azure.cosmos.container.ContainerProxy.delete_item returns an error when using resource tokens #13634

tuckeryatesjvion · 2020-09-08T18:48:22Z

When I use a container client obtained using resource tokens instead of a cosmos master key, I am able to create items and query items, but not able to delete items. I am using python 3.8 and azure-cosmos 4.1.0. Here is an example code and output:

Example Code:

import os
import uuid
from azure.cosmos import CosmosClient

# connect to cosmos using master key in environment vars
cosmos_master_client = CosmosClient(url=os.environ['COSMOS_ACCOUNT_URI'], credential=os.environ['COSMOS_ACCOUNT_KEY'])
cosmos_master_db_client = cosmos_master_client.get_database_client("jvion-api")
cosmos_user_client = cosmos_master_db_client.get_user_client("jvion-test")

print("permissions for user 'jvion-test':")

# grab the permission and token from the cosmos user client. don't print the actual token
for permission in cosmos_user_client.list_permissions():
    if permission["resource"] == "dbs/jvion-api/colls/data_policies":
        resource_tokens = {permission["resource"]: permission["_token"]}
        print({key: value for key, value in permission.items() if not key.startswith("_")})

# pass the token to a new cosmos client
cosmos_client = CosmosClient(url=os.environ['COSMOS_ACCOUNT_URI'],credential=resource_tokens)
database_client = cosmos_client.get_database_client("jvion-api")
container_client = database_client.get_container_client("data_policies")

id = str(uuid.uuid4())

# query the first item in cosmos (already exists)
print("query items")

print(list(container_client.query_items(query="select * from data_policies d",partition_key="jvion-test"))[0])

# create a new item in cosmos
print("creating item")

item = {
    "id": id,
    "description": "test dp",
    "tenant_id": "jvion-test",
    "data_filters": []
}

container_client.create_item(body=item,partition_key="jvion-test")

# delete the new item from cosmos
print("deleting item")

container_client.delete_item(item=id,partition_key="jvion-test")

Example Output

permissions for user 'jvion-test':
{'id': 'data_policies_tenant_id_partition_key', 'permissionMode': 'All', 'resourcePartitionKey': ['jvion-test'], 'resource': 'dbs/jvion-api/colls/data_policies'}
query items
{'container': 'patient', 'tenant_id': 'jvion-test', 'description': "Only Show Patients with first name 'Stacy'", 'filters': ["c.first_name = 'Stacy'"], 'id': '9d6fe7c2-5877-4948-a994-78b765208ffd', '_rid': 'PrkbALjUBNsBAAAAAAAAAA==', '_self': 'dbs/PrkbAA==/colls/PrkbALjUBNs=/docs/PrkbALjUBNsBAAAAAAAAAA==/', '_etag': '"00008b2e-0000-0100-0000-5f38205d0000"', '_attachments': 'attachments/', '_ts': 1597513821}
creating item
deleting item
Traceback (most recent call last):
  File "util/example.py", line 48, in <module>
    container_client.delete_item(item=id,partition_key="jvion-test")
  File "/home/tucker/bitbucket/jvion-api/patient-data-backend/__app__/.venv/lib/python3.8/site-packages/azure/core/tracing/decorator.py", line 83, in wrapper_use_tracer
    return func(*args, **kwargs)
  File "/home/tucker/bitbucket/jvion-api/patient-data-backend/__app__/.venv/lib/python3.8/site-packages/azure/cosmos/container.py", line 556, in delete_item
    result = self.client_connection.DeleteItem(document_link=document_link, options=request_options, **kwargs)
  File "/home/tucker/bitbucket/jvion-api/patient-data-backend/__app__/.venv/lib/python3.8/site-packages/azure/cosmos/_cosmos_client_connection.py", line 1715, in DeleteItem
    return self.DeleteResource(path, "docs", document_id, None, options, **kwargs)
  File "/home/tucker/bitbucket/jvion-api/patient-data-backend/__app__/.venv/lib/python3.8/site-packages/azure/cosmos/_cosmos_client_connection.py", line 2188, in DeleteResource
    result, self.last_response_headers = self.__Delete(path, request_params, headers, **kwargs)
  File "/home/tucker/bitbucket/jvion-api/patient-data-backend/__app__/.venv/lib/python3.8/site-packages/azure/cosmos/_cosmos_client_connection.py", line 2286, in __Delete
    return synchronized_request.SynchronizedRequest(
  File "/home/tucker/bitbucket/jvion-api/patient-data-backend/__app__/.venv/lib/python3.8/site-packages/azure/cosmos/_synchronized_request.py", line 210, in SynchronizedRequest
    return _retry_utility.Execute(
  File "/home/tucker/bitbucket/jvion-api/patient-data-backend/__app__/.venv/lib/python3.8/site-packages/azure/cosmos/_retry_utility.py", line 73, in Execute
    result = ExecuteFunction(function, global_endpoint_manager, *args, **kwargs)
  File "/home/tucker/bitbucket/jvion-api/patient-data-backend/__app__/.venv/lib/python3.8/site-packages/azure/cosmos/_retry_utility.py", line 130, in ExecuteFunction
    return function(*args, **kwargs)
  File "/home/tucker/bitbucket/jvion-api/patient-data-backend/__app__/.venv/lib/python3.8/site-packages/azure/cosmos/_synchronized_request.py", line 158, in _Request
    raise exceptions.CosmosHttpResponseError(message=data, response=response)
azure.cosmos.exceptions.CosmosHttpResponseError: (Unauthorized) Authorization header doesn't confirm to the required format. Please verify and try again.
ActivityId: 25db2e4c-fe1a-44cf-8ef1-fb03a6888ff2, Microsoft.Azure.Documents.Common/2.11.0

