Improve error messages returned by SigningCert

pkg/api/client.go

@@ -21,6 +21,7 @@ import (
 	"encoding/json"
 	"encoding/pem"
 	"errors"
+	"fmt"
 	"io"
 	"net/http"
 	"net/url"
@@ -81,12 +82,12 @@ func (c *client) SigningCert(cr CertificateRequest, token string) (*CertificateR
 
 	b, err := json.Marshal(cr)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("marshal: %w", err)
 	}
 
 	req, err := http.NewRequest(http.MethodPost, endpoint.String(), bytes.NewBuffer(b))
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("request: %w", err)
 	}
 	// Set the authorization header to our OIDC bearer token.
 	req.Header.Set("Authorization", "Bearer "+token)
@@ -95,25 +96,25 @@ func (c *client) SigningCert(cr CertificateRequest, token string) (*CertificateR
 
 	resp, err := c.client.Do(req)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("client: %w", err)
 	}
 	defer resp.Body.Close()
 
 	body, err := io.ReadAll(resp.Body)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("%s read: %w", endpoint.String(), err)
 	}
 
 	// The API should return a 201 Created on success.  If we see anything else,
 	// then turn the response body into an error.
 	if resp.StatusCode != http.StatusCreated {
-		return nil, errors.New(string(body))
+		return nil, fmt.Errorf("%s %s returned %s: %q", http.MethodPost, endpoint.String(), resp.Status, body)
 	}
 
 	// Extract the SCT from the response header.
 	sct, err := base64.StdEncoding.DecodeString(resp.Header.Get("SCT"))
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("decode: %w", err)
 	}
 
 	// Split the cert and the chain