Merge branch 'main' into refact/ec2_instance_details_fetcher

pkg/remote/aws/ecr_repository_enumerator.go

@@ -0,0 +1,46 @@
+package aws
+
+import (
+	"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
+	remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
+	"github.com/cloudskiff/driftctl/pkg/resource"
+	"github.com/cloudskiff/driftctl/pkg/resource/aws"
+)
+
+type ECRRepositoryEnumerator struct {
+	repository repository.ECRRepository
+	factory    resource.ResourceFactory
+}
+
+func NewECRRepositoryEnumerator(repo repository.ECRRepository, factory resource.ResourceFactory) *ECRRepositoryEnumerator {
+	return &ECRRepositoryEnumerator{
+		repository: repo,
+		factory:    factory,
+	}
+}
+
+func (e *ECRRepositoryEnumerator) SupportedType() resource.ResourceType {
+	return aws.AwsEcrRepositoryResourceType
+}
+
+func (e *ECRRepositoryEnumerator) Enumerate() ([]resource.Resource, error) {
+	repos, err := e.repository.ListAllRepositories()
+	if err != nil {
+		return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
+	}
+
+	results := make([]resource.Resource, len(repos))
+
+	for _, repo := range repos {
+		results = append(
+			results,
+			e.factory.CreateAbstractResource(
+				string(e.SupportedType()),
+				*repo.RepositoryName,
+				map[string]interface{}{},
+			),
+		)
+	}
+
+	return results, err
+}

pkg/remote/aws/ecr_repository_supplier.go

@@ -1,62 +0,0 @@
-package aws
-
-import (
-	"github.com/aws/aws-sdk-go/service/ecr"
-	"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
-	remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
-	"github.com/sirupsen/logrus"
-	"github.com/zclconf/go-cty/cty"
-
-	"github.com/cloudskiff/driftctl/pkg/resource"
-	"github.com/cloudskiff/driftctl/pkg/resource/aws"
-	"github.com/cloudskiff/driftctl/pkg/terraform"
-)
-
-type ECRRepositorySupplier struct {
-	reader       terraform.ResourceReader
-	deserializer *resource.Deserializer
-	repository   repository.ECRRepository
-	runner       *terraform.ParallelResourceReader
-}
-
-func NewECRRepositorySupplier(provider *AWSTerraformProvider, deserializer *resource.Deserializer, repository repository.ECRRepository) *ECRRepositorySupplier {
-	return &ECRRepositorySupplier{
-		provider,
-		deserializer,
-		repository,
-		terraform.NewParallelResourceReader(provider.Runner().SubRunner()),
-	}
-}
-
-func (r *ECRRepositorySupplier) Resources() ([]resource.Resource, error) {
-	repositories, err := r.repository.ListAllRepositories()
-	if err != nil {
-		return nil, remoteerror.NewResourceEnumerationError(err, aws.AwsEcrRepositoryResourceType)
-	}
-
-	for _, repo := range repositories {
-		repo := repo
-		r.runner.Run(func() (cty.Value, error) {
-			return r.readRepository(repo)
-		})
-	}
-
-	retrieve, err := r.runner.Wait()
-	if err != nil {
-		return nil, err
-	}
-
-	return r.deserializer.Deserialize(aws.AwsEcrRepositoryResourceType, retrieve)
-}
-
-func (r *ECRRepositorySupplier) readRepository(repository *ecr.Repository) (cty.Value, error) {
-	val, err := r.reader.ReadResource(terraform.ReadResourceArgs{
-		ID: *repository.RepositoryName,
-		Ty: aws.AwsEcrRepositoryResourceType,
-	})
-	if err != nil {
-		logrus.Error(err)
-		return cty.NilVal, err
-	}
-	return *val, nil
-}

