fix: Added auth support to the pilot

Squashed commits:
[a269416] fix: Fixed documentation and autorest
[076e25d] fix: Removing os endpoints
[9d1c062] test: Improving pilot auth tests
[be5347a] fix: Small fixes with the debug endpoints
[cf3b2cc] fix: Moving pilot auth to auth endpoint, and fixes
[513fc64] fix: Removed garbage code, and improving tests
[30c7030] fix: Added get_pilot_by_id
[71a1a8f] feat: Adding pilot secret creation
[c236983] feat: Pilot can exchange against nothing a secret

Author: Robin-Van-de-Merghel

diracx-client/src/diracx/client/generated/_client.py

@@ -19,6 +19,7 @@
     AuthOperations,
     ConfigOperations,
     JobsOperations,
+    PilotsOperations,
     WellKnownOperations,
 )
 
@@ -34,6 +35,8 @@ class Dirac:  # pylint: disable=client-accepts-api-version-keyword
     :vartype config: generated.operations.ConfigOperations
     :ivar jobs: JobsOperations operations
     :vartype jobs: generated.operations.JobsOperations
+    :ivar pilots: PilotsOperations operations
+    :vartype pilots: generated.operations.PilotsOperations
     :keyword endpoint: Service URL. Required. Default value is "".
     :paramtype endpoint: str
     """
@@ -85,6 +88,9 @@ def __init__(  # pylint: disable=missing-client-constructor-parameter-credential
         self.jobs = JobsOperations(
             self._client, self._config, self._serialize, self._deserialize
         )
+        self.pilots = PilotsOperations(
+            self._client, self._config, self._serialize, self._deserialize
+        )
 
     def send_request(
         self, request: HttpRequest, *, stream: bool = False, **kwargs: Any

diracx-client/src/diracx/client/generated/aio/_client.py

@@ -19,6 +19,7 @@
     AuthOperations,
     ConfigOperations,
     JobsOperations,
+    PilotsOperations,
     WellKnownOperations,
 )
 
@@ -34,6 +35,8 @@ class Dirac:  # pylint: disable=client-accepts-api-version-keyword
     :vartype config: generated.aio.operations.ConfigOperations
     :ivar jobs: JobsOperations operations
     :vartype jobs: generated.aio.operations.JobsOperations
+    :ivar pilots: PilotsOperations operations
+    :vartype pilots: generated.aio.operations.PilotsOperations
     :keyword endpoint: Service URL. Required. Default value is "".
     :paramtype endpoint: str
     """
@@ -85,6 +88,9 @@ def __init__(  # pylint: disable=missing-client-constructor-parameter-credential
         self.jobs = JobsOperations(
             self._client, self._config, self._serialize, self._deserialize
         )
+        self.pilots = PilotsOperations(
+            self._client, self._config, self._serialize, self._deserialize
+        )
 
     def send_request(
         self, request: HttpRequest, *, stream: bool = False, **kwargs: Any

diracx-client/src/diracx/client/generated/aio/operations/__init__.py

@@ -14,6 +14,7 @@
 from ._operations import AuthOperations  # type: ignore
 from ._operations import ConfigOperations  # type: ignore
 from ._operations import JobsOperations  # type: ignore
+from ._operations import PilotsOperations  # type: ignore
 
 from ._patch import __all__ as _patch_all
 from ._patch import *
@@ -24,6 +25,7 @@
     "AuthOperations",
     "ConfigOperations",
     "JobsOperations",
+    "PilotsOperations",
 ]
 __all__.extend([p for p in _patch_all if p not in __all__])  # pyright: ignore
 _patch_sdk()

diracx-client/src/diracx/client/generated/aio/operations/_operations.py

@@ -33,6 +33,7 @@
     build_auth_get_refresh_tokens_request,
     build_auth_initiate_authorization_flow_request,
     build_auth_initiate_device_flow_request,
+    build_auth_pilot_login_request,
     build_auth_revoke_refresh_token_request,
     build_auth_userinfo_request,
     build_config_serve_config_request,
@@ -50,6 +51,7 @@
     build_jobs_summary_request,
     build_jobs_unassign_bulk_jobs_sandboxes_request,
     build_jobs_unassign_job_sandboxes_request,
+    build_pilots_get_pilot_info_request,
     build_well_known_get_installation_metadata_request,
     build_well_known_get_openid_configuration_request,
 )
@@ -824,6 +826,67 @@ async def complete_authorization_flow(
 
