diff --git a/pkg/api/client.go b/pkg/api/client.go index f93e795ed..3ab84f524 100644 --- a/pkg/api/client.go +++ b/pkg/api/client.go @@ -21,6 +21,7 @@ import ( "encoding/json" "encoding/pem" "errors" + "fmt" "io" "net/http" "net/url" @@ -81,12 +82,12 @@ func (c *client) SigningCert(cr CertificateRequest, token string) (*CertificateR b, err := json.Marshal(cr) if err != nil { - return nil, err + return nil, fmt.Errorf("marshal: %w", err) } req, err := http.NewRequest(http.MethodPost, endpoint.String(), bytes.NewBuffer(b)) if err != nil { - return nil, err + return nil, fmt.Errorf("request: %w", err) } // Set the authorization header to our OIDC bearer token. req.Header.Set("Authorization", "Bearer "+token) @@ -95,25 +96,25 @@ func (c *client) SigningCert(cr CertificateRequest, token string) (*CertificateR resp, err := c.client.Do(req) if err != nil { - return nil, err + return nil, fmt.Errorf("client: %w", err) } defer resp.Body.Close() body, err := io.ReadAll(resp.Body) if err != nil { - return nil, err + return nil, fmt.Errorf("%s read: %w", endpoint.String(), err) } // The API should return a 201 Created on success. If we see anything else, // then turn the response body into an error. if resp.StatusCode != http.StatusCreated { - return nil, errors.New(string(body)) + return nil, fmt.Errorf("%s %s returned %s: %q", http.MethodPost, endpoint.String(), resp.Status, body) } // Extract the SCT from the response header. sct, err := base64.StdEncoding.DecodeString(resp.Header.Get("SCT")) if err != nil { - return nil, err + return nil, fmt.Errorf("decode: %w", err) } // Split the cert and the chain