The text was updated successfully, but these errors were encountered:

ghost · 2020-09-08T18:48:28Z

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @wmengmsft, @MehaKaushik, @shurd, @anfeldma-ms

tuckeryatesjvion · 2020-09-17T14:48:41Z

Am I missing anything in my sample code? I find it strange that the create and query work, but the delete doesn't. It also looks like the upsert works, but the replace does not.

Rodrigossz · 2020-09-17T15:05:30Z

We are working on you sample and will reach you back ASAP. Tks.

Rodrigossz · 2020-09-21T21:07:07Z

Hello @tuckeryatesjvion ! Thank you so much for detecting this bug. It is fixed in this PR: #13855 and will be merged later this month. We don't have a schedule for a new release now, but you can monitor the PR to see when it will be merged into the SDK code. After that, you can test it downloading the code, while pip install will only work when we ship a new release. Tks!

tuckeryatesjvion · 2020-09-21T21:39:20Z

Thanks for getting this resolved so quickly @Rodrigossz ! I'll look out for the next release.

lmazuel · 2020-10-17T00:01:16Z

Based on commit history, fixed in https://pypi.org/project/azure-cosmos/4.2.0/
Please re-open an issue if the issue persists. Thanks!

xiangyan99 assigned Rodrigossz Sep 9, 2020

kaerm added Client This issue points to a problem in the data-plane of the library. Cosmos labels Sep 14, 2020

ghost removed the needs-triage This is a new issue that needs to be triaged to the appropriate team. label Sep 14, 2020

lmazuel closed this as completed Oct 17, 2020

github-actions bot locked and limited conversation to collaborators Apr 12, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

azure.cosmos.container.ContainerProxy.delete_item returns an error when using resource tokens #13634

azure.cosmos.container.ContainerProxy.delete_item returns an error when using resource tokens #13634

tuckeryatesjvion commented Sep 8, 2020

ghost commented Sep 8, 2020

tuckeryatesjvion commented Sep 17, 2020

Rodrigossz commented Sep 17, 2020

Rodrigossz commented Sep 21, 2020

tuckeryatesjvion commented Sep 21, 2020

lmazuel commented Oct 17, 2020

azure.cosmos.container.ContainerProxy.delete_item returns an error when using resource tokens #13634

azure.cosmos.container.ContainerProxy.delete_item returns an error when using resource tokens #13634

Comments

tuckeryatesjvion commented Sep 8, 2020

Example Code:

Example Output

ghost commented Sep 8, 2020

tuckeryatesjvion commented Sep 17, 2020

Rodrigossz commented Sep 17, 2020

Rodrigossz commented Sep 21, 2020

tuckeryatesjvion commented Sep 21, 2020

lmazuel commented Oct 17, 2020