Search code examples
javaazurednsazure-ad-msal

MSAL Java web API for DNS and records

How can we create zone DNS and records on Azure server using Azure web services API with latest "MSAL" library not ADAL based? However DNS library support https://github.com/Azure-Samples/dns-java-host-and-manage-your-domains does not mentioned any way to utilized using MSAL access token. For example

ApplicationTokenCredentials credentials = new ApplicationTokenCredentials(client, tenant, key, AzureEnvironment.AZURE);
azure = Azure.authenticate(credentials).withSubscription(subscriptionId);
ResourceGroup resourceGroup = azure.resourceGroups().define(rgName)
        .withRegion(Region.US_EAST2)
        .create();

System.out.println("Creating root DNS zone " + customDomainName + "...");
DnsZone rootDnsZone = azure.dnsZones().define(customDomainName)
        .withExistingResourceGroup(resourceGroup)
        .create();

But it is using with keys instead of access tokens provided by MSAL. This can be already achieved in old ways which is using ADAL internally by Azure.

Solution

  • If you want to use Azure java management SDK to manage Azure DNS with AD access token, please refer to the following code

    a. create a service principal (I use Azure CLI to do that)

    az login
az account set --subscription "<your subscription id>"
# the sp will have Azure Contributor role
az ad sp create-for-rbac -n "readMetric"

    enter image description here

    1. Code
     public void test() throws MalformedURLException, ExecutionException, InterruptedException {



        AzureTokenCredentials tokenCredentials = new AzureTokenCredentials(AzureEnvironment.AZURE,ADProperty.tenantId) {
            @Override
            public String getToken(String resource) throws IOException {
                String token =null;
                // use msal to get Azure AD access token
                ConfidentialClientApplication app = ConfidentialClientApplication.builder(
                        ADProperty.clientId,  // sp appid
                        ClientCredentialFactory.createFromSecret(ADProperty.clientKey)) // sp password
                        .authority(ADProperty.authority) // "https://login.microsoftonline.com/" + sp tenant id
                        .build();
                ClientCredentialParameters clientCredentialParam = ClientCredentialParameters.builder(
                        Collections.singleton("https://management.azure.com/.default"))
                        .build();
                CompletableFuture<IAuthenticationResult> future = app.acquireToken(clientCredentialParam);
                try {
                    token =future.get().accessToken();

                } catch (InterruptedException e) {
                    e.printStackTrace();
                } catch (ExecutionException e) {
                    e.printStackTrace();
                }
                return  token;
            }
        };


        Azure azure = Azure.authenticate(tokenCredentials)
                .withSubscription(ADProperty.subscriptionId); // sp subscription id
        DnsZone rootDnsZone = azure.dnsZones().define("mydevchat.com")
                .withExistingResourceGroup("jimtest")
                .create();
        System.out.println("create DNSZone " + rootDnsZone.name() + " successfully");
}

    enter image description here