SageMaker CreatePresignedDomainUrlCommandInput doesn't respect case sensitive UserProfileName parameter

[ericpapaluca]

Checkboxes for prior research

• I've gone through Developer Guide and API reference
• I've checked AWS Forums and StackOverflow.
• I've searched for previous similar issues and didn't find any solution.

Describe the bug

When using the SageMaker SDK with the CreatePresignedDomainUrlCommand, case sensitivity is not respected in the UserProfileName parameter. This causes the command to fail when the username is not entirely lowercase.

Regression Issue

• Select this option if this issue appears to be a regression.

SDK version number

"@aws-sdk/client-sagemaker": "3.658.0"

Which JavaScript Runtime is this issue in?

Node.js

Details of the browser/Node.js/ReactNative version

node -v v18.19.1

Reproduction Steps

Given a SageMaker domain with domainId d-12345 and a user named PowerUser, execute the following:

const client = new SageMakerClient();

const input: CreatePresignedDomainUrlCommandInput = {
    DomainId: "d-12345", 
    UserProfileName: "PowerUser", 
    SessionExpirationDurationInSeconds: 28800,
};


const command = new CreatePresignedDomainUrlCommand(input);
const response = await client.send(command); 

Observed Behavior

Due to my client's security posture and usage of permission's boundaries, the error I receive is the following:

<guid>    ERROR   Invoke Error    {"errorType":"AccessDeniedException","errorMessage":"User: <myRoleWithCorrectPermissions> is not authorized to perform: sagemaker:CreatePresignedDomainUrl on resource: arn:aws:sagemaker:us-east-1:ACCOUNT_NUMBER:user-profile/d-12345/poweruser because no permissions boundary allows the sagemaker:CreatePresignedDomainUrl action","name":"AccessDeniedException","$fault":"client","$metadata":{"httpStatusCode":400,"requestId":"foo","attempts":1,"totalRetryDelay":0},"__type":"AccessDeniedException"

This is the same error as the user not being found, looking further at the resource ARN of:
arn:aws:sagemaker:us-east-1:ACCOUNT_NUMBER:user-profile/d-12345/poweruser
We can see the PascalCase userProfileName in the parameters is changed to lowercase, causing the resource to be invalid.

I repeated this with a new username of test, all lowercase and the exact same code in the generation was successful.

Expected Behavior

A presigned URL is returned for the user PowerUser

Possible Solution

UserProfileName parameter is not respecting the case of the input

Additional Information/Context

No response

[zshzbh]

Hey @ericpapaluca ,

Thanks for the feedback!

I'm using @aws-sdk/client-sagemaker": "^3.658.0 and node version v18.19.1 and I didn't have this issue.

The code I have :

import {SageMakerClient,CreatePresignedDomainUrlCommand } from"@aws-sdk/client-sagemaker"
const client = new SageMakerClient({region: "us-east-1"});

const input = {
    DomainId: "d-xxxxx", 
    UserProfileName: "PowerUse", 
    SessionExpirationDurationInSeconds: 28800,
};


const command = new CreatePresignedDomainUrlCommand(input);
const response = await client.send(command); 
console.log(response)

The result I have :

{
  '$metadata': {
    httpStatusCode: 200,
    requestId: 'XXXX-b284-48d7-930c-48e627fc71b3',
    extendedRequestId: undefined,
    cfId: undefined,
    attempts: 1,
    totalRetryDelay: 0
  },
  AuthorizedUrl: 'hxxxxxxx'

I got the 200 OK result.

I intentionally delete an r and use UserProfileName: "PowerUse", , then I get the following error
ResourceNotFound: UserProfile [arn:aws:sagemaker:us-east-1:471112623206:user-profile/d-neeam48ovzvf/PowerUse] does not exist

I can't reproduce this issue and the sdk does show the uppercase PowerUse here.

[zshzbh]

I'd like to suggest

1. remove node modules as well as aws pkgs and reinstall them
2. update node version&sdk version
3. rebuild the app

If the issue persists, please add the following code to the app to get request headers and we can check from there:

client.middlewareStack.add(next => async (args) => {
    console.log(args.request)
    const response = await next(args);
    console.log(response);
    return response;
   }, {step: 'finalizeRequest'}) 

Thanks!
Maggie

[github-actions]

This issue has not received a response in 1 week. If you still think there is a problem, please leave a comment to avoid the issue from automatically closing.

[github-actions]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.