| author | ms.date | ms.author | ms.reviewer |
|---|---|---|---|
KarlErickson | 04/06/2023 | karler | seal |
Azure Database for MySQL instances are secured by default. They have a firewall that doesn't allow any incoming connection.
To be able to use your database, open the server's firewall to allow the local IP address to access the database server. For more information, see Create and manage Azure Database for MySQL firewall rules by using the Azure portal.
If you're connecting to your MySQL server from Windows Subsystem for Linux (WSL) on a Windows computer, you need to add the WSL host IP address to your firewall.
This step will create a non-admin user and grant all permissions on the demo database to it.
Important
To use passwordless connections, create a Microsoft Entra admin user for your Azure Database for MySQL instance. For more information, see the Setting the Microsoft Entra Admin user section of Use Microsoft Entra ID for authentication with MySQL.
Create a SQL script called create_ad_user.sql for creating a non-admin user. Add the following contents and save it locally:
export AZ_MYSQL_AD_NON_ADMIN_USERID=$(az ad signed-in-user show --query id --output tsv) cat <<EOF > create_ad_user.sqlSET aad_auth_validate_oids_in_tenant = OFF;CREATE AADUSER '<your_mysql_ad_non_admin_username>' IDENTIFIED BY '$AZ_MYSQL_AD_NON_ADMIN_USERID';GRANT ALL PRIVILEGES ON demo.* TO '<your_mysql_ad_non_admin_username>'@'%';FLUSH privileges;EOFThen, use the following command to run the SQL script to create the Microsoft Entra non-admin user:
mysql -h mysqlsingletest.mysql.database.azure.com --user <your_mysql_ad_admin_username>@mysqlsingletest --enable-cleartext-plugin --password=$(az account get-access-token --resource-type oss-rdbms --output tsv --query accessToken)< create_ad_user.sqlTip
To use Microsoft Entra authentication to connect to Azure Database for MySQL, you need to sign in with the Microsoft Entra admin user you set up, and then get the access token as the password. For more information, see Use Microsoft Entra ID for authentication with MySQL.
Create a SQL script called create_user.sql for creating a non-admin user. Add the following contents and save it locally:
cat <<EOF > create_user.sqlCREATE USER '<your_mysql_non_admin_username>'@'%' IDENTIFIED BY '<your_mysql_non_admin_password>';GRANT ALL PRIVILEGES ON demo.* TO '<your_mysql_non_admin_username>'@'%';FLUSH PRIVILEGES;EOFThen, use the following command to run the SQL script to create the non-admin user:
mysql -h mysqlsingletest.mysql.database.azure.com --user <your_mysql_admin_username>@mysqlsingletest --enable-cleartext-plugin --password=<your_mysql_admin_password>< create_user.sqlNote
For more information, see Create users in Azure Database for MySQL.
Now that you have an Azure Database for MySQL Single Server instance, you can store data by using Spring Cloud Azure.
To install the Spring Cloud Azure Starter JDBC MySQL module, add the following dependencies to your pom.xml file:
The Spring Cloud Azure Bill of Materials (BOM):
<dependencyManagement> <dependencies> <dependency> <groupId>com.azure.spring</groupId> <artifactId>spring-cloud-azure-dependencies</artifactId> <version>5.22.0</version> <type>pom</type> <scope>import</scope> </dependency> </dependencies> </dependencyManagement>
[!NOTE] If you're using Spring Boot 2.x, be sure to set the
spring-cloud-azure-dependenciesversion to4.20.0. This Bill of Material (BOM) should be configured in the<dependencyManagement>section of your pom.xml file. This ensures that all Spring Cloud Azure dependencies are using the same version. For more information about the version used for this BOM, see Which Version of Spring Cloud Azure Should I Use.The Spring Cloud Azure Starter JDBC MySQL artifact:
<dependency> <groupId>com.azure.spring</groupId> <artifactId>spring-cloud-azure-starter-jdbc-mysql</artifactId> </dependency>
Note
Passwordless connections have been supported since version 4.5.0.
