Options
Why has check.buildUrl been deprecated?
ColinSmit
Posts: 4 New member
With the introduction of check.buildEnvironment, we now have to configure the environment in the Flyway.toml file. This leads to the following consequences:
JDBC, User Name and Password are in clear text unless you use a secret manager, which you have to pay for.
Previously, with check.buildUrl, we could pass a variable to this parameter, which is our preference as we dynamically create the build database using build.buildID, this saves time as the database does not need to be cleaned before the build. Now I'm forced to hard code the value in the Flyway.toml file. Please bring back the option to use variable substitution when reading these values. This will allow us to continue using the DevOps variable groups and using the built in secrets functionality.
We would need to rewrite all our pipelines to use static build databases, losing 3 or so minutes on every build due to clean. We have 16 projects currently and this is just going to keep growing so this will require a huge amount of effort to rewrite.
I don't understand why the deprecation of check.buildUrl, check.buildUser and check.buildPassword was done in favour of having to hard code these values using check.buildEnvironment. We should be working smarter, not harder!
Ideally, we want to use the following in Flyway.toml:
JDBC, User Name and Password are in clear text unless you use a secret manager, which you have to pay for.
Previously, with check.buildUrl, we could pass a variable to this parameter, which is our preference as we dynamically create the build database using build.buildID, this saves time as the database does not need to be cleaned before the build. Now I'm forced to hard code the value in the Flyway.toml file. Please bring back the option to use variable substitution when reading these values. This will allow us to continue using the DevOps variable groups and using the built in secrets functionality.
We would need to rewrite all our pipelines to use static build databases, losing 3 or so minutes on every build due to clean. We have 16 projects currently and this is just going to keep growing so this will require a huge amount of effort to rewrite.
I don't understand why the deprecation of check.buildUrl, check.buildUser and check.buildPassword was done in favour of having to hard code these values using check.buildEnvironment. We should be working smarter, not harder!
Ideally, we want to use the following in Flyway.toml:
[flyway.check]
majorTolerance = 0
buildEnvironment="build"
[environments.build]
url = "$(JDBC)"
user = "$(DatabaseLogin)"
password = "$(DatabasePassword)"
Answers
[environments.build] url = "${env.JDBC}" user = "${env.DatabaseLogin}" password = "${env.DatabasePassword}"Suppressed: org.flywaydb.core.api.FlywayException: Unable to resolve environment variable: 'DatabasePassword'
But if the password value is stored in clear text everything works as intended. Could you check to see if this is a known issue or am I missing something?
Variable group has the variable all 3 variables as above.
Since you have not responded to my post in some time, I thought I'd update this with some new findings.
In an effort to get away from username and password (since the password variable cannot be obtained) I have made use of integrated security, where the VSTS agent uses an MSA Account, and set integrated security to true. Added the MSA Account to all the relevant DB's with sa rights which works like a dream.
The problem I am encountering remains with the -check parameter, I can set the build DB URL via a variable and it is resolved, but I cannot set the check DB URL via a variable as it does not get resolved. I can set the check DB URL to the actual JDBC of the check DB and it works.
None of the above works as the -check parameter url is never resolved, however; substituting the actual JDBC:
This works perfectly.
I believe there may be a bug in the software that has not yet been identified or attended to, please can you confirm whether I am missing something or a bug does exist.
Regards
Linux:
Powershell:
I'm not sure what VSTS uses but I'd expect powershell ??
As an aside, if you're using check then you have an enterprise license and so can access our helpdesk - we keep an eye on the community helpdesk but as you've seen, it can be sporadic. The helpdesk is likely to know more about nuances of particular CI platforms
This does not work., you have inverted comma's around the whole parameter, was this intentional?
Either way, I tried it as you have suggested and it does not resolve the variable.
From what you have posted, it looks like the shell is not substituting the environment variable value so Flyway is being passed the entire string "$env:CheckJDBC" instead of the value.
I'd have a look at how environment variable substitution works on the platform you are using, I had a guess it was like Powershell but I don't know ...