err:        remoteerror.NewResourceListingError(awserr.NewRequestFailure(awserr.New("AccessDeniedException", "test", errors.New("")), 403, ""), resourceaws.AwsVpcResourceType),
+			wantAlerts: alerter.Alerts{"aws_vpc": []alerter.Alert{alerts.NewRemoteAccessDeniedAlert(common.RemoteAWSTerraform, "aws_vpc", "aws_vpc", alerts.DetailsFetchingPhase)}},
 			wantErr:    false,
 		},
 		{
 			name:       "Handle AccessDenied error",
-			err:        remoteerror.NewResourceScanningError(awserr.NewRequestFailure(awserr.New("test", "error: AccessDenied", errors.New("")), 403, ""), resourceaws.AwsVpcResourceType),
-			wantAlerts: alerter.Alerts{"aws_vpc": []alerter.Alert{NewRemoteAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_vpc", "aws_vpc", DetailsFetchingPhase)}},
+			err:        remoteerror.NewResourceListingError(awserr.NewRequestFailure(awserr.New("test", "error: AccessDenied", errors.New("")), 403, ""), resourceaws.AwsVpcResourceType),
+			wantAlerts: alerter.Alerts{"aws_vpc": []alerter.Alert{alerts.NewRemoteAccessDeniedAlert(common.RemoteAWSTerraform, "aws_vpc", "aws_vpc", alerts.DetailsFetchingPhase)}},
 			wantErr:    false,
 		},
 		{
 			name:       "Handle AuthorizationError error",
-			err:        remoteerror.NewResourceScanningError(awserr.NewRequestFailure(awserr.New("test", "error: AuthorizationError", errors.New("")), 403, ""), resourceaws.AwsVpcResourceType),
-			wantAlerts: alerter.Alerts{"aws_vpc": []alerter.Alert{NewRemoteAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_vpc", "aws_vpc", DetailsFetchingPhase)}},
+			err:        remoteerror.NewResourceListingError(awserr.NewRequestFailure(awserr.New("test", "error: AuthorizationError", errors.New("")), 403, ""), resourceaws.AwsVpcResourceType),
+			wantAlerts: alerter.Alerts{"aws_vpc": []alerter.Alert{alerts.NewRemoteAccessDeniedAlert(common.RemoteAWSTerraform, "aws_vpc", "aws_vpc", alerts.DetailsFetchingPhase)}},
 			wantErr:    false,
 		},
 		{
 			name:       "Unhandled error",
-			err:        remoteerror.NewResourceScanningError(awserr.NewRequestFailure(awserr.New("test", "error: dummy error", errors.New("")), 403, ""), resourceaws.AwsVpcResourceType),
+			err:        remoteerror.NewResourceListingError(awserr.NewRequestFailure(awserr.New("test", "error: dummy error", errors.New("")), 403, ""), resourceaws.AwsVpcResourceType),
 			wantAlerts: alerter.Alerts{},
 			wantErr:    true,
 		},
+		{
+			name:       "Not Handled error type",
+			err:        errors.New("error"),
+			wantAlerts: map[string][]alerter.Alert{},
+			wantErr:    true,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -186,18 +186,18 @@ func TestEnumerationAccessDeniedAlert_GetProviderMessage(t *testing.T) {
 		},
 		{
 			name:     "test for AWS",
-			provider: aws.RemoteAWSTerraform,
+			provider: common.RemoteAWSTerraform,
 			want:     "It seems that we got access denied exceptions while listing resources.\nThe latest minimal read-only IAM policy for driftctl is always available here, please update yours: https://docs.driftctl.com/aws/policy",
 		},
 		{
 			name:     "test for github",
-			provider: github.RemoteGithubTerraform,
+			provider: common.RemoteGithubTerraform,
 			want:     "It seems that we got access denied exceptions while listing resources.\nPlease be sure that your Github token has the right permissions, check the last up-to-date documentation there: https://docs.driftctl.com/github/policy",
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			e := NewRemoteAccessDeniedAlert(tt.provider, "supplier_type", "listed_type_error", EnumerationPhase)
