databricks
diff --git a/‎.github/workflows/code-quality-checks.yml‎
Lines changed: 66 additions & 2 deletions b/‎.github/workflows/code-quality-checks.yml‎
Lines changed: 66 additions & 2 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 32 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 32 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 2 additions & 0 deletions b/‎README.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎docs/proxy.md‎
Lines changed: 232 additions & 0 deletions b/‎docs/proxy.md‎
Lines changed: 232 additions & 0 deletions
diff --git a/‎examples/README.md‎
Lines changed: 1 addition & 0 deletions b/‎examples/README.md‎
Lines changed: 1 addition & 0 deletions
@@ -8,6 +8,16 @@ jobs:
     strategy:
       matrix:
         python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"]
+        dependency-version: ["default", "min"]
+        # Optimize matrix - test min/max on subset of Python versions
+        exclude:
+          - python-version: "3.12"
+            dependency-version: "min"
+          - python-version: "3.13"
+            dependency-version: "min"
+    
+    name: "Unit Tests (Python ${{ matrix.python-version }}, ${{ matrix.dependency-version }} deps)"
+    
     steps:
       #----------------------------------------------
       #       check-out repo and set-up python
@@ -37,7 +47,7 @@ jobs:
         uses: actions/cache@v4
         with:
           path: .venv
-          key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ github.event.repository.name }}-${{ hashFiles('**/poetry.lock') }}
+          key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ matrix.dependency-version }}-${{ github.event.repository.name }}-${{ hashFiles('**/poetry.lock') }}
       #----------------------------------------------
       # install dependencies if cache does not exist
       #----------------------------------------------
@@ -50,15 +60,47 @@ jobs:
       - name: Install library
         run: poetry install --no-interaction
       #----------------------------------------------
+      # override with custom dependency versions
+      #----------------------------------------------
+      - name: Install Python tools for custom versions
+        if: matrix.dependency-version != 'default'
+        run: poetry run pip install toml packaging
+
+      - name: Generate requirements file
+        if: matrix.dependency-version != 'default'
+        run: |
+          poetry run python scripts/dependency_manager.py ${{ matrix.dependency-version }} --output requirements-${{ matrix.dependency-version }}.txt
+          echo "Generated requirements for ${{ matrix.dependency-version }} versions:"
+          cat requirements-${{ matrix.dependency-version }}.txt
+
+      - name: Override with custom dependency versions
+        if: matrix.dependency-version != 'default'
+        run: poetry run pip install -r requirements-${{ matrix.dependency-version }}.txt
+
+      #----------------------------------------------
       #              run test suite
       #----------------------------------------------
+      - name: Show installed versions
+        run: |
+          echo "=== Dependency Version: ${{ matrix.dependency-version }} ==="
+          poetry run pip list
+
       - name: Run tests
         run: poetry run python -m pytest tests/unit
   run-unit-tests-with-arrow:
     runs-on: ubuntu-latest
     strategy:
       matrix:
         python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"]
+        dependency-version: ["default", "min"]
+        exclude:
+          - python-version: "3.12"
+            dependency-version: "min"
+          - python-version: "3.13"
+            dependency-version: "min"
+    
+    name: "Unit Tests + PyArrow (Python ${{ matrix.python-version }}, ${{ matrix.dependency-version }} deps)"
+    
     steps:
       #----------------------------------------------
       #       check-out repo and set-up python
@@ -88,7 +130,7 @@ jobs:
           uses: actions/cache@v4
           with:
             path: .venv-pyarrow
-            key: venv-pyarrow-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ github.event.repository.name }}-${{ hashFiles('**/poetry.lock') }}
+            key: venv-pyarrow-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ matrix.dependency-version }}-${{ github.event.repository.name }}-${{ hashFiles('**/poetry.lock') }}
       #----------------------------------------------
       # install dependencies if cache does not exist
       #----------------------------------------------
@@ -101,8 +143,30 @@ jobs:
       -   name: Install library
           run: poetry install --no-interaction --all-extras
       #----------------------------------------------
+      # override with custom dependency versions
+      #----------------------------------------------
+      -   name: Install Python tools for custom versions
+          if: matrix.dependency-version != 'default'
+          run: poetry run pip install toml packaging
+
+      -   name: Generate requirements file with pyarrow
+          if: matrix.dependency-version != 'default'
+          run: |
+            poetry run python scripts/dependency_manager.py ${{ matrix.dependency-version }} --output requirements-${{ matrix.dependency-version }}-arrow.txt
+            echo "Generated requirements for ${{ matrix.dependency-version }} versions with PyArrow:"
+            cat requirements-${{ matrix.dependency-version }}-arrow.txt
+
+      -   name: Override with custom dependency versions
+          if: matrix.dependency-version != 'default'
+          run: poetry run pip install -r requirements-${{ matrix.dependency-version }}-arrow.txt
+      #----------------------------------------------
       #              run test suite
       #----------------------------------------------
+      -   name: Show installed versions
+          run: |
+            echo "=== Dependency Version: ${{ matrix.dependency-version }} with PyArrow ==="
+            poetry run pip list
+
       -   name: Run tests
           run: poetry run python -m pytest tests/unit
   check-linting:
 
