fix(lambda-python-alpha): bundling hash logic includes auth tokens in…

… PIP urls, causing an unnecessary rebuild (aws#27903)

Update the bundler hash logic to ignore the secret token that is included in the URL when fetching packages from Code Artifact. This token changes constantly, and prevents the results of a previous build from being reused, along with causing lambdas to be unnecessarily redeployed anytime the CDK is built, even if no code is changed.

This implementation strips the token from the hash, but does not change anything else about the hash. 

Open question
Currently this logic will error if an invalid URL string is passed for PIP_INDEX_URL or PIP_EXTRA_INDEX_URL. The build would fail later anyway when those URLs are being used, but I'm happy to try/catch this logic block to be more robust if that is preferred.

Closes aws#27331.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

packages/@aws-cdk/aws-lambda-python-alpha/test/integ.function.js.snapshot/integ-lambda-python-function.template.json

@@ -38,15 +38,15 @@
      "S3Bucket": {
       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
      },
-     "S3Key": "74aba657619dfbc372ad5df5cf98a022a4322098a338ee81683de7c8d01d4664.zip"
+     "S3Key": "130f332ecdd8088282adfd41a4353e2fb2951c24281cd5f91470230f6b82841f.zip"
     },
+    "Handler": "index.handler",
     "Role": {
      "Fn::GetAtt": [
       "myhandlerServiceRole77891068",
       "Arn"
      ]
     },
-    "Handler": "index.handler",
     "Runtime": "python3.9"
    },
    "DependsOn": [
@@ -91,20 +91,73 @@
      "S3Bucket": {
       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
      },
-     "S3Key": "8e8d2a8b3838f7d231d348e1c27c9f8e682c8dd4ff9af71d88795db2009a6d51.zip"
+     "S3Key": "f425d7725431bdf99c0da5f07fb530e0dd3d8fcaef1a105adfc15e05c0670d2c.zip"
     },
+    "Handler": "index.handler",
     "Role": {
      "Fn::GetAtt": [
       "myhandlerexcludesServiceRoleBB475DCC",
       "Arn"
      ]
     },
-    "Handler": "index.handler",
     "Runtime": "python3.9"
    },
    "DependsOn": [
     "myhandlerexcludesServiceRoleBB475DCC"
    ]
+  },
+  "myhandlerpypiServiceRoleF3CDF4F9": {
+   "Type": "AWS::IAM::Role",
+   "Properties": {
+    "AssumeRolePolicyDocument": {
+     "Statement": [
+      {
+       "Action": "sts:AssumeRole",
+       "Effect": "Allow",
+       "Principal": {
+        "Service": "lambda.amazonaws.com"
+       }
+      }
+     ],
+     "Version": "2012-10-17"
+    },
+    "ManagedPolicyArns": [
+     {
+      "Fn::Join": [
+       "",
+       [
+        "arn:",
+        {
+         "Ref": "AWS::Partition"
+        },
+        ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+       ]
+      ]
+     }
+    ]
+   }
+  },
+  "myhandlerpypiBADBA141": {
+   "Type": "AWS::Lambda::Function",
+   "Properties": {
+    "Code": {
+     "S3Bucket": {
+      "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
+     },
+     "S3Key": "e1453d72dc45873ddf9323c37715423413cdfd3506485238f1f9ce965a3b2d2e.zip"
+    },
+    "Handler": "index.handler",
+    "Role": {
+     "Fn::GetAtt": [
+      "myhandlerpypiServiceRoleF3CDF4F9",
+      "Arn"
+     ]
+    },
+    "Runtime": "python3.9"
+   },
+   "DependsOn": [
+    "myhandlerpypiServiceRoleF3CDF4F9"
+   ]
   }
  },
  "Outputs": {
@@ -124,6 +177,14 @@
     ]
    }
   },
+  "functionWithCustomPypi": {
+   "Value": {
+    "Fn::GetAtt": [
+     "myhandlerpypiBADBA141",
+     "Arn"
+    ]
+   }
+  },
   "ExportsOutputRefmyhandlerD202FA8E369E8804": {
    "Value": {
     "Ref": "myhandlerD202FA8E"
@@ -139,6 +200,14 @@
    "Export": {
     "Name": "integ-lambda-python-function:ExportsOutputRefmyhandlerexcludes0437E0D23D81F234"
    }
+  },
+  "ExportsOutputRefmyhandlerpypiBADBA141A80E83F9": {
+   "Value": {
+    "Ref": "myhandlerpypiBADBA141"
+   },
+   "Export": {
+    "Name": "integ-lambda-python-function:ExportsOutputRefmyhandlerpypiBADBA141A80E83F9"
+   }
   }
  },
  "Parameters": {