         return deserialized  # type: ignore
 
+    @distributed_trace_async
+    async def pilot_login(
+        self, *, pilot_id: int, pilot_secret: str, **kwargs: Any
+    ) -> _models.TokenResponse:
+        """Pilot Login.
+
+        Endpoint without policy, the pilot uses only its secret.
+
+        :keyword pilot_id: Required.
+        :paramtype pilot_id: int
+        :keyword pilot_secret: Required.
+        :paramtype pilot_secret: str
+        :return: TokenResponse
+        :rtype: ~generated.models.TokenResponse
+        :raises ~azure.core.exceptions.HttpResponseError:
+        """
+        error_map: MutableMapping = {
+            401: ClientAuthenticationError,
+            404: ResourceNotFoundError,
+            409: ResourceExistsError,
+            304: ResourceNotModifiedError,
+        }
+        error_map.update(kwargs.pop("error_map", {}) or {})
+
+        _headers = kwargs.pop("headers", {}) or {}
+        _params = kwargs.pop("params", {}) or {}
+
+        cls: ClsType[_models.TokenResponse] = kwargs.pop("cls", None)
+
+        _request = build_auth_pilot_login_request(
+            pilot_id=pilot_id,
+            pilot_secret=pilot_secret,
+            headers=_headers,
+            params=_params,
+        )
+        _request.url = self._client.format_url(_request.url)
+
+        _stream = False
+        pipeline_response: PipelineResponse = (
+            await self._client._pipeline.run(  # pylint: disable=protected-access
+                _request, stream=_stream, **kwargs
+            )
+        )
+
+        response = pipeline_response.http_response
+
+        if response.status_code not in [200]:
+            map_error(
+                status_code=response.status_code, response=response, error_map=error_map
+            )
+            raise HttpResponseError(response=response)
+
+        deserialized = self._deserialize(
+            "TokenResponse", pipeline_response.http_response
+        )
+
+        if cls:
+            return cls(pipeline_response, deserialized, {})  # type: ignore
+
+        return deserialized  # type: ignore
+
 
 class ConfigOperations:
     """
@@ -2157,3 +2220,84 @@ async def submit_jdl_jobs(
             return cls(pipeline_response, deserialized, {})  # type: ignore
 
         return deserialized  # type: ignore
+
+
+class PilotsOperations:
+    """
+    .. warning::
+        **DO NOT** instantiate this class directly.
+
+        Instead, you should access the following operations through
+        :class:`~generated.aio.Dirac`'s
+        :attr:`pilots` attribute.
+    """
+
+    models = _models
+
+    def __init__(self, *args, **kwargs) -> None:
+        input_args = list(args)
+        self._client: AsyncPipelineClient = (
+            input_args.pop(0) if input_args else kwargs.pop("client")
+        )
+        self._config: DiracConfiguration = (
+            input_args.pop(0) if input_args else kwargs.pop("config")
+        )
+        self._serialize: Serializer = (
+            input_args.pop(0) if input_args else kwargs.pop("serializer")
+        )
+        self._deserialize: Deserializer = (
+            input_args.pop(0) if input_args else kwargs.pop("deserializer")
+        )
+
+    @distributed_trace_async
+    async def get_pilot_info(self, **kwargs: Any) -> _models.AuthorizedUserInfo:
+        """Get Pilot Info.
+
+        Get Pilot Info.
+
+        :return: AuthorizedUserInfo
+        :rtype: ~generated.models.AuthorizedUserInfo
+        :raises ~azure.core.exceptions.HttpResponseError:
+        """
+        error_map: MutableMapping = {
+            401: ClientAuthenticationError,
+            404: ResourceNotFoundError,
+            409: ResourceExistsError,
+            304: ResourceNotModifiedError,
+        }
+        error_map.update(kwargs.pop("error_map", {}) or {})
+
+        _headers = kwargs.pop("headers", {}) or {}
+        _params = kwargs.pop("params", {}) or {}
+
+        cls: ClsType[_models.AuthorizedUserInfo] = kwargs.pop("cls", None)
+
+        _request = build_pilots_get_pilot_info_request(
+            headers=_headers,
+            params=_params,
+        )
+        _request.url = self._client.format_url(_request.url)
+
+        _stream = False
+        pipeline_response: PipelineResponse = (
+            await self._client._pipeline.run(  # pylint: disable=protected-access
+                _request, stream=_stream, **kwargs
+            )
+        )
+
+        response = pipeline_response.http_response
+
+        if response.status_code not in [200]:
+            map_error(
+                status_code=response.status_code, response=response, error_map=error_map
+            )
+            raise HttpResponseError(response=response)
+
+        deserialized = self._deserialize(
+            "AuthorizedUserInfo", pipeline_response.http_response
+        )
+
+        if cls:
+            return cls(pipeline_response, deserialized, {})  # type: ignore
+
+        return deserialized  # type: ignore

diracx-client/src/diracx/client/generated/models/__init__.py

@@ -12,6 +12,7 @@
 
 
 from ._models import (  # type: ignore
+    AuthorizedUserInfo,
     BodyAuthGetOidcToken,
     BodyAuthGetOidcTokenGrantType,
     GroupInfo,
@@ -57,6 +58,7 @@
 from ._patch import patch_sdk as _patch_sdk
 
