feat: add pilot database and router

[Robin-Van-de-Merghel]

Split of #421 , first part : pilot management

[fstagni]

First review.

[fstagni]

All exceptions apart from the 2 below inherit from DiracError, and this one is further customization for only a few related to pilot. What if instead you modify DiracError?

[Robin-Van-de-Merghel]

I don't know really if I should keep as before classes with code duplication, or if a generic thingy will help... I had that in mind, but seems overkill:

class DiracFormattedError(Exception):
     http_status_code = HTTPStatus.BAD_REQUEST  # 400
    pattern = "Error [args]"

    def __init__(self, data: dict[str, str], detail: str = ""):
        self.data = data
        self.detail = detail
        super().__init__(self._render_message())

    def _render_message(self) -> str:
        context = {
            **self.data,
            "args": self._format_args(),
            "detail": self._format_detail(),
        }

        return re.sub(r'\[([^\]]+)\]', lambda m: context.get(m.group(1), ""), self.pattern)

    def _format_args(self) -> str:
        if not self.data:
            return ""
        return " ".join(f"({k}: {v})" for k, v in self.data.items())

    def _format_detail(self) -> str:
        return f": {self.detail}" if self.detail else ""

Then:

class PilotAlreadyExistsError(DiracFormattedError):
    http_status_code = HTTPStatus.CONFLICT 
    pattern = "Pilot [args] already exists[detail]"

[Robin-Van-de-Merghel]

Where an issue?

Whether we have a base router with require_auth or not, we won't be able to override it in its children (cf #417 ).
So for pilots we must have require_auth=False at the base router because of secret-exchange. But now every pilot endpoint is opened.

Possibilities

Splitting

Let's start with the routers themselves. We can separate pilots and users endpoints : /api/pilots (only for pilots) and ~/api/pilot_management (only for users).

That brings us:

1. Cleaner: each their own territory, no overlapping, easier to read (you know that on /pilots its only pilot resources)
2. More secure: we can add a dependency to the pilot router (same as verify_dirac_pilot_token but for pilots)
3. We can have require_auth for /pilot_management, and enforce tokens

Using another approach

We could have a bare base router without dependency injection, with sub routers with verify_dirac_access_token:

# Authenticated parent router
protected_router = APIRouter(dependencies=[Depends(verify_dirac_access_token)])

@protected_router.get("/secure")
def secure_route():
    return {"msg": "secure"}

# Public sub-router (no auth)
public_router = APIRouter()

@public_router.get("/public")
def public_route():
    return {"msg": "public"}

Its goal would be to replacer DiracxRouter by fixing the issue, and keeping an explicit depedency injection.
Or have @router.authentificated.get(...) instead of @router.get, to explicitely say if we want auth or not

[Robin-Van-de-Merghel]

No description provided.

[Robin-Van-de-Merghel]

(For deletePilots: delete mapping also, same later for logs #511 + PilotOutput)

[Robin-Van-de-Merghel]

Left open as a reminder (already did mapping and output)

[Robin-Van-de-Merghel]

Will need to be cleaned before merge (integration test)

[fstagni]

This, I am afraid, it is misleading. There are no DiracX pilots, while there are pilots equipped for interacting with DIRAC or DiracX servers.

[Robin-Van-de-Merghel]

I'll rephrase it

[read-the-docs-community]

Documentation build overview

📚 diracx | 🛠️ Build #31967459 | 📁 Comparing 7e63b63 against latest (e552651)

🔍 Preview build

Show files changed (1 files in total): 📝 0 modified | ➕ 1 added | ➖ 0 deleted

File	Status
dev/explanations/pilots/index.html	➕ added

[fstagni]

This PR is I think ready for being tested in the certification setup. In the meantime, please review.