change: fix the file uploading signature verification error (#1551)

* change: fix the file uploading signature verification error

**Description**
The URL contains charater(+) which is not escaped properly. Fixed by removing the conditional logic to escape for the character.

**Testing**
1. Changed UT passed
2. Test in sample notebook

* **Description**
Changed from x-mlapp-sm-app-server-arn to x-sagemaker-partner-app-server-arn
Also make some small format adjusting for the signing context information.

**Testing Done**
UT passed

---------

Co-authored-by: Edward Sun <[email protected]>

Author: 2 people

src/sagemaker/partner_app/auth_utils.py

@@ -25,7 +25,7 @@
 HEADER_CONNECTION = "Connection"
 HEADER_X_AMZ_TARGET = "X-Amz-Target"
 HEADER_AUTHORIZATION = "Authorization"
-HEADER_MLAPP_SM_APP_SERVER_ARN = "X-Mlapp-Sm-App-Server-Arn"
+HEADER_PARTNER_APP_SERVER_ARN = "X-SageMaker-Partner-App-Server-Arn"
 HEADER_PARTNER_APP_AUTHORIZATION = "X-Amz-Partner-App-Authorization"
 HEADER_X_AMZ_CONTENT_SHA_256 = "X-Amz-Content-SHA256"
 CALL_PARTNER_APP_API_ACTION = "SageMaker.CallPartnerAppApi"
@@ -59,7 +59,7 @@ def get_signed_request(
             headers[HEADER_PARTNER_APP_AUTHORIZATION] = headers[HEADER_AUTHORIZATION]
 
         # App Arn
-        headers[HEADER_MLAPP_SM_APP_SERVER_ARN] = app_arn
+        headers[HEADER_PARTNER_APP_SERVER_ARN] = app_arn
 
         # IAM Action
         headers[HEADER_X_AMZ_TARGET] = CALL_PARTNER_APP_API_ACTION
@@ -74,9 +74,7 @@ def get_signed_request(
             del headers[HEADER_CONNECTION]
 
         # Spaces are encoded as %20
-        # TODO - confirm the motivation
-        if method in ("GET", "DEL"):
-            url = url.replace("+", "%20")
+        url = url.replace("+", "%20")
 
         # Calculate SigV4 header
         aws_request = AWSRequest(

tests/unit/sagemaker/partner_app/test_auth_utils.py

@@ -17,7 +17,7 @@ class TestPartnerAppAuthUtils(unittest.TestCase):
     def setUp(self):
         self.sigv4_mock = Mock(spec=SigV4Auth)
         self.app_arn = "arn:aws:sagemaker:us-west-2:123456789012:partner-app/abc123"
-        self.url = "https://partner-app-abc123.us-west-2.amazonaws.com"
+        self.url = "https://partner-app-abc123.us-west-2.amazonaws.com?fileName=Jupyter+interactive"
         self.method = "POST"
         self.headers = {"Authorization": "API_KEY", "Connection": "conn"}
         self.body = b'{"key": "value"}'  # Byte type body for hashing
@@ -32,7 +32,7 @@ def test_get_signed_request_with_body(self, AWSRequestMock):
         expected_sign_headers = {
             "Authorization": "API_KEY",
             "X-Amz-Partner-App-Authorization": "API_KEY",
-            "X-Mlapp-Sm-App-Server-Arn": self.app_arn,
+            "X-SageMaker-Partner-App-Server-Arn": self.app_arn,
             "X-Amz-Target": "SageMaker.CallPartnerAppApi",
             "X-Amz-Content-SHA256": expected_hash,
         }
@@ -45,8 +45,8 @@ def test_get_signed_request_with_body(self, AWSRequestMock):
             self.sigv4_mock, self.app_arn, self.url, self.method, self.headers, self.body
         )
 
-        # Assert X-Mlapp-Sm-App-Server-Arn header is correct
-        self.assertEqual(signed_headers["X-Mlapp-Sm-App-Server-Arn"], self.app_arn)
+        # Assert X-SageMaker-Partner-App-Server-Arn header is correct
+        self.assertEqual(signed_headers["X-SageMaker-Partner-App-Server-Arn"], self.app_arn)
 
         # Assert the Authorization header was moved to X-Amz-Partner-App-Authorization
         self.assertIn("X-Amz-Partner-App-Authorization", signed_headers)
@@ -57,10 +57,11 @@ def test_get_signed_request_with_body(self, AWSRequestMock):
         # Assert the Connection header is reserved
         self.assertEqual(signed_headers["Connection"], "conn")
 
+        expected_canonical_url = self.url.replace("+", "%20")
         # Assert AWSRequestMock was called
         AWSRequestMock.assert_called_once_with(
             method=self.method,
-            url=self.url,
+            url=expected_canonical_url,
             headers=expected_sign_headers,
             data=self.body,
         )