@tapis/tapis-typescript-sk 0.0.2

package/.openapi-generator/FILES

@@ -0,0 +1,67 @@
+.gitignore
+.npmignore
+.openapi-generator-ignore
+README.md
+package.json
+src/apis/GeneralApi.ts
+src/apis/RoleApi.ts
+src/apis/UserApi.ts
+src/apis/VaultApi.ts
+src/apis/index.ts
+src/index.ts
+src/models/Options.ts
+src/models/ReqAddChildRole.ts
+src/models/ReqAddRolePermission.ts
+src/models/ReqCreateRole.ts
+src/models/ReqGrantAdminRole.ts
+src/models/ReqGrantUserPermission.ts
+src/models/ReqGrantUserRole.ts
+src/models/ReqGrantUserRoleWithPermission.ts
+src/models/ReqPreviewPathPrefix.ts
+src/models/ReqRemoveChildRole.ts
+src/models/ReqRemoveRolePermission.ts
+src/models/ReqReplacePathPrefix.ts
+src/models/ReqRevokeAdminRole.ts
+src/models/ReqRevokeUserPermission.ts
+src/models/ReqRevokeUserRole.ts
+src/models/ReqUpdateRoleDescription.ts
+src/models/ReqUpdateRoleName.ts
+src/models/ReqUpdateRoleOwner.ts
+src/models/ReqUserHasRole.ts
+src/models/ReqUserHasRoleMulti.ts
+src/models/ReqUserIsAdmin.ts
+src/models/ReqUserIsPermitted.ts
+src/models/ReqUserIsPermittedMulti.ts
+src/models/ReqValidateServicePwd.ts
+src/models/ReqVersions.ts
+src/models/ReqWriteSecret.ts
+src/models/RespAuthorized.ts
+src/models/RespBasic.ts
+src/models/RespChangeCount.ts
+src/models/RespName.ts
+src/models/RespNameArray.ts
+src/models/RespPathPrefixes.ts
+src/models/RespProbe.ts
+src/models/RespResourceUrl.ts
+src/models/RespRole.ts
+src/models/RespSecret.ts
+src/models/RespSecretList.ts
+src/models/RespSecretMeta.ts
+src/models/RespSecretVersionMetadata.ts
+src/models/RespVersions.ts
+src/models/ResultAuthorized.ts
+src/models/ResultChangeCount.ts
+src/models/ResultName.ts
+src/models/ResultNameArray.ts
+src/models/ResultResourceUrl.ts
+src/models/SkProbe.ts
+src/models/SkRole.ts
+src/models/SkSecret.ts
+src/models/SkSecretList.ts
+src/models/SkSecretMetadata.ts
+src/models/SkSecretVersion.ts
+src/models/SkSecretVersionMetadata.ts
+src/models/Transformation.ts
+src/models/index.ts
+src/runtime.ts
+tsconfig.json

package/.openapi-generator/VERSION

@@ -0,0 +1 @@
+5.3.0

package/.openapi-generator-ignore

@@ -0,0 +1,23 @@
+# OpenAPI Generator Ignore
+# Generated by openapi-generator https://github.com/openapitools/openapi-generator
+
+# Use this file to prevent files from being overwritten by the generator.
+# The patterns follow closely to .gitignore or .dockerignore.
+
+# As an example, the C# client generator defines ApiClient.cs.
+# You can make changes and tell OpenAPI Generator to ignore just this file by uncommenting the following line:
+#ApiClient.cs
+
+# You can match any string of characters against a directory, file or extension with a single asterisk (*):
+#foo/*/qux
+# The above matches foo/bar/qux and foo/baz/qux, but not foo/bar/baz/qux
+
+# You can recursively match patterns against a directory, file or extension with a double asterisk (**):
+#foo/**/qux
+# This matches foo/bar/qux, foo/baz/qux, and foo/bar/baz/qux
+
+# You can also negate patterns with an exclamation (!).
