Merge pull request #145 from solarkennedy/print_expected

Print out the expected peer and domains when encountering mismatches
spiffe · Sep 14, 2020 · 13cad8a · 13cad8a
2 parents 94501d5 + 31f5b6e
commit 13cad8a
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 7 deletions.
diff --git a/spiffe/expect.go b/spiffe/expect.go
@@ -22,7 +22,7 @@ func ExpectAnyPeer() ExpectPeerFunc {
 func ExpectPeer(expectedID string) ExpectPeerFunc {
 	return func(peerID string, _ [][]*x509.Certificate) error {
 		if peerID != expectedID {
-			return fmt.Errorf("unexpected peer ID %q", peerID)
+			return fmt.Errorf("unexpected peer ID %q: expected %q", peerID, expectedID)
 		}
 		return nil
 	}
@@ -36,7 +36,7 @@ func ExpectPeers(expectedIDs ...string) ExpectPeerFunc {
 	}
 	return func(peerID string, _ [][]*x509.Certificate) error {
 		if _, ok := m[peerID]; !ok {
-			return fmt.Errorf("unexpected peer ID %q", peerID)
+			return fmt.Errorf("unexpected peer ID %q: expected one of %q", peerID, expectedIDs)
 		}
 		return nil
 	}
@@ -47,7 +47,7 @@ func ExpectPeers(expectedIDs ...string) ExpectPeerFunc {
 func ExpectPeerInDomain(expectedDomain string) ExpectPeerFunc {
 	return func(peerID string, _ [][]*x509.Certificate) error {
 		if domain := getPeerTrustDomain(peerID); domain != expectedDomain {
-			return fmt.Errorf("unexpected peer trust domain %q", domain)
+			return fmt.Errorf("unexpected trust domain %q for peer ID %q: expected trust domain %q", domain, peerID, expectedDomain)
 		}
 		return nil
 	}

diff --git a/spiffe/expect_test.go b/spiffe/expect_test.go
@@ -18,20 +18,20 @@ func TestExpectPeer(t *testing.T) {
 	expect := ExpectPeer("spiffe://domain.test/workload1")
 	assert.NoError(t, expect("spiffe://domain.test/workload1", nil))
 	assert.EqualError(t, expect("spiffe://domain.test/workload2", nil),
-		`unexpected peer ID "spiffe://domain.test/workload2"`)
+		`unexpected peer ID "spiffe://domain.test/workload2": expected "spiffe://domain.test/workload1"`)
 }
 
 func TestExpectPeers(t *testing.T) {
 	expect := ExpectPeers("spiffe://domain.test/workload1", "spiffe://domain.test/workload2")
 	assert.NoError(t, expect("spiffe://domain.test/workload1", nil))
 	assert.NoError(t, expect("spiffe://domain.test/workload2", nil))
 	assert.EqualError(t, expect("spiffe://domain.test/workload3", nil),
-		`unexpected peer ID "spiffe://domain.test/workload3"`)
+		`unexpected peer ID "spiffe://domain.test/workload3": expected one of ["spiffe://domain.test/workload1" "spiffe://domain.test/workload2"]`)
 }
 
 func TestExpectPeerInDomain(t *testing.T) {
 	expect := ExpectPeerInDomain("domain1.test")
 	assert.NoError(t, expect("spiffe://domain1.test/workload", nil))
 	assert.EqualError(t, expect("spiffe://domain2.test/workload", nil),
-		`unexpected peer trust domain "domain2.test"`)
+		`unexpected trust domain "domain2.test" for peer ID "spiffe://domain2.test/workload": expected trust domain "domain1.test"`)
 }
diff --git a/spiffe/tls_verify_test.go b/spiffe/tls_verify_test.go
@@ -64,7 +64,7 @@ func TestVerifyPeerCertificate(t *testing.T) {
 			chain:  peer1,
 			roots:  roots1,
 			expect: ExpectPeer("spiffe://domain2.test/workload"),
-			err:    `unexpected peer ID "spiffe://domain1.test/workload"`,
+			err:    `unexpected peer ID "spiffe://domain1.test/workload": expected "spiffe://domain2.test/workload"`,
 		},
 		{
 			name:   "bad peer id",