Improve Azure Support

[domtoupin]

By adding USE_SSL mode and handling user@hostname for MySQL and PostgreSQL, it will simplify the configuration of Bonita for when using an Azure Managed Database Services for PostgreSQL or MySQL.

[JeremJR]

Thank you for your work! I've just opened an Azure account to test the current behavior and I effectively get an error :

Caused by: org.postgresql.util.PSQLException: FATAL: Invalid Username specified. Please check the Username and retry connection. The Username should be in username@hostname format.

I need to take more time to discover the SSL configuration as I'm not yet familiar with Azure and I will come back to you later. In the mean time we have published 7.7.0 and will publish soon another release. So if we accept your PR you may have to report the change accordingly. Have a nice week-end

[domtoupin]

@JeremJR I am confortable with moving my change, just let me know when would be a good time. Thanks!

[laurentleseigneur]

Thank for this contribution.

As explained in Microsoft documentation https://docs.microsoft.com/fr-fr/azure/mysql/howto-configure-ssl (french version), it seems you also need to add system properties to add a ssl keystore.

what is unclear for me is how you configure this path to .pem file in your PR ?

[domtoupin]

@laurentleseigneur I read the page you sent and it puzzle me as well because what I did was to use the default which is to only enforce ssl on the managed service and with the addition of the changes made in this PR it works fine although I am unsure as to how secure that setup is. However, since bonita will also stands on Azure, I do not believe any further issues should arise from such a configuration.

[JeremJR]

sorry I made a mistake with git subtree so it automatically closes this PR, I will let you know when I fix this in order you can reopen it

[JeremJR]

So I've fixed the content into this repo yesterday (in fact we also work with a private repo and we perform a sync time to time). My first feedback about your PR are :

• to avoid misleading I suggest to rename USE_SSL to something more related to the database like DB_SSL (indeed we don't configure SSL for tomcat itself)
• I am not confortable with the current removal of @. It seems to be something only mandatory for Azure. Indeed it's possible to create usernames which contain @ in mysql and postgres. So maybe that we should add a specific parameter (AZURE_MODE) in order to handle this specific usage, what do you think about that? In fact, thanks to your PR, I've also noticed that the docker image doesn't handle well currently usernames and databases names containing "@". So I have proposed a fix, but it still need to be reviewed on our private repo.

Due to the fact that the image requires also a review from the Docker team to be accepted into the library and as we have several modifications I suggest :

• To wait for the feedback from Docker team regarding the PR for 7.7.1 https://github.com/docker-library/official-images/pull/4535
• Then if it's accepted internally I will make another PR on Docker library with the fix to handle @
• If these 2 are accepted by the Docker team you will be able to rebase your work and modify it accordingly (DB_SSL, AZURE_MODE).

I'm sorry that it takes so long.

[domtoupin]

@JeremJR That all sounds reasonable to me, we are in no rush as we were only submitting back to the community what we did for our own private image. Just ping me when it will be time for rebase!

[JeremJR]

Ok thanks @domtoupin FYI the related PR to fix issue with @ https://github.com/docker-library/official-images/pull/4572

[JeremJR]

@domtoupin the PR has been merged, you can perform the rebase when you have time

[domtoupin]

@JeremJR This will probably be only next week, I have a lot to do right now.