Получение документа с использованием фильтра в azure cosmosdb с использованием Invoke-RestMethod дает 401

Question

Мне удалось извлечь все документы из коллекции Azure, используя Get-Documents, однако, когда я превращаю ее в сообщение и передаю текст, я получаю неавторизованный ответ.

Если вы создадите базу данных cosmos (tempdb) и коллекцию (tempcoll) и попробуете следующее, вы увидите, что вы можете получить все документы, но я не могу их отфильтровать.

Add-Type -AssemblyName System.Web

# generate authorization key
Function Generate-MasterKeyAuthorizationSignature
{
    [CmdletBinding()]
    Param
    (
        [Parameter(Mandatory=$true)][String]$verb,
        [Parameter(Mandatory=$true)][String]$resourceLink,
        [Parameter(Mandatory=$true)][String]$resourceType,
        [Parameter(Mandatory=$true)][String]$dateTime,
        [Parameter(Mandatory=$true)][String]$key,
        [Parameter(Mandatory=$true)][String]$keyType,
        [Parameter(Mandatory=$true)][String]$tokenVersion
    )

    $hmacSha256 = New-Object System.Security.Cryptography.HMACSHA256
    $hmacSha256.Key = [System.Convert]::FromBase64String($key)

    $payLoad = "$($verb.ToLowerInvariant())`n$($resourceType.ToLowerInvariant())`n$resourceLink`n$($dateTime.ToLowerInvariant())`n`n"
    Write-Host "payLoad:  '$payLoad'"
    $hashPayLoad = $hmacSha256.ComputeHash([System.Text.Encoding]::UTF8.GetBytes($payLoad))
    $signature = [System.Convert]::ToBase64String($hashPayLoad);
    [System.Web.HttpUtility]::UrlEncode("type=$keyType&ver=$tokenVersion&sig=$signature")
} 




Function Get-Documents {
    [CmdletBinding()]
    Param(
        [Parameter(Mandatory = $true)][String]$EndPoint, 
        [Parameter(Mandatory = $true)][String]$MasterKey,
        [Parameter(Mandatory = $true)][String]$DatabaseName,
        [Parameter(Mandatory = $true)][String]$Collection,
        [String]$Verb = "GET"  

    )
    $ResourceType = "docs" 
    $ResourceLink = "dbs/$DatabaseName/colls/$Collection"  

    $dateTime = [DateTime]::UtcNow.ToString("r")
    $authHeader = Generate-MasterKeyAuthorizationSignature -verb $Verb -resourceLink $ResourceLink -resourceType $ResourceType -key $MasterKey -keyType "master" -tokenVersion "1.0" -dateTime $dateTime
    $header = @{authorization = $authHeader; "x-ms-version" = "2016-07-11"; "x-ms-date" = $dateTime }
    $contentType = "application/json" 
    $queryUri = "$EndPoint$ResourceLink/docs"

    Write-Host "Verb = '$Verb'"
    Write-Host "contentType = '$contentType'"
    Write-Host "queryUri = '$queryUri'"  

    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12  

    $result = try { 
        Invoke-RestMethod -Method $Verb -ContentType $contentType -Uri $queryUri -Headers $header  -ErrorAction Continue
    }
    catch{
        Write-Host "StatusCode:" $_.Exception.Response.StatusCode.value__ 
        Write-Host "StatusDescription:" $_.Exception.Response.StatusDescription
        $response = $_.Exception.Response
        Write-Host "******** response *******"
        Write-Host ($response | Format-List | Out-String)
    }
    Write-Host "******** result *******"
    Write-Host ($result | Format-List | Out-String)
    return $result


}

Function Get-Document {
    [CmdletBinding()]
    Param(
        [Parameter(Mandatory = $true)][String]$EndPoint, 
        [Parameter(Mandatory = $true)][String]$MasterKey,
        [Parameter(Mandatory = $true)][String]$DatabaseName,
        [Parameter(Mandatory = $true)][String]$Collection,
        [String]$Verb = "POST" , 
        [Parameter(Mandatory = $true)][String]$JSON

    )
    $ResourceType = "docs" 
    $ResourceLink = "dbs/$DatabaseName/colls/$Collection"  