+# For example, you can ignore all files in a docs folder with the file extension .md:
+#docs/*.md
+# Then explicitly reverse the ignore rule for a single file:
+#!docs/README.md

package/README.md

@@ -0,0 +1,45 @@
+## @tapis/tapis-typescript-sk@0.0.2
+
+This generator creates TypeScript/JavaScript client that utilizes [Fetch API](https://fetch.spec.whatwg.org/). The generated Node module can be used in the following environments:
+
+Environment
+* Node.js
+* Webpack
+* Browserify
+
+Language level
+* ES5 - you must have a Promises/A+ library installed
+* ES6
+
+Module system
+* CommonJS
+* ES6 module system
+
+It can be used in both TypeScript and JavaScript. In TypeScript, the definition should be automatically resolved via `package.json`. ([Reference](http://www.typescriptlang.org/docs/handbook/typings-for-npm-packages.html))
+
+### Building
+
+To build and compile the typescript sources to javascript use:
+```
+npm install
+npm run build
+```
+
+### Publishing
+
+First build the package then run ```npm publish```
+
+### Consuming
+
+navigate to the folder of your consuming project and run one of the following commands.
+
+_published:_
+
+```
+npm install @tapis/tapis-typescript-sk@0.0.2 --save
+```
+
+_unPublished (not recommended):_
+
+```
+npm install PATH_TO_GENERATED_PACKAGE --save

package/dist/apis/GeneralApi.d.ts

@@ -0,0 +1,45 @@
+/**
+ * Tapis Security API
+ * The Tapis Security API provides access to the Tapis Security Kernel authorization and secrets facilities.
+ *
+ * The version of the OpenAPI document: 0.1
+ * Contact: cicsupport@tacc.utexas.edu
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+import * as runtime from '../runtime';
+import { RespBasic, RespProbe } from '../models';
+export interface SayHelloRequest {
+    pretty?: boolean;
+}
+/**
+ *
+ */
+export declare class GeneralApi extends runtime.BaseAPI {
+    /**
+     * Lightwieght health check for liveness. No authorization required.
+     */
+    checkHealthRaw(initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespProbe>>;
+    /**
+     * Lightwieght health check for liveness. No authorization required.
+     */
+    checkHealth(initOverrides?: RequestInit): Promise<RespProbe>;
+    /**
+     * Lightwieght readiness check. No authorization required.
+     */
+    readyRaw(initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespProbe>>;
+    /**
+     * Lightwieght readiness check. No authorization required.
+     */
+    ready(initOverrides?: RequestInit): Promise<RespProbe>;
+    /**
+     * Logged connectivity test. No authorization required.
+     */
+    sayHelloRaw(requestParameters: SayHelloRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespBasic>>;
+    /**
+     * Logged connectivity test. No authorization required.
+     */
+    sayHello(requestParameters: SayHelloRequest, initOverrides?: RequestInit): Promise<RespBasic>;
+}

package/dist/apis/GeneralApi.js

@@ -0,0 +1,199 @@
+"use strict";
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * Tapis Security API
+ * The Tapis Security API provides access to the Tapis Security Kernel authorization and secrets facilities.
+ *
+ * The version of the OpenAPI document: 0.1
+ * Contact: cicsupport@tacc.utexas.edu
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+var __extends = (this && this.__extends) || (function () {
+    var extendStatics = Object.setPrototypeOf ||
+        ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
+        function (d, b) { for (var p in b) if (b.hasOwnProperty(p)) d[p] = b[p]; };
+    return function (d, b) {
+        extendStatics(d, b);
+        function __() { this.constructor = d; }
+        d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
+    };
+})();
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
+    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (_) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+var runtime = require("../runtime");
+var models_1 = require("../models");
+/**
+ *
+ */
+var GeneralApi = /** @class */ (function (_super) {
+    __extends(GeneralApi, _super);
+    function GeneralApi() {
+        return _super !== null && _super.apply(this, arguments) || this;
+    }
+    /**
+     * Lightwieght health check for liveness. No authorization required.
