英文:
MSAL Java web API for DNS and records
问题
如何在使用最新的“MSAL”库而不是基于ADAL的情况下,通过Azure Web服务API在Azure服务器上创建区域DNS和记录?然而,DNS库支持https://github.com/Azure-Samples/dns-java-host-and-manage-your-domains,但未提到任何使用MSAL访问令牌的方式。例如,
ApplicationTokenCredentials credentials = new ApplicationTokenCredentials(client, tenant, key, AzureEnvironment.AZURE);
azure = Azure.authenticate(credentials).withSubscription(subscriptionId);
ResourceGroup resourceGroup = azure.resourceGroups().define(rgName)
.withRegion(Region.US_EAST2)
.create();
System.out.println("Creating root DNS zone " + customDomainName + "...");
DnsZone rootDnsZone = azure.dnsZones().define(customDomainName)
.withExistingResourceGroup(resourceGroup)
.create();
但它是使用密钥而不是由MSAL提供的访问令牌。这在旧的方式中已经可以通过Azure在内部使用ADAL来实现。
<details>
<summary>英文:</summary>
How can we create zone DNS and records on Azure server using Azure web services API with latest "MSAL" library not ADAL based? However DNS library support https://github.com/Azure-Samples/dns-java-host-and-manage-your-domains does not mentioned any way to utilized using MSAL access token. For example
ApplicationTokenCredentials credentials = new ApplicationTokenCredentials(client, tenant, key, AzureEnvironment.AZURE);
azure = Azure.authenticate(credentials).withSubscription(subscriptionId);
ResourceGroup resourceGroup = azure.resourceGroups().define(rgName)
.withRegion(Region.US_EAST2)
.create();
System.out.println("Creating root DNS zone " + customDomainName + "...");
DnsZone rootDnsZone = azure.dnsZones().define(customDomainName)
.withExistingResourceGroup(resourceGroup)
.create();
But it is using with keys instead of access tokens provided by MSAL. This can be already achieved in old ways which is using ADAL internally by Azure.
</details>
# 答案1
**得分**: 1
如果您想使用 Azure Java 管理 SDK 使用 AD 访问令牌管理 Azure DNS,请参考以下代码:
a. 创建服务主体(我使用 Azure CLI 完成此步骤)
az login
az account set --subscription "<your subscription id>"
# 服务主体将具有 Azure Contributor 角色
az ad sp create-for-rbac -n "readMetric"
- 代码
public void test() throws MalformedURLException, ExecutionException, InterruptedException {
AzureTokenCredentials tokenCredentials = new AzureTokenCredentials(AzureEnvironment.AZURE, ADProperty.tenantId) {
@Override
public String getToken(String resource) throws IOException {
String token = null;
// 使用 msal 获取 Azure AD 访问令牌
ConfidentialClientApplication app = ConfidentialClientApplication.builder(
ADProperty.clientId, // 服务主体应用程序 ID
ClientCredentialFactory.createFromSecret(ADProperty.clientKey)) // 服务主体密码
.authority(ADProperty.authority) // "https://login.microsoftonline.com/" + 服务主体租户 ID
.build();
ClientCredentialParameters clientCredentialParam = ClientCredentialParameters.builder(
Collections.singleton("https://management.azure.com/.default"))
.build();
CompletableFuture<IAuthenticationResult> future = app.acquireToken(clientCredentialParam);
try {
token = future.get().accessToken();
} catch (InterruptedException e) {
e.printStackTrace();
} catch (ExecutionException e) {
e.printStackTrace();
}
return token;
}
};
Azure azure = Azure.authenticate(tokenCredentials)
.withSubscription(ADProperty.subscriptionId); // 服务主体订阅 ID
DnsZone rootDnsZone = azure.dnsZones().define("mydevchat.com")
.withExistingResourceGroup("jimtest")
.create();
System.out.println("成功创建 DNSZone " + rootDnsZone.name());
}
<details>
<summary>英文:</summary>
If you want to use Azure java management SDK to manage Azure DNS with AD access token, please refer to the following code
a. create a service principal (I use Azure CLI to do that)
az login
az account set --subscription "<your subscription id>"
the sp will have Azure Contributor role
az ad sp create-for-rbac -n "readMetric"
[![enter image description here][1]][1]
2. Code
public void test() throws MalformedURLException, ExecutionException, InterruptedException {
AzureTokenCredentials tokenCredentials = new AzureTokenCredentials(AzureEnvironment.AZURE,ADProperty.tenantId) {
@Override
public String getToken(String resource) throws IOException {
String token =null;
// use msal to get Azure AD access token
ConfidentialClientApplication app = ConfidentialClientApplication.builder(
ADProperty.clientId, // sp appid
ClientCredentialFactory.createFromSecret(ADProperty.clientKey)) // sp password
.authority(ADProperty.authority) // "https://login.microsoftonline.com/" + sp tenant id
.build();
ClientCredentialParameters clientCredentialParam = ClientCredentialParameters.builder(
Collections.singleton("https://management.azure.com/.default"))
.build();
CompletableFuture<IAuthenticationResult> future = app.acquireToken(clientCredentialParam);
try {
token =future.get().accessToken();
} catch (InterruptedException e) {
e.printStackTrace();
} catch (ExecutionException e) {
e.printStackTrace();
}
return token;
}
};
Azure azure = Azure.authenticate(tokenCredentials)
.withSubscription(ADProperty.subscriptionId); // sp subscription id
DnsZone rootDnsZone = azure.dnsZones().define("mydevchat.com")
.withExistingResourceGroup("jimtest")
.create();
System.out.println("create DNSZone " + rootDnsZone.name() + " successfully");
}
[![enter image description here][2]][2]
[1]: https://i.stack.imgur.com/1kOsX.png
[2]: https://i.stack.imgur.com/EhtdV.png
</details>
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论