From a05cd107528915887e9482638940ac90c0fed94a Mon Sep 17 00:00:00 2001
From: Martin Polden <mpolden@mpolden.no>
Date: Tue, 1 Mar 2022 10:07:55 +0100
Subject: Check status code from ZTS

---
 client/go/zts/zts.go      | 3 +++
 client/go/zts/zts_test.go | 5 +++++
 2 files changed, 8 insertions(+)

diff --git a/client/go/zts/zts.go b/client/go/zts/zts.go
index b1a47db8e48..538971ebdd8 100644
--- a/client/go/zts/zts.go
+++ b/client/go/zts/zts.go
@@ -44,6 +44,9 @@ func (c *Client) AccessToken(domain string, certificate tls.Certificate) (string
 	}
 	defer response.Body.Close()
 
+	if response.StatusCode != http.StatusOK {
+		return "", fmt.Errorf("got status %d from %s", response.StatusCode, c.tokenURL.String())
+	}
 	var ztsResponse struct {
 		AccessToken string `json:"access_token"`
 	}
diff --git a/client/go/zts/zts_test.go b/client/go/zts/zts_test.go
index f1bd9c1ba75..0eec085aadb 100644
--- a/client/go/zts/zts_test.go
+++ b/client/go/zts/zts_test.go
@@ -13,6 +13,11 @@ func TestAccessToken(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
+	httpClient.NextResponse(400, `{"message": "bad request"}`)
+	_, err = client.AccessToken("vespa.vespa", tls.Certificate{})
+	if err == nil {
+		t.Fatal("want error for non-ok response status")
+	}
 	httpClient.NextResponse(200, `{"access_token": "foo bar"}`)
 	token, err := client.AccessToken("vespa.vespa", tls.Certificate{})
 	if err != nil {
-- 
cgit v1.2.3