diff --git a/README.md b/README.md index 1768b973..be26af10 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,16 @@ -# go-spiffe (v1) library [![GoDoc](https://godoc.org/github.com/spiffe/go-spiffe?status.svg)](https://godoc.org/github.com/spiffe/go-spiffe) - # Deprecation Warning __NOTE:__ This version of the library will be deprecated soon. -The new [v2](./v2) module is currently in alpha release and published under +The [v2](./v2) module is in **beta** and published under `github.com/spiffe/go-spiffe/v2`, following go module guidelines. -New code should consider using the `v2` module. +**New code should strongly consider using the `v2` module.** See the [v2 README](./v2) for more details. +# go-spiffe (v1) library [![GoDoc](https://godoc.org/github.com/spiffe/go-spiffe?status.svg)](https://godoc.org/github.com/spiffe/go-spiffe) + ## Overview The go-spiffe project provides two components: diff --git a/spiffe/expect.go b/spiffe/expect.go index 8bb5100f..4a33f86e 100644 --- a/spiffe/expect.go +++ b/spiffe/expect.go @@ -22,7 +22,7 @@ func ExpectAnyPeer() ExpectPeerFunc { func ExpectPeer(expectedID string) ExpectPeerFunc { return func(peerID string, _ [][]*x509.Certificate) error { if peerID != expectedID { - return fmt.Errorf("unexpected peer ID %q", peerID) + return fmt.Errorf("unexpected peer ID %q: expected %q", peerID, expectedID) } return nil } @@ -36,7 +36,7 @@ func ExpectPeers(expectedIDs ...string) ExpectPeerFunc { } return func(peerID string, _ [][]*x509.Certificate) error { if _, ok := m[peerID]; !ok { - return fmt.Errorf("unexpected peer ID %q", peerID) + return fmt.Errorf("unexpected peer ID %q: expected one of %q", peerID, expectedIDs) } return nil } @@ -47,7 +47,7 @@ func ExpectPeers(expectedIDs ...string) ExpectPeerFunc { func ExpectPeerInDomain(expectedDomain string) ExpectPeerFunc { return func(peerID string, _ [][]*x509.Certificate) error { if domain := getPeerTrustDomain(peerID); domain != expectedDomain { - return fmt.Errorf("unexpected peer trust domain %q", domain) + return fmt.Errorf("unexpected trust domain %q for peer ID %q: expected trust domain %q", domain, peerID, expectedDomain) } return nil } diff --git a/spiffe/expect_test.go b/spiffe/expect_test.go index c0ded68f..d44f3c2a 100644 --- a/spiffe/expect_test.go +++ b/spiffe/expect_test.go @@ -18,7 +18,7 @@ func TestExpectPeer(t *testing.T) { expect := ExpectPeer("spiffe://domain.test/workload1") assert.NoError(t, expect("spiffe://domain.test/workload1", nil)) assert.EqualError(t, expect("spiffe://domain.test/workload2", nil), - `unexpected peer ID "spiffe://domain.test/workload2"`) + `unexpected peer ID "spiffe://domain.test/workload2": expected "spiffe://domain.test/workload1"`) } func TestExpectPeers(t *testing.T) { @@ -26,12 +26,12 @@ func TestExpectPeers(t *testing.T) { assert.NoError(t, expect("spiffe://domain.test/workload1", nil)) assert.NoError(t, expect("spiffe://domain.test/workload2", nil)) assert.EqualError(t, expect("spiffe://domain.test/workload3", nil), - `unexpected peer ID "spiffe://domain.test/workload3"`) + `unexpected peer ID "spiffe://domain.test/workload3": expected one of ["spiffe://domain.test/workload1" "spiffe://domain.test/workload2"]`) } func TestExpectPeerInDomain(t *testing.T) { expect := ExpectPeerInDomain("domain1.test") assert.NoError(t, expect("spiffe://domain1.test/workload", nil)) assert.EqualError(t, expect("spiffe://domain2.test/workload", nil), - `unexpected peer trust domain "domain2.test"`) + `unexpected trust domain "domain2.test" for peer ID "spiffe://domain2.test/workload": expected trust domain "domain1.test"`) } diff --git a/spiffe/tls_verify_test.go b/spiffe/tls_verify_test.go index 60d37c6e..92aebc71 100644 --- a/spiffe/tls_verify_test.go +++ b/spiffe/tls_verify_test.go @@ -64,7 +64,7 @@ func TestVerifyPeerCertificate(t *testing.T) { chain: peer1, roots: roots1, expect: ExpectPeer("spiffe://domain2.test/workload"), - err: `unexpected peer ID "spiffe://domain1.test/workload"`, + err: `unexpected peer ID "spiffe://domain1.test/workload": expected "spiffe://domain2.test/workload"`, }, { name: "bad peer id",