How to Let Flowable use Liquibase Credentials to Create its Tables at Startup

Flowable Engine
1

I use Flowable in a Spring Boot app, and we usually use two distinct users to access the database:

  • One for creating the schema via liquibase
  • One for normal business functionality

Here’s how our configuration looks like:

# The database application user
spring.datasource.username=${DB_ADMIN_USERNAME}
spring.datasource.password=${DB_ADMIN_PASSWORD}
# The schema owner
spring.liquibase.user=${DB_ADMIN_USERNAME}
spring.liquibase.password=${DB_ADMIN_PASSWORD}

As a workaround to run my PoC I just used the same admin credentials for both users… but this is not the way we wanna go. Is it possible to let Flowable use the liquibase credentials to create the its tables at startup?

Thank you very much.

2

Hi j3d,

according

If you implement your own schema manager and reconfigure engine you could use another datasource for schema manipulation and operations.

Regards
Martin

3

Hello,

Is this something that is on the Flowable roadmap? I suppose this is a rather common use case.

We also have a Spring Boot application that has two distinct database users: a primary user with DML rights (configured using property spring.datasource.username in the Spring Boot application.yml configuration file) for the normal operation of the application and a second user with DDL rights (configured using property spring.liquibase.user) for running the Liquibase scripts when the application starts.

So the tables of our application are created/upgraded automatically by Liquibase using the spring.liquibase.user DDL user when the application is deployed.

See also: “How-to” Guides

However when flowable.database-schema-update=true Liquibase tries to create/upgrade the Flowable tables, it’s using the former user (with only DML rights), not the latter user (with DDL rights), so this fails.

To work around this problem, we have to set flowable.database-schema-update=none and retrieve the necessary db scripts for Flowable (which can be found at Flowable Database Schema | Flowable Enterprise Documentation) and run them manually, which takes more time and is also error prone.

Another workaround might be to deploy the application first with the DDL user as spring.datasource.username (so that the Flowable tables can be created/upgraded via Liquibase) and to do a second deployment afterwards with the DML user as spring.datasource.username (which should then work as the Flowable tables will already have been created/upgraded during the previous deployment).
I haven’t tried this out yet, and I don’t know if this solution will be allowed inside our organisation either.
Anyway, this would mean we have to do two deployments instead of one each time Flowable is upgraded, which is not ideal either.

As for the workaround that is proposed above:

I don’t really understand what is meant by that and how it should be done. Is there an example of this solution I could have a look at?
Anyway, this will require additional development for each application that wants to use a distinct database user for Liquibase, so it’s probably not the best solution either.

So to summarize, it would be a big plus if Flowable (when deployed inside a Spring Boot application) would use the Spring Boot configuration to determine which database user should be used to update the database schema: spring.liquibase.user if available and spring.datasource.username otherwise.

Kind regards

4

Hey @duke1995,

We haven’t received a lot of requests for something like this. This is currently not on our Roadmap. However, Flowable is Open Source, which means that anyone can provide a contribution. If you are interested in such a functionality, I would suggest that you provide a PR that adds this.

Cheers,
Filip