docs: add DiracX routers API interaction map#2
Conversation
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f988b323a8
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| | GET | `/api/jobs/{job_id}/sandbox/{sandbox_type}` | `get_job_sandbox` | Enforces WMS `ActionType.READ`; calls `diracx.logic.jobs.sandboxes.get_job_sandbox`; uses `SandboxMetadataDB`. | | ||
| | PATCH | `/api/jobs/{job_id}/sandbox/output` | `assign_sandbox_to_job` | Enforces WMS `ActionType.MANAGE`; calls `diracx.logic.jobs.sandboxes.assign_sandbox_to_job`; uses `SandboxMetadataDB`, `SandboxStoreSettings`. | | ||
| | DELETE | `/api/jobs/{job_id}/sandbox` | `unassign_sandbox_from_job` | Enforces WMS `ActionType.MANAGE`; calls `diracx.logic.jobs.sandboxes.unassign_jobs_sandboxes`; uses `SandboxMetadataDB`. | | ||
| | POST | `/api/jobs/sandbox/output/unassign` | `unassign_jobs_sandboxes` | Enforces WMS `ActionType.MANAGE`; calls `diracx.logic.jobs.sandboxes.unassign_jobs_sandboxes`; uses `SandboxMetadataDB`. | |
There was a problem hiding this comment.
Correct sandbox bulk-unassign route path
The endpoint inventory lists bulk sandbox unassignment as POST /api/jobs/sandbox/output/unassign, but the router actually exposes POST /api/jobs/sandbox/unassign (@router.post("/sandbox/unassign") in jobs/sandboxes.py). Consumers following this map will call a non-existent route and consistently receive 404 responses.
Useful? React with 👍 / 👎.
| | GET | `/api/auth/authorize` | `initiate_authorization_flow` | Calls `diracx.logic.auth.authorize_code_flow.initiate_authorization_flow`; uses `AuthDB`, `AuthSettings`, `Config`, query params/state validation. | | ||
| | GET | `/api/auth/authorize/complete` | `complete_authorization_flow` | Calls `diracx.logic.auth.authorize_code_flow.complete_authorization_flow`; uses `AuthDB`, `AuthSettings`, `Config`. | | ||
| | GET | `/api/auth/refresh-tokens` | `get_refresh_tokens` | Calls `diracx.logic.auth.management.get_refresh_tokens`; subject derived from verified access token; uses `AuthDB`. | | ||
| | POST | `/api/auth/revoke` | `revoke_refresh_token_by_refresh_token` | Calls `diracx.logic.auth.management.revoke_refresh_token_by_refresh_token`; uses `AuthDB`, current subject. | |
There was a problem hiding this comment.
Describe
/api/auth/revoke authorization behavior accurately
This row says revocation uses the “current subject,” but the handler does not depend on verify_dirac_access_token and calls the logic layer with subject=None in auth/management.py, so it is not scoped to an authenticated caller subject. Keeping this wording can mislead integrators about required credentials and revocation authorization guarantees.
Useful? React with 👍 / 👎.
fbd607e to
95374e9
Compare
778c309 to
4aee3f0
Compare
Motivation
diracx-routersand shows how each route interacts with business logic, databases, settings and access policies.Description
diracx-routers/ROUTER_API_INTERACTIONS.mdcontaining a full endpoint inventory for the.well-known,auth,config,health, andjobsrouters.diracx.logic.*modules, DB and OpenSearch dependencies, settings/config usage, and access policy expectations without changing runtime code.Testing
Codex Task