我正在尝试在现有存储帐户(数据湖gen2)中创建文件系统。我不知道我要执行的代码是什么问题。我一直在寻找解决方案,但找不到任何解决方案。
代码如下:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
#name of created storage account
$accountName = 'multiprotocoladls2'
#name of file system that i want to create in existing storage account
$fsName= 'multiprotoadls2fs'
$token = 'here is my token'
$header = @{
"Content-Length"="0";
"x-ms-version"="2018-11-09";
"Authorization"="Bearer $token"
}
$uri = "https://$accountName.dfs.core.windows.net/" + $fsName + "?resource=filesystem"
Write-Host $uri
Invoke-RestMethod -Uri $uri -Method 'PUT' -Headers $header
我遇到以下错误:
Invoke-RestMethod : {"error":{"code":"AuthenticationFailed","message":"Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly includin
g the signature.\nRequestId:723b78a9-a01f-002e-6973-5801e3000000\nTime:2019-08-21T22:53:41.6191544Z"}}
我不知道为什么。我检查了标头等中的参数,尝试根据文档进行所有操作。
https://docs.microsoft.com/en-us/rest/api/storageservices/datalakestoragegen2/filesystem/create
任何人都可以给我一个提示,我该如何克服这个问题?
答案 0 :(得分:1)
这是身份验证问题。
关于如何将ADLS Gen2 api
与powershell一起使用的情况,这是一个很好的article,对我来说很好。
我自己测试过的代码:
$StorageAccountName="xxx"
$FilesystemName="xxx"
$AccessKey="xxx"
$date = [System.DateTime]::UtcNow.ToString("R") # ex: Sun, 10 Mar 2019 11:50:10 GMT
$n = "`n"
$method = "PUT"
$stringToSign = "$method$n" #VERB
$stringToSign += "$n" # Content-Encoding + "\n" +
$stringToSign += "$n" # Content-Language + "\n" +
$stringToSign += "$n" # Content-Length + "\n" +
$stringToSign += "$n" # Content-MD5 + "\n" +
$stringToSign += "$n" # Content-Type + "\n" +
$stringToSign += "$n" # Date + "\n" +
$stringToSign += "$n" # If-Modified-Since + "\n" +
$stringToSign += "$n" # If-Match + "\n" +
$stringToSign += "$n" # If-None-Match + "\n" +
$stringToSign += "$n" # If-Unmodified-Since + "\n" +
$stringToSign += "$n" # Range + "\n" +
$stringToSign +=
<# SECTION: CanonicalizedHeaders + "\n" #>
"x-ms-date:$date" + $n +
"x-ms-version:2018-11-09" + $n #
<# SECTION: CanonicalizedHeaders + "\n" #>
$stringToSign +=
<# SECTION: CanonicalizedResource + "\n" #>
"/$StorageAccountName/$FilesystemName" + $n +
"resource:filesystem"#
<# SECTION: CanonicalizedResource + "\n" #>
$sharedKey = [System.Convert]::FromBase64String($AccessKey)
$hasher = New-Object System.Security.Cryptography.HMACSHA256
$hasher.Key = $sharedKey
$signedSignature = [System.Convert]::ToBase64String($hasher.ComputeHash([System.Text.Encoding]::UTF8.GetBytes($stringToSign)))
$authHeader = "SharedKey ${StorageAccountName}:$signedSignature"
$headers = @{"x-ms-date"=$date}
$headers.Add("x-ms-version","2018-11-09")
$headers.Add("Authorization",$authHeader)
$URI = "https://$StorageAccountName.dfs.core.windows.net/" + $FilesystemName + "?resource=filesystem"
Try {
Invoke-RestMethod -method $method -Uri $URI -Headers $headers # returns empty response
}
catch {
$ErrorMessage = $_.Exception.Message
$StatusDescription = $_.Exception.Response.StatusDescription
$false
Throw $ErrorMessage + " " + $StatusDescription
}