+     */
+    GeneralApi.prototype.checkHealthRaw = function (initOverrides) {
+        return __awaiter(this, void 0, void 0, function () {
+            var queryParameters, headerParameters, response;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        queryParameters = {};
+                        headerParameters = {};
+                        return [4 /*yield*/, this.request({
+                                path: "/security/healthcheck",
+                                method: 'GET',
+                                headers: headerParameters,
+                                query: queryParameters,
+                            }, initOverrides)];
+                    case 1:
+                        response = _a.sent();
+                        return [2 /*return*/, new runtime.JSONApiResponse(response, function (jsonValue) { return models_1.RespProbeFromJSON(jsonValue); })];
+                }
+            });
+        });
+    };
+    /**
+     * Lightwieght health check for liveness. No authorization required.
+     */
+    GeneralApi.prototype.checkHealth = function (initOverrides) {
+        return __awaiter(this, void 0, void 0, function () {
+            var response;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0: return [4 /*yield*/, this.checkHealthRaw(initOverrides)];
+                    case 1:
+                        response = _a.sent();
+                        return [4 /*yield*/, response.value()];
+                    case 2: return [2 /*return*/, _a.sent()];
+                }
+            });
+        });
+    };
+    /**
+     * Lightwieght readiness check. No authorization required.
+     */
+    GeneralApi.prototype.readyRaw = function (initOverrides) {
+        return __awaiter(this, void 0, void 0, function () {
+            var queryParameters, headerParameters, response;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        queryParameters = {};
+                        headerParameters = {};
+                        return [4 /*yield*/, this.request({
+                                path: "/security/ready",
+                                method: 'GET',
+                                headers: headerParameters,
+                                query: queryParameters,
+                            }, initOverrides)];
+                    case 1:
+                        response = _a.sent();
+                        return [2 /*return*/, new runtime.JSONApiResponse(response, function (jsonValue) { return models_1.RespProbeFromJSON(jsonValue); })];
+                }
+            });
+        });
+    };
+    /**
+     * Lightwieght readiness check. No authorization required.
+     */
+    GeneralApi.prototype.ready = function (initOverrides) {
+        return __awaiter(this, void 0, void 0, function () {
+            var response;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0: return [4 /*yield*/, this.readyRaw(initOverrides)];
+                    case 1:
+                        response = _a.sent();
+                        return [4 /*yield*/, response.value()];
+                    case 2: return [2 /*return*/, _a.sent()];
+                }
+            });
+        });
+    };
+    /**
+     * Logged connectivity test. No authorization required.
+     */
+    GeneralApi.prototype.sayHelloRaw = function (requestParameters, initOverrides) {
+        return __awaiter(this, void 0, void 0, function () {
+            var queryParameters, headerParameters, response;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        queryParameters = {};
+                        if (requestParameters.pretty !== undefined) {
+                            queryParameters['pretty'] = requestParameters.pretty;
+                        }
+                        headerParameters = {};
+                        return [4 /*yield*/, this.request({
+                                path: "/security/hello",
+                                method: 'GET',
+                                headers: headerParameters,
+                                query: queryParameters,
+                            }, initOverrides)];
+                    case 1:
+                        response = _a.sent();
+                        return [2 /*return*/, new runtime.JSONApiResponse(response, function (jsonValue) { return models_1.RespBasicFromJSON(jsonValue); })];
+                }
+            });
+        });
+    };
+    /**
+     * Logged connectivity test. No authorization required.
+     */
+    GeneralApi.prototype.sayHello = function (requestParameters, initOverrides) {
+        return __awaiter(this, void 0, void 0, function () {
+            var response;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0: return [4 /*yield*/, this.sayHelloRaw(requestParameters, initOverrides)];
+                    case 1:
+                        response = _a.sent();
+                        return [4 /*yield*/, response.value()];
+                    case 2: return [2 /*return*/, _a.sent()];
+                }
+            });
+        });
+    };
+    return GeneralApi;
+}(runtime.BaseAPI));
+exports.GeneralApi = GeneralApi;

package/dist/apis/RoleApi.d.ts

@@ -0,0 +1,205 @@
+/**
+ * Tapis Security API
+ * The Tapis Security API provides access to the Tapis Security Kernel authorization and secrets facilities.
