[英]How to construct the hashed token signature for Azure Cosmos DB REST API to list users?
根據 Cosmos DB REST API 的文檔,對於每個 API 調用,都必須設置 Authorization 標頭。 此值的構造如下所述: https : //docs.microsoft.com/en-us/rest/api/cosmos-db/access-control-on-cosmosdb-resources
我在 Python 中實現這一點如下:
def get_authorisation_token(verb, resource_type, resource_id, date, master_key):
key = base64.b64decode(master_key)
text = f"""{verb.lower()}\n{resource_type.lower()}\n{resource_id.lower()}\n{date.lower()}\n\n"""
text_encoded = text.encode('utf-8')
signature_hash = hmac.new(key, text_encoded, digestmod=hashlib.sha256).digest()
signature = base64.b64encode(signature_hash).decode()
key_type = 'master'
version = '1.0'
uri = f'type={key_type}&ver={version}&sig={signature}'
uri_encoded = urllib.parse.quote(uri)
return uri_encoded
由於每次調用都會發送此信息,因此需要重新創建身份驗證令牌以匹配請求 URL。 因此,例如要獲取數據庫列表,必須提供資源類型為dbs ,資源鏈接/ID 為空字符串,URL 為: https://{databaseaccount}.documents.azure.com/dbs/
我無法弄清楚的部分是資源類型和資源 ID/鏈接的正確組合,以從特定數據庫中獲取所有用戶。 文檔可以在這里找到: https : //docs.microsoft.com/en-us/rest/api/cosmos-db/list-users
我嘗試了一些組合,但沒有返回用戶,我只得到 401:
{
"code": "Unauthorized",
"message": "The input authorization token can't serve the request. Please check that the expected payload is built as per the protocol, and check the key being used. Server used the following payload to sign: 'get\nusers\ndbs/<db_name>\nmon, 09 nov 2020 23:37:24 gmt\n\n'\r\nActivityId: 697a4159-f160-4aab-ae90-6cb5eaadb710, Microsoft.Azure.Documents.Common/2.11.0"
}
關於該問題,請參考以下代碼
from wsgiref.handlers import format_date_time
from datetime import datetime
from time import mktime
import base64
from urllib.parse import quote
import hmac
from hashlib import sha256
import requests
from azure.cosmos.auth import GetAuthorizationHeader
from azure.cosmos.cosmos_client import CosmosClientConnection
master_key = ''
database_name = ''
key = base64.b64decode(master_key)
verb = 'GET'
resource_type = 'users'
resource_id = f'dbs/{database_name}'
now = datetime.now()
stamp = mktime(now.timetuple())
date = format_date_time(stamp)
print(date)
text = "{verb}\n{resource_type}\n{resource_id}\n{date}\n{other}\n".format(
verb=(verb.lower() or ''),
resource_type=(resource_type.lower() or ""),
resource_id=(resource_id or ""),
date=date.lower(),
other="".lower())
body = text.encode("utf-8")
digest = hmac.new(key, body, sha256).digest()
signature = base64.encodebytes(digest).decode("utf-8")
key_type = 'master'
version = '1.0'
uri = f'type={key_type}&ver={version}&sig={signature[:-1]}'
uri_encoded = quote(uri)
url = "https://<>.documents.azure.com:443/dbs/<>/users"
payload = {}
headers = {
'Authorization': uri_encoded,
'x-ms-date': date,
'x-ms-version': '2018-12-31'
}
response = requests.request("GET", url, headers=headers, data=payload)
print(response.text)
如何在python中為cosmos db生成其余授權令牌?
[英]How do I generate the rest authorization token for cosmos db in python?
使用 python 的 azure cosmos db SQL API 地理空間數據
[英]Geospatial data with azure cosmos db SQL API using python
如何將Upsert json文件批量添加到Azure Cosmos DB(documentDB模塊)?
[英]How to bulk Upsert json files to azure Cosmos DB (documentDB module)?
在 Python - Azure Api Z55276C10D14E1DF7713BE4 管理中創建共享訪問簽名
[英]Create Shared Access Signature in Python - Azure Api Rest Management
如何使用Cassandra API將Python的cosmos_client連接到Cosmos數據庫實例?
[英]How to connect Python's cosmos_client to Cosmos DB instance using Cassandra API?
更新/合並操作在Azure Cosmos DB(表API)中找不到實體
[英]Update/merge operation can't find Entity in Azure Cosmos DB (Table API)
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.