MSAL Java Web API 用于 DNS 和记录

huangapple go评论79阅读模式
英文:

MSAL Java web API for DNS and records

问题

如何在使用最新的MSAL库而不是基于ADAL的情况下通过Azure Web服务API在Azure服务器上创建区域DNS和记录然而DNS库支持https://github.com/Azure-Samples/dns-java-host-and-manage-your-domains,但未提到任何使用MSAL访问令牌的方式。例如,

    ApplicationTokenCredentials credentials = new ApplicationTokenCredentials(client, tenant, key, AzureEnvironment.AZURE);
    azure = Azure.authenticate(credentials).withSubscription(subscriptionId);
    ResourceGroup resourceGroup = azure.resourceGroups().define(rgName)
            .withRegion(Region.US_EAST2)
            .create();

    System.out.println("Creating root DNS zone " + customDomainName + "...");
    DnsZone rootDnsZone = azure.dnsZones().define(customDomainName)
            .withExistingResourceGroup(resourceGroup)
            .create();

但它是使用密钥而不是由MSAL提供的访问令牌。这在旧的方式中已经可以通过Azure在内部使用ADAL来实现。


<details>
<summary>英文:</summary>

How can we create zone DNS and records on Azure server using Azure web services API with latest &quot;MSAL&quot; library not ADAL based? However DNS library support https://github.com/Azure-Samples/dns-java-host-and-manage-your-domains does not mentioned any way to utilized using MSAL access token. For example

   	ApplicationTokenCredentials credentials = new ApplicationTokenCredentials(client, tenant, key, AzureEnvironment.AZURE);
	azure = Azure.authenticate(credentials).withSubscription(subscriptionId);
	ResourceGroup resourceGroup = azure.resourceGroups().define(rgName)
			.withRegion(Region.US_EAST2)
			.create();

	System.out.println(&quot;Creating root DNS zone &quot; + customDomainName + &quot;...&quot;);
	DnsZone rootDnsZone = azure.dnsZones().define(customDomainName)
			.withExistingResourceGroup(resourceGroup)
			.create();


But it is using with keys instead of access tokens provided by MSAL. This can be already achieved in old ways which is using ADAL internally by Azure.



</details>


# 答案1
**得分**: 1

如果您想使用 Azure Java 管理 SDK 使用 AD 访问令牌管理 Azure DNS,请参考以下代码:

a. 创建服务主体(我使用 Azure CLI 完成此步骤)

az login
az account set --subscription "<your subscription id>"
# 服务主体将具有 Azure Contributor 角色
az ad sp create-for-rbac -n "readMetric"

MSAL Java Web API 用于 DNS 和记录

  1. 代码
public void test() throws MalformedURLException, ExecutionException, InterruptedException {

    AzureTokenCredentials tokenCredentials = new AzureTokenCredentials(AzureEnvironment.AZURE, ADProperty.tenantId) {
        @Override
        public String getToken(String resource) throws IOException {
            String token = null;
            // 使用 msal 获取 Azure AD 访问令牌
            ConfidentialClientApplication app = ConfidentialClientApplication.builder(
                    ADProperty.clientId,  // 服务主体应用程序 ID
                    ClientCredentialFactory.createFromSecret(ADProperty.clientKey)) // 服务主体密码
                    .authority(ADProperty.authority) // "https://login.microsoftonline.com/" + 服务主体租户 ID
                    .build();
            ClientCredentialParameters clientCredentialParam = ClientCredentialParameters.builder(
                    Collections.singleton("https://management.azure.com/.default"))
                    .build();
            CompletableFuture<IAuthenticationResult> future = app.acquireToken(clientCredentialParam);
            try {
                token = future.get().accessToken();
            } catch (InterruptedException e) {
                e.printStackTrace();
            } catch (ExecutionException e) {
                e.printStackTrace();
            }
            return token;
        }
    };

    Azure azure = Azure.authenticate(tokenCredentials)
            .withSubscription(ADProperty.subscriptionId); // 服务主体订阅 ID
    DnsZone rootDnsZone = azure.dnsZones().define("mydevchat.com")
            .withExistingResourceGroup("jimtest")
            .create();
    System.out.println("成功创建 DNSZone " + rootDnsZone.name());
}

MSAL Java Web API 用于 DNS 和记录


<details>
<summary>英文:</summary>
If you want to use Azure java management SDK to manage Azure DNS with AD access token, please refer to the following code
a. create a service principal  (I use Azure CLI to do that)

az login
az account set --subscription "<your subscription id>"

the sp will have Azure Contributor role

az ad sp create-for-rbac -n "readMetric"

[![enter image description here][1]][1]
2. Code

public void test() throws MalformedURLException, ExecutionException, InterruptedException {

    AzureTokenCredentials tokenCredentials = new AzureTokenCredentials(AzureEnvironment.AZURE,ADProperty.tenantId) {
@Override
public String getToken(String resource) throws IOException {
String token =null;
// use msal to get Azure AD access token
ConfidentialClientApplication app = ConfidentialClientApplication.builder(
ADProperty.clientId,  // sp appid
ClientCredentialFactory.createFromSecret(ADProperty.clientKey)) // sp password
.authority(ADProperty.authority) // &quot;https://login.microsoftonline.com/&quot; + sp tenant id
.build();
ClientCredentialParameters clientCredentialParam = ClientCredentialParameters.builder(
Collections.singleton(&quot;https://management.azure.com/.default&quot;))
.build();
CompletableFuture&lt;IAuthenticationResult&gt; future = app.acquireToken(clientCredentialParam);
try {
token =future.get().accessToken();
} catch (InterruptedException e) {
e.printStackTrace();
} catch (ExecutionException e) {
e.printStackTrace();
}
return  token;
}
};
Azure azure = Azure.authenticate(tokenCredentials)
.withSubscription(ADProperty.subscriptionId); // sp subscription id
DnsZone rootDnsZone = azure.dnsZones().define(&quot;mydevchat.com&quot;)
.withExistingResourceGroup(&quot;jimtest&quot;)
.create();
System.out.println(&quot;create DNSZone &quot; + rootDnsZone.name() + &quot; successfully&quot;);

}

[![enter image description here][2]][2]
[1]: https://i.stack.imgur.com/1kOsX.png
[2]: https://i.stack.imgur.com/EhtdV.png
</details>

huangapple
  • 本文由 发表于 2020年4月9日 17:44:51
  • 转载请务必保留本文链接:https://go.coder-hub.com/61118265.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定