英文:
MSAL Java web API for DNS and records
问题
如何在使用最新的“MSAL”库而不是基于ADAL的情况下,通过Azure Web服务API在Azure服务器上创建区域DNS和记录?然而,DNS库支持https://github.com/Azure-Samples/dns-java-host-and-manage-your-domains,但未提到任何使用MSAL访问令牌的方式。例如,ApplicationTokenCredentials credentials = new ApplicationTokenCredentials(client, tenant, key, AzureEnvironment.AZURE);azure = Azure.authenticate(credentials).withSubscription(subscriptionId);ResourceGroup resourceGroup = azure.resourceGroups().define(rgName).withRegion(Region.US_EAST2).create();System.out.println("Creating root DNS zone " + customDomainName + "...");DnsZone rootDnsZone = azure.dnsZones().define(customDomainName).withExistingResourceGroup(resourceGroup).create();
但它是使用密钥而不是由MSAL提供的访问令牌。这在旧的方式中已经可以通过Azure在内部使用ADAL来实现。
<details><summary>英文:</summary>How can we create zone DNS and records on Azure server using Azure web services API with latest "MSAL" library not ADAL based? However DNS library support https://github.com/Azure-Samples/dns-java-host-and-manage-your-domains does not mentioned any way to utilized using MSAL access token. For exampleApplicationTokenCredentials credentials = new ApplicationTokenCredentials(client, tenant, key, AzureEnvironment.AZURE);azure = Azure.authenticate(credentials).withSubscription(subscriptionId);ResourceGroup resourceGroup = azure.resourceGroups().define(rgName).withRegion(Region.US_EAST2).create();System.out.println("Creating root DNS zone " + customDomainName + "...");DnsZone rootDnsZone = azure.dnsZones().define(customDomainName).withExistingResourceGroup(resourceGroup).create();But it is using with keys instead of access tokens provided by MSAL. This can be already achieved in old ways which is using ADAL internally by Azure.</details># 答案1**得分**: 1
如果您想使用 Azure Java 管理 SDK 使用 AD 访问令牌管理 Azure DNS,请参考以下代码:
a. 创建服务主体(我使用 Azure CLI 完成此步骤)
az loginaz account set --subscription "<your subscription id>"# 服务主体将具有 Azure Contributor 角色az ad sp create-for-rbac -n "readMetric"
- 代码
public void test() throws MalformedURLException, ExecutionException, InterruptedException {AzureTokenCredentials tokenCredentials = new AzureTokenCredentials(AzureEnvironment.AZURE, ADProperty.tenantId) {@Overridepublic String getToken(String resource) throws IOException {String token = null;// 使用 msal 获取 Azure AD 访问令牌ConfidentialClientApplication app = ConfidentialClientApplication.builder(ADProperty.clientId, // 服务主体应用程序 IDClientCredentialFactory.createFromSecret(ADProperty.clientKey)) // 服务主体密码.authority(ADProperty.authority) // "https://login.microsoftonline.com/" + 服务主体租户 ID.build();ClientCredentialParameters clientCredentialParam = ClientCredentialParameters.builder(Collections.singleton("https://management.azure.com/.default")).build();CompletableFuture<IAuthenticationResult> future = app.acquireToken(clientCredentialParam);try {token = future.get().accessToken();} catch (InterruptedException e) {e.printStackTrace();} catch (ExecutionException e) {e.printStackTrace();}return token;}};Azure azure = Azure.authenticate(tokenCredentials).withSubscription(ADProperty.subscriptionId); // 服务主体订阅 IDDnsZone rootDnsZone = azure.dnsZones().define("mydevchat.com").withExistingResourceGroup("jimtest").create();System.out.println("成功创建 DNSZone " + rootDnsZone.name());}
<details><summary>英文:</summary>If you want to use Azure java management SDK to manage Azure DNS with AD access token, please refer to the following codea. create a service principal (I use Azure CLI to do that)
az login
az account set --subscription "<your subscription id>"
the sp will have Azure Contributor role
az ad sp create-for-rbac -n "readMetric"
[![enter image description here][1]][1]2. Code
public void test() throws MalformedURLException, ExecutionException, InterruptedException {
AzureTokenCredentials tokenCredentials = new AzureTokenCredentials(AzureEnvironment.AZURE,ADProperty.tenantId) {@Overridepublic String getToken(String resource) throws IOException {String token =null;// use msal to get Azure AD access tokenConfidentialClientApplication app = ConfidentialClientApplication.builder(ADProperty.clientId, // sp appidClientCredentialFactory.createFromSecret(ADProperty.clientKey)) // sp password.authority(ADProperty.authority) // "https://login.microsoftonline.com/" + sp tenant id.build();ClientCredentialParameters clientCredentialParam = ClientCredentialParameters.builder(Collections.singleton("https://management.azure.com/.default")).build();CompletableFuture<IAuthenticationResult> future = app.acquireToken(clientCredentialParam);try {token =future.get().accessToken();} catch (InterruptedException e) {e.printStackTrace();} catch (ExecutionException e) {e.printStackTrace();}return token;}};Azure azure = Azure.authenticate(tokenCredentials).withSubscription(ADProperty.subscriptionId); // sp subscription idDnsZone rootDnsZone = azure.dnsZones().define("mydevchat.com").withExistingResourceGroup("jimtest").create();System.out.println("create DNSZone " + rootDnsZone.name() + " successfully");
}
[![enter image description here][2]][2][1]: https://i.stack.imgur.com/1kOsX.png[2]: https://i.stack.imgur.com/EhtdV.png</details>
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论