pkg/remote/aws/ecr_repository_supplier_test.go

@@ -1,98 +0,0 @@
-package aws
-
-import (
-	"context"
-	"testing"
-
-	"github.com/aws/aws-sdk-go/service/ecr"
-	"github.com/cloudskiff/driftctl/pkg/remote/cache"
-	testresource "github.com/cloudskiff/driftctl/test/resource"
-
-	"github.com/aws/aws-sdk-go/aws"
-
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/cloudskiff/driftctl/pkg/parallel"
-	"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
-	remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
-	"github.com/cloudskiff/driftctl/test"
-	"github.com/cloudskiff/driftctl/test/goldenfile"
-	testmocks "github.com/cloudskiff/driftctl/test/mocks"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/mock"
-
-	"github.com/cloudskiff/driftctl/pkg/resource"
-	resourceaws "github.com/cloudskiff/driftctl/pkg/resource/aws"
-	"github.com/cloudskiff/driftctl/pkg/terraform"
-)
-
-func TestEcrRepositorySupplier_Resources(t *testing.T) {
-	cases := []struct {
-		test    string
-		dirName string
-		mocks   func(client *repository.MockECRRepository)
-		err     error
-	}{
-		{
-			test:    "no repository",
-			dirName: "ecr_repository_empty",
-			mocks: func(client *repository.MockECRRepository) {
-				client.On("ListAllRepositories").Return([]*ecr.Repository{}, nil)
-			},
-			err: nil,
-		},
-		{
-			test:    "multiple repositories",
-			dirName: "ecr_repository_multiple",
-			mocks: func(client *repository.MockECRRepository) {
-				client.On("ListAllRepositories").Return([]*ecr.Repository{
-					{RepositoryName: aws.String("test_ecr")},
-					{RepositoryName: aws.String("bar")},
-				}, nil)
-			},
-			err: nil,
-		},
-		{
-			test:    "cannot list repository",
-			dirName: "ecr_repository_empty",
-			mocks: func(client *repository.MockECRRepository) {
-				client.On("ListAllRepositories").Return(nil, awserr.NewRequestFailure(nil, 403, ""))
-			},
-			err: remoteerror.NewResourceEnumerationError(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsEcrRepositoryResourceType),
-		},
-	}
-	for _, c := range cases {
-		shouldUpdate := c.dirName == *goldenfile.Update
-
-		providerLibrary := terraform.NewProviderLibrary()
-		supplierLibrary := resource.NewSupplierLibrary()
-
-		repo := testresource.InitFakeSchemaRepository("aws", "3.19.0")
-		resourceaws.InitResourcesMetadata(repo)
-		factory := terraform.NewTerraformResourceFactory(repo)
-
-		deserializer := resource.NewDeserializer(factory)
-		if shouldUpdate {
-			provider, err := InitTestAwsProvider(providerLibrary)
-			if err != nil {
-				t.Fatal(err)
-			}
-			supplierLibrary.AddSupplier(NewECRRepositorySupplier(provider, deserializer, repository.NewECRRepository(provider.session, cache.New(0))))
-		}
-
-		t.Run(c.test, func(tt *testing.T) {
-			fakeClient := repository.MockECRRepository{}
-			c.mocks(&fakeClient)
-			provider := testmocks.NewMockedGoldenTFProvider(c.dirName, providerLibrary.Provider(terraform.AWS), shouldUpdate)
-			s := &ECRRepositorySupplier{
-				provider,
-				deserializer,
-				&fakeClient,
-				terraform.NewParallelResourceReader(parallel.NewParallelRunner(context.TODO(), 10)),
-			}
-			got, err := s.Resources()
-			assert.Equal(tt, c.err, err)
-			mock.AssertExpectationsForObjects(tt)
-			test.CtyTestDiff(got, c.dirName, provider, deserializer, shouldUpdate, tt)
-		})
-	}
-}

pkg/remote/aws/iam_user_policy_enumerator.go

@@ -0,0 +1,50 @@
+package aws
+
+import (
+	"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
+	remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
+	"github.com/cloudskiff/driftctl/pkg/resource"
+	"github.com/cloudskiff/driftctl/pkg/resource/aws"
+)
+
+type IamUserPolicyEnumerator struct {
+	repository repository.IAMRepository
+	factory    resource.ResourceFactory
+}
+
+func NewIamUserPolicyEnumerator(repo repository.IAMRepository, factory resource.ResourceFactory) *IamUserPolicyEnumerator {
+	return &IamUserPolicyEnumerator{
+		repository: repo,
+		factory:    factory,
+	}
+}
+
+func (e *IamUserPolicyEnumerator) SupportedType() resource.ResourceType {
+	return aws.AwsIamUserPolicyResourceType
+}
+
+func (e *IamUserPolicyEnumerator) Enumerate() ([]resource.Resource, error) {
+	users, err := e.repository.ListAllUsers()
+	if err != nil {
+		return nil, remoteerror.NewResourceEnumerationErrorWithType(err, string(e.SupportedType()), aws.AwsIamUserResourceType)
+	}
+	userPolicies, err := e.repository.ListAllUserPolicies(users)
+	if err != nil {
+		return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
+	}
+
+	results := make([]resource.Resource, len(userPolicies))
+
+	for _, userPolicy := range userPolicies {
+		results = append(
+			results,
+			e.factory.CreateAbstractResource(
+				string(e.SupportedType()),
+				userPolicy,
+				map[string]interface{}{},
+			),
+		)
+	}
+
+	return results, err
+}

