Warn instead of raising on opportunistic auth failure

If the request results in a 401, this reduces to the non-opportunistic
case, whose behavior remains the same as before.

This allows callers for whom enabling opportunistic auth is a more
appropriate default to do so, without needing to write additional
exception handling code to ensure they recover in the case that
opportunistic auth failed.  In other words, take "opportunistic" to mean
"try early, but if that fails, don't just give up right away".

Signed-off-by: Joshua Bronson <jab@twosigma.com>
[rharwood@redhat.com: restore debug message, fussy style things]

Author: twosigmajab

requests_gssapi/gssapi_.py

@@ -306,14 +306,21 @@ def __call__(self, request):
             # by the 401 handler
             host = urlparse(request.url).hostname
 
-            auth_header = self.generate_request_header(None, host,
-                                                       is_preemptive=True)
-
-            log.debug(
-                "HTTPSPNEGOAuth: Preemptive Authorization header: {0}"
-                .format(auth_header))
-
-            request.headers['Authorization'] = auth_header
+            try:
+                auth_header = self.generate_request_header(None, host,
+                                                           is_preemptive=True)
+                log.debug(
+                    "HTTPSPNEGOAuth: Preemptive Authorization header: {0}"
+                    .format(auth_header))
+            except SPNEGOExchangeError as exc:
+                log.warning(
+                    "HTTPSPNEGOAuth: Opportunistic auth failed with %s ->"
+                    " sending request without adding Authorization header."
+                    " Will try again if it results in a 401.",
+                    exc)
+            else:
+                log.debug("HTTPSPNEGOAuth: Added opportunistic auth header")
+                request.headers['Authorization'] = auth_header
 
         request.register_hook('response', self.handle_response)
         try: