From c0af97357d9b77c2b849bd73dfc2ee0271cc70a2 Mon Sep 17 00:00:00 2001
From: Lukas Holecek <hluk@email.cz>
Date: Aug 30 2019 12:02:07 +0000
Subject: Revert "Add krb_principal option for waiverdb-cli"


This reverts commit 5ca2b7939e4092c534250378862f7d338d557c86.

This is no longer needed since our servers have now correct kerberos
principal.

Signed-off-by: Lukas Holecek <hluk@email.cz>

---

diff --git a/conf/client.conf.example b/conf/client.conf.example
index cd65dc1..d8353a3 100644
--- a/conf/client.conf.example
+++ b/conf/client.conf.example
@@ -2,8 +2,6 @@
 # Specify OIDC or Kerberos for authentication
 auth_method=OIDC
 api_url=https://waiverdb-web-waiverdb.app.os.fedoraproject.org/api/v1.0
-# Try overriding Kerberos principal if authentication fails
-#krb_principal=HTTP/waiverdb.example.com@EXAMPLE.COM
 oidc_id_provider=https://id.fedoraproject.org/openidc/
 oidc_client_id=waiverdb-authorizer
 oidc_client_secret=notsecret
diff --git a/waiverdb/cli.py b/waiverdb/cli.py
index ff9defe..3612d61 100644
--- a/waiverdb/cli.py
+++ b/waiverdb/cli.py
@@ -34,37 +34,6 @@ class OldJSONSubject(click.ParamType):
         return subject
 
 
-def _krb_auth(url, config, request_arguments):
-    # Try to import this now so the user gets immediate feedback if
-    # it isn't installed
-    try:
-        import gssapi  # noqa: F401
-        import requests_gssapi  # noqa: F401
-    except ImportError:
-        raise click.ClickException(
-            'python-requests-gssapi needs to be installed')
-
-    auth_kwargs = {}
-    krb_principal = config.get('waiverdb', 'krb_principal', fallback=None)
-    if krb_principal:
-        auth_kwargs['target_name'] = gssapi.Name(
-            krb_principal, gssapi.NameType.kerberos_principal)
-    auth = requests_gssapi.HTTPSPNEGOAuth(
-        mutual_authentication=requests_gssapi.OPTIONAL, **auth_kwargs)
-
-    resp = requests.request(
-        'POST', url, auth=auth, **request_arguments)
-    if resp.status_code == 401:
-        msg = resp.json().get(
-            'message', ('WaiverDB authentication using GSSAPI failed. Make sure you have a '
-                        'valid Kerberos ticket or that you correctly configured your Kerberos '
-                        'configuration file. Please check the doc for troubleshooting '
-                        'information.'))
-        raise click.ClickException(msg)
-
-    return resp
-
-
 def validate_config(config):
     """
     Validates the configuration needed for WaiverDB
@@ -305,7 +274,24 @@ def cli(username, comment, waived, product_version, testcase, subject, subject_i
             **common_request_arguments)
         check_response(resp, result_ids)
     elif auth_method == 'Kerberos':
-        resp = _krb_auth(url, config, common_request_arguments)
+        # Try to import this now so the user gets immediate feedback if
+        # it isn't installed
+        try:
+            import requests_gssapi  # noqa: F401
+        except ImportError:
+            raise click.ClickException(
+                'python-requests-gssapi needs to be installed')
+        auth = requests_gssapi.HTTPKerberosAuth(
+            mutual_authentication=requests_gssapi.OPTIONAL)
+        resp = requests.request(
+            'POST', url, auth=auth, **common_request_arguments)
+        if resp.status_code == 401:
+            msg = resp.json().get(
+                'message', ('WaiverDB authentication using GSSAPI failed. Make sure you have a '
+                            'valid Kerberos ticket or that you correctly configured your Kerberos '
+                            'configuration file. Please check the doc for troubleshooting '
+                            'information.'))
+            raise click.ClickException(msg)
         check_response(resp, result_ids)
     elif auth_method == 'dummy':
         resp = requests.request(