Warn, don't raise, on opportunistic auth failure

When opportunistic_auth is enabled but an Authorization header could not
be generated opportunistically, log a warning rather than raising an
exception.

If the request results in a 401, this reduces to the non-opportunistic
case, whose behavior remains the same as before.

This allows callers for whom enabling opportunistic auth is a more
appropriate default to do so, without needing to write additional
exception handling code to ensure they recover in the case that
opportunistic auth failed. In other words, take "opportunistic" to mean
"try early, but if that fails, don't just give up right away."

Signed-off-by: Joshua Bronson <jab@twosigma.com>

Author: twosigmajab

Diff for: requests_gssapi/gssapi_.py

@@ -306,14 +306,19 @@ def __call__(self, request):
             # by the 401 handler
             host = urlparse(request.url).hostname
 
-            auth_header = self.generate_request_header(None, host,
-                                                       is_preemptive=True)
-
-            log.debug(
-                "HTTPSPNEGOAuth: Preemptive Authorization header: {0}"
-                .format(auth_header))
-
-            request.headers['Authorization'] = auth_header
+            try:
+                auth_header = self.generate_request_header(None, host,
+                                                           is_preemptive=True)
+            except SPNEGOExchangeError as exc:
+                log.warning(
+                    "HTTPSPNEGOAuth: Opportunistic auth failed with %s ->"
+                    " sending request without adding Authorization header."
+                    " Will try again if it results in a 401.",
+                    exc,
+                )
+            else:
+                log.debug("HTTPSPNEGOAuth: Adding opportunistic auth header")
+                request.headers['Authorization'] = auth_header
 
         request.register_hook('response', self.handle_response)
         try: