review and refactor azure iam provider

Signed-off-by: neo <1100909+neowu@users.noreply.github.com>

CHANGELOG.md

@@ -6,13 +6,13 @@
   > refer to https://cowtowncoder.medium.com/jackson-2-16-rc1-overview-55dbb90c22d9
 * mysql: updated and patched to 8.3.0
   > use "core.framework.mysql:mysql-connector-j:8.3.0"
-* search: update es to 8.12.0, switch es module repo to codelibs
-  > !!! integration test breaks with JDK 21.0.2, refer to https://github.com/elastic/elasticsearch/pull/104347
-  > !!! to run with JDK 21.0.2, workaround is to create EsExecutors.java and apply the fix locally
-  > !!! add codelib maven repo to project
 * db: support azure IAM auth
   > azure mysql flexible server supports IAM service account auth, to use access token instead of user/password
   > set db user to "iam/azure" to use azure iam auth
+* search: update es to 8.12.0, switch es module repo to codelibs
+  > !!! integration test breaks with JDK 21.0.2 (even with old version of es lib), refer to https://github.com/elastic/elasticsearch/pull/104347
+  > !!! to run with JDK 21.0.2, workaround is to create EsExecutors.java and apply the fix locally
+  > !!! add codelib maven repo to project
 
 ```kotlin
 maven {

core-ng/src/main/java/core/framework/internal/db/DatabaseImpl.java

@@ -126,8 +126,7 @@ Properties driverProperties(String url) {
 
             int index = url.indexOf('?');
             // mysql with ssl has overhead, usually we ensure security on arch level, e.g. gcloud sql proxy or firewall rule
-            // with gcloud iam / clear_text_password plugin, ssl is required
-            // with azure iam / clear_text_password plugin, ssl is also required
+            // with gcloud/azure iam / clear_text_password plugin, ssl is required
             // refer to https://cloud.google.com/sql/docs/mysql/authentication
             if (authProvider != null) {
                 properties.setProperty("sslMode", "PREFERRED");

core-ng/src/main/java/core/framework/module/DBConfig.java

@@ -61,27 +61,27 @@ String databaseURL(String url) {
     }
 
     public void user(String user) {
-        if ("iam/gcloud".equals(user)) {
+        if (user.startsWith("iam/")) {
             CloudAuthProvider provider = CloudAuthProvider.Provider.get();
             if (provider == null) {
-                provider = new GCloudAuthProvider();
+                provider = provider(user);
                 CloudAuthProvider.Provider.set(provider);
             }
             database.authProvider = provider;
-            context.logManager.maskFields("access_token");  // mask token from IAM http response
-        } else if ("iam/azure".equals(user)) {
-            CloudAuthProvider provider = CloudAuthProvider.Provider.get();
-            if (provider == null) {
-                provider = new AzureAuthProvider();
-                CloudAuthProvider.Provider.set(provider);
-            }
-            database.authProvider = provider;
-            context.logManager.maskFields("access_token");  // mask token from IAM http response
+            context.logManager.maskFields("access_token");  // mask token from IAM http response, gcloud/azure all use JWT token
         } else {
             database.user = user;
         }
     }
 
+    private CloudAuthProvider provider(String user) {
+        return switch (user) {
+            case "iam/gcloud" -> new GCloudAuthProvider();
+            case "iam/azure" -> new AzureAuthProvider();
+            case null, default -> throw new Error("unsupported cloud provider, value=" + user);
+        };
+    }
+
     public void password(String password) {
         database.password = password;
     }