pkg/remote/aws/iam_user_policy_supplier.go

@@ -1,69 +0,0 @@
-package aws
-
-import (
-	"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
-	remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
-
-	"github.com/cloudskiff/driftctl/pkg/resource"
-	resourceaws "github.com/cloudskiff/driftctl/pkg/resource/aws"
-	"github.com/cloudskiff/driftctl/pkg/terraform"
-
-	"github.com/sirupsen/logrus"
-	"github.com/zclconf/go-cty/cty"
-)
-
-type IamUserPolicySupplier struct {
-	reader       terraform.ResourceReader
-	deserializer *resource.Deserializer
-	repository   repository.IAMRepository
-	runner       *terraform.ParallelResourceReader
-}
-
-func NewIamUserPolicySupplier(provider *AWSTerraformProvider, deserializer *resource.Deserializer, repository repository.IAMRepository) *IamUserPolicySupplier {
-	return &IamUserPolicySupplier{
-		provider,
-		deserializer,
-		repository,
-		terraform.NewParallelResourceReader(provider.Runner().SubRunner()),
-	}
-}
-
-func (s *IamUserPolicySupplier) Resources() ([]resource.Resource, error) {
-	users, err := s.repository.ListAllUsers()
-	if err != nil {
-		return nil, remoteerror.NewResourceEnumerationErrorWithType(err, resourceaws.AwsIamUserPolicyResourceType, resourceaws.AwsIamUserResourceType)
-	}
-	policies, err := s.repository.ListAllUserPolicies(users)
-	if err != nil {
-		return nil, remoteerror.NewResourceEnumerationError(err, resourceaws.AwsIamUserPolicyResourceType)
-	}
-	results := make([]cty.Value, 0)
-	if len(policies) > 0 {
-		for _, policy := range policies {
-			p := policy
-			s.runner.Run(func() (cty.Value, error) {
-				return s.readUserPolicy(p)
-			})
-		}
-		results, err = s.runner.Wait()
-		if err != nil {
-			return nil, err
-		}
-	}
-	return s.deserializer.Deserialize(resourceaws.AwsIamUserPolicyResourceType, results)
-}
-
-func (s *IamUserPolicySupplier) readUserPolicy(policyName string) (cty.Value, error) {
-	res, err := s.reader.ReadResource(
-		terraform.ReadResourceArgs{
-			Ty: resourceaws.AwsIamUserPolicyResourceType,
-			ID: policyName,
-		},
-	)
-	if err != nil {
-		logrus.Warnf("Error reading iam user policy %s[%s]: %+v", policyName, resourceaws.AwsIamUserResourceType, err)
-		return cty.NilVal, err
-	}
-
-	return *res, nil
-}

