Pentaho - Azure DocumentDB - Access Control on Document Resources

PentahoDI-CreateDocumentDBAuthHeader.js

// Problem: 
// Use the DocumentDB REST API from Pentaho DI (Spoon)
// Produce an authorization header for the request
//
// Solution:
// 1. Read this document https://docs.microsoft.com/en-us/rest/api/documentdb/access-control-on-documentdb-resources
// 2. Assuming you have serialized your record to JSON and wish to publish it via a REST Client step
// 3. Add a "Modified Java Script Value" step to your Pentaho Transformation with the following body.

//Input
var date = new Date().toUTCString();
var verb = "post";
var resourceType = "docs";
var resourceLink = "dbs/db01/colls/family";
var key = "<your DocumentDb key>";

var value = (verb || "").toLowerCase() + "\n" +   
               (resourceType || "").toLowerCase() + "\n" +   
               (resourceLink || "") + "\n" +   
               date.toLowerCase() + "\n" +   
               "" + "\n";  

var keyBytes = java.util.Base64.getDecoder().decode(key);
var signingKey = new javax.crypto.spec.SecretKeySpec(keyBytes, "HmacSHA256");
var mac = javax.crypto.Mac.getInstance("HmacSHA256");
mac.init(signingKey);

var rawHmac = mac.doFinal(new java.lang.String(""+value).getBytes("UTF-8"));

var MasterToken = "master";  
var TokenVersion = "1.0";
var sig64 = java.util.Base64.getEncoder().encodeToString(rawHmac);

var authString = encodeURIComponent("type=" + MasterToken + "&ver=" + TokenVersion + "&sig=" + sig64);