+ *
+ * The version of the OpenAPI document: 0.1
+ * Contact: cicsupport@tacc.utexas.edu
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+import * as runtime from '../runtime';
+import { ReqAddChildRole, ReqAddRolePermission, ReqCreateRole, ReqPreviewPathPrefix, ReqRemoveChildRole, ReqRemoveRolePermission, ReqReplacePathPrefix, ReqUpdateRoleDescription, ReqUpdateRoleName, ReqUpdateRoleOwner, RespBasic, RespChangeCount, RespName, RespNameArray, RespPathPrefixes, RespResourceUrl, RespRole } from '../models';
+export interface AddChildRoleRequest {
+    reqAddChildRole: ReqAddChildRole;
+    pretty?: boolean;
+}
+export interface AddRolePermissionRequest {
+    reqAddRolePermission: ReqAddRolePermission;
+    pretty?: boolean;
+}
+export interface CreateRoleRequest {
+    reqCreateRole: ReqCreateRole;
+    pretty?: boolean;
+}
+export interface DeleteRoleByNameRequest {
+    roleName: string;
+    tenant?: string;
+    pretty?: boolean;
+}
+export interface GetDefaultUserRoleRequest {
+    user: string;
+    pretty?: boolean;
+}
+export interface GetRoleByNameRequest {
+    roleName: string;
+    tenant?: string;
+    pretty?: boolean;
+}
+export interface GetRoleNamesRequest {
+    tenant?: string;
+    pretty?: boolean;
+}
+export interface GetRolePermissionsRequest {
+    roleName: string;
+    tenant?: string;
+    immediate?: boolean;
+    pretty?: boolean;
+}
+export interface PreviewPathPrefixRequest {
+    reqPreviewPathPrefix: ReqPreviewPathPrefix;
+    pretty?: boolean;
+}
+export interface RemoveChildRoleRequest {
+    reqRemoveChildRole: ReqRemoveChildRole;
+    pretty?: boolean;
+}
+export interface RemoveRolePermissionRequest {
+    reqRemoveRolePermission: ReqRemoveRolePermission;
+    pretty?: boolean;
+}
+export interface ReplacePathPrefixRequest {
+    reqReplacePathPrefix: ReqReplacePathPrefix;
+    pretty?: boolean;
+}
+export interface UpdateRoleDescriptionRequest {
+    roleName: string;
+    reqUpdateRoleDescription: ReqUpdateRoleDescription;
+    pretty?: boolean;
+}
+export interface UpdateRoleNameRequest {
+    roleName: string;
+    reqUpdateRoleName: ReqUpdateRoleName;
+    pretty?: boolean;
+}
+export interface UpdateRoleOwnerRequest {
+    roleName: string;
+    reqUpdateRoleOwner: ReqUpdateRoleOwner;
+    pretty?: boolean;
+}
+/**
+ *
+ */
+export declare class RoleApi extends runtime.BaseAPI {
+    /**
+     * Add a child role to another role using a request body.  If the child already exists, then the request has no effect and the change count returned is zero. Otherwise, the child is added and the change count is one.  The user@tenant identity specified in JWT is authorized to make this request only if that user is an administrator or if the user owns both the parent and child roles.
+     */
+    addChildRoleRaw(requestParameters: AddChildRoleRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespChangeCount>>;
+    /**
+     * Add a child role to another role using a request body.  If the child already exists, then the request has no effect and the change count returned is zero. Otherwise, the child is added and the change count is one.  The user@tenant identity specified in JWT is authorized to make this request only if that user is an administrator or if the user owns both the parent and child roles.
+     */
+    addChildRole(requestParameters: AddChildRoleRequest, initOverrides?: RequestInit): Promise<RespChangeCount>;
+    /**
+     * Add a permission to an existing role using a request body.  If the permission already exists, then the request has no effect and the change count returned is zero. Otherwise, the permission is added and the change count is one.  Permissions are case-sensitive strings that follow the format defined by Apache Shiro (https://shiro.apache.org/permissions.html).  This format defines any number of colon-separated (:) parts, with the possible use of asterisks (*) as wildcards and commas (,) as aggregators.  Here are two example permission strings:      system:MyTenant:read,write:system1     system:MyTenant:create,read,write,delete:*  See the Shiro documentation for further details.  Note that the three reserved characters, [: * ,], cannot appear in the text of any part.  It\'s the application\'s responsibility to escape those characters in a manner that is safe in the application\'s domain.  This request is authorized only if the authenticated user is either the role owner or an administrator.
