provide more error context and move to closer location

azure.go

@@ -150,7 +150,7 @@ func (p *azureProvider) MSGraphClient() (client.MSGraphClient, error) {
 
 	msGraphAppClient, err := client.NewMSGraphApplicationClient(p.settings.GraphURI, cred)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("failed to create MS graph client: %w", err)
 	}
 
 	return msGraphAppClient, nil
@@ -165,7 +165,7 @@ func (p *azureProvider) ComputeClient(subscriptionID string) (client.ComputeClie
 	clientOptions := p.getClientOptions()
 	client, err := armcompute.NewVirtualMachinesClient(subscriptionID, cred, clientOptions)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("failed to create virtual machines client: %w", err)
 	}
 
 	return client, nil
@@ -180,7 +180,7 @@ func (p *azureProvider) VMSSClient(subscriptionID string) (client.VMSSClient, er
 	clientOptions := p.getClientOptions()
 	client, err := armcompute.NewVirtualMachineScaleSetsClient(subscriptionID, cred, clientOptions)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("failed to create virtual machine scale sets client: %w", err)
 	}
 
 	return client, nil
@@ -195,7 +195,7 @@ func (p *azureProvider) MSIClient(subscriptionID string) (client.MSIClient, erro
 	clientOptions := p.getClientOptions()
 	client, err := armmsi.NewUserAssignedIdentitiesClient(subscriptionID, cred, clientOptions)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("failed to create user assigned identity client: %w", err)
 	}
 
 	return client, nil
@@ -210,7 +210,7 @@ func (p *azureProvider) ProvidersClient(subscriptionID string) (client.Providers
 	clientOptions := p.getClientOptions()
 	client, err := armresources.NewProvidersClient(subscriptionID, cred, clientOptions)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("failed to create providers client: %w", err)
 	}
 
 	return client, nil
@@ -225,7 +225,7 @@ func (p *azureProvider) ResourceClient(subscriptionID string) (client.ResourceCl
 	clientOptions := p.getClientOptions()
 	client, err := armresources.NewClient(subscriptionID, cred, clientOptions)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("failed to create resource client: %w", err)
 	}
 
 	return client, nil
@@ -254,7 +254,7 @@ func (p *azureProvider) getTokenCredential() (azcore.TokenCredential, error) {
 		cred, err := azidentity.NewClientSecretCredential(p.settings.TenantID, p.settings.ClientID,
 			p.settings.ClientSecret, options)
 		if err != nil {
-			return nil, err
+			return nil, fmt.Errorf("failed to create client secret token credential: %w", err)
 		}
 
 		return cred, nil
@@ -266,7 +266,7 @@ func (p *azureProvider) getTokenCredential() (azcore.TokenCredential, error) {
 	}
 	cred, err := azidentity.NewManagedIdentityCredential(options)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("failed to create managed identity token credential: %w", err)
 	}
 
 	return cred, nil

path_login.go

@@ -282,7 +282,7 @@ func (b *azureAuthBackend) verifyResource(ctx context.Context, subscriptionID, r
 	case vmssName != "":
 		client, err := b.provider.VMSSClient(subscriptionID)
 		if err != nil {
-			return fmt.Errorf("unable to create vmss client: %w", err)
+			return err
 		}
 
 		// Omit armcompute.ExpandTypesForGetVMScaleSetsUserData since we do not need that information for purpose of authenticating an instance
@@ -322,7 +322,7 @@ func (b *azureAuthBackend) verifyResource(ctx context.Context, subscriptionID, r
 			// must look up the user-assigned identity using the MSI client
 			msiClient, err := b.provider.MSIClient(msiID.SubscriptionID)
 			if err != nil {
-				return fmt.Errorf("unable to create msi client: %w", err)
+				return fmt.Errorf("failed to create client to retrieve user-assigned identity: %w", err)
 			}
 			userIdentityResponse, err := msiClient.Get(ctx, msiID.ResourceGroupName, msiID.Name, nil)
 			if err != nil {
@@ -336,7 +336,7 @@ func (b *azureAuthBackend) verifyResource(ctx context.Context, subscriptionID, r
 	case vmName != "":
 		client, err := b.provider.ComputeClient(subscriptionID)
 		if err != nil {
-			return fmt.Errorf("unable to create compute client: %w", err)
+			return err
 		}
 
 		instanceView := armcompute.InstanceViewTypesInstanceView
@@ -380,7 +380,7 @@ func (b *azureAuthBackend) verifyResource(ctx context.Context, subscriptionID, r
 
 		client, err := b.provider.ResourceClient(subscriptionID)
 		if err != nil {
-			return fmt.Errorf("unable to create resource client: %w", err)
+			return err
 		}
 
 		resp, err := client.GetByID(ctx, resourceID, apiVersion, nil)
@@ -419,7 +419,7 @@ func (b *azureAuthBackend) verifyResource(ctx context.Context, subscriptionID, r
 		}
 
 		clientIDs := map[string]struct{}{}
-		c, err := b.provider.MSIClient(subscriptionID) // this is the second time we're calling this, is there a way to reuse that?
+		c, err := b.provider.MSIClient(subscriptionID)
 		if err != nil {
 			return fmt.Errorf("failed to create client to retrieve app ids: %w", err)
 		}
@@ -526,7 +526,7 @@ func (b *azureAuthBackend) getAPIVersionForResource(ctx context.Context, subscri
 
 	client, err := b.provider.ProvidersClient(subscriptionID)
 	if err != nil {
-		return "", fmt.Errorf("unable to create providers client: %w", err)
+		return "", err
 	}
 
 	response, err := client.Get(ctx, resourceType.Namespace, nil)