From 0ab785d0f21e1ba011cf64aa13bc45ea4873e5db Mon Sep 17 00:00:00 2001
From: Andrew Harding <andrew.harding@hpe.com>
Date: Thu, 27 Aug 2020 10:48:08 -0600
Subject: [PATCH 1/2] Update v2 to beta

Signed-off-by: Andrew Harding <andrew.harding@hpe.com>
---
 README.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 1768b973..be26af10 100644
--- a/README.md
+++ b/README.md
@@ -1,16 +1,16 @@
-# go-spiffe (v1) library [![GoDoc](https://godoc.org/github.com/spiffe/go-spiffe?status.svg)](https://godoc.org/github.com/spiffe/go-spiffe)
-
 # Deprecation Warning
 
 __NOTE:__ This version of the library will be deprecated soon.
 
-The new [v2](./v2) module is currently in alpha release and published under
+The [v2](./v2) module is in **beta** and published under
 `github.com/spiffe/go-spiffe/v2`, following go module guidelines.
 
-New code should consider using the `v2` module.
+**New code should strongly consider using the `v2` module.**
 
 See the [v2 README](./v2) for more details.
 
+# go-spiffe (v1) library [![GoDoc](https://godoc.org/github.com/spiffe/go-spiffe?status.svg)](https://godoc.org/github.com/spiffe/go-spiffe)
+
 ## Overview
 
 The go-spiffe project provides two components:

From 31f5b6e4a2d06a72f4cba5549be5f7a7559a2879 Mon Sep 17 00:00:00 2001
From: Kyle Anderson <kylea@netflix.com>
Date: Fri, 19 Jun 2020 09:47:18 -0700
Subject: [PATCH 2/2] Print out the expected peer and domains when encountering
 mismatches

Signed-off-by: Kyle Anderson <kylea@netflix.com>
---
 spiffe/expect.go          | 6 +++---
 spiffe/expect_test.go     | 6 +++---
 spiffe/tls_verify_test.go | 2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/spiffe/expect.go b/spiffe/expect.go
index 8bb5100f..4a33f86e 100644
--- a/spiffe/expect.go
+++ b/spiffe/expect.go
@@ -22,7 +22,7 @@ func ExpectAnyPeer() ExpectPeerFunc {
 func ExpectPeer(expectedID string) ExpectPeerFunc {
 	return func(peerID string, _ [][]*x509.Certificate) error {
 		if peerID != expectedID {
-			return fmt.Errorf("unexpected peer ID %q", peerID)
+			return fmt.Errorf("unexpected peer ID %q: expected %q", peerID, expectedID)
 		}
 		return nil
 	}
@@ -36,7 +36,7 @@ func ExpectPeers(expectedIDs ...string) ExpectPeerFunc {
 	}
 	return func(peerID string, _ [][]*x509.Certificate) error {
 		if _, ok := m[peerID]; !ok {
-			return fmt.Errorf("unexpected peer ID %q", peerID)
+			return fmt.Errorf("unexpected peer ID %q: expected one of %q", peerID, expectedIDs)
 		}
 		return nil
 	}
@@ -47,7 +47,7 @@ func ExpectPeers(expectedIDs ...string) ExpectPeerFunc {
 func ExpectPeerInDomain(expectedDomain string) ExpectPeerFunc {
 	return func(peerID string, _ [][]*x509.Certificate) error {
 		if domain := getPeerTrustDomain(peerID); domain != expectedDomain {
-			return fmt.Errorf("unexpected peer trust domain %q", domain)
+			return fmt.Errorf("unexpected trust domain %q for peer ID %q: expected trust domain %q", domain, peerID, expectedDomain)
 		}
 		return nil
 	}
diff --git a/spiffe/expect_test.go b/spiffe/expect_test.go
index c0ded68f..d44f3c2a 100644
--- a/spiffe/expect_test.go
+++ b/spiffe/expect_test.go
@@ -18,7 +18,7 @@ func TestExpectPeer(t *testing.T) {
 	expect := ExpectPeer("spiffe://domain.test/workload1")
 	assert.NoError(t, expect("spiffe://domain.test/workload1", nil))
 	assert.EqualError(t, expect("spiffe://domain.test/workload2", nil),
-		`unexpected peer ID "spiffe://domain.test/workload2"`)
+		`unexpected peer ID "spiffe://domain.test/workload2": expected "spiffe://domain.test/workload1"`)
 }
 
 func TestExpectPeers(t *testing.T) {
@@ -26,12 +26,12 @@ func TestExpectPeers(t *testing.T) {
 	assert.NoError(t, expect("spiffe://domain.test/workload1", nil))
 	assert.NoError(t, expect("spiffe://domain.test/workload2", nil))
 	assert.EqualError(t, expect("spiffe://domain.test/workload3", nil),
-		`unexpected peer ID "spiffe://domain.test/workload3"`)
+		`unexpected peer ID "spiffe://domain.test/workload3": expected one of ["spiffe://domain.test/workload1" "spiffe://domain.test/workload2"]`)
 }
 
 func TestExpectPeerInDomain(t *testing.T) {
 	expect := ExpectPeerInDomain("domain1.test")
 	assert.NoError(t, expect("spiffe://domain1.test/workload", nil))
 	assert.EqualError(t, expect("spiffe://domain2.test/workload", nil),
-		`unexpected peer trust domain "domain2.test"`)
+		`unexpected trust domain "domain2.test" for peer ID "spiffe://domain2.test/workload": expected trust domain "domain1.test"`)
 }
diff --git a/spiffe/tls_verify_test.go b/spiffe/tls_verify_test.go
index 60d37c6e..92aebc71 100644
--- a/spiffe/tls_verify_test.go
+++ b/spiffe/tls_verify_test.go
@@ -64,7 +64,7 @@ func TestVerifyPeerCertificate(t *testing.T) {
 			chain:  peer1,
 			roots:  roots1,
 			expect: ExpectPeer("spiffe://domain2.test/workload"),
-			err:    `unexpected peer ID "spiffe://domain1.test/workload"`,
+			err:    `unexpected peer ID "spiffe://domain1.test/workload": expected "spiffe://domain2.test/workload"`,
 		},
 		{
 			name:   "bad peer id",