+     */
+    addRolePermissionRaw(requestParameters: AddRolePermissionRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespChangeCount>>;
+    /**
+     * Add a permission to an existing role using a request body.  If the permission already exists, then the request has no effect and the change count returned is zero. Otherwise, the permission is added and the change count is one.  Permissions are case-sensitive strings that follow the format defined by Apache Shiro (https://shiro.apache.org/permissions.html).  This format defines any number of colon-separated (:) parts, with the possible use of asterisks (*) as wildcards and commas (,) as aggregators.  Here are two example permission strings:      system:MyTenant:read,write:system1     system:MyTenant:create,read,write,delete:*  See the Shiro documentation for further details.  Note that the three reserved characters, [: * ,], cannot appear in the text of any part.  It\'s the application\'s responsibility to escape those characters in a manner that is safe in the application\'s domain.  This request is authorized only if the authenticated user is either the role owner or an administrator.
+     */
+    addRolePermission(requestParameters: AddRolePermissionRequest, initOverrides?: RequestInit): Promise<RespChangeCount>;
+    /**
+     * Create a role using a request body.  Role names are case sensitive, alpha-numeric strings that can also contain underscores.  Role names must start with an alphbetic character and can be no more than 58 characters in length.  The desciption can be no more than 2048 characters long.  If the role already exists, this request has no effect.  For the request to be authorized, the requestor must be either an administrator or a service allowed to perform updates in the new role\'s tenant.
+     */
+    createRoleRaw(requestParameters: CreateRoleRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespResourceUrl>>;
+    /**
+     * Create a role using a request body.  Role names are case sensitive, alpha-numeric strings that can also contain underscores.  Role names must start with an alphbetic character and can be no more than 58 characters in length.  The desciption can be no more than 2048 characters long.  If the role already exists, this request has no effect.  For the request to be authorized, the requestor must be either an administrator or a service allowed to perform updates in the new role\'s tenant.
+     */
+    createRole(requestParameters: CreateRoleRequest, initOverrides?: RequestInit): Promise<RespResourceUrl>;
+    /**
+     * Delete the named role. A valid tenant and user must be specified as query parameters.  This request is authorized only if the authenticated user is either the role owner or an administrator.
+     */
+    deleteRoleByNameRaw(requestParameters: DeleteRoleByNameRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespChangeCount>>;
+    /**
+     * Delete the named role. A valid tenant and user must be specified as query parameters.  This request is authorized only if the authenticated user is either the role owner or an administrator.
+     */
+    deleteRoleByName(requestParameters: DeleteRoleByNameRequest, initOverrides?: RequestInit): Promise<RespChangeCount>;
+    /**
+     * Get a user\'s default role. The default role is implicitly created by the system when needed if it doesn\'t already exist. No authorization required.  A user\'s default role is constructed by prepending \'$$\' to the user\'s name.  This implies the maximum length of a user name is 58 since role names are limited to 60 characters.
+     */
+    getDefaultUserRoleRaw(requestParameters: GetDefaultUserRoleRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespName>>;
+    /**
+     * Get a user\'s default role. The default role is implicitly created by the system when needed if it doesn\'t already exist. No authorization required.  A user\'s default role is constructed by prepending \'$$\' to the user\'s name.  This implies the maximum length of a user name is 58 since role names are limited to 60 characters.
+     */
+    getDefaultUserRole(requestParameters: GetDefaultUserRoleRequest, initOverrides?: RequestInit): Promise<RespName>;
+    /**
+     * Get the named role\'s definition.  A valid tenant must be specified as a query parameter.  This request is authorized if the requestor is a user that has access to the specified tenant or if the requestor is a service.
+     */
+    getRoleByNameRaw(requestParameters: GetRoleByNameRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespRole>>;
+    /**
+     * Get the named role\'s definition.  A valid tenant must be specified as a query parameter.  This request is authorized if the requestor is a user that has access to the specified tenant or if the requestor is a service.
