我们如何使用 Azure Web 服务 API 以及不基于 ADAL 的最新“MSAL”库在 Azure 服务器上创建区域 DNS 和记录?但是 DNS 库支持 https://github.com/Azure-Samples/dns-java-host-and-manage-your-domains没有提到使用 MSAL 访问 token 的任何方式。例如
ApplicationTokenCredentials credentials = new ApplicationTokenCredentials(client, tenant, key, AzureEnvironment.AZURE);
azure = Azure.authenticate(credentials).withSubscription(subscriptionId);
ResourceGroup resourceGroup = azure.resourceGroups().define(rgName)
.withRegion(Region.US_EAST2)
.create();
System.out.println("Creating root DNS zone " + customDomainName + "...");
DnsZone rootDnsZone = azure.dnsZones().define(customDomainName)
.withExistingResourceGroup(resourceGroup)
.create();
但它使用 key 而不是 MSAL 提供的访问 token 。这已经可以通过 Azure 内部使用 ADAL 的旧方法来实现。
最佳答案
如果您想使用Azure java管理SDK通过AD访问 token 管理Azure DNS,请引用以下代码
a.创建服务主体(我使用 Azure CLI 来执行此操作)
az login
az account set --subscription "<your subscription id>"
# the sp will have Azure Contributor role
az ad sp create-for-rbac -n "readMetric"
- 代码
public void test() throws MalformedURLException, ExecutionException, InterruptedException {
AzureTokenCredentials tokenCredentials = new AzureTokenCredentials(AzureEnvironment.AZURE,ADProperty.tenantId) {
@Override
public String getToken(String resource) throws IOException {
String token =null;
// use msal to get Azure AD access token
ConfidentialClientApplication app = ConfidentialClientApplication.builder(
ADProperty.clientId, // sp appid
ClientCredentialFactory.createFromSecret(ADProperty.clientKey)) // sp password
.authority(ADProperty.authority) // "https://login.microsoftonline.com/" + sp tenant id
.build();
ClientCredentialParameters clientCredentialParam = ClientCredentialParameters.builder(
Collections.singleton("https://management.azure.com/.default"))
.build();
CompletableFuture<IAuthenticationResult> future = app.acquireToken(clientCredentialParam);
try {
token =future.get().accessToken();
} catch (InterruptedException e) {
e.printStackTrace();
} catch (ExecutionException e) {
e.printStackTrace();
}
return token;
}
};
Azure azure = Azure.authenticate(tokenCredentials)
.withSubscription(ADProperty.subscriptionId); // sp subscription id
DnsZone rootDnsZone = azure.dnsZones().define("mydevchat.com")
.withExistingResourceGroup("jimtest")
.create();
System.out.println("create DNSZone " + rootDnsZone.name() + " successfully");
}
关于java - 用于 DNS 和记录的 MSAL Java Web API,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61118265/