simplify change

vikrantpuppala · vikrantpuppala · commit 65e89ce2c614 · 2025-08-14T11:44:53.000+05:30
Signed-off-by: Vikrant Puppala &lt;vikrant.puppala@databricks.com&gt;
diff --git a/src/databricks/sql/auth/thrift_http_client.py b/src/databricks/sql/auth/thrift_http_client.py
@@ -62,10 +62,10 @@ def __init__(
             self.path = parsed.path
             if parsed.query:
                 self.path += "?%s" % parsed.query
-        
+
         # Handle proxy settings using shared utility
         proxy_uri, proxy_auth = detect_and_parse_proxy(self.scheme, self.host)
-        
+
         if proxy_uri:
             parsed_proxy = urllib.parse.urlparse(proxy_uri)
             # realhost and realport are the host and port of the actual request
@@ -77,7 +77,7 @@ def __init__(
             self.port = parsed_proxy.port
             self.proxy_auth = proxy_auth
         else:
-            self.realhost = self.realport = self.proxy_auth = None
+            self.realhost = self.realport = self.proxy_auth = self.proxy_uri = None
 
         self.max_connections = max_connections
 
@@ -104,17 +104,40 @@ def startRetryTimer(self):
         self.retry_policy and self.retry_policy.start_retry_timer()
 
     def open(self):
-        """Initialize the connection pool using shared utility."""
-        self.__pool = create_connection_pool(
-            scheme=self.scheme,
-            host=self.realhost if self.using_proxy() else self.host,
-            port=self.realport if self.using_proxy() else self.port,
-            ssl_options=self._ssl_options,
-            proxy_uri=self.proxy_uri,
-            proxy_headers=self.proxy_auth,
-            retry_policy=self.retry_policy,
-            max_connections=self.max_connections,
-        )
+
+        # self.__pool replaces the self.__http used by the original THttpClient
+        _pool_kwargs = {"maxsize": self.max_connections}
+
+        if self.scheme == "http":
+            pool_class = HTTPConnectionPool
+        elif self.scheme == "https":
+            pool_class = HTTPSConnectionPool
+            _pool_kwargs.update(
+                {
+                    "cert_reqs": ssl.CERT_REQUIRED
+                    if self._ssl_options.tls_verify
+                    else ssl.CERT_NONE,
+                    "ca_certs": self._ssl_options.tls_trusted_ca_file,
+                    "cert_file": self._ssl_options.tls_client_cert_file,
+                    "key_file": self._ssl_options.tls_client_cert_key_file,
+                    "key_password": self._ssl_options.tls_client_cert_key_password,
+                }
+            )
+
+        if self.using_proxy():
+            proxy_manager = ProxyManager(
+                self.proxy_uri,
+                num_pools=1,
+                proxy_headers=self.proxy_auth,
+            )
+            self.__pool = proxy_manager.connection_from_host(
+                host=self.realhost,
+                port=self.realport,
+                scheme=self.scheme,
+                pool_kwargs=_pool_kwargs,
+            )
+        else:
+            self.__pool = pool_class(self.host, self.port, **_pool_kwargs)
 
     def close(self):
         self.__resp and self.__resp.drain_conn()
diff --git a/src/databricks/sql/backend/sea/utils/http_client.py b/src/databricks/sql/backend/sea/utils/http_client.py
@@ -17,7 +17,6 @@
 )
 from databricks.sql.common.http_utils import (
     detect_and_parse_proxy,
-    create_retry_policy_from_kwargs,
     create_connection_pool,
 )
 
@@ -128,7 +127,7 @@ def __init__(
 
         # Handle proxy settings using shared utility
         proxy_uri, proxy_auth = detect_and_parse_proxy(self.scheme, self.host)
-        
+
         if proxy_uri:
             parsed_proxy = urllib.parse.urlparse(proxy_uri)
             self.realhost = self.host
@@ -138,24 +137,46 @@ def __init__(
             self.port = parsed_proxy.port or (443 if self.scheme == "https" else 80)
             self.proxy_auth = proxy_auth
         else:
-            self.realhost = self.realport = self.proxy_auth = None
+            self.realhost = self.realport = self.proxy_auth = self.proxy_uri = None
 
