I'm having some trouble getting the base liquibase docker image to perform an update against an azure sql database using Active Directory authentication.
The specific error I am getting is
Unexpected error running Liquibase: Connection could not be created to jdbc:sqlserver://REDACTED.database.windows.net:1433;database=REDACTED;encrypt=true;trustServerCertificate=false;hostNameInCertificate=*.database.windows.net;loginTimeout=30;authentication=ActiveDirectoryPassword with driver com.microsoft.sqlserver.jdbc.SQLServerDriver. Failed to load MSAL4J Java library for performing ActiveDirectoryPassword authentication.
Following the documentation from Liquibase I attempted to load the MSAL4J jar along with its dependencies into the class path to no avail. Here is my script:
$path = $repositoryPath -replace '\\','/'
$internalVolumeMap = "$path/db:/liquibase/changelog" -replace '\\','/'
$internalResourceMap = "$path/db/resources:/liquibase/classpath" -replace '\\','/'
$connectionString = "jdbc:sqlserver://REDACTED.windows.net:1433;database=REDACTED;encrypt=true;trustServerCertificate=false;hostNameInCertificate=*.database.windows.net;loginTimeout=30;authentication=ActiveDirectoryPassword"
docker run --rm `
-v $internalResourceMap `
-v $internalVolumeMap `
liquibase/liquibase:4.5.0 `
--url=$connectionString `
--changeLogFile=/liquibase/changelog/liquibaseChangeLog.json `
--username=REDACTED `
--password="REDACTED" `
--classpath="/liquibase/changelog:/liquibase/classpath/msal4j-1.11.0.jar" `
update
There is a bunch of information about how to get this working without using docker - but I have not come across much in the way of examples leveraging the liquibase docker image. So this is a shot in the dark that maybe someone has run into this before or has done this before and could point me in the right direction.
Although you are probably not requiring this anymore, wanted to post a solution that worked for our build process.
We ran into a similar issue with ActiveDirectoryServicePrincipal authentication but the same should apply for the other forms of AAD auths.
Liquibase does not include the Msal4j.jar or the dependencies required. You need to obtain these from an outside source ex: https://mvnrepository.com/artifact/com.microsoft.azure/msal4j.
Easiest way is to have maven copy the dependencies locally in the build - dependency:copy-dependencies targeting a pom.xml file like so.
<project>
<modelVersion>4.0.0</modelVersion>
<groupId>com.company.com</groupId>
<artifactId>company-artifact-id</artifactId>
<version>1</version>
<dependencies>
<dependency>
<groupId>com.microsoft.azure</groupId>
<artifactId>msal4j</artifactId>
<version>1.13.5</version>
</dependency>
</dependencies>
</project>
We are using the latest docker image at this time (4.20).
docker run
liquibase/liquibase:4.20
--rm
-v "build_artifact:/liquibase/changelog"
-v "build_artifact/target/dependency:/liquibase/lib"
--url="url"
--changeLogFile="changeLogFile.xml"
--username="username"
--password="password"
update
This line is what places the dependencies into the liquibase/lib that maven downloaded:
-v "build_artifact/target/dependency:/liquibase/lib"