From 4470b80059b9ded2d3a923c52c17f5d2d28a310b Mon Sep 17 00:00:00 2001
From: Joe Garcia <joe@joe-garcia.com>
Date: Fri, 20 Jan 2023 11:34:35 -0500
Subject: [PATCH 1/3] Add exception handling for `/api` on url

---
 awx/main/credential_plugins/conjur.py | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/awx/main/credential_plugins/conjur.py b/awx/main/credential_plugins/conjur.py
index 79fe740884..aaa8d8c2e3 100644
--- a/awx/main/credential_plugins/conjur.py
+++ b/awx/main/credential_plugins/conjur.py
@@ -68,7 +68,12 @@ def conjur_backend(**kwargs):
     with CertFiles(cacert) as cert:
         # https://www.conjur.org/api.html#authentication-authenticate-post
         auth_kwargs['verify'] = cert
-        resp = requests.post(urljoin(url, '/'.join(['api', 'authn', account, username, 'authenticate'])), **auth_kwargs)
+        try:
+            resp = requests.post(urljoin(url, '/'.join(['authn', account, username, 'authenticate'])), **auth_kwargs)
+        except requests.exceptions.ConnectionError:
+            resp = requests.post(urljoin(url, '/'.join(['api', 'authn', account, username, 'authenticate'])), **auth_kwargs)
+        except:
+            raise
     raise_for_status(resp)
     token = resp.content.decode('utf-8')
 
@@ -78,14 +83,21 @@ def conjur_backend(**kwargs):
     }
 
     # https://www.conjur.org/api.html#secrets-retrieve-a-secret-get
-    path = urljoin(url, '/'.join(['api', 'secrets', account, 'variable', secret_path]))
+    path = urljoin(url, '/'.join(['secrets', account, 'variable', secret_path]))
+    path_conjurcloud = urljoin(url, '/'.join(['api', 'secrets', account, 'variable', secret_path]))
     if version:
         ver = "version={}".format(version)
         path = '?'.join([path, ver])
+        path_conjurcloud = '?'.join([path_conjurcloud, ver])
 
     with CertFiles(cacert) as cert:
         lookup_kwargs['verify'] = cert
-        resp = requests.get(path, timeout=30, **lookup_kwargs)
+        try:
+            resp = requests.get(path, timeout=30, **lookup_kwargs)
+        except requests.exceptions.ConnectionError:
+            resp = requests.get(path_conjurcloud, timeout=30, **lookup_kwargs)
+        except:
+            raise
     raise_for_status(resp)
     return resp.text
 

From d8e7c59fe802dbd3493892393442403ee96df08c Mon Sep 17 00:00:00 2001
From: Joe Garcia <joe@joe-garcia.com>
Date: Fri, 20 Jan 2023 11:40:51 -0500
Subject: [PATCH 2/3] change except to get response instead of raise error

---
 awx/main/credential_plugins/conjur.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/awx/main/credential_plugins/conjur.py b/awx/main/credential_plugins/conjur.py
index aaa8d8c2e3..0026bb330b 100644
--- a/awx/main/credential_plugins/conjur.py
+++ b/awx/main/credential_plugins/conjur.py
@@ -73,7 +73,7 @@ def conjur_backend(**kwargs):
         except requests.exceptions.ConnectionError:
             resp = requests.post(urljoin(url, '/'.join(['api', 'authn', account, username, 'authenticate'])), **auth_kwargs)
         except:
-            raise
+            resp = requests.post(urljoin(url, '/'.join(['api', 'authn', account, username, 'authenticate'])), **auth_kwargs)
     raise_for_status(resp)
     token = resp.content.decode('utf-8')
 
@@ -97,7 +97,7 @@ def conjur_backend(**kwargs):
         except requests.exceptions.ConnectionError:
             resp = requests.get(path_conjurcloud, timeout=30, **lookup_kwargs)
         except:
-            raise
+            resp = requests.get(path_conjurcloud, timeout=30, **lookup_kwargs)
     raise_for_status(resp)
     return resp.text
 

From 64865af3bb82d773612d5f2e8d8a9bff0b2e5e23 Mon Sep 17 00:00:00 2001
From: Joe Garcia <joe@joe-garcia.com>
Date: Thu, 26 Jan 2023 16:27:29 -0500
Subject: [PATCH 3/3] Fix API Lint Failure - remove bare excepts

---
 awx/main/credential_plugins/conjur.py | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/awx/main/credential_plugins/conjur.py b/awx/main/credential_plugins/conjur.py
index 0026bb330b..5510667d4c 100644
--- a/awx/main/credential_plugins/conjur.py
+++ b/awx/main/credential_plugins/conjur.py
@@ -72,8 +72,6 @@ def conjur_backend(**kwargs):
             resp = requests.post(urljoin(url, '/'.join(['authn', account, username, 'authenticate'])), **auth_kwargs)
         except requests.exceptions.ConnectionError:
             resp = requests.post(urljoin(url, '/'.join(['api', 'authn', account, username, 'authenticate'])), **auth_kwargs)
-        except:
-            resp = requests.post(urljoin(url, '/'.join(['api', 'authn', account, username, 'authenticate'])), **auth_kwargs)
     raise_for_status(resp)
     token = resp.content.decode('utf-8')
 
@@ -96,8 +94,6 @@ def conjur_backend(**kwargs):
             resp = requests.get(path, timeout=30, **lookup_kwargs)
         except requests.exceptions.ConnectionError:
             resp = requests.get(path_conjurcloud, timeout=30, **lookup_kwargs)
-        except:
-            resp = requests.get(path_conjurcloud, timeout=30, **lookup_kwargs)
     raise_for_status(resp)
     return resp.text