wrap http client errors with %w

google/default.go

@@ -124,7 +124,7 @@ func FindDefaultCredentialsWithParams(ctx context.Context, params CredentialsPar
 	if filename := os.Getenv(envVar); filename != "" {
 		creds, err := readCredentialsFile(ctx, filename, params)
 		if err != nil {
-			return nil, fmt.Errorf("google: error getting credentials using %v environment variable: %v", envVar, err)
+			return nil, fmt.Errorf("google: error getting credentials using %v environment variable: %w", envVar, err)
 		}
 		return creds, nil
 	}
@@ -134,7 +134,7 @@ func FindDefaultCredentialsWithParams(ctx context.Context, params CredentialsPar
 	if creds, err := readCredentialsFile(ctx, filename, params); err == nil {
 		return creds, nil
 	} else if !os.IsNotExist(err) {
-		return nil, fmt.Errorf("google: error getting credentials using well-known file (%v): %v", filename, err)
+		return nil, fmt.Errorf("google: error getting credentials using well-known file (%v): %w", filename, err)
 	}
 
 	// Third, if we're on a Google App Engine standard first generation runtime (<= Go 1.9)

google/downscope/downscoping.go

@@ -155,12 +155,12 @@ func (dts downscopingTokenSource) Token() (*oauth2.Token, error) {
 
 	tok, err := dts.config.RootSource.Token()
 	if err != nil {
-		return nil, fmt.Errorf("downscope: unable to obtain root token: %v", err)
+		return nil, fmt.Errorf("downscope: unable to obtain root token: %w", err)
 	}
 
 	b, err := json.Marshal(downscopedOptions)
 	if err != nil {
-		return nil, fmt.Errorf("downscope: unable to marshal AccessBoundary payload %v", err)
+		return nil, fmt.Errorf("downscope: unable to marshal AccessBoundary payload %w", err)
 	}
 
 	form := url.Values{}
@@ -173,12 +173,12 @@ func (dts downscopingTokenSource) Token() (*oauth2.Token, error) {
 	myClient := oauth2.NewClient(dts.ctx, nil)
 	resp, err := myClient.PostForm(identityBindingEndpoint, form)
 	if err != nil {
-		return nil, fmt.Errorf("unable to generate POST Request %v", err)
+		return nil, fmt.Errorf("unable to generate POST Request %w", err)
 	}
 	defer resp.Body.Close()
 	respBody, err := ioutil.ReadAll(resp.Body)
 	if err != nil {
-		return nil, fmt.Errorf("downscope: unable to read response body: %v", err)
+		return nil, fmt.Errorf("downscope: unable to read response body: %w", err)
 	}
 	if resp.StatusCode != http.StatusOK {
 		return nil, fmt.Errorf("downscope: unable to exchange token; %v. Server responded: %s", resp.StatusCode, respBody)
@@ -188,7 +188,7 @@ func (dts downscopingTokenSource) Token() (*oauth2.Token, error) {
 
 	err = json.Unmarshal(respBody, &tresp)
 	if err != nil {
-		return nil, fmt.Errorf("downscope: unable to unmarshal response body: %v", err)
+		return nil, fmt.Errorf("downscope: unable to unmarshal response body: %w", err)
 	}
 
 	// an exchanged token that is derived from a service account (2LO) has an expired_in value

google/google.go

@@ -264,7 +264,7 @@ func (cs computeSource) Token() (*oauth2.Token, error) {
 	}
 	err = json.NewDecoder(strings.NewReader(tokenJSON)).Decode(&res)
 	if err != nil {
-		return nil, fmt.Errorf("oauth2/google: invalid token JSON from metadata: %v", err)
+		return nil, fmt.Errorf("oauth2/google: invalid token JSON from metadata: %w", err)
 	}
 	if res.ExpiresInSec == 0 || res.AccessToken == "" {
 		return nil, fmt.Errorf("oauth2/google: incomplete token received from metadata")