+     */
+    getRoleByName(requestParameters: GetRoleByNameRequest, initOverrides?: RequestInit): Promise<RespRole>;
+    /**
+     * Get the names of all roles in the tenant in alphabetic order.  Future enhancements will include search filtering.  A valid tenant must be specified as a query parameter.  This request is authorized if the requestor is a user that has access to the specified tenant or if the requestor is a service.
+     */
+    getRoleNamesRaw(requestParameters: GetRoleNamesRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespNameArray>>;
+    /**
+     * Get the names of all roles in the tenant in alphabetic order.  Future enhancements will include search filtering.  A valid tenant must be specified as a query parameter.  This request is authorized if the requestor is a user that has access to the specified tenant or if the requestor is a service.
+     */
+    getRoleNames(requestParameters: GetRoleNamesRequest, initOverrides?: RequestInit): Promise<RespNameArray>;
+    /**
+     * Get the named role\'s permissions.  By default, all permissions assigned to the role, whether directly and transitively through child roles, are returned.  Set the immediate query parameter to only retrieve permissions directly assigned to the role.  A valid tenant must be specified.  This request is authorized if the requestor is a user that has access to the specified tenant or if the requestor is a service.
+     */
+    getRolePermissionsRaw(requestParameters: GetRolePermissionsRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespNameArray>>;
+    /**
+     * Get the named role\'s permissions.  By default, all permissions assigned to the role, whether directly and transitively through child roles, are returned.  Set the immediate query parameter to only retrieve permissions directly assigned to the role.  A valid tenant must be specified.  This request is authorized if the requestor is a user that has access to the specified tenant or if the requestor is a service.
+     */
+    getRolePermissions(requestParameters: GetRolePermissionsRequest, initOverrides?: RequestInit): Promise<RespNameArray>;
+    /**
+     * This read-only endpoint previews the transformations that would take place if the same input was used on a replacePathPrefix POST call. This call is also implemented as a POST so that the same input as used on replacePathPrefix can be used here, but this call changes nothing.  This endpoint can be used to get an accounting of existing system/path combinations that match the input specification. Such information is useful when trying to duplicate a set of permissions. For example, one may want to copy a file subtree to another location and assign the same permissions to the new subtree as currently exist on the original subtree. One could use  this call to calculate the users that should be granted permission on the new subtree.  The optional parameters are roleName, oldPrefix and newPrefix. No wildcards are defined for the path prefix parameters.  When roleName is specified then only permissions assigned to that role are considered.  When the oldPrefix parameter is provided, it\'s used to filter out permissions whose paths do not begin with the specified string; when not provided, no path prefix filtering occurs.  When the newPrefix parameter is not provided no new characters are prepended to the new path, effectively just removing the oldPrefix from the new path. When neither oldPrefix nor newPrefix are provided, no path transformation occurs, though system IDs can still be transformed.  The result object contains an array of transformation objects, each of which contains the unique permission sequence number, the existing permission that matched the search criteria and the new permission if the specified transformations were applied.  A valid tenant and user must be specified in the request body.  This request is authorized if the requestor is a user that has access to the specified tenant or if the requestor is a service.
+     */
+    previewPathPrefixRaw(requestParameters: PreviewPathPrefixRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespPathPrefixes>>;
+    /**
+     * This read-only endpoint previews the transformations that would take place if the same input was used on a replacePathPrefix POST call. This call is also implemented as a POST so that the same input as used on replacePathPrefix can be used here, but this call changes nothing.  This endpoint can be used to get an accounting of existing system/path combinations that match the input specification. Such information is useful when trying to duplicate a set of permissions. For example, one may want to copy a file subtree to another location and assign the same permissions to the new subtree as currently exist on the original subtree. One could use  this call to calculate the users that should be granted permission on the new subtree.  The optional parameters are roleName, oldPrefix and newPrefix. No wildcards are defined for the path prefix parameters.  When roleName is specified then only permissions assigned to that role are considered.  When the oldPrefix parameter is provided, it\'s used to filter out permissions whose paths do not begin with the specified string; when not provided, no path prefix filtering occurs.  When the newPrefix parameter is not provided no new characters are prepended to the new path, effectively just removing the oldPrefix from the new path. When neither oldPrefix nor newPrefix are provided, no path transformation occurs, though system IDs can still be transformed.  The result object contains an array of transformation objects, each of which contains the unique permission sequence number, the existing permission that matched the search criteria and the new permission if the specified transformations were applied.  A valid tenant and user must be specified in the request body.  This request is authorized if the requestor is a user that has access to the specified tenant or if the requestor is a service.