+			e := alerts.NewRemoteAccessDeniedAlert(tt.provider, "supplier_type", "listed_type_error", alerts.EnumerationPhase)
 			if got := e.GetProviderMessage(); got != tt.want {
 				t.Errorf("GetProviderMessage() = %v, want %v", got, tt.want)
 			}
@@ -218,21 +218,56 @@ func TestDetailsFetchingAccessDeniedAlert_GetProviderMessage(t *testing.T) {
 		},
 		{
 			name:     "test for AWS",
-			provider: aws.RemoteAWSTerraform,
+			provider: common.RemoteAWSTerraform,
 			want:     "It seems that we got access denied exceptions while reading details of resources.\nThe latest minimal read-only IAM policy for driftctl is always available here, please update yours: https://docs.driftctl.com/aws/policy",
 		},
 		{
 			name:     "test for github",
-			provider: github.RemoteGithubTerraform,
+			provider: common.RemoteGithubTerraform,
 			want:     "It seems that we got access denied exceptions while reading details of resources.\nPlease be sure that your Github token has the right permissions, check the last up-to-date documentation there: https://docs.driftctl.com/github/policy",
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			e := NewRemoteAccessDeniedAlert(tt.provider, "supplier_type", "listed_type_error", DetailsFetchingPhase)
+			e := alerts.NewRemoteAccessDeniedAlert(tt.provider, "supplier_type", "listed_type_error", alerts.DetailsFetchingPhase)
 			if got := e.GetProviderMessage(); got != tt.want {
 				t.Errorf("GetProviderMessage() = %v, want %v", got, tt.want)
 			}
 		})
 	}
 }
+
+func TestResourceScanningErrorMethods(t *testing.T) {
+
+	tests := []struct {
+		name                 string
+		err                  *remoteerror.ResourceScanningError
+		expectedError        string
+		expectedResourceType string
+	}{
+		{
+			name:                 "Handled error AccessDenied",
+			err:                  remoteerror.NewResourceListingError(awserr.NewRequestFailure(awserr.New("AccessDeniedException", "", errors.New("")), 403, ""), resourceaws.AwsDynamodbTableResourceType),
+			expectedError:        "error scanning resource type aws_dynamodb_table: AccessDeniedException: \n\tstatus code: 403, request id: \ncaused by: ",
+			expectedResourceType: resourceaws.AwsDynamodbTableResourceType,
+		},
+		{
+			name:                 "Handle AccessDenied error",
+			err:                  remoteerror.NewResourceListingError(errors.New("an error occured: AccessDenied: 403"), resourceaws.AwsVpcResourceType),
+			expectedError:        "error scanning resource type aws_vpc: an error occured: AccessDenied: 403",
+			expectedResourceType: resourceaws.AwsVpcResourceType,
+		},
+		{
+			name:                 "Access denied error on a single resource",
+			err:                  remoteerror.NewResourceScanningError(errors.New("Error: AccessDenied: 403 ..."), resourceaws.AwsS3BucketResourceType, "my-bucket"),
+			expectedError:        "error scanning resource aws_s3_bucket.my-bucket: Error: AccessDenied: 403 ...",
+			expectedResourceType: resourceaws.AwsS3BucketResourceType,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			assert.Equal(t, tt.expectedError, tt.err.Error())
+			assert.Equal(t, tt.expectedResourceType, tt.err.ResourceType())
+		})
+	}
+}
diff --git a/pkg/remote/s3_scanner_test.go b/pkg/remote/s3_scanner_test.go
@@ -125,7 +125,7 @@ func TestS3Bucket(t *testing.T) {
 			remoteLibrary.AddEnumerator(aws.NewS3BucketEnumerator(repo, factory, tf.TerraformProviderConfig{
 				Name:         "test",
 				DefaultAlias: "eu-west-3",
-			}))
+			}, alerter))
 			remoteLibrary.AddDetailsFetcher(resourceaws.AwsS3BucketResourceType, aws.NewS3BucketDetailsFetcher(provider, deserializer))
 
