CosmosDbEx.Auth (cosmos_db_ex v0.1.0) View Source

Provides all necessary functionality to peform Cosmos Db Rest API calls with authorization.

The general authorization methods were created using the Azure documentation located here: Access control in the Azure Cosmos DB SQL API

Link to this section Summary

Functions

Generates a hashed token signature for a master token that will be used for authorization of each request to the Cosmos Db api.

Link to this section Functions

Link to this function

generate_auth_signature(http_verb, path, date, key, key_type \\ "master", token_version \\ "1.0")

View Source

Generates a hashed token signature for a master token that will be used for authorization of each request to the Cosmos Db api.

Params

  • http_verb: A HTTP verb, such as GET, POST, PUT.

  • resource_type: Identifies the type of resource that the request is for. Example: dbs, colls, docs.

  • resource_id: The identity of the resource that the request is directed at. An example for a request for a collection would be: "dbs/MyDatabase/colls/MyCollection

  • date: The UTC date and time the message is being sent. The date must conform to the format defined in RFC 7231 Date/Time Formats. Note that this must also be the date passed in the x-ms-date header. Example: "Tue, 01 Nov 1994 08:12:31 GMT".

  • key: This is the Encoded key for your Cosmos Db database. It is usually either the primary or secondary key that can be found in the Keys setting in your databases blade. Note: This key should never be saved and controlled in any repo. The key should be retrieved from something like Azure Key Vault, or an environment variable.

  • key_type: The type of key being used for authorization. This will normally be "master".

  • token_version: The version of the token, or the format rather, being sent to Cosmos Db. The current supported version is 1.0.

Remarks

I'm not really certain how much compute it takes to decode a Base64 encoded string, but there are actually Elixir libraries out there that drop down to 'C' just to make it faster. If it turns out that constantly decoding the key hampers performance then we can see about possibly storing the decoded key in ETS to reduce compute a little bit.