+     */
+    previewPathPrefix(requestParameters: PreviewPathPrefixRequest, initOverrides?: RequestInit): Promise<RespPathPrefixes>;
+    /**
+     * Remove a child role from a parent role using a request body.  A valid tenant and user must be specified in the request body.  The user@tenant identity specified in JWT is authorized to make this request only if that user is an administrator or if they own the parent role.
+     */
+    removeChildRoleRaw(requestParameters: RemoveChildRoleRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespChangeCount>>;
+    /**
+     * Remove a child role from a parent role using a request body.  A valid tenant and user must be specified in the request body.  The user@tenant identity specified in JWT is authorized to make this request only if that user is an administrator or if they own the parent role.
+     */
+    removeChildRole(requestParameters: RemoveChildRoleRequest, initOverrides?: RequestInit): Promise<RespChangeCount>;
+    /**
+     * Remove a permission from a role using a request body.  A valid role, roleTenant and permission must be specified in the request body.  Only the role owner or administrators are authorized to make this call.
+     */
+    removeRolePermissionRaw(requestParameters: RemoveRolePermissionRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespChangeCount>>;
+    /**
+     * Remove a permission from a role using a request body.  A valid role, roleTenant and permission must be specified in the request body.  Only the role owner or administrators are authorized to make this call.
+     */
+    removeRolePermission(requestParameters: RemoveRolePermissionRequest, initOverrides?: RequestInit): Promise<RespChangeCount>;
+    /**
+     * Replace the text in a permission specification when its last component defines an *extended path attribute*.  Extended path attributes enhance the standard Shiro matching algorithm with one that treats designated components in a permission specification as a path name, such as a posix file or directory path name.  This request is useful when files or directories have been renamed or moved and their authorizations need to be adjusted.  Consider, for example, permissions that conform to the following specification:        files:tenantId:op:systemId:path  By definition, the last component is an extended path attribute whose content can be changed by replacePathPrefix requests.  Specifically, paths that begin with the oldPrefix will have that prefix replaced with the newPrefix value.  Replacement only occurs on permissions that also match the schema and oldSystemId parameter values.  The systemId attribute is required to immediately precede the path attribute, which must be the last attribute.  Additionally, the oldSystemId is replaced with the newSystemId when a match is found.  If a roleName is provided, then replacement is limited to permissions defined only in that role.  Otherwise, permissions in all roles that meet the other matching criteria will be considered.  The optional parameters are roleName, oldPrefix and newPrefix. No wildcards are defined for the path prefix parameters.  When roleName is specified then only permissions assigned to that role are considered.  When the oldPrefix parameter is provided, it\'s used to filter out permissions whose paths do not begin with the specified string; when not provided, no path prefix filtering occurs.  When the newPrefix parameter is not provided no new characters are prepended to the new path, effectively just removing the oldPrefix from the new path. When neither oldPrefix nor newPrefix are provided, no path transformation occurs, though system IDs can still be transformed.  The previewPathPrefix request provides a way to do a dry run using the same input as this request. The preview call calculates the permissions that would change and what their new values would be, but it does not actually change those permissions as replacePathPrefix does.  The input parameters are passed in the payload of this request.  The response indicates the number of changed permission specifications.  The path prefix replacement operation is authorized if the user@tenant in the JWT represents a tenant administrator or the Files service.