pkg/remote/aws/iam_user_policy_supplier_test.go

@@ -1,142 +0,0 @@
-package aws
-
-import (
-	"context"
-	"testing"
-
-	"github.com/aws/aws-sdk-go/service/iam"
-	"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
-	"github.com/cloudskiff/driftctl/pkg/remote/cache"
-	remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
-	testresource "github.com/cloudskiff/driftctl/test/resource"
-
-	resourceaws "github.com/cloudskiff/driftctl/pkg/resource/aws"
-
-	"github.com/aws/aws-sdk-go/aws/awserr"
-
-	"github.com/cloudskiff/driftctl/pkg/parallel"
-
-	"github.com/aws/aws-sdk-go/aws"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/mock"
-
-	"github.com/cloudskiff/driftctl/test/goldenfile"
-	"github.com/cloudskiff/driftctl/test/mocks"
-
-	"github.com/cloudskiff/driftctl/pkg/resource"
-	"github.com/cloudskiff/driftctl/pkg/terraform"
-	"github.com/cloudskiff/driftctl/test"
-)
-
-func TestIamUserPolicySupplier_Resources(t *testing.T) {
-
-	cases := []struct {
-		test    string
-		dirName string
-		mocks   func(repo *repository.MockIAMRepository)
-		err     error
-	}{
-		{
-			test:    "no iam user policy",
-			dirName: "iam_user_policy_empty",
-			mocks: func(repo *repository.MockIAMRepository) {
-				users := []*iam.User{
-					{
-						UserName: aws.String("loadbalancer"),
-					},
-				}
-				repo.On("ListAllUsers").Return(users, nil)
-				repo.On("ListAllUserPolicies", users).Return([]string{}, nil)
-			},
-			err: nil,
-		},
-		{
-			test:    "iam multiples users multiple policies",
-			dirName: "iam_user_policy_multiple",
-			mocks: func(repo *repository.MockIAMRepository) {
-				users := []*iam.User{
-					{
-						UserName: aws.String("loadbalancer"),
-					},
-					{
-						UserName: aws.String("loadbalancer2"),
-					},
-					{
-						UserName: aws.String("loadbalancer3"),
-					},
-				}
-				repo.On("ListAllUsers").Return(users, nil)
-				repo.On("ListAllUserPolicies", users).Once().Return([]string{
-					*aws.String("loadbalancer:test"),
-					*aws.String("loadbalancer:test2"),
-					*aws.String("loadbalancer:test3"),
-					*aws.String("loadbalancer:test4"),
-					*aws.String("loadbalancer2:test2"),
-					*aws.String("loadbalancer2:test22"),
-					*aws.String("loadbalancer2:test23"),
-					*aws.String("loadbalancer2:test24"),
-					*aws.String("loadbalancer3:test3"),
-					*aws.String("loadbalancer3:test32"),
-					*aws.String("loadbalancer3:test33"),
-					*aws.String("loadbalancer3:test34"),
-				}, nil)
-			},
-			err: nil,
-		},
-		{
-			test:    "cannot list user",
-			dirName: "iam_user_policy_empty",
-			mocks: func(repo *repository.MockIAMRepository) {
-				repo.On("ListAllUsers").Return(nil, awserr.NewRequestFailure(nil, 403, ""))
-			},
-			err: remoteerror.NewResourceEnumerationErrorWithType(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsIamUserPolicyResourceType, resourceaws.AwsIamUserResourceType),
-		},
-		{
-			test:    "cannot list user policy",
-			dirName: "iam_user_policy_empty",
-			mocks: func(repo *repository.MockIAMRepository) {
-				repo.On("ListAllUsers").Once().Return([]*iam.User{}, nil)
-				repo.On("ListAllUserPolicies", mock.Anything).Return(nil, awserr.NewRequestFailure(nil, 403, ""))
-			},
-			err: remoteerror.NewResourceEnumerationError(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsIamUserPolicyResourceType),
-		},
-	}
-	for _, c := range cases {
-		shouldUpdate := c.dirName == *goldenfile.Update
-
-		providerLibrary := terraform.NewProviderLibrary()
-		supplierLibrary := resource.NewSupplierLibrary()
-
-		repo := testresource.InitFakeSchemaRepository("aws", "3.19.0")
-		resourceaws.InitResourcesMetadata(repo)
-		factory := terraform.NewTerraformResourceFactory(repo)
-
-		deserializer := resource.NewDeserializer(factory)
-		if shouldUpdate {
-			provider, err := InitTestAwsProvider(providerLibrary)
-			if err != nil {
-				t.Fatal(err)
-			}
-			supplierLibrary.AddSupplier(NewIamUserPolicySupplier(provider, deserializer, repository.NewIAMRepository(provider.session, cache.New(0))))
-		}
-
-		t.Run(c.test, func(tt *testing.T) {
-			fakeIam := repository.MockIAMRepository{}
-			c.mocks(&fakeIam)
-
-			provider := mocks.NewMockedGoldenTFProvider(c.dirName, providerLibrary.Provider(terraform.AWS), shouldUpdate)
-			s := &IamUserPolicySupplier{
-				provider,
-				deserializer,
-				&fakeIam,
-				terraform.NewParallelResourceReader(parallel.NewParallelRunner(context.TODO(), 10)),
-			}
-			got, err := s.Resources()
-			assert.Equal(tt, c.err, err)
-
-			mock.AssertExpectationsForObjects(tt)
-			test.CtyTestDiff(got, c.dirName, provider, deserializer, shouldUpdate, t)
-		})
-	}
-}