 			testFilter := &filter.MockFilter{}
@@ -278,7 +278,7 @@ func TestS3BucketInventory(t *testing.T) {
 			remoteLibrary.AddEnumerator(aws.NewS3BucketInventoryEnumerator(repo, factory, tf.TerraformProviderConfig{
 				Name:         "test",
 				DefaultAlias: "eu-west-3",
-			}))
+			}, alerter))
 			remoteLibrary.AddDetailsFetcher(resourceaws.AwsS3BucketInventoryResourceType, aws.NewS3BucketInventoryDetailsFetcher(provider, deserializer))
 
 			testFilter := &filter.MockFilter{}
@@ -457,7 +457,7 @@ func TestS3BucketNotification(t *testing.T) {
 			remoteLibrary.AddEnumerator(aws.NewS3BucketNotificationEnumerator(repo, factory, tf.TerraformProviderConfig{
 				Name:         "test",
 				DefaultAlias: "eu-west-3",
-			}))
+			}, alerter))
 			remoteLibrary.AddDetailsFetcher(resourceaws.AwsS3BucketNotificationResourceType, aws.NewS3BucketNotificationDetailsFetcher(provider, deserializer))
 
 			testFilter := &filter.MockFilter{}
@@ -612,7 +612,7 @@ func TestS3BucketMetrics(t *testing.T) {
 			remoteLibrary.AddEnumerator(aws.NewS3BucketMetricsEnumerator(repo, factory, tf.TerraformProviderConfig{
 				Name:         "test",
 				DefaultAlias: "eu-west-3",
-			}))
+			}, alerter))
 			remoteLibrary.AddDetailsFetcher(resourceaws.AwsS3BucketMetricResourceType, aws.NewS3BucketMetricsDetailsFetcher(provider, deserializer))
 
 			testFilter := &filter.MockFilter{}
@@ -766,7 +766,7 @@ func TestS3BucketPolicy(t *testing.T) {
 			remoteLibrary.AddEnumerator(aws.NewS3BucketPolicyEnumerator(repo, factory, tf.TerraformProviderConfig{
 				Name:         "test",
 				DefaultAlias: "eu-west-3",
-			}))
+			}, alerter))
 			remoteLibrary.AddDetailsFetcher(resourceaws.AwsS3BucketPolicyResourceType, aws.NewS3BucketPolicyDetailsFetcher(provider, deserializer))
 
 			testFilter := &filter.MockFilter{}
@@ -923,7 +923,7 @@ func TestS3BucketAnalytic(t *testing.T) {
 			remoteLibrary.AddEnumerator(aws.NewS3BucketAnalyticEnumerator(repo, factory, tf.TerraformProviderConfig{
 				Name:         "test",
 				DefaultAlias: "eu-west-3",
-			}))
+			}, alerter))
 			remoteLibrary.AddDetailsFetcher(resourceaws.AwsS3BucketAnalyticsConfigurationResourceType, aws.NewS3BucketAnalyticDetailsFetcher(provider, deserializer))
 
 			testFilter := &filter.MockFilter{}

diff --git a/pkg/remote/sns_scanner_test.go b/pkg/remote/sns_scanner_test.go
@@ -10,6 +10,7 @@ import (
 	"github.com/cloudskiff/driftctl/mocks"
 	"github.com/cloudskiff/driftctl/pkg/alerter"
 	"github.com/cloudskiff/driftctl/pkg/filter"
+	"github.com/cloudskiff/driftctl/pkg/remote/alerts"
 	"github.com/cloudskiff/driftctl/pkg/remote/aws"
 	"github.com/cloudskiff/driftctl/pkg/remote/cache"
 	"github.com/cloudskiff/driftctl/pkg/remote/common"
@@ -279,7 +280,7 @@ func TestSNSTopicSubscriptionScan(t *testing.T) {
 			},
 			alerts: map[string][]alerter.Alert{
 				resourceaws.AwsSnsTopicSubscriptionResourceType: {
-					NewRemoteAccessDeniedAlert("aws+tf", resourceaws.AwsSnsTopicSubscriptionResourceType, resourceaws.AwsSnsTopicSubscriptionResourceType, EnumerationPhase),
+					alerts.NewRemoteAccessDeniedAlert("aws+tf", resourceaws.AwsSnsTopicSubscriptionResourceType, resourceaws.AwsSnsTopicSubscriptionResourceType, alerts.EnumerationPhase),
 				},
 			},
 			err: nil,