如何获取脚本才能访问Azure存储过程所需的令牌?

时间:2018-10-05 14:59:27

标签: azure stored-procedures azure-cosmosdb

我有一个蔚蓝的存储过程,我需要用一个python脚本来打它,我打算将它作为网络作业上传,安排它每天运行一次。

我一直在阅读executing a stored procedure上的文档,用于Azure Cosmos DB Rest调用的common request headersaccess control上的页面,但是访问控制页面提到这些键是仅用于读取查询(因此,我假定不用于访问存储过程,该存储过程有权执行任何类型的查询,否则似乎是一个巨大的漏洞漏洞)。

我需要专门了解如何从python中的Azure中获取密钥以击中存储过程终结点?

更新1

最后,我能够构造Authorization字符串,并将其与其他一些标头一起发送到服务器。但是我仍然收到未经授权的回复。

响应:

{
    "code": "Unauthorized",
    "message": "The input authorization token can't serve the request. Please check that the expected payload is built as per the protocol, and check the key being used. Server used the following payload to sign: 'post\nsprocs\ndbs/metrics/colls/LoungeVisits/sprocs/calculateAverage\nfri, 05 oct 2018 19:06:17 gmt\n\n'\r\nActivityId: 41cd36af-ad0e-40c3-84c8-761ebd14bf6d, Microsoft.Azure.Documents.Common/2.1.0.0"
}

请求标头:

{
    Authorization: [my-auth-string],
    x-ms-version: "2017-02-22", //My DB was created after this, the latest version, so I assume it uses this version; can I verify this somehow?
    x-ms-date: "Fri, 05 Oct 2018 19:06:17 GMT", // My js for returning the auth string also returns the date, so I copy both in
    Content-Type: application/json
}

代码以生成身份验证字符串,然后将其复制/粘贴到邮递员中:

var crypto = require("crypto");

var inputKey = "my-key-from-azure";

var today = new Date().toUTCString();

console.log(today);

console.log(getAuthorizationTokenUsingMasterKey("POST", "dbs", "dbs/ToDoList", today, inputKey))

function getAuthorizationTokenUsingMasterKey(verb, resourceType, resourceId, date, masterKey) 
 {  
    var key = new Buffer(masterKey, "base64");  

    var text = (verb || "").toLowerCase() + "\n" +   
           (resourceType || "").toLowerCase() + "\n" +   
           (resourceId || "") + "\n" +   
           date.toLowerCase() + "\n" +   
           "" + "\n";  

    var body = new Buffer(text, "utf8");  
    var signature = crypto.createHmac("sha256", key).update(body).digest("base64");  

    var MasterToken = "master";  

    var TokenVersion = "1.0";  

    return encodeURIComponent("type=" + MasterToken + "&ver=" + TokenVersion + "&sig=" + signature);  
}

2 个答案:

答案 0 :(得分:1)

关于authorization headers的页面适用于任何Cosmos DB REST请求:查询,存储过程等。

答案 1 :(得分:0)

Azure cosmos DB具有python SDK,这是此类方案的推荐和支持方式。

Python SDK代码也是开源的。这是对auth标头创建代码enter link description here

的引用
相关问题
最新问题