pkg/remote/aws/init.go

@@ -155,15 +155,18 @@ func Init(version string, alerter *alerter.Alerter,
 
 	remoteLibrary.AddEnumerator(NewIamUserEnumerator(iamRepository, factory))
 	remoteLibrary.AddDetailsFetcher(aws.AwsIamUserResourceType, common.NewGenericDetailsFetcher(aws.AwsIamUserResourceType, provider, deserializer))
+	remoteLibrary.AddEnumerator(NewIamUserPolicyEnumerator(iamRepository, factory))
+	remoteLibrary.AddDetailsFetcher(aws.AwsIamUserPolicyResourceType, common.NewGenericDetailsFetcher(aws.AwsIamUserPolicyResourceType, provider, deserializer))
+
+	remoteLibrary.AddEnumerator(NewECRRepositoryEnumerator(ecrRepository, factory))
+	remoteLibrary.AddDetailsFetcher(aws.AwsEcrRepositoryResourceType, common.NewGenericDetailsFetcher(aws.AwsEcrRepositoryResourceType, provider, deserializer))
 
-	supplierLibrary.AddSupplier(NewIamUserPolicySupplier(provider, deserializer, iamRepository))
 	supplierLibrary.AddSupplier(NewIamUserPolicyAttachmentSupplier(provider, deserializer, iamRepository))
 	supplierLibrary.AddSupplier(NewIamAccessKeySupplier(provider, deserializer, iamRepository))
 	supplierLibrary.AddSupplier(NewIamRoleSupplier(provider, deserializer, iamRepository))
 	supplierLibrary.AddSupplier(NewIamRolePolicySupplier(provider, deserializer, iamRepository))
 	supplierLibrary.AddSupplier(NewIamRolePolicyAttachmentSupplier(provider, deserializer, iamRepository))
 	supplierLibrary.AddSupplier(NewVPCSecurityGroupRuleSupplier(provider, deserializer, ec2repository))
-	supplierLibrary.AddSupplier(NewECRRepositorySupplier(provider, deserializer, ecrRepository))
 
 	err = resourceSchemaRepository.Init(version, provider.Schema())
 	if err != nil {

