(airavata-portals) branch main updated: secure Airavata thrift connections when building client pool

Fri, 05 Dec 2025 09:13:46 -0800 

This is an automated email from the ASF dual-hosted git repository.

lahirujayathilake pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airavata-portals.git


The following commit(s) were added to refs/heads/main by this push:
     new f1b63063d secure Airavata thrift connections when building client pool
f1b63063d is described below

commit f1b63063d756d42cb018cffc8ab19c1892b74734
Author: lahiruj <[email protected]>
AuthorDate: Fri Dec 5 12:13:33 2025 -0500

    secure Airavata thrift connections when building client pool
---
 airavata-django-portal/django_airavata/utils.py | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/airavata-django-portal/django_airavata/utils.py 
b/airavata-django-portal/django_airavata/utils.py
index 49edc8f29..c3559afa9 100644
--- a/airavata-django-portal/django_airavata/utils.py
+++ b/airavata-django-portal/django_airavata/utils.py
@@ -189,11 +189,13 @@ class SimpleThriftPool:
     A thread-safe Thrift connection pool that uses raw Thrift and the 
TBufferedTransport.
     """
 
-    def __init__(self, service, host, port, size=5):
+    def __init__(self, service, host, port, size=5, secure=False, 
ca_certs=None):
         self._service = service
         self._host = host
         self._port = port
         self._size = size
+        self._secure = secure
+        self._ca_certs = ca_certs or settings.CA_CERTS_PATH
         self._pool = queue.Queue(maxsize=size)
         self._initialize_pool()
 
@@ -202,8 +204,16 @@ class SimpleThriftPool:
             self._pool.put(self._create_connection())
 
     def _create_connection(self):
-        transport = TSocket.TSocket(host=self._host, port=self._port)
-        transport = TTransport.TBufferedTransport(transport)
+        if self._secure:
+            socket = TSSLSocket.TSSLSocket(
+                host=self._host,
+                port=self._port,
+                cert_reqs=ssl.CERT_REQUIRED,
+                ca_certs=self._ca_certs,
+            )
+        else:
+            socket = TSocket.TSocket(host=self._host, port=self._port)
+        transport = TTransport.TBufferedTransport(socket)
         protocol = TBinaryProtocol.TBinaryProtocol(transport)
         client = self._service.Client(protocol)
         transport.open()
@@ -294,7 +304,9 @@ class 
UserProfileServiceThriftClient(MultiplexThriftClientMixin,
 airavata_api_client_pool = SimpleThriftPool(
     Airavata,
     settings.AIRAVATA_API_HOST,
-    settings.AIRAVATA_API_PORT
+    settings.AIRAVATA_API_PORT,
+    secure=settings.AIRAVATA_API_SECURE,
+    ca_certs=settings.CA_CERTS_PATH,
 )
 group_manager_client_pool = connection_pool.ClientPool(
     GroupManagerService,

Reply via email to