我的目标是在我的 Azure 环境中使用服务主体进行身份验证,而不是密码。
在我的 Azure Pipelines 中,我有一个数据库迁移脚本,我正在努力通过 ADAL4J 来使用 ActiveDirectoryIntegrated 身份验证。
环境:
我的简化脚本展示了我想要实现的目标。
variables:
FLYWAY_VERSION: '6.0.1'
pool:
vmImage: "ubuntu-latest"
- task: AzureCLI@2
inputs:
azureSubscription: 'MyServicePrincipalSubscription'
scriptType: 'bash'
scriptLocation: 'inlineScript'
inlineScript: |
# Install Flyway
curl -L https://repo1.maven.org/maven2/org/flywaydb/flyway-commandline/$(FLYWAY_VERSION)/flyway-commandline-$(FLYWAY_VERSION)-linux-x64.tar.gz -o flyway.tar.gz
tar -xzf flyway.tar.gz
# Run migrations
./flyway-$(FLYWAY_VERSION)/flyway \
-locations="filesystem:./DataChanges/test" \
-url="jdbc:sqlserver://***;Authentication=ActiveDirectoryIntegrated" \
migrate -X
无论我如何尝试,这都会导致加载 ADAL4J 时出错。
SQL State : null
Error Code : 0
Message : Failed to load both sqljdbc_auth.dll and ADAL4J Java library for performing ActiveDirectoryIntegrated authentication. Please install one of them to proceed.
我尝试过以下方法
curl -L https://repo1.maven.org/maven2/com/microsoft/azure/adal4j/1.6.6/adal4j-1.6.6.jar -o adal4j.jar
mv adal4j.jar flyway-$(FLYWAY_VERSION)/jars/
DEBUG: Adding location to classpath: /home/vsts/work/1/s/flyway-6.0.1/jars/adal4j.jar <-- Confirmation of loading.
pool:
vmImage: "windows-latest"
- task: AzureCLI@2
inputs:
azureSubscription: 'MyServicePrincipalSubscription'
scriptType: 'ps'
根据刘紫阳-MSFT的建议,我的做法不正确。 对我有用并且似乎是标准的是以下。
在连接字符串中使用
ActiveDirectoryServicePrincipal
以及客户端 ID/秘密。
Flyway v6 JDBC 不支持
ActiveDirectoryServicePrincipal
,因此还需要升级。
variables:
FLYWAY_VERSION: '6.0.1'
pool:
vmImage: "ubuntu-latest"
- task: AzureCLI@2
inputs:
azureSubscription: 'MyServicePrincipalSubscription'
scriptType: 'bash'
scriptLocation: 'inlineScript'
inlineScript: |
# Install Flyway
curl -L https://repo1.maven.org/maven2/org/flywaydb/flyway-commandline/$(FLYWAY_VERSION)/flyway-commandline-$(FLYWAY_VERSION)-linux-x64.tar.gz -o flyway.tar.gz
tar -xzf flyway.tar.gz
# Run migrations
./flyway-$(FLYWAY_VERSION)/flyway \
-locations="filesystem:./DataChanges/test" \
-url="jdbc:sqlserver://***;user=$(CLIENT_ID);password=$(CLIENT_SECRET);Authentication=ActiveDirectoryServicePrincipal" \
migrate -X