pkg/remote/ecr_scanner_test.go

@@ -0,0 +1,115 @@
+package remote
+
+import (
+	"testing"
+
+	awssdk "github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/ecr"
+	"github.com/cloudskiff/driftctl/mocks"
+	"github.com/cloudskiff/driftctl/pkg/remote/aws"
+	"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
+	"github.com/cloudskiff/driftctl/pkg/remote/cache"
+	"github.com/cloudskiff/driftctl/pkg/remote/common"
+	"github.com/cloudskiff/driftctl/pkg/resource"
+	resourceaws "github.com/cloudskiff/driftctl/pkg/resource/aws"
+	"github.com/cloudskiff/driftctl/pkg/terraform"
+	"github.com/cloudskiff/driftctl/test"
+	"github.com/cloudskiff/driftctl/test/goldenfile"
+	testresource "github.com/cloudskiff/driftctl/test/resource"
+	terraform2 "github.com/cloudskiff/driftctl/test/terraform"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/mock"
+)
+
+func TestECRRepository(t *testing.T) {
+	tests := []struct {
+		test    string
+		dirName string
+		mocks   func(repository *repository.MockECRRepository)
+		err     error
+	}{
+		{
+			test:    "no repository",
+			dirName: "aws_ecr_repository_empty",
+			mocks: func(client *repository.MockECRRepository) {
+				client.On("ListAllRepositories").Return([]*ecr.Repository{}, nil)
+			},
+			err: nil,
+		},
+		{
+			test:    "multiple repositories",
+			dirName: "aws_ecr_repository_multiple",
+			mocks: func(client *repository.MockECRRepository) {
+				client.On("ListAllRepositories").Return([]*ecr.Repository{
+					{RepositoryName: awssdk.String("test_ecr")},
+					{RepositoryName: awssdk.String("bar")},
+				}, nil)
+			},
+			err: nil,
+		},
+		{
+			test:    "cannot list repository",
+			dirName: "aws_ecr_repository_empty",
+			mocks: func(client *repository.MockECRRepository) {
+				client.On("ListAllRepositories").Return(nil, awserr.NewRequestFailure(nil, 403, ""))
+			},
+			err: nil,
+		},
+	}
+
+	schemaRepository := testresource.InitFakeSchemaRepository("aws", "3.19.0")
+	resourceaws.InitResourcesMetadata(schemaRepository)
+	factory := terraform.NewTerraformResourceFactory(schemaRepository)
+	deserializer := resource.NewDeserializer(factory)
+
+	for _, c := range tests {
+		t.Run(c.test, func(tt *testing.T) {
+			shouldUpdate := c.dirName == *goldenfile.Update
+
+			sess := session.Must(session.NewSessionWithOptions(session.Options{
+				SharedConfigState: session.SharedConfigEnable,
+			}))
+
+			scanOptions := ScannerOptions{Deep: true}
+			providerLibrary := terraform.NewProviderLibrary()
+			remoteLibrary := common.NewRemoteLibrary()
+
+			// Initialize mocks
+			alerter := &mocks.AlerterInterface{}
+			alerter.On("SendAlert", mock.Anything, mock.Anything).Maybe().Return()
+			fakeRepo := &repository.MockECRRepository{}
+			c.mocks(fakeRepo)
+			var repo repository.ECRRepository = fakeRepo
+			providerVersion := "3.19.0"
+			realProvider, err := terraform2.InitTestAwsProvider(providerLibrary, providerVersion)
+			if err != nil {
+				t.Fatal(err)
+			}
+			provider := terraform2.NewFakeTerraformProvider(realProvider)
+			provider.WithResponse(c.dirName)
+
+			// Replace mock by real resources if we are in update mode
+			if shouldUpdate {
+				err := realProvider.Init()
+				if err != nil {
+					t.Fatal(err)
+				}
+				provider.ShouldUpdate()
+				repo = repository.NewECRRepository(sess, cache.New(0))
+			}
+
+			remoteLibrary.AddEnumerator(aws.NewECRRepositoryEnumerator(repo, factory))
+			remoteLibrary.AddDetailsFetcher(resourceaws.AwsEcrRepositoryResourceType, common.NewGenericDetailsFetcher(resourceaws.AwsEcrRepositoryResourceType, provider, deserializer))
+
+			s := NewScanner(nil, remoteLibrary, alerter, scanOptions)
+			got, err := s.Resources()
+			assert.Equal(tt, err, c.err)
+			if err != nil {
+				return
+			}
+			test.TestAgainstGoldenFile(got, resourceaws.AwsEcrRepositoryResourceType, c.dirName, provider, deserializer, shouldUpdate, tt)
+		})
+	}
+}

