-
Notifications
You must be signed in to change notification settings - Fork 93
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add AzureCliCredential to login with CLI #71
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are some differences because I started with dbt-synapse
and then moved the code here so that it can be used in dbt-synapse
once the inheritance issue is resolved.
I think this is a great add-on to the adapter, but it also makes the testing of different connections even more important. |
Yes, I do not know how we can test this well. It would help to limit the options
|
for more context, the MSFT ODBC Active Directory connection types were built primarily for on-prem AD, rather than Azure AD and they aren't well-suited for using dbt on the command line. They work just fine for logging into a db w/ SSMS, but it would be best if we never had to:
Using @mikaelene, when I'm back from PTO next week, addressing #65 will be the first PR. This PR can come after. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll limit the scope of this PR
@JCZuurmond, than you for limiting the scope of your PRs! Makes it much easier to approve. I have clients using this adapter for on-premise SQL Server only. So as long as that still works as before, I am happy to approve all PRs around how o connect to azure sql. As long as it's not to complicated. My only concern here is that it requires installation of the az cli client? But that's maybe not an issue? |
@mikaelene : As of now, this PR only adds an option for when |
c55b4e3
to
4dd69b7
Compare
@mikaelene this is good to go now! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great writeup in the readme! Thanks for all the great work you are putting in.
Just shouting that I used this today, and it worked perfectly and easily, fantastic work @JCZuurmond , thank you! This is a big upgrade in terms of usability and security IMO |
This PR adds the option to use the authentication of the Azure CLI.
See this closed PR for context. IMHO the CLI login is the best default: you can login with your credentials wo storing them in plain text, you can login with a service principal (again wo storing credentials in plain text) and you can login with an interactive browser session. See here for all possible login options of
azure.identitiy
.