google/internal/externalaccount/executablecredsource.go

@@ -71,7 +71,7 @@ func exitCodeError(exitCode int) error {
 }
 
 func executableError(err error) error {
-	return fmt.Errorf("oauth2/google: executable command failed: %v", err)
+	return fmt.Errorf("oauth2/google: executable command failed: %w", err)
 }
 
 func executablesDisallowedError() error {

google/internal/externalaccount/filecredsource.go

@@ -27,15 +27,15 @@ func (cs fileCredentialSource) subjectToken() (string, error) {
 	defer tokenFile.Close()
 	tokenBytes, err := ioutil.ReadAll(io.LimitReader(tokenFile, 1<<20))
 	if err != nil {
-		return "", fmt.Errorf("oauth2/google: failed to read credential file: %v", err)
+		return "", fmt.Errorf("oauth2/google: failed to read credential file: %w", err)
 	}
 	tokenBytes = bytes.TrimSpace(tokenBytes)
 	switch cs.Format.Type {
 	case "json":
 		jsonData := make(map[string]interface{})
 		err = json.Unmarshal(tokenBytes, &jsonData)
 		if err != nil {
-			return "", fmt.Errorf("oauth2/google: failed to unmarshal subject token file: %v", err)
+			return "", fmt.Errorf("oauth2/google: failed to unmarshal subject token file: %w", err)
 		}
 		val, ok := jsonData[cs.Format.SubjectTokenFieldName]
 		if !ok {

google/internal/externalaccount/impersonate.go

@@ -66,36 +66,36 @@ func (its ImpersonateTokenSource) Token() (*oauth2.Token, error) {
 	}
 	b, err := json.Marshal(reqBody)
 	if err != nil {
-		return nil, fmt.Errorf("oauth2/google: unable to marshal request: %v", err)
+		return nil, fmt.Errorf("oauth2/google: unable to marshal request: %w", err)
 	}
 	client := oauth2.NewClient(its.Ctx, its.Ts)
 	req, err := http.NewRequest("POST", its.URL, bytes.NewReader(b))
 	if err != nil {
-		return nil, fmt.Errorf("oauth2/google: unable to create impersonation request: %v", err)
+		return nil, fmt.Errorf("oauth2/google: unable to create impersonation request: %w", err)
 	}
 	req = req.WithContext(its.Ctx)
 	req.Header.Set("Content-Type", "application/json")
 
 	resp, err := client.Do(req)
 	if err != nil {
-		return nil, fmt.Errorf("oauth2/google: unable to generate access token: %v", err)
+		return nil, fmt.Errorf("oauth2/google: unable to generate access token: %w", err)
 	}
 	defer resp.Body.Close()
 	body, err := ioutil.ReadAll(io.LimitReader(resp.Body, 1<<20))
 	if err != nil {
-		return nil, fmt.Errorf("oauth2/google: unable to read body: %v", err)
+		return nil, fmt.Errorf("oauth2/google: unable to read body: %w", err)
 	}
 	if c := resp.StatusCode; c < 200 || c > 299 {
 		return nil, fmt.Errorf("oauth2/google: status code %d: %s", c, body)
 	}
 
 	var accessTokenResp impersonateTokenResponse
 	if err := json.Unmarshal(body, &accessTokenResp); err != nil {
-		return nil, fmt.Errorf("oauth2/google: unable to parse response: %v", err)
+		return nil, fmt.Errorf("oauth2/google: unable to parse response: %w", err)
 	}
 	expiry, err := time.Parse(time.RFC3339, accessTokenResp.ExpireTime)
 	if err != nil {
-		return nil, fmt.Errorf("oauth2/google: unable to parse expiry: %v", err)
+		return nil, fmt.Errorf("oauth2/google: unable to parse expiry: %w", err)
 	}
 	return &oauth2.Token{
 		AccessToken: accessTokenResp.AccessToken,

