Uploaded image for project: 'JOC - JobScheduler Operations Center'
  1. JOC - JobScheduler Operations Center
  2. JOC-1510

Substitute environment variables in Hibernate configuration files

    XMLWordPrintable

Details

    Description

      Current Situation

      • JOC Cockpit offers the Hibernate layer for database access.
      • This includes
        • to specify credentials for database access from a hibernate.cfg.xml file.
        • not to use credentials but to apply "Integrated Security" based on the run-time account that is used for JOC Cockpit. This mechanism is frequently applied for SQL Server on Windows and for Oracle using Oracle Wallet.

      Desired Behavior

      • Users would like to apply Kubernetes standard mechanisms to read secrets from a secure source and to inject secrets into containers.
      • The Kubernetes CSI provider allows to expose environment variables holding secrets. Such environment variables are populated from a number of "Secrets Engines" including for example HashiCorp Vault.
      • The JOC Cockpit should support substitution of environment variables in Hibernate configuration files.
        • Example: 
          <?xml version="1.0" encoding="UTF-8" standalone="no"?>
<hibernate-configuration>
       <session-factory>
               <property name="hibernate.connection.driver_class">org.mariadb.jdbc.Driver</property>
               <property name="hibernate.connection.password">${JS7_DBMS_PASSWORD}</property>
               <property name="hibernate.connection.url">jdbc:mysql://localhost:3306/jobscheduler200?serverTimezone=UTC${JS7_DBMS_URL_PARAMETER}</property>
               <property name="hibernate.connection.username">${JS7_DBMS_USER}</property>
               <property name="hibernate.dialect">org.hibernate.dialect.MySQLInnoDBDialect</property>
               <property name="hibernate.show_sql">false</property>
               <property name="hibernate.format_sql">true</property>
               <property name="hibernate.temp.use_jdbc_metadata_defaults">false</property>
               <property name="javax.persistence.validation.mode">none</property>
               <!-- Hikari Connection Pool -->
               <property name="hibernate.connection.provider_class">org.hibernate.hikaricp.internal.HikariCPConnectionProvider</property>
               <property name="hibernate.hikari.maximumPoolSize">10</property>
       </session-factory>
</hibernate-configuration>
        • This means that the following environment variables will be replaced:
          • ${JS7_DBMS_USER}
          • ${JS7_DBMS_PASSWORD}
          • ${JS7_DBMS_URL_PARAMETER}
        • This should not work as a general substitution mechanism for environment variables but will replace the indicated variables with the given syntax only – including use of ${...}.

      Patch

      Attachments

        Issue Links

          Wiki Page

          Wiki Page Loading...

          Activity

            People

              oh Oliver Haufe
              ap Andreas Püschel
              Kanika Agrawal Kanika Agrawal
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: