Support Active Directory Authentication for MS SQL in native-image

[turing85]

Description

As of now, quarkus does not support Active Directory Authentication in native mode with the MS SQL driver. Since this is a standard authentication method for databases hosted in azure, it would be nice if quarkus supported AD authentication in native mode.

---

Story: As a quarkus developer, developing a native image application When I connect to a MS SQL database Then I want the possibility to use AD authentication

Implementation ideas

No response

[gastaldi]

@majguo @agoncal can anyone in Microsoft help with this?

[majguo]

@gastaldi I created https://github.com/quarkiverse/quarkus-azure-services/issues/169 by copying this issue, will raise it to the team in backlog grooming meeting next Monday.

[yrodiere]

Hello. Does this not duplicate https://github.com/quarkusio/quarkus/issues/34580 ?

[maxandersen]

good context at https://github.com/quarkusio/quarkus/issues/34580#issuecomment-1725442600 worth noting this did work in older versions (ie. 2.10) but mssql driver changed and we was more proactive in not adding optional dependencies.

some context found by @yrodiere:

Yoann Rodière: @maxandersen I did not have any contact with that team, no. Sanne might, but he won't be around for a few months. I think talking to MS people is your best option, yes.

That being said, this is an rather old bug/requested feature:

https://github.com/quarkusio/quarkus/issues/28913 https://github.com/quarkusio/quarkus/issues/34580

Sanne explained the "why" here in particular: https://github.com/quarkusio/quarkus/issues/34580#issuecomment-1725442600

Essentially, there's no blocker in principle. It's just that the MS SQL driver has an unreasonably large dependency tree, so we had to trim it. Adding active directory auth back will only be a matter of:

Testing. Got an MSSQL DB behind azure auth somewhere we can use? Especially on CI? Removing a few exclusions. Dealing with the resulting crashes -- I suppose some metadata is needed for native. Yoann Rodière: BTW it seems that auth relies on an optional dependency, so we'll need to think if we want that dependency to be there by default in the Quarkus extension, or if we want to ask users to add it explicitly (and document this)

[turing85]

Hello. Does this not duplicate #34580 ?

No. #34580 is a general bug report. The bug has a workaround in JVM mode. This issue here is about making it work with native-image.

[turing85]

Testing. Got an MSSQL DB behind azure auth somewhere we can use? Especially on CI?

If this was directed at me: no, I don't. I can ask around. But if I get an instance:

• access will most probably be extremely limited, and
• it will definitively not be permanent, i.e. the instance will most probably disappear after some time (maybe 1-2 months). So no permanenty solution for CI.

[yrodiere]

Testing. Got an MSSQL DB behind azure auth somewhere we can use? Especially on CI?

If this was directed at me: no, I don't.

It was directed at @maxandersen , who was a bit too enthusiastic in his copy-pasting :)