From 41f4a1f5d270f066a7449f8a379f02fe0211a741 Mon Sep 17 00:00:00 2001
From: cezmunsta <ceri.williams@percona.com>
Date: Wed, 31 Oct 2018 22:21:40 +0000
Subject: [PATCH 1/6] Added get_url to handle authentication

---
 resources/bin/orchestrator-client | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/resources/bin/orchestrator-client b/resources/bin/orchestrator-client
index 1d524c82f..777d481de 100755
--- a/resources/bin/orchestrator-client
+++ b/resources/bin/orchestrator-client
@@ -113,6 +113,19 @@ function check_requirements() {
   which jq   > /dev/null 2>&1 || fail "cannot find jq"
 }
 
+function get_curl {
+  local requires_auth=0
+
+  if [[ "${basic_auth}" != ":" ]]; then
+    requires_auth="--basic --user '${basic_auth}' "
+
+    curl --help 2>&1 | fgrep -q 'disallow-username-in-url' && \
+      requires_auth+="--disallow-username-in-url "
+  fi
+
+  echo "curl ${requires_auth}"
+}
+
 function assert_nonempty() {
   name="$1"
   value="$2"
@@ -164,7 +177,7 @@ function detect_leader_api() {
   fi
   for api in ${apis[@]} ; do
     api=$(normalize_orchestrator_api $api)
-    leader_check=$(curl --basic --user "${basic_auth}" -m 1 -s -o /dev/null -w "%{http_code}" "${api}/leader-check")
+    leader_check=$($(get_curl) -m 1 -s -o /dev/null -w "%{http_code}" "${api}/leader-check")
     if [ "$leader_check" == "200" ] ; then
       leader_api="$api"
       return
@@ -187,7 +200,7 @@ function api() {
 
   api_call_result=0
   for sleep_time in 0.1 0.2 0.5 1 2 2.5 5 0 ; do
-    api_response=$(curl --basic --user "${basic_auth}" -s "$uri" | jq '.')
+    api_response=$($(get_curl) -s "$uri" | jq '.')
     api_call_result=$?
     [ $api_call_result -eq 0 ] && break
     sleep $sleep_time

From 4b8b3a989fd69231195f051ab6408a5be6f371b9 Mon Sep 17 00:00:00 2001
From: cezmunsta <ceri.williams@percona.com>
Date: Thu, 1 Nov 2018 11:03:35 +0000
Subject: [PATCH 2/6] Set defaults when auth ENV vars are unset

---
 resources/bin/orchestrator-client | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/resources/bin/orchestrator-client b/resources/bin/orchestrator-client
index e5d02e97e..f31597af9 100755
--- a/resources/bin/orchestrator-client
+++ b/resources/bin/orchestrator-client
@@ -50,7 +50,7 @@ promotion_rule=
 pool=
 hostname_flag=
 api_path=
-basic_auth="${ORCHESTRATOR_AUTH_USER}:${ORCHESTRATOR_AUTH_PASSWORD}"
+basic_auth="${ORCHESTRATOR_AUTH_USER:-}:${ORCHESTRATOR_AUTH_PASSWORD:-}"
 
 instance_hostport=
 destination_hostport=

From 0583301b17f0e198fb384c7488cf560c41718512 Mon Sep 17 00:00:00 2001
From: cezmunsta <ceri.williams@percona.com>
Date: Thu, 1 Nov 2018 11:04:36 +0000
Subject: [PATCH 3/6] Refactor get_curl to get_curl_auth_params

---
 resources/bin/orchestrator-client | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/resources/bin/orchestrator-client b/resources/bin/orchestrator-client
index f31597af9..85c9ccb38 100755
--- a/resources/bin/orchestrator-client
+++ b/resources/bin/orchestrator-client
@@ -113,17 +113,17 @@ function check_requirements() {
   which jq   > /dev/null 2>&1 || fail "cannot find jq"
 }
 
-function get_curl {
-  local requires_auth=0
+function get_curl_auth_params {
+  local requires_auth=""
 
   if [[ "${basic_auth}" != ":" ]]; then
-    requires_auth="--basic --user '${basic_auth}' "
+    requires_auth="--basic --user '${basic_auth}'"
 
     curl --help 2>&1 | fgrep -q 'disallow-username-in-url' && \
-      requires_auth+="--disallow-username-in-url "
+      requires_auth+=" --disallow-username-in-url"
   fi
 
-  echo "curl ${requires_auth}"
+  echo "${requires_auth}"
 }
 
 function assert_nonempty() {
@@ -169,6 +169,8 @@ function detect_leader_api() {
   # - in which case we just normalize the URL
   # or it may be a space delimited list, such as "http://host1:3000/api http://host2:3000/api http://host3:3000/api "
   # - in which case we figure out which of the URLs is the leader
+  local curl_auth_params="$(get_curl_auth_params)"
+
   leader_api=
   apis=($orchestrator_api)
   if [ ${#apis[@]} -eq 1 ] ; then
@@ -177,7 +179,7 @@ function detect_leader_api() {
   fi
   for api in ${apis[@]} ; do
     api=$(normalize_orchestrator_api $api)
-    leader_check=$($(get_curl) -m 1 -s -o /dev/null -w "%{http_code}" "${api}/leader-check")
+    leader_check=$(curl ${curl_auth_params} -m 1 -s -o /dev/null -w "%{http_code}" "${api}/leader-check")
     if [ "$leader_check" == "200" ] ; then
       leader_api="$api"
       return
@@ -192,6 +194,8 @@ function urlencode() {
 }
 
 function api() {
+  local curl_auth_params="$(get_curl_auth_params)"
+
   path="$1"
 
   uri="$leader_api/$path"
@@ -200,7 +204,7 @@ function api() {
 
   api_call_result=0
   for sleep_time in 0.1 0.2 0.5 1 2 2.5 5 0 ; do
-    api_response=$($(get_curl) -s "$uri" | jq '.')
+    api_response=$(curl ${curl_auth_params} -s "$uri" | jq '.')
     api_call_result=$?
     [ $api_call_result -eq 0 ] && break
     sleep $sleep_time