@@ -1,5 +1,37 @@
 # Release History
 
+# 4.1.2 (2025-08-22)
+- Streaming ingestion support for PUT operation (databricks/databricks-sql-python#643 by @sreekanth-db)
+- Removed use_threads argument on concat_tables for compatibility with pyarrow<14 (databricks/databricks-sql-python#684 by @jprakash-db)
+
+# 4.1.1 (2025-08-21)
+- Add documentation for proxy support (databricks/databricks-sql-python#680 by @vikrantpuppala)
+- Fix compatibility with urllib3<2 and add CI actions to improve dependency checks (databricks/databricks-sql-python#678 by @vikrantpuppala)
+
+# 4.1.0 (2025-08-18)
+- Removed Codeowners (databricks/databricks-sql-python#623 by @jprakash-db)
+- Azure Service Principal Credential Provider (databricks/databricks-sql-python#621 by @jprakash-db)
+- Add optional telemetry support to the python connector (databricks/databricks-sql-python#628 by @saishreeeee)
+- Fix potential resource leak in `CloudFetchQueue` (databricks/databricks-sql-python#624 by @varun-edachali-dbx)
+- Generalise Backend Layer (databricks/databricks-sql-python#604 by @varun-edachali-dbx)
+- Arrow performance optimizations (databricks/databricks-sql-python#638 by @jprakash-db)
+- Connection errors to unauthenticated telemetry endpoint (databricks/databricks-sql-python#619 by @saishreeeee)
+- SEA: Execution Phase (databricks/databricks-sql-python#645 by @varun-edachali-dbx)
+- Add retry mechanism to telemetry requests (databricks/databricks-sql-python#617 by @saishreeeee)
+- SEA: Fetch Phase (databricks/databricks-sql-python#650 by @varun-edachali-dbx)
+- added logs for cloud fetch speed (databricks/databricks-sql-python#654 by @shivam2680)
+- Make telemetry batch size configurable and add time-based flush (databricks/databricks-sql-python#622 by @saishreeeee)
+- Normalise type code (databricks/databricks-sql-python#652 by @varun-edachali-dbx)
+- Testing for telemetry (databricks/databricks-sql-python#616 by @saishreeeee)
+- Bug fixes in telemetry (databricks/databricks-sql-python#659 by @saishreeeee)
+- Telemetry server-side flag integration (databricks/databricks-sql-python#646 by @saishreeeee)
+- Enhance SEA HTTP Client (databricks/databricks-sql-python#618 by @varun-edachali-dbx)
+- SEA: Allow large metadata responses (databricks/databricks-sql-python#653 by @varun-edachali-dbx)
+- Added code coverage workflow to test the code coverage from unit and e2e tests (databricks/databricks-sql-python#657 by @msrathore-db)
+- Concat tables to be backward compatible (databricks/databricks-sql-python#647 by @jprakash-db)
+- Refactor codebase to use a unified http client (databricks/databricks-sql-python#673 by @vikrantpuppala)
+- Add kerberos support for proxy auth (databricks/databricks-sql-python#675 by @vikrantpuppala)
+
 # 4.0.5 (2025-06-24)
 - Fix: Reverted change in cursor close handling which led to errors impacting users (databricks/databricks-sql-python#613 by @madhav-db)
 
 
@@ -7,6 +7,8 @@ The Databricks SQL Connector for Python allows you to develop Python application
 
 This connector uses Arrow as the data-exchange format, and supports APIs (e.g. `fetchmany_arrow`) to directly fetch Arrow tables. Arrow tables are wrapped in the `ArrowQueue` class to provide a natural API to get several rows at a time. [PyArrow](https://arrow.apache.org/docs/python/index.html) is required to enable this and use these APIs, you can install it via  `pip install pyarrow` or `pip install databricks-sql-connector[pyarrow]`.
 
+The connector includes built-in support for HTTP/HTTPS proxy servers with multiple authentication methods including basic authentication and Kerberos/Negotiate authentication. See `docs/proxy.md` and `examples/proxy_authentication.py` for details.
+
 You are welcome to file an issue here for general use cases. You can also contact Databricks Support [here](help.databricks.com).
 
 ## Requirements
 
@@ -0,0 +1,232 @@
+# Proxy Support
+
+The Databricks SQL Connector supports connecting through HTTP and HTTPS proxy servers with various authentication methods. This feature automatically detects system proxy configuration and handles proxy authentication transparently.
+
+## Quick Start
+
+The connector automatically uses your system's proxy configuration when available:
+
+```python
+from databricks import sql
+
+# Basic connection - uses system proxy automatically
+with sql.connect(
+    server_hostname="your-workspace.cloud.databricks.com",
+    http_path="/sql/1.0/endpoints/your-endpoint-id",
+    access_token="your-token"
+) as connection:
+    # Your queries here...
+```
+
+For advanced proxy authentication (like Kerberos), specify the authentication method:
+
+```python
+with sql.connect(
+    server_hostname="your-workspace.cloud.databricks.com",
+    http_path="/sql/1.0/endpoints/your-endpoint-id", 
+    access_token="your-token",
+    _proxy_auth_method="negotiate"  # Enable Kerberos proxy auth
+) as connection:
+    # Your queries here...
+```
+
+## Proxy Configuration
+
+### Environment Variables
+
+The connector follows standard proxy environment variable conventions:
+
+| Variable | Description | Example |
+|----------|-------------|---------|
+| `HTTP_PROXY` | Proxy for HTTP requests | `http://proxy.company.com:8080` |
+| `HTTPS_PROXY` | Proxy for HTTPS requests | `https://proxy.company.com:8080` |
+| `NO_PROXY` | Hosts to bypass proxy | `localhost,127.0.0.1,.company.com` |
+
+**Note**: The connector also recognizes lowercase versions (`http_proxy`, `https_proxy`, `no_proxy`).
+
+### Proxy URL Formats
+
+Basic proxy (no authentication):
+```bash
+export HTTPS_PROXY="http://proxy.company.com:8080"
+```
+
+Proxy with basic authentication:
+```bash
+export HTTPS_PROXY="http://username:password@proxy.company.com:8080"
+```
+
+## Authentication Methods
+
+The connector supports multiple proxy authentication methods via the `_proxy_auth_method` parameter:
+
+### 1. Basic Authentication (`basic` or `None`)
+
+**Default behavior** when credentials are provided in the proxy URL or when `_proxy_auth_method="basic"` is specified.
+
+```python
+# Method 1: Credentials in proxy URL (recommended)
+# Set environment: HTTPS_PROXY="http://user:pass@proxy.company.com:8080"
+with sql.connect(
+    server_hostname="your-workspace.com",
+    http_path="/sql/1.0/endpoints/abc123",
+    access_token="your-token"
+    # No _proxy_auth_method needed - detected automatically
+) as conn:
+    pass
+
+# Method 2: Explicit basic authentication
+with sql.connect(
+    server_hostname="your-workspace.com", 
+    http_path="/sql/1.0/endpoints/abc123",
+    access_token="your-token",
+    _proxy_auth_method="basic"  # Explicit basic auth
+) as conn:
+    pass
+```
+
+### 2. Kerberos/Negotiate Authentication (`negotiate`)
+
+For corporate environments using Kerberos authentication with proxy servers.
+
+**Prerequisites:**
+- Valid Kerberos tickets (run `kinit` first)
+- Properly configured Kerberos environment
+
+```python
+with sql.connect(
+    server_hostname="your-workspace.com",
+    http_path="/sql/1.0/endpoints/abc123", 
+    access_token="your-token",
+    _proxy_auth_method="negotiate"  # Enable Kerberos proxy auth
+) as conn:
+    pass
+```
+
+**Kerberos Setup Example:**
+```bash
+# Obtain Kerberos tickets
+kinit your-username@YOUR-DOMAIN.COM
+
+# Set proxy (no credentials in URL for Kerberos)
+export HTTPS_PROXY="http://proxy.company.com:8080"
+
+# Run your Python script
+python your_script.py
+```
+
+## Proxy Bypass
+
+The connector respects system proxy bypass rules. Requests to hosts listed in `NO_PROXY` or system bypass lists will connect directly, bypassing the proxy.
+
+```bash
