https://github.com/lenisha/spring-sql-msi

Azure SQL MSI connction from Java on K8S AAD Pod Identity
https://github.com/lenisha/spring-sql-msi

Last synced: about 2 months ago
JSON representation

Azure SQL MSI connction from Java on K8S AAD Pod Identity

• Host: GitHub
• URL: https://github.com/lenisha/spring-sql-msi
• Owner: lenisha
• Created: 2020-04-07T19:47:25.000Z (over 5 years ago)
• Default Branch: master
• Last Pushed: 2020-04-17T17:28:16.000Z (over 5 years ago)
• Last Synced: 2024-10-18T06:16:06.992Z (about 1 year ago)
• Language: Java
• Homepage:
• Size: 128 KB
• Stars: 0
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# MSI Auth with Azure Managed Identity

- Create MI and assign to PodIdentity or VM

- Assign Managed Identity to SQL Admin (or Group) 

```

az sql server ad-admin create --display-name odbcidentity --object-id  --resource-group aks-tests --server testmetoday    

{

  "id": "/subscriptions/xxxxx/resourceGroups/aks-tests/providers/Microsoft.Sql/servers/testmetoday/administratorOperationResults/ActiveDirectory",

  "location": "West Central US",

  "login": "odbcidentity",

  "name": "ActiveDirectory",

  "resourceGroup": "aks-tests",

  "sid": "xxx",

  "tenantId": "xxx",

  "type": "Microsoft.Sql/servers/administrators"

}

```

After creation verify that identity was added automatically to `master` database users

![docs](./identiy.png)

- set connection string in the `application.properties` with `authentication=ActiveDirectoryMSI;msiClientId=`

```

spring.datasource.url=jdbc:sqlserver://testmetoday.database.windows.net:1433;database=testae;authentication=ActiveDirectoryMSI;msiClientId=;Encrypt=true;TrustServerCertificate=false;HostNameInCertificate=*.database.windows.net;loginTimeout=30

```

- build and run

```

mvn package -DskipTests=true

java -jar target/sqlmsi-0.0.1-SNAPSHOT.jar 

```

it will print logged in User

```

ationTaskExecutor'

2020-04-07 21:15:34.757  INFO 2725 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 8080 (http) with context path ''

2020-04-07 21:15:34.759  INFO 2725 --- [           main] com.msft.sqlmsi.SqlmsiApplication        : Started SqlmsiApplication in 6.823 seconds (JVM running for 7.392)

You have successfully logged on as: e8e422cc-2bb7-xxxx-xxxx-cff38b07a026@72f988bf-86f1-41af-91ab-2d7cd011db47

```