    $dateTime = [DateTime]::UtcNow.ToString("r")
    $authHeader = Generate-MasterKeyAuthorizationSignature -verb $Verb -resourceLink $ResourceLink -resourceType $ResourceType -key $MasterKey -keyType "master" -tokenVersion "1.0" -dateTime $dateTime
    $header = @{authorization = $authHeader; "x-ms-version" = "2016-07-11"; "x-ms-date" = $dateTime } 
    $contentType = "application/json" 
    $queryUri = "$EndPoint$ResourceLink/docs"

    Write-Host "Verb = '$Verb'"
    Write-Host "contentType = '$contentType'"
    Write-Host "queryUri = '$queryUri'" 
    Write-Host "JSON = '$JSON'"

    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12  

    $result = try { 
        Invoke-RestMethod -Method $Verb -ContentType $contentType -Uri $queryUri -Headers $header  -Body $JSON  -ErrorAction Continue
    }
    catch{
        Write-Host "StatusCode:" $_.Exception.Response.StatusCode.value__ 
        Write-Host "StatusDescription:" $_.Exception.Response.StatusDescription
        $response = $_.Exception.Response
        Write-Host "******** response *******"
        Write-Host ($response | Format-List | Out-String)
    }

    return $result
}




$CosmosDBEndPoint = "https://<omitted>.documents.azure.com:443/"  
$DatabaseName = "tempdb" 
$Collection = "tempcoll" 
$MasterKey = "<omitted>=="  



$result =Get-Documents -EndPoint $CosmosDBEndPoint -MasterKey $MasterKey -DatabaseName $DatabaseName -Collection $Collection 
Write-Host ($result | Format-List | Out-String)
Write-Host ($result.Documents | Format-List | Out-String)


$json = @"
{ 
    "query": "SELECT * FROM Families f WHERE f.id = @familyId",     
    "parameters": [          
        {"name": "@familyId", "value": "MackFamily"}         
    ] 
}
"@ 

$result = Get-Document  -EndPoint $CosmosDBEndPoint -MasterKey $ReadOnlyKey -DatabaseName  $DatabaseName  -Collection  $Collection -JSON $json
Write-Host ($result | Format-List | Out-String)
Write-Host ($result.Documents | Format-List | Out-String)

вызов Get-Documents возвращает

******** result *******
id           : AndersenFamily
lastName     : Andersen  
_rid         : 1q5JAOdNUZ8CAAAAAAAAAA==
_self        : dbs/1q5JAA==/colls/1q5JAOdNUZ8=/docs/1q5JAOdNUZ8CAAAAAAAAAA==/
_etag        : "2f014575-0000-0100-0000-5db329450000"
_attachments : attachments/
_ts          : 1572022597

id           : JoeyFamily
lastName     : Joey
_rid         : 1q5JAOdNUZ8EAAAAAAAAAA==
_self        : dbs/1q5JAA==/colls/1q5JAOdNUZ8=/docs/1q5JAOdNUZ8EAAAAAAAAAA==/
_etag        : "3101ba10-0000-0100-0000-5db357310000"
_attachments : attachments/
_ts          : 1572034353

id           : MackFamily
lastName     : Mack
_rid         : 1q5JAOdNUZ8IAAAAAAAAAA==
_self        : dbs/1q5JAA==/colls/1q5JAOdNUZ8=/docs/1q5JAOdNUZ8IAAAAAAAAAA==/
_etag        : "14002a60-0000-0100-0000-5db83f2b0000"
_attachments : attachments/
_ts          : 1572355883

Get-Documents использует те же заголовки аутентификации, но возвращает 401

StatusCode: 401
StatusDescription: Unauthorized
******** response *******


IsMutuallyAuthenticated : False
Cookies                 : {}
Headers                 : {Transfer-Encoding, x-ms-activity-id, Strict-Transport-Security, x-ms-gatewayversion...}
SupportsHeaders         : True
ContentLength           : -1
ContentEncoding         : 
ContentType             : application/json
CharacterSet            : 
Server                  : Microsoft-HTTPAPI/2.0
LastModified            : 10/29/2019 9:14:27 AM
StatusCode              : Unauthorized
StatusDescription       : Unauthorized
ProtocolVersion         : 1.1
ResponseUri             : https://<omitted>.documents.azure.com/dbs/tempdb/colls/tempcoll/docs
Method                  : POST
IsFromCache             : False

, есть ли способполучить больше данных из ответа или внутри лазурного портала?