         # Initialize connection pool
         self._pool = None
         self._open()
 
     def _open(self):
-        """Initialize the connection pool using shared utility."""
-        self._pool = create_connection_pool(
-            scheme=self.scheme,
-            host=self.realhost if self.using_proxy() else self.host,
-            port=self.realport if self.using_proxy() else self.port,
-            ssl_options=self.ssl_options,
-            proxy_uri=self.proxy_uri,
-            proxy_headers=self.proxy_auth,
-            retry_policy=self.retry_policy,
-            max_connections=self.max_connections,
-        )
+        """Initialize the connection pool."""
+        pool_kwargs = {"maxsize": self.max_connections}
+
+        if self.scheme == "http":
+            pool_class = HTTPConnectionPool
+        else:  # https
+            pool_class = HTTPSConnectionPool
+            pool_kwargs.update(
+                {
+                    "cert_reqs": ssl.CERT_REQUIRED
+                    if self.ssl_options.tls_verify
+                    else ssl.CERT_NONE,
+                    "ca_certs": self.ssl_options.tls_trusted_ca_file,
+                    "cert_file": self.ssl_options.tls_client_cert_file,
+                    "key_file": self.ssl_options.tls_client_cert_key_file,
+                    "key_password": self.ssl_options.tls_client_cert_key_password,
+                }
+            )
+
+        if self.using_proxy():
+            proxy_manager = ProxyManager(
+                self.proxy_uri,
+                num_pools=1,
+                proxy_headers=self.proxy_auth,
+            )
+            self._pool = proxy_manager.connection_from_host(
+                host=self.proxy_host,
+                port=self.proxy_port,
+                scheme=self.scheme,
+                pool_kwargs=pool_kwargs,
+            )
+        else:
+            self._pool = pool_class(self.host, self.port, **pool_kwargs)
 
     def close(self):
         """Close the connection pool."""
@@ -164,7 +185,7 @@ def close(self):
 
     def using_proxy(self) -> bool:
         """Check if proxy is being used."""
-        return self.proxy_host is not None
+        return self.realhost is not None
 
     def set_retry_command_type(self, command_type: CommandType):
         """Set the command type for retry policy decision making."""
diff --git a/src/databricks/sql/common/unified_http_client.py b/src/databricks/sql/common/unified_http_client.py
@@ -43,6 +43,37 @@ def __init__(self, client_context):
 
     def _setup_pool_manager(self):
         """Set up the urllib3 PoolManager with configuration from ClientContext."""
+
+        # SSL context setup
+        ssl_context = None
+        if self.config.ssl_options:
+            ssl_context = ssl.create_default_context()
+
+            # Configure SSL verification
+            if not self.config.ssl_options.tls_verify:
+                ssl_context.check_hostname = False
+                ssl_context.verify_mode = ssl.CERT_NONE
+            elif not self.config.ssl_options.tls_verify_hostname:
+                ssl_context.check_hostname = False
+                ssl_context.verify_mode = ssl.CERT_REQUIRED
+
+            # Load custom CA file if specified
+            if self.config.ssl_options.tls_trusted_ca_file:
+                ssl_context.load_verify_locations(
+                    self.config.ssl_options.tls_trusted_ca_file
+                )
+
+            # Load client certificate if specified
+            if (
+                self.config.ssl_options.tls_client_cert_file
+                and self.config.ssl_options.tls_client_cert_key_file
+            ):
+                ssl_context.load_cert_chain(
+                    self.config.ssl_options.tls_client_cert_file,
+                    self.config.ssl_options.tls_client_cert_key_file,
+                    self.config.ssl_options.tls_client_cert_key_password,
+                )
+
         # Create retry policy
         self._retry_policy = DatabricksRetryPolicy(
             delay_min=self.config.retry_delay_min,
@@ -58,15 +89,29 @@ def _setup_pool_manager(self):
         self._retry_policy._command_type = None
         self._retry_policy._retry_start_time = None
 