pkg/remote/iam_scanner_test.go

@@ -121,6 +121,134 @@ func TestIamUser(t *testing.T) {
 	}
 }
 
+func TestIamUserPolicy(t *testing.T) {
+
+	cases := []struct {
+		test    string
+		dirName string
+		mocks   func(repo *repository.MockIAMRepository)
+		wantErr error
+	}{
+		{
+			test:    "no iam user policy",
+			dirName: "iam_user_policy_empty",
+			mocks: func(repo *repository.MockIAMRepository) {
+				users := []*iam.User{
+					{
+						UserName: aws.String("loadbalancer"),
+					},
+				}
+				repo.On("ListAllUsers").Return(users, nil)
+				repo.On("ListAllUserPolicies", users).Return([]string{}, nil)
+			},
+			wantErr: nil,
+		},
+		{
+			test:    "iam multiples users multiple policies",
+			dirName: "iam_user_policy_multiple",
+			mocks: func(repo *repository.MockIAMRepository) {
+				users := []*iam.User{
+					{
+						UserName: aws.String("loadbalancer"),
+					},
+					{
+						UserName: aws.String("loadbalancer2"),
+					},
+					{
+						UserName: aws.String("loadbalancer3"),
+					},
+				}
+				repo.On("ListAllUsers").Return(users, nil)
+				repo.On("ListAllUserPolicies", users).Once().Return([]string{
+					*aws.String("loadbalancer:test"),
+					*aws.String("loadbalancer:test2"),
+					*aws.String("loadbalancer:test3"),
+					*aws.String("loadbalancer:test4"),
+					*aws.String("loadbalancer2:test2"),
+					*aws.String("loadbalancer2:test22"),
+					*aws.String("loadbalancer2:test23"),
+					*aws.String("loadbalancer2:test24"),
+					*aws.String("loadbalancer3:test3"),
+					*aws.String("loadbalancer3:test32"),
+					*aws.String("loadbalancer3:test33"),
+					*aws.String("loadbalancer3:test34"),
+				}, nil)
+			},
+			wantErr: nil,
+		},
+		{
+			test:    "cannot list user",
+			dirName: "iam_user_policy_empty",
+			mocks: func(repo *repository.MockIAMRepository) {
+				repo.On("ListAllUsers").Return(nil, awserr.NewRequestFailure(nil, 403, ""))
+			},
+			wantErr: nil,
+		},
+		{
+			test:    "cannot list user policy",
+			dirName: "iam_user_policy_empty",
+			mocks: func(repo *repository.MockIAMRepository) {
+				repo.On("ListAllUsers").Once().Return([]*iam.User{}, nil)
+				repo.On("ListAllUserPolicies", mock.Anything).Return(nil, awserr.NewRequestFailure(nil, 403, ""))
+			},
+			wantErr: nil,
+		},
+	}
+	schemaRepository := testresource.InitFakeSchemaRepository("aws", "3.19.0")
+	resourceaws.InitResourcesMetadata(schemaRepository)
+	factory := terraform.NewTerraformResourceFactory(schemaRepository)
+	deserializer := resource.NewDeserializer(factory)
+
+	for _, c := range cases {
+		t.Run(c.test, func(tt *testing.T) {
+			shouldUpdate := c.dirName == *goldenfile.Update
+
+			sess := session.Must(session.NewSessionWithOptions(session.Options{
+				SharedConfigState: session.SharedConfigEnable,
+			}))
+
+			scanOptions := ScannerOptions{Deep: true}
+			providerLibrary := terraform.NewProviderLibrary()
+			remoteLibrary := common.NewRemoteLibrary()
+
+			// Initialize mocks
+			alerter := &mocks.AlerterInterface{}
+			alerter.On("SendAlert", mock.Anything, mock.Anything).Maybe().Return()
+			fakeRepo := &repository.MockIAMRepository{}
+			c.mocks(fakeRepo)
+			var repo repository.IAMRepository = fakeRepo
+			providerVersion := "3.19.0"
+			realProvider, err := terraform2.InitTestAwsProvider(providerLibrary, providerVersion)
+			if err != nil {
+				t.Fatal(err)
+			}
+			provider := terraform2.NewFakeTerraformProvider(realProvider)
+			provider.WithResponse(c.dirName)
+
+			// Replace mock by real resources if we are in update mode
+			if shouldUpdate {
+				err := realProvider.Init()
+				if err != nil {
+					t.Fatal(err)
+				}
+				provider.ShouldUpdate()
+				repo = repository.NewIAMRepository(sess, cache.New(0))
+			}
+
+			remoteLibrary.AddEnumerator(remoteaws.NewIamUserPolicyEnumerator(repo, factory))
+			remoteLibrary.AddDetailsFetcher(resourceaws.AwsIamUserPolicyResourceType, common.NewGenericDetailsFetcher(resourceaws.AwsIamUserPolicyResourceType, provider, deserializer))
+
+			s := NewScanner(nil, remoteLibrary, alerter, scanOptions)
+			got, err := s.Resources()
+			assert.Equal(tt, err, c.wantErr)
+			if err != nil {
+				return
+			}
+			test.TestAgainstGoldenFile(got, resourceaws.AwsIamUserPolicyResourceType, c.dirName, provider, deserializer, shouldUpdate, tt)
+		})
+	}
+}
+
 func TestIamPolicy(t *testing.T) {
 
 	cases := []struct {