- which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension) => SonarQube 10.1.0 (evaluation version)
- how is SonarQube deployed: zip, Docker, Helm => via. zip (from SonarQube)
- what are you trying to achieve => Trying to setup SonarQube with Azure SQL DB without hardcoding any user and password anywhere in the SonarQube host
SonarQube Environment Context:
-
SonarQube version : 10.1.0 (evaluation version)
-
Java :
java 17.0.7 2023-04-18 LTS Java(TM) SE Runtime Environment (build 17.0.7+8-LTS-224) Java HotSpot(TM) 64-Bit Server VM (build 17.0.7+8-LTS-224, mixed mode, sharing)
-
SonarQube Host: Windows Server 2019 Datacenter (in Azure)
-
SonarQube HOST is configured with System Assigned Managed Identity
-
Azure SQL DB configured with the correct Managed Identity configurations, verified with Sql Server Management Studio from SonarQube VM
-
SonarQube property files => *
sonar.jdbc.url=jdbc:sqlserver://my-sqlserver.database.windows.net:1433;database=ms-sql-db-sonar;encrypt=true;trustServerCertificate=false;hostNameInCertificate=*.database.windows.net;loginTimeout=30;user=<SONAR VM IdentityId>;Authentication=
ActiveDirectoryManagedIdentity
;
-
- Microsoft SQL JDBC Driver version (built-in with SonarQube): mssql-jdbc-12.2.0.jre11
-
- SonarQube is executing as of now in a Console mode
Error received in web log:
Facing the following Issue when we are starting the sonar by executing StartSonar from (\bin\windows-x86-64):
2023.07.14 21:41:33 ERROR web[][c.z.h.p.HikariPool] HikariPool-1 - Exception during pool initialization.
com.microsoft.sqlserver.jdbc.SQLServerException: Failed to load MSAL4J Java library for performing ActiveDirectoryManagedIdentity authentication.
at com.microsoft.sqlserver.jdbc.SQLServerConnection.getFedAuthToken(SQLServerConnection.java:5642)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.onFedAuthInfo(SQLServerConnection.java:5618)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.processFedAuthInfo(SQLServerConnection.java:5463)
at com.microsoft.sqlserver.jdbc.TDSTokenHandler.onFedAuthInfo(tdsparser.java:311)
at com.microsoft.sqlserver.jdbc.TDSParser.parse(tdsparser.java:131)
at com.microsoft.sqlserver.jdbc.TDSParser.parse(tdsparser.java:42)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.sendLogon(SQLServerConnection.java:6490)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.logon(SQLServerConnection.java:5068)
at com.microsoft.sqlserver.jdbc.SQLServerConnection$LogonCommand.doExecute(SQLServerConnection.java:5002)
Query:
-
Is at all SonarQube supports the “ActiveDirectoryManagedIdentity” Authentication mode with Azure SQL DB?
-
If the above is supported, Can anybody help me to describe the steps to configure it properly?
-
If at all the above is not supported, Is there any simple way to completely secure the user and password information of SQL Connection in SonarQube? As of now, it is hardcoded in sonar.properties file