 __all__ = [
+    "AuthorizedUserInfo",
     "BodyAuthGetOidcToken",
     "BodyAuthGetOidcTokenGrantType",
     "GroupInfo",

diracx-client/src/diracx/client/generated/models/_models.py

@@ -21,6 +21,92 @@
 JSON = MutableMapping[str, Any]  # pylint: disable=unsubscriptable-object
 
 
+class AuthorizedUserInfo(_serialization.Model):
+    """AuthorizedUserInfo.
+
+    All required parameters must be populated in order to send to server.
+
+    :ivar sub: Sub. Required.
+    :vartype sub: str
+    :ivar preferred_username: Preferred Username. Required.
+    :vartype preferred_username: str
+    :ivar dirac_group: Dirac Group. Required.
+    :vartype dirac_group: str
+    :ivar vo: Vo. Required.
+    :vartype vo: str
+    :ivar bearer_token: Bearer Token. Required.
+    :vartype bearer_token: str
+    :ivar token_id: Token Id. Required.
+    :vartype token_id: str
+    :ivar properties: Properties. Required.
+    :vartype properties: list[str]
+    :ivar policies: Policies.
+    :vartype policies: JSON
+    """
+
+    _validation = {
+        "sub": {"required": True},
+        "preferred_username": {"required": True},
+        "dirac_group": {"required": True},
+        "vo": {"required": True},
+        "bearer_token": {"required": True},
+        "token_id": {"required": True},
+        "properties": {"required": True},
+    }
+
+    _attribute_map = {
+        "sub": {"key": "sub", "type": "str"},
+        "preferred_username": {"key": "preferred_username", "type": "str"},
+        "dirac_group": {"key": "dirac_group", "type": "str"},
+        "vo": {"key": "vo", "type": "str"},
+        "bearer_token": {"key": "bearer_token", "type": "str"},
+        "token_id": {"key": "token_id", "type": "str"},
+        "properties": {"key": "properties", "type": "[str]"},
+        "policies": {"key": "policies", "type": "object"},
+    }
+
+    def __init__(
+        self,
+        *,
+        sub: str,
+        preferred_username: str,
+        dirac_group: str,
+        vo: str,
+        bearer_token: str,
+        token_id: str,
+        properties: List[str],
+        policies: Optional[JSON] = None,
+        **kwargs: Any,
+    ) -> None:
+        """
+        :keyword sub: Sub. Required.
+        :paramtype sub: str
+        :keyword preferred_username: Preferred Username. Required.
+        :paramtype preferred_username: str
+        :keyword dirac_group: Dirac Group. Required.
+        :paramtype dirac_group: str
+        :keyword vo: Vo. Required.
+        :paramtype vo: str
+        :keyword bearer_token: Bearer Token. Required.
+        :paramtype bearer_token: str
+        :keyword token_id: Token Id. Required.
+        :paramtype token_id: str
+        :keyword properties: Properties. Required.
+        :paramtype properties: list[str]
+        :keyword policies: Policies.
+        :paramtype policies: JSON
+        """
+        super().__init__(**kwargs)
+        self.sub = sub
+        self.preferred_username = preferred_username
+        self.dirac_group = dirac_group
+        self.vo = vo
+        self.bearer_token = bearer_token
+        self.token_id = token_id
+        self.properties = properties
+        self.policies = policies
+
+
 class BodyAuthGetOidcToken(_serialization.Model):
     """Body_auth_get_oidc_token.
 

diracx-client/src/diracx/client/generated/operations/__init__.py

@@ -14,6 +14,7 @@
 from ._operations import AuthOperations  # type: ignore
 from ._operations import ConfigOperations  # type: ignore
 from ._operations import JobsOperations  # type: ignore
+from ._operations import PilotsOperations  # type: ignore
 
 from ._patch import __all__ as _patch_all
 from ._patch import *
@@ -24,6 +25,7 @@
     "AuthOperations",
     "ConfigOperations",
     "JobsOperations",
+    "PilotsOperations",
 ]
 __all__.extend([p for p in _patch_all if p not in __all__])  # pyright: ignore
 _patch_sdk()