+     */
+    replacePathPrefixRaw(requestParameters: ReplacePathPrefixRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespChangeCount>>;
+    /**
+     * Replace the text in a permission specification when its last component defines an *extended path attribute*.  Extended path attributes enhance the standard Shiro matching algorithm with one that treats designated components in a permission specification as a path name, such as a posix file or directory path name.  This request is useful when files or directories have been renamed or moved and their authorizations need to be adjusted.  Consider, for example, permissions that conform to the following specification:        files:tenantId:op:systemId:path  By definition, the last component is an extended path attribute whose content can be changed by replacePathPrefix requests.  Specifically, paths that begin with the oldPrefix will have that prefix replaced with the newPrefix value.  Replacement only occurs on permissions that also match the schema and oldSystemId parameter values.  The systemId attribute is required to immediately precede the path attribute, which must be the last attribute.  Additionally, the oldSystemId is replaced with the newSystemId when a match is found.  If a roleName is provided, then replacement is limited to permissions defined only in that role.  Otherwise, permissions in all roles that meet the other matching criteria will be considered.  The optional parameters are roleName, oldPrefix and newPrefix. No wildcards are defined for the path prefix parameters.  When roleName is specified then only permissions assigned to that role are considered.  When the oldPrefix parameter is provided, it\'s used to filter out permissions whose paths do not begin with the specified string; when not provided, no path prefix filtering occurs.  When the newPrefix parameter is not provided no new characters are prepended to the new path, effectively just removing the oldPrefix from the new path. When neither oldPrefix nor newPrefix are provided, no path transformation occurs, though system IDs can still be transformed.  The previewPathPrefix request provides a way to do a dry run using the same input as this request. The preview call calculates the permissions that would change and what their new values would be, but it does not actually change those permissions as replacePathPrefix does.  The input parameters are passed in the payload of this request.  The response indicates the number of changed permission specifications.  The path prefix replacement operation is authorized if the user@tenant in the JWT represents a tenant administrator or the Files service.
+     */
+    replacePathPrefix(requestParameters: ReplacePathPrefixRequest, initOverrides?: RequestInit): Promise<RespChangeCount>;
+    /**
+     * Update an existing role\'s decription using a request body.  The size limit on a description is 2048 characters.  This request is authorized if the requestor is the role owner or an administrator.
+     */
+    updateRoleDescriptionRaw(requestParameters: UpdateRoleDescriptionRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespBasic>>;
+    /**
+     * Update an existing role\'s decription using a request body.  The size limit on a description is 2048 characters.  This request is authorized if the requestor is the role owner or an administrator.
+     */
+    updateRoleDescription(requestParameters: UpdateRoleDescriptionRequest, initOverrides?: RequestInit): Promise<RespBasic>;
+    /**
+     * Update an existing role\'s name using a request body.  Role names are case sensitive, alphanumeric strings that can contain underscores but must begin with an alphabetic character.  The limit on role name is 58 characters.  This request is authorized if the requestor is the role owner or an administrator.
+     */
+    updateRoleNameRaw(requestParameters: UpdateRoleNameRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespBasic>>;
+    /**
+     * Update an existing role\'s name using a request body.  Role names are case sensitive, alphanumeric strings that can contain underscores but must begin with an alphabetic character.  The limit on role name is 58 characters.  This request is authorized if the requestor is the role owner or an administrator.
+     */
+    updateRoleName(requestParameters: UpdateRoleNameRequest, initOverrides?: RequestInit): Promise<RespBasic>;
+    /**
+     * Update an existing role\'s owner using a request body. Required parameters in the payload are the *roleTenant*, which is the tenant of named role, and *newOwner*, which is the user to which role ownership is being transferred. The *newTenant* payload parameter is optional and only needed when the new owner resides in a different tenant than that of the current owner.  This request is authorized if the requestor is the role owner or an administrator. If a new tenant is specified, then the requestor must also be allowed to act in the new tenant.
+     */
+    updateRoleOwnerRaw(requestParameters: UpdateRoleOwnerRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespBasic>>;
+    /**
+     * Update an existing role\'s owner using a request body. Required parameters in the payload are the *roleTenant*, which is the tenant of named role, and *newOwner*, which is the user to which role ownership is being transferred. The *newTenant* payload parameter is optional and only needed when the new owner resides in a different tenant than that of the current owner.  This request is authorized if the requestor is the role owner or an administrator. If a new tenant is specified, then the requestor must also be allowed to act in the new tenant.
+     */
+    updateRoleOwner(requestParameters: UpdateRoleOwnerRequest, initOverrides?: RequestInit): Promise<RespBasic>;
+}