Include response body in error

2 files changed, 17 insertions, 6 deletions

diff --git a/client/go/internal/cli/auth/zts/zts.go b/client/go/internal/cli/auth/zts/zts.go
index 0f73ea5912d..19ea6e48b0c 100644
--- a/client/go/internal/cli/auth/zts/zts.go
+++ b/client/go/internal/cli/auth/zts/zts.go
@@ -80,18 +80,21 @@ func (c *Client) AccessToken() (Token, error) {
 		return Token{}, err
 	}
 	defer response.Body.Close()
-
+	b, err := io.ReadAll(response.Body)
+	if err != nil {
+		return Token{}, err
+	}
 	if response.StatusCode != http.StatusOK {
-		return Token{}, fmt.Errorf("zts: got status %d from %s", response.StatusCode, c.tokenURL.String())
+		body := string(b)
+		if body == "" {
+			body = "no body"
+		}
+		return Token{}, fmt.Errorf("zts: got status %d (%s) from %s", response.StatusCode, body, c.tokenURL.String())
 	}
 	var ztsResponse struct {
 		AccessToken string `json:"access_token"`
 		ExpirySecs  int    `json:"expires_in"`
 	}
-	b, err := io.ReadAll(response.Body)
-	if err != nil {
-		return Token{}, err
-	}
 	if err := json.Unmarshal(b, &ztsResponse); err != nil {
 		return Token{}, err
 	}
diff --git a/client/go/internal/cli/auth/zts/zts_test.go b/client/go/internal/cli/auth/zts/zts_test.go
index 15c60ed46d7..ad1ed66f460 100644
--- a/client/go/internal/cli/auth/zts/zts_test.go
+++ b/client/go/internal/cli/auth/zts/zts_test.go
@@ -46,6 +46,14 @@ func TestAccessToken(t *testing.T) {
 	}
 	expiresAt = clock.now().Add(30 * time.Minute)
 	assertToken(t, Token{Value: "bar", ExpiresAt: expiresAt}, token)
+
+	// Request body is included in error
+	httpClient.NextResponseString(503, "broken!")
+	_, err = client.AccessToken()
+	want := "zts: got status 503 (broken!) from http://example.com/zts/v1/oauth2/token"
+	if got := err.Error(); got != want {
+		t.Errorf("got err=%q, want %q", got, want)
+	}
 }
 
 func assertToken(t *testing.T, want, got Token) {