Azure Cosmos DocumentDB API via PowerShell

Question

I am trying to access the DocumentDB via Powershell and have converted the c# code to powershell, but I keep getting The remote server returned an error: (401) Unauthorized.

Can anyone see any errors in my code:

$Verb = 'get'

$resourceId = 'dbs/ToDoList'

$resourceType = 'dbs'

$Key = 'UVxrMX2hcmvc5bL6HTU3xZz9qt5KnCK587IDehOJjLki4xjPcTlAbyxZnyq12XqtynSZuyVJD8EDQhDrEIAYYg=='

$KeyType = 'master'

$tokenVersion = '1.0'



$UTCDate = $(Get-Date).ToUniversalTime().ToString('r',[System.Globalization.CultureInfo]::InvariantCulture)

$keyBytes = [System.Convert]::FromBase64String($Key)

$hmacSha256 = new-object -TypeName System.Security.Cryptography.HMACSHA256 -ArgumentList (,$keyBytes)

[string]$Payload = "{0}`n{1}`n{2}`n{3}`n{4}`n" -f $Verb.ToLowerInvariant(),$resourceType.ToLowerInvariant(),$resourceId.ToLowerInvariant(),$UTCDate.ToLowerInvariant(),''

$hashPayLoad = $hmacSha256.ComputeHash([Text.Encoding]::UTF8.GetBytes($PayLoad.ToLowerInvariant()))

$signature = [System.Convert]::ToBase64String($hashPayLoad)

[string]$authorizationFormat = 'type={0}&ver={1}&sig={2}' -f $keyType,$tokenVersion,$signature



$Token = [System.Web.HttpUtility]::UrlEncode($authorizationFormat)

$Date = $UTCDate



$header=@{

"authorization" = $Token

"x-ms-version" = "2015-12-16"

"x-ms-date" = $date

}



Invoke-RestMethod -Uri https://mycosmostest.documents.azure.com/dbs/ToDoList -Headers $header -Method get -ContentType "application/json" 

Error:

Invoke-RestMethod : The remote server returned an error: (401) Unauthorized.

At C:\Users\axban\Documents\Scripts\Cosmostest.ps1:25 char:1

+ Invoke-RestMethod -Uri https://mycosmostest.documents.azure.com/dbs/T ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException

    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

The variables looks like this:

$UTCDate

Wed, 06 Sep 2017 06:18:56 GMT



$hmacSha256
Key                        : {81, 92, 107, 49...}

HashName                   : SHA256

HashSize                   : 256

Hash                       : {209, 150, 153, 51...}

InputBlockSize             : 1

OutputBlockSize            : 1

CanTransformMultipleBlocks : True

CanReuseTransform          : True



$Payload
get

dbs

dbs/todolist

wed, 06 sep 2017 06:18:56 gmt





$authorizationFormat
type=master&ver=1.0&sig=0ZaZM6KN54zH0PiEC8IwMqUeFnTODVSEJta+MvWG+aU=

$Token
type%3dmaster%26ver%3d1.0%26sig%3d0ZaZM6KN54zH0PiEC8IwMqUeFnTODVSEJta%2bMvWG%2baU%3d

Answer 1

Got a little further today. I can query CosmosDB and get a list of databases by changing the resourceID and the URI accordingly like this:

$resourceId = ''

Invoke-RestMethod -Uri https://mycosmostest.documents.azure.com/dbs -Headers $header -Method get -ContentType "application/json"

I suppose that means, that the Access Token creation works.

And a little more poking around made it clear, that I could retrieve documents by using the rid in stead of the id:

    $ResourceId = 'UQJvAL+ePAA=' 
    $ResourceType = 'docs'
    $uri = 'https://axcosmostest.documents.azure.com/dbs/UQJvAA==/colls/UQJvAL+ePAA=/docs'

After generating a new date and token:

Invoke-RestMethod -Uri $uri -Headers $header -Method GET -ContentType "application/json"

and it works!

But how can I make the query with the more human id's of the objects?

Answer 2

Figured it out - most of it. Feel free to test the result: https://github.com/Agazoth/AxCosmosDB

The query part is still buggy. Please feel free to contribute to a solution.