英文:

MSAL Java web API for DNS and records

问题

如何在使用最新的“MSAL”库而不是基于ADAL的情况下，通过Azure Web服务API在Azure服务器上创建区域DNS和记录？然而，DNS库支持https://github.com/Azure-Samples/dns-java-host-and-manage-your-domains，但未提到任何使用MSAL访问令牌的方式。例如，

    ApplicationTokenCredentials credentials = new ApplicationTokenCredentials(client, tenant, key, AzureEnvironment.AZURE);
    azure = Azure.authenticate(credentials).withSubscription(subscriptionId);
    ResourceGroup resourceGroup = azure.resourceGroups().define(rgName)
            .withRegion(Region.US_EAST2)
            .create();

    System.out.println("Creating root DNS zone " + customDomainName + "...");
    DnsZone rootDnsZone = azure.dnsZones().define(customDomainName)
            .withExistingResourceGroup(resourceGroup)
            .create();

但它是使用密钥而不是由MSAL提供的访问令牌。这在旧的方式中已经可以通过Azure在内部使用ADAL来实现。

<details>
<summary>英文:</summary>

How can we create zone DNS and records on Azure server using Azure web services API with latest &quot;MSAL&quot; library not ADAL based? However DNS library support https://github.com/Azure-Samples/dns-java-host-and-manage-your-domains does not mentioned any way to utilized using MSAL access token. For example

   	ApplicationTokenCredentials credentials = new ApplicationTokenCredentials(client, tenant, key, AzureEnvironment.AZURE);
	azure = Azure.authenticate(credentials).withSubscription(subscriptionId);
	ResourceGroup resourceGroup = azure.resourceGroups().define(rgName)
			.withRegion(Region.US_EAST2)
			.create();

	System.out.println(&quot;Creating root DNS zone &quot; + customDomainName + &quot;...&quot;);
	DnsZone rootDnsZone = azure.dnsZones().define(customDomainName)
			.withExistingResourceGroup(resourceGroup)
			.create();


But it is using with keys instead of access tokens provided by MSAL. This can be already achieved in old ways which is using ADAL internally by Azure.



</details>


# 答案1
**得分**: 1

如果您想使用 Azure Java 管理 SDK 使用 AD 访问令牌管理 Azure DNS，请参考以下代码：

a. 创建服务主体（我使用 Azure CLI 完成此步骤）

az login
az account set --subscription "<your subscription id>"
# 服务主体将具有 Azure Contributor 角色
az ad sp create-for-rbac -n "readMetric"

2. 代码

public void test() throws MalformedURLException, ExecutionException, InterruptedException {

    AzureTokenCredentials tokenCredentials = new AzureTokenCredentials(AzureEnvironment.AZURE, ADProperty.tenantId) {
        @Override
        public String getToken(String resource) throws IOException {
            String token = null;
            // 使用 msal 获取 Azure AD 访问令牌
            ConfidentialClientApplication app = ConfidentialClientApplication.builder(
                    ADProperty.clientId,  // 服务主体应用程序 ID
                    ClientCredentialFactory.createFromSecret(ADProperty.clientKey)) // 服务主体密码
                    .authority(ADProperty.authority) // "https://login.microsoftonline.com/" + 服务主体租户 ID
                    .build();
            ClientCredentialParameters clientCredentialParam = ClientCredentialParameters.builder(
                    Collections.singleton("https://management.azure.com/.default"))
                    .build();
            CompletableFuture<IAuthenticationResult> future = app.acquireToken(clientCredentialParam);
            try {
                token = future.get().accessToken();
            } catch (InterruptedException e) {
                e.printStackTrace();
            } catch (ExecutionException e) {
                e.printStackTrace();
            }
            return token;
        }
    };

    Azure azure = Azure.authenticate(tokenCredentials)
            .withSubscription(ADProperty.subscriptionId); // 服务主体订阅 ID
    DnsZone rootDnsZone = azure.dnsZones().define("mydevchat.com")
            .withExistingResourceGroup("jimtest")
            .create();
    System.out.println("成功创建 DNSZone " + rootDnsZone.name());
}

<details>
<summary>英文:</summary>
If you want to use Azure java management SDK to manage Azure DNS with AD access token, please refer to the following code
a. create a service principal  (I use Azure CLI to do that)

az login
az account set --subscription "<your subscription id>"

the sp will have Azure Contributor role

az ad sp create-for-rbac -n "readMetric"

[![enter image description here][1]][1]
2. Code

public void test() throws MalformedURLException, ExecutionException, InterruptedException {

    AzureTokenCredentials tokenCredentials = new AzureTokenCredentials(AzureEnvironment.AZURE,ADProperty.tenantId) {
@Override
public String getToken(String resource) throws IOException {
String token =null;
// use msal to get Azure AD access token
ConfidentialClientApplication app = ConfidentialClientApplication.builder(
ADProperty.clientId,  // sp appid
ClientCredentialFactory.createFromSecret(ADProperty.clientKey)) // sp password
.authority(ADProperty.authority) // "https://login.microsoftonline.com/" + sp tenant id
.build();
ClientCredentialParameters clientCredentialParam = ClientCredentialParameters.builder(
Collections.singleton("https://management.azure.com/.default"))
.build();
CompletableFuture<IAuthenticationResult> future = app.acquireToken(clientCredentialParam);
try {
token =future.get().accessToken();
} catch (InterruptedException e) {
e.printStackTrace();
} catch (ExecutionException e) {
e.printStackTrace();
}
return  token;
}
};
Azure azure = Azure.authenticate(tokenCredentials)
.withSubscription(ADProperty.subscriptionId); // sp subscription id
DnsZone rootDnsZone = azure.dnsZones().define("mydevchat.com")
.withExistingResourceGroup("jimtest")
.create();
System.out.println("create DNSZone " + rootDnsZone.name() + " successfully");

}

[![enter image description here][2]][2]
[1]: https://i.stack.imgur.com/1kOsX.png
[2]: https://i.stack.imgur.com/EhtdV.png
</details>