Authorizer arn parsing leading to wrong authorization granted

[jdipsip]

Description

The authorizer URL construction behaves wrongly when the URL contains : character due to [https://github.com/aws/chalice/blob/3c01606f327f86f68dface7088d83cd98419e7b3/chalice/app.py#L1343](method_arn splitting) when using custom authorizer and AuthResponse

Allowed routes arn are then prefixed with everything before the last : instead of only the api id and the stage.

Working Example

https://xxxxxxx.execute-api.eu-central-1.amazonaws.com/lab/yyyy/shops/zzzz/counters/HOUR/2021-08-01T00.00.00Z/2021-08-10T00.00.00Z

Generates :

arn:aws:execute-api:eu-central-1:zzz:yyyy/lab/*/tenants/self

=> the arn of the route allowed is correct

Failing Example

https://xxxxxxx.execute-api.eu-central-1.amazonaws.com/lab/yyyy/shops/zzzz/counters/HOUR/2021-08-01T00:00:00Z/2021-08-10T00:00:00Z

arn:aws:execute-api:eu-central-1:zzz:yyyy/lab/GET/yyyy/shops/zzzz/counters/HOUR/2021-08-01T00:00:00Z/2021-08-10T00:00:00Z/*/tenants/self

=> the arn of the routes allowed is incorrect prefixed by the requested url

[jamesls]

Confirmed, thanks for reporting, we'll get that fixed.