google/internal/externalaccount/sts_exchange.go

@@ -36,7 +36,7 @@ func exchangeToken(ctx context.Context, endpoint string, request *stsTokenExchan
 	if options != nil {
 		opts, err := json.Marshal(options)
 		if err != nil {
-			return nil, fmt.Errorf("oauth2/google: failed to marshal additional options: %v", err)
+			return nil, fmt.Errorf("oauth2/google: failed to marshal additional options: %w", err)
 		}
 		data.Set("options", string(opts))
 	}
@@ -46,7 +46,7 @@ func exchangeToken(ctx context.Context, endpoint string, request *stsTokenExchan
 
 	req, err := http.NewRequest("POST", endpoint, strings.NewReader(encodedData))
 	if err != nil {
-		return nil, fmt.Errorf("oauth2/google: failed to properly build http request: %v", err)
+		return nil, fmt.Errorf("oauth2/google: failed to properly build http request: %w", err)
 
 	}
 	req = req.WithContext(ctx)
@@ -60,7 +60,7 @@ func exchangeToken(ctx context.Context, endpoint string, request *stsTokenExchan
 	resp, err := client.Do(req)
 
 	if err != nil {
-		return nil, fmt.Errorf("oauth2/google: invalid response from Secure Token Server: %v", err)
+		return nil, fmt.Errorf("oauth2/google: invalid response from Secure Token Server: %w", err)
 	}
 	defer resp.Body.Close()
 
@@ -74,7 +74,7 @@ func exchangeToken(ctx context.Context, endpoint string, request *stsTokenExchan
 	var stsResp stsTokenExchangeResponse
 	err = json.Unmarshal(body, &stsResp)
 	if err != nil {
-		return nil, fmt.Errorf("oauth2/google: failed to unmarshal response body from Secure Token Server: %v", err)
+		return nil, fmt.Errorf("oauth2/google: failed to unmarshal response body from Secure Token Server: %w", err)
 
 	}
 

google/internal/externalaccount/urlcredsource.go

@@ -27,7 +27,7 @@ func (cs urlCredentialSource) subjectToken() (string, error) {
 	client := oauth2.NewClient(cs.ctx, nil)
 	req, err := http.NewRequest("GET", cs.URL, nil)
 	if err != nil {
-		return "", fmt.Errorf("oauth2/google: HTTP request for URL-sourced credential failed: %v", err)
+		return "", fmt.Errorf("oauth2/google: HTTP request for URL-sourced credential failed: %w", err)
 	}
 	req = req.WithContext(cs.ctx)
 
@@ -36,13 +36,13 @@ func (cs urlCredentialSource) subjectToken() (string, error) {
 	}
 	resp, err := client.Do(req)
 	if err != nil {
-		return "", fmt.Errorf("oauth2/google: invalid response when retrieving subject token: %v", err)
+		return "", fmt.Errorf("oauth2/google: invalid response when retrieving subject token: %w", err)
 	}
 	defer resp.Body.Close()
 
 	respBody, err := ioutil.ReadAll(io.LimitReader(resp.Body, 1<<20))
 	if err != nil {
-		return "", fmt.Errorf("oauth2/google: invalid body in subject token URL query: %v", err)
+		return "", fmt.Errorf("oauth2/google: invalid body in subject token URL query: %w", err)
 	}
 	if c := resp.StatusCode; c < 200 || c > 299 {
 		return "", fmt.Errorf("oauth2/google: status code %d: %s", c, respBody)
@@ -53,7 +53,7 @@ func (cs urlCredentialSource) subjectToken() (string, error) {
 		jsonData := make(map[string]interface{})
 		err = json.Unmarshal(respBody, &jsonData)
 		if err != nil {
-			return "", fmt.Errorf("oauth2/google: failed to unmarshal subject token file: %v", err)
+			return "", fmt.Errorf("oauth2/google: failed to unmarshal subject token file: %w", err)
 		}
 		val, ok := jsonData[cs.Format.SubjectTokenFieldName]
 		if !ok {

google/jwt.go

@@ -49,11 +49,11 @@ func newJWTSource(jsonKey []byte, audience string, scopes []string) (oauth2.Toke
 
 	cfg, err := JWTConfigFromJSON(jsonKey)
 	if err != nil {
-		return nil, fmt.Errorf("google: could not parse JSON key: %v", err)
+		return nil, fmt.Errorf("google: could not parse JSON key: %w", err)
 	}
 	pk, err := internal.ParseKey(cfg.PrivateKey)
 	if err != nil {
-		return nil, fmt.Errorf("google: could not parse key: %v", err)
+		return nil, fmt.Errorf("google: could not parse key: %w", err)
 	}
 	ts := &jwtAccessTokenSource{
 		email:    cfg.Email,
@@ -96,7 +96,7 @@ func (ts *jwtAccessTokenSource) Token() (*oauth2.Token, error) {
 	}
 	msg, err := jws.Encode(hdr, cs, ts.pk)
 	if err != nil {
-		return nil, fmt.Errorf("google: could not encode JWT: %v", err)
+		return nil, fmt.Errorf("google: could not encode JWT: %w", err)
 	}
 	return &oauth2.Token{AccessToken: msg, TokenType: "Bearer", Expiry: exp}, nil
 }

google/sdk.go

@@ -54,18 +54,18 @@ type SDKConfig struct {
 func NewSDKConfig(account string) (*SDKConfig, error) {
 	configPath, err := sdkConfigPath()
 	if err != nil {
-		return nil, fmt.Errorf("oauth2/google: error getting SDK config path: %v", err)
+		return nil, fmt.Errorf("oauth2/google: error getting SDK config path: %w", err)
 	}
 	credentialsPath := filepath.Join(configPath, "credentials")
 	f, err := os.Open(credentialsPath)
 	if err != nil {
-		return nil, fmt.Errorf("oauth2/google: failed to load SDK credentials: %v", err)
+		return nil, fmt.Errorf("oauth2/google: failed to load SDK credentials: %w", err)
 	}
 	defer f.Close()
 
 	var c sdkCredentials
 	if err := json.NewDecoder(f).Decode(&c); err != nil {
-		return nil, fmt.Errorf("oauth2/google: failed to decode SDK credentials from %q: %v", credentialsPath, err)
+		return nil, fmt.Errorf("oauth2/google: failed to decode SDK credentials from %q: %w", credentialsPath, err)
 	}
 	if len(c.Data) == 0 {
 		return nil, fmt.Errorf("oauth2/google: no credentials found in %q, run `gcloud auth login` to create one", credentialsPath)
@@ -74,12 +74,12 @@ func NewSDKConfig(account string) (*SDKConfig, error) {
 		propertiesPath := filepath.Join(configPath, "properties")
 		f, err := os.Open(propertiesPath)
 		if err != nil {
-			return nil, fmt.Errorf("oauth2/google: failed to load SDK properties: %v", err)
+			return nil, fmt.Errorf("oauth2/google: failed to load SDK properties: %w", err)
 		}
 		defer f.Close()
 		ini, err := parseINI(f)
 		if err != nil {
-			return nil, fmt.Errorf("oauth2/google: failed to parse SDK properties %q: %v", propertiesPath, err)
+			return nil, fmt.Errorf("oauth2/google: failed to parse SDK properties %q: %w", propertiesPath, err)
 		}
 		core, ok := ini["core"]
 		if !ok {
@@ -170,7 +170,7 @@ func parseINI(ini io.Reader) (map[string]map[string]string, error) {
 		}
 	}
 	if err := scanner.Err(); err != nil {
-		return nil, fmt.Errorf("error scanning ini: %v", err)
+		return nil, fmt.Errorf("error scanning ini: %w", err)
 	}
 	return result, nil
 }

internal/oauth2.go

@@ -26,7 +26,7 @@ func ParseKey(key []byte) (*rsa.PrivateKey, error) {
 	if err != nil {
 		parsedKey, err = x509.ParsePKCS1PrivateKey(key)
 		if err != nil {
-			return nil, fmt.Errorf("private key should be a PEM or plain PKCS1 or PKCS8; parse error: %v", err)
+			return nil, fmt.Errorf("private key should be a PEM or plain PKCS1 or PKCS8; parse error: %w", err)
 		}
 	}
 	parsed, ok := parsedKey.(*rsa.PrivateKey)

