Support for connecting to databases with Azure Active Directory access tokens
Added ability to authenticate with [azure-identity library](https://pypi.org/project/azure-identity/). Azure specific dependencies can be installed with a new platform tag:
`pip install ahjo[azure]`
Ahjo authentication with azure-identity can be enabled by setting the config variable `azure_authentication` to `DefaultAzureCredential`. This setting provides a default TokenCredential authentication flow, defined in detail [here](https://learn.microsoft.com/en-us/dotnet/api/azure.identity.defaultazurecredential?view=azure-dotnet).
Managed identity client id and token url are defined in the ahjo settings as follows:
{
"BACKEND": {
...
"azure_authentication": "DefaultAzureCredential",
"azure_identity_settings": {
"managed_identity_client_id": "managed_identity_id_value", // The client ID of a user-assigned managed identity.
"token_url": "token_url_value" // (default: https://database.windows.net/.default)
}
...
},
...
}
It should be noted that projects created with previous ahjo versions are not compatible with azure-identity based login. To make previously created ahjo projects compatible, you need to update the method `run_migrations_online` in `alembic/env.py` in the following way:
Old env.py
connectable = create_engine(du.create_sqlalchemy_url(conn_info))
New env.py
connectable = du.create_sqlalchemy_engine(
du.create_sqlalchemy_url(conn_info),
conn_info.get("token")
)
Multi-project-build
With one command, you can run actions (or multi-actions) of multiple projects at once:
`ahjo-multi-project-build path/to/config.jsonc`
SQLAlchemy 2.0 support
Ahjo is now compatible with SQLAlchemy 2.0.
Improved error handling in data insert (MSSQL)
By default, set XACT_ABORT ON and NOCOUNT ON when inserting data with ahjo data command.
API key on pipelines running Safety
Added API key when running Safety.
Support for creating db permissions with sqlalchemy
Added new optional variables to config: `db_permissions` and `db_permission_invoke_method`. The SQL script in `database/create_db_permissions.sql` can be executed with sqlalchemy by setting `db_permission_invoke_method` to `sqlalchemy`.
The parameter `db_permissions` can be used if the script is located in a different file path or if it needs to include scripting variables, for example:
"db_permissions": [
{
"source": "./database/permissions/create_db_1_permissions.sql"
},
{
"source": "./database/permissions/create_db_2_permissions.sql",
"variables":
{
"VARIABLE_REF": "VARIABLE_VALUE"
}
}
],
"db_permission_invoke_method": "sqlalchemy" // Available options: "sqlcmd" (default) or "sqlalchemy"
In SQL files, scripting variables are referenced with syntax: `$(VARIABLE_REF)`.
Fix distutils deprecation warning
The distutils package is deprecated and slated for removal in Python 3.12. In this version, disutils copy_tree was changed to shutil copytree.
Update bitbucket pipeline to support Python 3.10
Change python 3.9 image to python 3.10.4.
Default action to drop obsolete database objects
Added a new master action: drop-obsolete.
Increase the length of columns in git_version table
Change the size of Repository and Branch columns to 255.