diff --git a/authority/provisioner/sign_ssh_options.go b/authority/provisioner/sign_ssh_options.go index 80ff884e..30293947 100644 --- a/authority/provisioner/sign_ssh_options.go +++ b/authority/provisioner/sign_ssh_options.go @@ -56,7 +56,7 @@ type SignSSHOptions struct { // Validate validates the given SignSSHOptions. func (o SignSSHOptions) Validate() error { if o.CertType != "" && o.CertType != SSHUserCert && o.CertType != SSHHostCert { - return errs.BadRequest("unknown certificate type '%s'", o.CertType) + return errs.BadRequest("certType '%s' is not valid", o.CertType) } for _, p := range o.Principals { if p == "" { @@ -359,7 +359,7 @@ func (v *sshCertValidityValidator) Valid(cert *ssh.Certificate, opts SignSSHOpti case 0: return errs.BadRequest("ssh certificate type has not been set") default: - return errs.BadRequest("unknown ssh certificate type '%d'", cert.CertType) + return errs.BadRequest("ssh certificate has an unknown type '%d'", cert.CertType) } // To not take into account the backdate, time.Now() will be used to diff --git a/authority/provisioner/sign_ssh_options_test.go b/authority/provisioner/sign_ssh_options_test.go index 3a1ff324..b59d6945 100644 --- a/authority/provisioner/sign_ssh_options_test.go +++ b/authority/provisioner/sign_ssh_options_test.go @@ -49,14 +49,14 @@ func TestSSHOptions_Modify(t *testing.T) { return test{ so: SignSSHOptions{CertType: "foo"}, cert: new(ssh.Certificate), - err: errors.Errorf("ssh certificate has an unknown type - foo"), + err: errors.Errorf("ssh certificate has an unknown type 'foo'"), } }, "fail/validAfter-greater-validBefore": func() test { return test{ so: SignSSHOptions{CertType: "user"}, cert: &ssh.Certificate{ValidAfter: uint64(15), ValidBefore: uint64(10)}, - err: errors.Errorf("ssh certificate valid after cannot be greater than valid before"), + err: errors.Errorf("ssh certificate validAfter cannot be greater than validBefore"), } }, "ok/user-cert": func() test { @@ -136,14 +136,14 @@ func TestSSHOptions_Match(t *testing.T) { return test{ so: SignSSHOptions{ValidAfter: NewTimeDuration(time.Now().Add(1 * time.Minute))}, cmp: SignSSHOptions{ValidAfter: NewTimeDuration(time.Now().Add(5 * time.Minute))}, - err: errors.Errorf("ssh certificate valid after does not match"), + err: errors.Errorf("ssh certificate validAfter does not match"), } }, "fail/validBefore": func() test { return test{ so: SignSSHOptions{ValidBefore: NewTimeDuration(time.Now().Add(1 * time.Minute))}, cmp: SignSSHOptions{ValidBefore: NewTimeDuration(time.Now().Add(5 * time.Minute))}, - err: errors.Errorf("ssh certificate valid before does not match"), + err: errors.Errorf("ssh certificate validBefore does not match"), } }, "ok/original-empty": func() test { @@ -394,7 +394,7 @@ func Test_sshDefaultExtensionModifier_Modify(t *testing.T) { return test{ modifier: sshDefaultExtensionModifier{}, cert: cert, - err: errors.New("ssh certificate type has not been set or is invalid"), + err: errors.New("ssh certificate has an unknown type '3'"), } }, "ok/host": func() test { @@ -518,7 +518,7 @@ func Test_sshCertDefaultValidator_Valid(t *testing.T) { "fail/unexpected-cert-type", // UserCert = 1, HostCert = 2 &ssh.Certificate{Nonce: []byte("foo"), Key: sshPub, CertType: 3, Serial: 1}, - errors.New("ssh certificate has an unknown type: 3"), + errors.New("ssh certificate has an unknown type '3'"), }, { "fail/empty-cert-key-id", @@ -725,7 +725,7 @@ func Test_sshCertValidityValidator(t *testing.T) { ValidBefore: uint64(now().Add(10 * time.Minute).Unix()), }, SignSSHOptions{}, - errors.New("unknown ssh certificate type 3"), + errors.New("ssh certificate has an unknown type '3'"), }, { "fail/duration