Enable handle HTTP redirects 301, 302, 303, 307. (#71)

jhaals · Mar 15, 2018 · 36e0721 · 36e0721
1 parent 67e25a7
commit 36e0721
Showing 1 changed file with 10 additions and 2 deletions.
diff --git a/vault.py b/vault.py
@@ -174,7 +174,11 @@ def _fetch_client_token(self, cafile, capath, url, data, cahostverify, skipverif
             req.add_header('Content-Type', 'application/json')
             response = urllib2.urlopen(req, context=context) if context else urllib2.urlopen(req)
         except Exception as ex:
-            raise AnsibleError('Unable to retrieve personal token from vault: %s' % (ex))
+            if ex.code in [301, 302, 303, 307]:
+                return self._fetch_client_token(cafile, capath, ex.headers.dict['location'], data, cahostverify,
+                                                skipverify)
+            else:
+                raise AnsibleError('Unable to retrieve personal token from vault: %s' % (ex))
         reader = codecs.getreader("utf-8")
         result = json.load(reader(response))
         return result
@@ -194,7 +198,11 @@ def _fetch_secret(self, cafile, capath, data, key, vault_token, url, cahostverif
             req.add_header('Content-Type', 'application/json')
             response = urllib2.urlopen(req, context=context) if context else urllib2.urlopen(req)
         except Exception as ex:
-            raise AnsibleError('Unable to read %s from vault: %s' % (key, ex))
+            if ex.code in [301, 302, 303, 307]:
+                return self._fetch_secret(cafile, capath, data, key, vault_token, ex.headers.dict['location'],
+                                          cahostverify, skipverify)
+            else:
+                raise AnsibleError('Unable to read %s from vault: %s' % (key, ex))
         reader = codecs.getreader("utf-8")
         body = reader(response)
         if response.headers.get('Content-Type') == 'application/json':