From 843d2804d944481e67b33d733878a132850e3a80 Mon Sep 17 00:00:00 2001
From: cezmunsta <ceri.williams@percona.com>
Date: Thu, 1 Nov 2018 11:36:47 +0000
Subject: [PATCH 4/6] Double-quoting credentials

---
 resources/bin/orchestrator-client | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/resources/bin/orchestrator-client b/resources/bin/orchestrator-client
index 85c9ccb38..b53ecbb7a 100755
--- a/resources/bin/orchestrator-client
+++ b/resources/bin/orchestrator-client
@@ -117,7 +117,7 @@ function get_curl_auth_params {
   local requires_auth=""
 
   if [[ "${basic_auth}" != ":" ]]; then
-    requires_auth="--basic --user '${basic_auth}'"
+    requires_auth="--basic --user "${basic_auth}""
 
     curl --help 2>&1 | fgrep -q 'disallow-username-in-url' && \
       requires_auth+=" --disallow-username-in-url"

From 053f917802f731053a760aeb26d79f2b6da968f4 Mon Sep 17 00:00:00 2001
From: cezmunsta <ceri.williams@percona.com>
Date: Thu, 1 Nov 2018 11:58:52 +0000
Subject: [PATCH 5/6] Test API access and fail early

---
 resources/bin/orchestrator-client | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/resources/bin/orchestrator-client b/resources/bin/orchestrator-client
index b53ecbb7a..95cff1d56 100755
--- a/resources/bin/orchestrator-client
+++ b/resources/bin/orchestrator-client
@@ -123,6 +123,11 @@ function get_curl_auth_params {
       requires_auth+=" --disallow-username-in-url"
   fi
 
+  # Test API access
+  curl "${basic_auth}" -s --head "${orchestrator_api}" 2>&1 | fgrep -q "401 Unauthorized" && \
+    echo "401 Unauthorized" && \
+    return
+
   echo "${requires_auth}"
 }
 
@@ -170,6 +175,10 @@ function detect_leader_api() {
   # or it may be a space delimited list, such as "http://host1:3000/api http://host2:3000/api http://host3:3000/api "
   # - in which case we figure out which of the URLs is the leader
   local curl_auth_params="$(get_curl_auth_params)"
+  
+  if [[ ${curl_auth_params} == "401 Unauthorized" ]]; then
+    fail "Cannot access orchestrator at ${orchestrator_api}.  Check ORCHESTRATOR_API is configured correctly and orchestrator is running"
+  fi
 
   leader_api=
   apis=($orchestrator_api)
@@ -203,12 +212,16 @@ function api() {
   set -o pipefail
 
   api_call_result=0
-  for sleep_time in 0.1 0.2 0.5 1 2 2.5 5 0 ; do
-    api_response=$(curl ${curl_auth_params} -s "$uri" | jq '.')
-    api_call_result=$?
-    [ $api_call_result -eq 0 ] && break
-    sleep $sleep_time
-  done
+  if [[ ${curl_auth_params} != "401 Unauthorized" ]]; then
+    for sleep_time in 0.1 0.2 0.5 1 2 2.5 5 0 ; do
+      api_response=$(curl ${curl_auth_params} -s "$uri" | jq '.')
+      api_call_result=$?
+      [ $api_call_result -eq 0 ] && break
+      sleep $sleep_time
+    done
+  else
+    api_call_result=1
+  fi
   if [ $api_call_result -ne 0 ] ; then
     fail "Cannot access orchestrator at ${leader_api}.  Check ORCHESTRATOR_API is configured correctly and orchestrator is running"
   fi

From b73aef4560aa4f208bd069db36dcea6875df8d74 Mon Sep 17 00:00:00 2001
From: Shlomi Noach <shlomi-noach@github.com>
Date: Mon, 12 Nov 2018 08:28:29 +0200
Subject: [PATCH 6/6] minor refactoring

---
 resources/bin/orchestrator-client | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/resources/bin/orchestrator-client b/resources/bin/orchestrator-client
index db830e790..527954f32 100755
--- a/resources/bin/orchestrator-client
+++ b/resources/bin/orchestrator-client
@@ -59,6 +59,8 @@ default_port=3306
 api_response=
 api_details=
 
+unauthorized_401="401 Unauthorized"
+
 for arg in "$@"; do
   shift
   case "$arg" in
@@ -124,8 +126,8 @@ function get_curl_auth_params {
   fi
 
   # Test API access
-  curl "${basic_auth}" -s --head "${orchestrator_api}" 2>&1 | fgrep -q "401 Unauthorized" && \
-    echo "401 Unauthorized" && \
+  curl "${basic_auth}" -s --head "${orchestrator_api}" 2>&1 | fgrep -q "$unauthorized_401" && \
+    echo "$unauthorized_401" && \
     return
 
   echo "${requires_auth}"
@@ -175,8 +177,8 @@ function detect_leader_api {
   # or it may be a space delimited list, such as "http://host1:3000/api http://host2:3000/api http://host3:3000/api "
   # - in which case we figure out which of the URLs is the leader
   local curl_auth_params="$(get_curl_auth_params)"
-  
-  if [[ ${curl_auth_params} == "401 Unauthorized" ]]; then
+
+  if [ "${curl_auth_params}" == "$unauthorized_401" ] ; then
     fail "Cannot access orchestrator at ${orchestrator_api}.  Check ORCHESTRATOR_API is configured correctly and orchestrator is running"
   fi