+# Bypass proxy for local and internal hosts
+export NO_PROXY="localhost,127.0.0.1,*.internal.company.com,10.*"
+```
+
+## Advanced Configuration
+
+### Per-Request Proxy Decisions
+
+The connector automatically makes per-request decisions about proxy usage based on:
+
+1. **System proxy configuration** - Detected from environment variables
+2. **Proxy bypass rules** - Honor `NO_PROXY` and system bypass settings  
+3. **Target host** - Check if the specific host should use proxy
+
+### Connection Pooling
+
+The connector maintains separate connection pools for direct and proxy connections, allowing efficient handling of mixed proxy/direct traffic.
+
+### SSL/TLS with Proxy
+
+HTTPS connections through HTTP proxies use the CONNECT method for SSL tunneling. The connector handles this automatically while preserving all SSL verification settings.
+
+## Troubleshooting
+
+### Common Issues
+
+**Problem**: Connection fails with proxy-related errors
+```
+Solution: 
+1. Verify proxy environment variables are set correctly
+2. Check if proxy requires authentication
+3. Ensure proxy allows CONNECT method for HTTPS
+4. Test proxy connectivity with curl:
+   curl -x $HTTPS_PROXY https://your-workspace.com
+```
+
+**Problem**: Kerberos authentication fails
+```
+Solution:
+1. Verify Kerberos tickets: klist
+2. Renew tickets if expired: kinit
+3. Check proxy supports negotiate authentication
+4. Ensure time synchronization between client and KDC
+```
+
+**Problem**: Some requests bypass proxy unexpectedly
+```
+Solution:
+1. Check NO_PROXY environment variable
+2. Review system proxy bypass settings
+3. Verify the target hostname format
+```
+
+### Debug Logging
+
+Enable detailed logging to troubleshoot proxy issues:
+
+```python
+import logging
+
+# Enable connector debug logging
+logging.basicConfig(level=logging.DEBUG)
+logging.getLogger("databricks.sql").setLevel(logging.DEBUG)
+
+# Enable urllib3 logging for HTTP details
+logging.getLogger("urllib3").setLevel(logging.DEBUG)
+```
+
+### Testing Proxy Configuration
+
+Use the provided example script to test different proxy authentication methods:
+
+```bash
+cd examples/
+python proxy_authentication.py
+```
+
+This script tests:
+- Default proxy behavior
+- Basic authentication
+- Kerberos/Negotiate authentication
+
+## Examples
+
+See `examples/proxy_authentication.py` for a comprehensive demonstration of proxy authentication methods.
+
+## Implementation Details
+
+### How Proxy Detection Works
+
+1. **Environment Variables**: Check `HTTP_PROXY`/`HTTPS_PROXY` environment variables
+2. **System Configuration**: Use Python's `urllib.request.getproxies()` to detect system settings
+3. **Bypass Rules**: Honor `NO_PROXY` and `urllib.request.proxy_bypass()` rules
+4. **Per-Request Logic**: Decide proxy usage for each request based on target host
+
+### Supported Proxy Types
+
+- **HTTP Proxies**: For both HTTP and HTTPS traffic (via CONNECT)
+- **HTTPS Proxies**: Encrypted proxy connections
+- **Authentication**: Basic, Negotiate/Kerberos
+- **Bypass Rules**: Full support for NO_PROXY patterns
+
+### Connection Architecture
+
+The connector uses a unified HTTP client that maintains:
+- **Direct Pool Manager**: For non-proxy connections
+- **Proxy Pool Manager**: For proxy connections  
+- **Per-Request Routing**: Automatic selection based on target host
+
+This architecture ensures optimal performance and correct proxy handling across all connector operations.
@@ -42,3 +42,4 @@ this example the string `ExamplePartnerTag` will be added to the the user agent
 - **`custom_cred_provider.py`** shows how to pass a custom credential provider to bypass connector authentication. Please install databricks-sdk prior to running this example.
 - **`v3_retries_query_execute.py`** shows how to enable v3 retries in connector version 2.9.x including how to enable retries for non-default retry cases.
 - **`parameters.py`** shows how to use parameters in native and inline modes.
+- **`proxy_authentication.py`** demonstrates how to connect through proxy servers using different authentication methods including basic authentication and Kerberos/Negotiate authentication.