From 08ab0534819b83d6e2dd16047143101bdba2a243 Mon Sep 17 00:00:00 2001
From: Lubomír Sedlář <lsedlar@redhat.com>
Date: Aug 16 2021 12:04:14 +0000
Subject: Allow optional kerberos auth


Even if the server requires no authentication for GET requests, we can
send it. This should make it possible for the new client to work with
servers with both old and new version.

For updated servers mutual auth will fail, but as optional it is
ignored.

For old servers everything should continue working.

---

diff --git a/client/odcs/client/odcs.py b/client/odcs/client/odcs.py
index d94a280..4b7bb1a 100644
--- a/client/odcs/client/odcs.py
+++ b/client/odcs/client/odcs.py
@@ -27,7 +27,7 @@ import requests
 import time
 
 from six.moves import urllib_parse
-from requests_kerberos import HTTPKerberosAuth
+from requests_kerberos import HTTPKerberosAuth, OPTIONAL
 
 
 class AuthMech(object):
@@ -422,13 +422,12 @@ class ODCS(object):
                 request_data["params"] = data
         if not self._verify_ssl:
             request_data["verify"] = False
-        if method != "get":
-            if self.auth_mech == AuthMech.OpenIDC:
-                headers["Authorization"] = "Bearer {0}".format(self._openidc_token)
-            elif self.auth_mech == AuthMech.Kerberos:
-                request_data["auth"] = HTTPKerberosAuth()
-            elif self.auth_mech == AuthMech.SSL:
-                request_data["cert"] = (self._ssl_cert, self._ssl_key)
+        if self.auth_mech == AuthMech.OpenIDC:
+            headers["Authorization"] = "Bearer {0}".format(self._openidc_token)
+        elif self.auth_mech == AuthMech.Kerberos:
+            request_data["auth"] = HTTPKerberosAuth(mutual_authentication=OPTIONAL)
+        elif self.auth_mech == AuthMech.SSL:
+            request_data["cert"] = (self._ssl_cert, self._ssl_key)
 
         # Anonymous is the last possible value and no auth should be set