internal/token.go

@@ -234,7 +234,7 @@ func doTokenRoundTrip(ctx context.Context, req *http.Request) (*Token, error) {
 	body, err := ioutil.ReadAll(io.LimitReader(r.Body, 1<<20))
 	r.Body.Close()
 	if err != nil {
-		return nil, fmt.Errorf("oauth2: cannot fetch token: %v", err)
+		return nil, fmt.Errorf("oauth2: cannot fetch token: %w", err)
 	}
 	if code := r.StatusCode; code < 200 || code > 299 {
 		return nil, &RetrieveError{

jira/jira.go

@@ -111,12 +111,12 @@ func (js jwtSource) Token() (*oauth2.Token, error) {
 	hc := oauth2.NewClient(js.ctx, nil)
 	resp, err := hc.PostForm(js.conf.Endpoint.TokenURL, v)
 	if err != nil {
-		return nil, fmt.Errorf("oauth2: cannot fetch token: %v", err)
+		return nil, fmt.Errorf("oauth2: cannot fetch token: %w", err)
 	}
 	defer resp.Body.Close()
 	body, err := ioutil.ReadAll(io.LimitReader(resp.Body, 1<<20))
 	if err != nil {
-		return nil, fmt.Errorf("oauth2: cannot fetch token: %v", err)
+		return nil, fmt.Errorf("oauth2: cannot fetch token: %w", err)
 	}
 	if c := resp.StatusCode; c < 200 || c > 299 {
 		return nil, fmt.Errorf("oauth2: cannot fetch token: %v\nResponse: %s", resp.Status, body)
@@ -129,7 +129,7 @@ func (js jwtSource) Token() (*oauth2.Token, error) {
 		ExpiresIn   int64  `json:"expires_in"` // relative seconds from now
 	}
 	if err := json.Unmarshal(body, &tokenRes); err != nil {
-		return nil, fmt.Errorf("oauth2: cannot fetch token: %v", err)
+		return nil, fmt.Errorf("oauth2: cannot fetch token: %w", err)
 	}
 	token := &oauth2.Token{
 		AccessToken: tokenRes.AccessToken,

jwt/jwt.go

@@ -133,12 +133,12 @@ func (js jwtSource) Token() (*oauth2.Token, error) {
 	v.Set("assertion", payload)
 	resp, err := hc.PostForm(js.conf.TokenURL, v)
 	if err != nil {
-		return nil, fmt.Errorf("oauth2: cannot fetch token: %v", err)
+		return nil, fmt.Errorf("oauth2: cannot fetch token: %w", err)
 	}
 	defer resp.Body.Close()
 	body, err := ioutil.ReadAll(io.LimitReader(resp.Body, 1<<20))
 	if err != nil {
-		return nil, fmt.Errorf("oauth2: cannot fetch token: %v", err)
+		return nil, fmt.Errorf("oauth2: cannot fetch token: %w", err)
 	}
 	if c := resp.StatusCode; c < 200 || c > 299 {
 		return nil, &oauth2.RetrieveError{
@@ -154,7 +154,7 @@ func (js jwtSource) Token() (*oauth2.Token, error) {
 		ExpiresIn   int64  `json:"expires_in"` // relative seconds from now
 	}
 	if err := json.Unmarshal(body, &tokenRes); err != nil {
-		return nil, fmt.Errorf("oauth2: cannot fetch token: %v", err)
+		return nil, fmt.Errorf("oauth2: cannot fetch token: %w", err)
 	}
 	token := &oauth2.Token{
 		AccessToken: tokenRes.AccessToken,
@@ -171,7 +171,7 @@ func (js jwtSource) Token() (*oauth2.Token, error) {
 		// decode returned id token to get expiry
 		claimSet, err := jws.Decode(v)
 		if err != nil {
-			return nil, fmt.Errorf("oauth2: error decoding JWT token: %v", err)
+			return nil, fmt.Errorf("oauth2: error decoding JWT token: %w", err)
 		}
 		token.Expiry = time.Unix(claimSet.Exp, 0)
 	}