-        
         parsed_url = urllib.parse.urlparse(self.config.hostname)
         self.scheme = parsed_url.scheme
         self.host = parsed_url.hostname
         self.port = parsed_url.port
 
+        # Common pool manager kwargs
+        pool_kwargs = {
+            "num_pools": self.config.pool_connections,
+            "maxsize": self.config.pool_maxsize,
+            "retries": self._retry_policy,
+            "timeout": urllib3.Timeout(
+                connect=self.config.socket_timeout, read=self.config.socket_timeout
+            )
+            if self.config.socket_timeout
+            else None,
+            "ssl_context": ssl_context,
+        }
+
         # Detect proxy using shared utility
-        proxy_uri, proxy_auth = detect_and_parse_proxy(self.scheme, self.config.hostname)
-        
+        proxy_uri, proxy_auth = detect_and_parse_proxy(
+            self.scheme, self.config.hostname
+        )
+
         if proxy_uri:
             parsed_proxy = urllib.parse.urlparse(proxy_uri)
             # realhost and realport are the host and port of the actual request
@@ -78,27 +123,15 @@ def _setup_pool_manager(self):
             self.port = parsed_proxy.port
             self.proxy_auth = proxy_auth
         else:
-            self.realhost = self.realport = self.proxy_auth = None
-
-        # Create pool 
-        additional_kwargs = {}
-        if self.config.socket_timeout:
-            additional_kwargs["timeout"] = urllib3.Timeout(
-                connect=self.config.socket_timeout, 
-                read=self.config.socket_timeout
+            self.realhost = self.realport = self.proxy_auth = self.proxy_uri = None
+
+        # Create proxy or regular pool manager
+        if self.using_proxy():
+            self._pool_manager = ProxyManager(
+                self.config.http_proxy, proxy_headers=proxy_auth, **pool_kwargs
             )
-        
-        self._pool_manager = create_connection_pool(
-            scheme=self.scheme,
-            host=self.realhost if self.using_proxy() else self.host,
-            port=self.realport if self.using_proxy() else self.port,
-            ssl_options=self.config.ssl_options,
-            proxy_uri=proxy_uri,
-            proxy_headers=proxy_auth,
-            retry_policy=self._retry_policy,
-            max_connections=self.config.pool_maxsize,
-            **additional_kwargs
-        )
+        else:
+            self._pool_manager = PoolManager(**pool_kwargs)
 
     def _prepare_headers(
         self, headers: Optional[Dict[str, str]] = None
@@ -193,6 +226,10 @@ def request(
             response._body = response.data
             return response
 
+    def using_proxy(self) -> bool:
+        """Check if proxy is being used."""
+        return self.realhost is not None
+
     def close(self):
         """Close the underlying connection pools."""
         if self._pool_manager:
diff --git a/tests/unit/test_thrift_backend.py b/tests/unit/test_thrift_backend.py
@@ -206,14 +206,14 @@ def test_headers_are_set(self, t_http_client_class):
 
     def test_proxy_headers_are_set(self):
 
-        from databricks.sql.auth.thrift_http_client import THttpClient
+        from databricks.sql.common.http_utils import create_basic_proxy_auth_headers
         from urllib.parse import urlparse
 
         fake_proxy_spec = "https://someuser:somepassword@8.8.8.8:12340"
         parsed_proxy = urlparse(fake_proxy_spec)
 
         try:
-            result = THttpClient.basic_proxy_auth_headers(parsed_proxy)
+            result = create_basic_proxy_auth_headers(parsed_proxy)
         except TypeError as e:
             assert False
 
