URL for downloading a Wheel is changed enough to cause failure/error.

[calizarr]

So, using this fork related to this issue and netrc authentication -- python-inspector can in some way clearly find the package in the respective codeartifact repo, however, when attempting to download the wheel it gets a 403 Forbidden. It's not because it isn't authenticated, it's because the URL gets changed to:
https://DOMAIN-AWS_ACCOUNT_ID.d.codeartifact.us-west-2.amazonaws.com/0.3.0/PACKAGE_XYZ_ABC-0.3.0-py3-none-any.whl
Whereas it should be:
https://DOMAIN-AWS_ACCOUNT_ID.d.codeartifact.us-west-2.amazonaws.com/0.3.0/pypi/PYPI_REPO/simple/PACKAGE_XYZ_ABC-0.3.0-py3-none-any.whl

The first URL is not a valid URL for AWS CodeArtifact so it makes sense that they would return a 403.

I've added several debug statements around the way to trace where the URL is being changed, however, I have not been able to track down exactly where it happens.

utils_pypi.py -> fetch_links() => package_url = 'https://DOMAIN-AWS_ACCOUNT_ID.d.codeartifact.us-west-2.amazonaws.com/pypi/PYPI_REPO/simple/PACKAGE-XYZ-ABC'
Cache.get() => path_or_url = 'https://DOMAIN-AWS_ACCOUNT_ID.d.codeartifact.us-west-2.amazonaws.com/pypi/PYPI_REPO/simple/PACKAGE-XYZ-ABC'
Cache.get() => cache_key = 'https%3A%2F%2FDOMAIN-AWS_ACCOUNT_ID.d.codeartifact.us-west-2.amazonaws.com%2Fpypi%2FPYPI_REPO%2Fsimple%2FPACKAGE-XYZ-ABC'
Cache.get() => cached = '.cache/python_inspector/https%3A%2F%2FDOMAIN-AWS_ACCOUNT_ID.d.codeartifact.us-west-2.amazonaws.com%2Fpypi%2FPYPI_REPO%2Fsimple%2FPACKAGE-XYZ-ABC'
        FILE CACHE MISS: https://DOMAIN-AWS_ACCOUNT_ID.d.codeartifact.us-west-2.amazonaws.com/pypi/PYPI_REPO/simple/PACKAGE-XYZ-ABC
Fetching: https://DOMAIN-AWS_ACCOUNT_ID.d.codeartifact.us-west-2.amazonaws.com/pypi/PYPI_REPO/simple/PACKAGE-XYZ-ABC
The status is 200
The full response is: <Response [200]>
[...]
The status is 403
The full response is: <Response [403]>
The response url is: https://DOMAIN-AWS_ACCOUNT_ID.d.codeartifact.us-west-2.amazonaws.com/0.3.0/PACKAGE_XYZ_ABC-0.3.0-py3-none-any.whl
Traceback (most recent call last):
  File "/usr/local/lib/python3.10/dist-packages/python_inspector/resolve_cli.py", line 265, in resolve_dependencies
    resolution_result: Dict = resolver_api(
  File "/usr/local/lib/python3.10/dist-packages/python_inspector/api.py", line 280, in resolve_dependencies
    resolution, purls = resolve(
  File "/usr/local/lib/python3.10/dist-packages/python_inspector/api.py", line 347, in resolve
    resolved_dependencies, packages = get_resolved_dependencies(
  File "/usr/local/lib/python3.10/dist-packages/python_inspector/api.py", line 388, in get_resolved_dependencies
    resolver_results = resolver.resolve(requirements=requirements, max_rounds=max_rounds)
  File "/usr/local/lib/python3.10/dist-packages/resolvelib/resolvers/resolution.py", line 515, in resolve
    state = resolution.resolve(requirements, max_rounds=max_rounds)
  File "/usr/local/lib/python3.10/dist-packages/resolvelib/resolvers/resolution.py", line 444, in resolve
    failure_criterion = self._attempt_to_pin_criterion(name)
  File "/usr/local/lib/python3.10/dist-packages/resolvelib/resolvers/resolution.py", line 211, in _attempt_to_pin_criterion
    criteria = self._get_updated_criteria(candidate)
  File "/usr/local/lib/python3.10/dist-packages/resolvelib/resolvers/resolution.py", line 201, in _get_updated_criteria
    for requirement in self._p.get_dependencies(candidate=candidate):
  File "/usr/local/lib/python3.10/dist-packages/python_inspector/resolution.py", line 652, in get_dependencies
    return list(self._iter_dependencies(candidate))
  File "/usr/local/lib/python3.10/dist-packages/python_inspector/resolution.py", line 643, in _iter_dependencies
    for r in self.get_requirements_for_package(purl=purl, candidate=candidate):
  File "/usr/local/lib/python3.10/dist-packages/python_inspector/resolution.py", line 465, in get_requirements_for_package_from_pypi_simple
    wheels = utils_pypi.download_wheel(
  File "/usr/local/lib/python3.10/dist-packages/python_inspector/utils_pypi.py", line 284, in download_wheel
    fetched_wheel_filename = wheel.download(
  File "/usr/local/lib/python3.10/dist-packages/python_inspector/utils_pypi.py", line 699, in download
    fetch_and_save(
  File "/usr/local/lib/python3.10/dist-packages/python_inspector/utils_pypi.py", line 1908, in fetch_and_save
    content = CACHE.get(
  File "/usr/local/lib/python3.10/dist-packages/python_inspector/utils_pypi.py", line 1744, in get
    content = get_file_content(
  File "/usr/local/lib/python3.10/dist-packages/python_inspector/utils_pypi.py", line 1778, in get_file_content
    _headers, content = get_remote_file_content(
  File "/usr/local/lib/python3.10/dist-packages/python_inspector/utils_pypi.py", line 1883, in get_remote_file_content
    raise RemoteNotFetchedException(f"Failed HTTP request from {url} with {status}")
python_inspector.utils_pypi.RemoteNotFetchedException: Failed HTTP request from https://DOMAIN-AWS_ACCOUNT_ID.d.codeartifact.us-west-2.amazonaws.com/0.3.0/PACKAGE_XYZ_ABC-0.3.0-py3-none-any.whl with 403

[calizarr]

I have found the offending line of code: https://github.com/aboutcode-org/python-inspector/blob/main/src/python_inspector/utils_pypi.py#L1638

However, even after returning the correct URL, it is now returning a 401 error which means the previously used auth is not being used. I'm currently further investigating.

EDIT:
I will point out that a curl with Basic Auth aka curl -u works just fine to pull down the respective wheel. Basic Auth just doesn't seem to get used when downloading a wheel.

[calizarr]

I'm now trying to track down where to keep passing auth/credentials so that when it attempts to download a wheel it uses those. Otherwise a 401 makes perfect sense since auth/credentials are not being used at that point especially for a private repo.

[calizarr]

The pull request associated with the issue now has the changes including fixing the offending line above as well as making sure a wheel contains the repo's credentials when it attempts to be download.