Skip to content

docs: add DiracX routers API interaction map#2

Open
mezzeddinee wants to merge 3 commits into
feature/heartbeat-testsfrom
codex/document-apis-in-dirac-routers
Open

docs: add DiracX routers API interaction map#2
mezzeddinee wants to merge 3 commits into
feature/heartbeat-testsfrom
codex/document-apis-in-dirac-routers

Conversation

@mezzeddinee

Copy link
Copy Markdown
Owner

Motivation

  • Provide a single-source reference that maps all API routes exposed by diracx-routers and shows how each route interacts with business logic, databases, settings and access policies.
  • Aid developers and integrators by including visual diagrams and explicit notes on router mounting, auth behavior and extension points for access policies.

Description

  • Add diracx-routers/ROUTER_API_INTERACTIONS.md containing a full endpoint inventory for the .well-known, auth, config, health, and jobs routers.
  • Include Mermaid diagrams for router mounting/URL roots, a cross-cutting interaction model (router → policy/logic/DB/settings), and a detailed jobs API interaction flow.
  • Document per-endpoint handler mappings to diracx.logic.* modules, DB and OpenSearch dependencies, settings/config usage, and access policy expectations without changing runtime code.

Testing

  • No automated tests were executed because this is a documentation-only change that does not modify runtime behavior.
  • The codebase was inspected to confirm that the listed routes, decorators and entry-point wiring match the implementation referenced in the document.

Codex Task

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f988b323a8

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

| GET | `/api/jobs/{job_id}/sandbox/{sandbox_type}` | `get_job_sandbox` | Enforces WMS `ActionType.READ`; calls `diracx.logic.jobs.sandboxes.get_job_sandbox`; uses `SandboxMetadataDB`. |
| PATCH | `/api/jobs/{job_id}/sandbox/output` | `assign_sandbox_to_job` | Enforces WMS `ActionType.MANAGE`; calls `diracx.logic.jobs.sandboxes.assign_sandbox_to_job`; uses `SandboxMetadataDB`, `SandboxStoreSettings`. |
| DELETE | `/api/jobs/{job_id}/sandbox` | `unassign_sandbox_from_job` | Enforces WMS `ActionType.MANAGE`; calls `diracx.logic.jobs.sandboxes.unassign_jobs_sandboxes`; uses `SandboxMetadataDB`. |
| POST | `/api/jobs/sandbox/output/unassign` | `unassign_jobs_sandboxes` | Enforces WMS `ActionType.MANAGE`; calls `diracx.logic.jobs.sandboxes.unassign_jobs_sandboxes`; uses `SandboxMetadataDB`. |

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Correct sandbox bulk-unassign route path

The endpoint inventory lists bulk sandbox unassignment as POST /api/jobs/sandbox/output/unassign, but the router actually exposes POST /api/jobs/sandbox/unassign (@router.post("/sandbox/unassign") in jobs/sandboxes.py). Consumers following this map will call a non-existent route and consistently receive 404 responses.

Useful? React with 👍 / 👎.

| GET | `/api/auth/authorize` | `initiate_authorization_flow` | Calls `diracx.logic.auth.authorize_code_flow.initiate_authorization_flow`; uses `AuthDB`, `AuthSettings`, `Config`, query params/state validation. |
| GET | `/api/auth/authorize/complete` | `complete_authorization_flow` | Calls `diracx.logic.auth.authorize_code_flow.complete_authorization_flow`; uses `AuthDB`, `AuthSettings`, `Config`. |
| GET | `/api/auth/refresh-tokens` | `get_refresh_tokens` | Calls `diracx.logic.auth.management.get_refresh_tokens`; subject derived from verified access token; uses `AuthDB`. |
| POST | `/api/auth/revoke` | `revoke_refresh_token_by_refresh_token` | Calls `diracx.logic.auth.management.revoke_refresh_token_by_refresh_token`; uses `AuthDB`, current subject. |

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Describe /api/auth/revoke authorization behavior accurately

This row says revocation uses the “current subject,” but the handler does not depend on verify_dirac_access_token and calls the logic layer with subject=None in auth/management.py, so it is not scoped to an authenticated caller subject. Keeping this wording can mislead integrators about required credentials and revocation authorization guarantees.

Useful? React with 👍 / 👎.

@mezzeddinee
mezzeddinee force-pushed the feature/heartbeat-tests branch 14 times, most recently from fbd607e to 95374e9 Compare March 4, 2026 08:48
@mezzeddinee
mezzeddinee force-pushed the feature/heartbeat-tests branch 3 times, most recently from 778c309 to 4aee3f0 Compare March 11, 2026 16:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant