通过PowerShell在ADLS Gen2中重命名文件名的异常

问题描述 投票:0回答:1

我能够使用PowerShell和ADLS Gen 2 REST API在ADLS中创建文件和文件夹。但是,我在重命名文件时遇到了麻烦。我在标题中使用“ x-ms-rename-source”,但其引发异常。

代码:

$n = '`n'
$stringToSign +=
#SECTION: CanonicalizedHeaders + “\n” #
“x-ms-date:$date” + $n +
“x-ms-version:2018-11-09” + $n +
“x-ms-rename-source:/adlsg2filesystemname/folderpath/filename” + $n
$stringToSign +=
# SECTION: CanonicalizedResource + “\n” #
“/$StorageAccountName/$FilesystemName” + $PathToCreate + $n

$sharedKey = [System.Convert]::FromBase64String($AccessKey)
$hasher = New-Object System.Security.Cryptography.HMACSHA256
$hasher.Key = $sharedKey

$signedSignature = [System.Convert]::ToBase64String($hasher.ComputeHash([System.Text.Encoding]::UTF8.GetBytes($stringToSign)))

$authHeader = “SharedKey ${StorageAccountName}:$signedSignature”

$headers = @{“x-ms-date”=$date}
$headers.Add(“x-ms-version”,”2018-11-09″)
$headers.Add(“x-ms-rename-source”,”/adlsg2filesystemname/folderpath/filename”)
$headers.Add(“Authorization”,$authHeader)
$headers.Add(“If-None-Match”,”*”) # To fail if the destination already exists, use a conditional request with If-None-Match: “*”

$URI = “https://$StorageAccountName.dfs.core.windows.net/” + $FilesystemName + $PathToCreate

我正在接受以下例外:

Invoke-RestMethod : {"error":{"code":"AuthenticationFailed","message":"Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly 
including the signature.\nRequestId:ddfd851b-501f-0057-3f88-7e0a7d000000\nTime:2019-10-09T09:59:53.7708781Z"}}

任何帮助都会受到感激。谢谢。

azure rest powershell azure-data-lake
1个回答
1
投票

根据我的测试,我们可以使用Azure AD身份验证来调用Azure数据湖存储Gen2 REST API。有关更多详细信息,请参阅https://social.msdn.microsoft.com/Forums/en-US/45be0931-379d-4252-9d20-164261cc64c5/error-while-calling-adls-gen-2-rest-api-to-create-file?forum=AzureDataLake

  1. 创建Azure AD服务主体并为其分配RABC角色。有关更多信息,请参阅https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad
Connect-AzAccount
$password=''
$credentials = New-Object Microsoft.Azure.Commands.ActiveDirectory.PSADPasswordCredential -Property @{ StartDate=Get-Date; EndDate=Get-Date -Year 2024; Password=$password}
$sp = New-AzAdServicePrincipal -DisplayName jimtest1 -PasswordCredential $credentials

New-AzRoleAssignment -ApplicationId $sp.ApplicationId -RoleDefinitionName "Storage Blob Data Owner" -Scope "your scope such as your storage account scope"
  1. 获取访问令牌
$TeantID='hanxia.onmicrosoft.com'
$TokenResult = Invoke-RestMethod -Method Post -ContentType 'application/x-www-form-urlencoded' -Uri "https://login.microsoftonline.com/$($TeantID)/oauth2/token" -Body @{
    client_id     = $sp.ApplicationId # the application id of service principal
    resource = 'https://storage.azure.com'
    grant_type    = 'client_credentials'
    client_secret = $password # you use it in step 1

}
  1. 调用其余的api
$StorageAccountName =''
$FilesystemName =''
$PathToCreate=''
$URI = “https://$StorageAccountName.dfs.core.windows.net/” + $FilesystemName +"/"+$PathToCreate
Invoke-RestMethod -Method Put -Uri $URI   -Headers @{
'Authorization' = "Bearer "+ $TokenResult.access_token
'x-ms-rename-source' = ' '
}

enter image description hereenter image description here

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.