@tapis/tapis-typescript-systems 0.0.2 → 0.0.3

package/dist/models/index.js

@@ -12,33 +12,46 @@ __export(require("./Credential"));
 __export(require("./DatatypeEnum"));
 __export(require("./JobRuntime"));
 __export(require("./KeyValuePair"));
+__export(require("./ListTypeEnum"));
 __export(require("./LogicalQueue"));
-__export(require("./ReqCreateCredential"));
-__export(require("./ReqCreateSchedulerProfile"));
-__export(require("./ReqCreateSystem"));
+__export(require("./ModuleLoadSpec"));
+__export(require("./OperationTypeEnum"));
 __export(require("./ReqMatchConstraints"));
 __export(require("./ReqPatchSystem"));
 __export(require("./ReqPerms"));
+__export(require("./ReqPostChildSystem"));
+__export(require("./ReqPostPutCredential"));
+__export(require("./ReqPostSchedulerProfile"));
+__export(require("./ReqPostSystem"));
 __export(require("./ReqPutSystem"));
 __export(require("./ReqSearchSystems"));
+__export(require("./ReqShareUpdate"));
+__export(require("./ReqUnlinkChildren"));
+__export(require("./ReqUpdateCredential"));
 __export(require("./RespBasic"));
 __export(require("./RespBoolean"));
 __export(require("./RespChangeCount"));
 __export(require("./RespCredential"));
+__export(require("./RespGlobusAuthUrl"));
 __export(require("./RespNameArray"));
 __export(require("./RespResourceUrl"));
 __export(require("./RespSchedulerProfile"));
 __export(require("./RespSchedulerProfiles"));
+__export(require("./RespShareInfo"));
 __export(require("./RespSystem"));
+__export(require("./RespSystemHistory"));
 __export(require("./RespSystems"));
 __export(require("./RespSystemsMetadata"));
 __export(require("./ResultBoolean"));
 __export(require("./ResultChangeCount"));
+__export(require("./ResultGlobusAuthUrl"));
 __export(require("./ResultNameArray"));
 __export(require("./ResultResourceUrl"));
 __export(require("./RuntimeTypeEnum"));
 __export(require("./SchedulerHiddenOptionEnum"));
 __export(require("./SchedulerProfile"));
 __export(require("./SchedulerTypeEnum"));
+__export(require("./ShareInfo"));
+__export(require("./SystemHistory"));
 __export(require("./SystemTypeEnum"));
 __export(require("./TapisSystem"));

package/dist/runtime.d.ts

@@ -2,7 +2,7 @@
  * Tapis Systems API
  * The Tapis Systems API provides for management of Tapis Systems including permissions, credentials and Scheduler Profiles.
  *
- * The version of the OpenAPI document: 1.0.0-rc1
+ * The version of the OpenAPI document: 1.3.3
  * Contact: cicsupport@tacc.utexas.edu
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).

package/dist/runtime.js

@@ -5,7 +5,7 @@
  * Tapis Systems API
  * The Tapis Systems API provides for management of Tapis Systems including permissions, credentials and Scheduler Profiles.
  *
- * The version of the OpenAPI document: 1.0.0-rc1
+ * The version of the OpenAPI document: 1.3.3
  * Contact: cicsupport@tacc.utexas.edu
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tapis/tapis-typescript-systems",
-  "version": "0.0.2",
+  "version": "0.0.3",
   "description": "OpenAPI client for @tapis/tapis-typescript-systems",
   "author": "OpenAPI-Generator",
   "main": "./dist/index.js",

package/src/apis/ChildSystemsApi.ts

@@ -0,0 +1,171 @@
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * Tapis Systems API
+ * The Tapis Systems API provides for management of Tapis Systems including permissions, credentials and Scheduler Profiles.
+ *
+ * The version of the OpenAPI document: 1.3.3
+ * Contact: cicsupport@tacc.utexas.edu
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+
+
+import * as runtime from '../runtime';
+import {
+    ReqPostChildSystem,
+    ReqPostChildSystemFromJSON,
+    ReqPostChildSystemToJSON,
+    ReqUnlinkChildren,
+    ReqUnlinkChildrenFromJSON,
+    ReqUnlinkChildrenToJSON,
+    RespBasic,
+    RespBasicFromJSON,
+    RespBasicToJSON,
+    RespChangeCount,
+    RespChangeCountFromJSON,
+    RespChangeCountToJSON,
+    RespResourceUrl,
+    RespResourceUrlFromJSON,
+    RespResourceUrlToJSON,
+} from '../models';
+
+export interface CreateChildSystemRequest {
+    parentId: string;
+    reqPostChildSystem: ReqPostChildSystem;
+}
+
+export interface UnlinkChildrenRequest {
+    parentSystemId: string;
+    all?: boolean;
+    reqUnlinkChildren?: ReqUnlinkChildren;
+}
+
+export interface UnlinkFromParentRequest {
+    childSystemId: string;
+}
+
+/**
+ * 
+ */
+export class ChildSystemsApi extends runtime.BaseAPI {
+
+    /**
+     * Create a child system.  The child system gets all of it\'s attributes from it\'s parent except for the following fields:   - *id*   - *effectiveUserId*   - *rootDir*   - *owner*  The owner will be the user who is creating the system.  The caller must have read permission to the parent system. 
+     */
+    async createChildSystemRaw(requestParameters: CreateChildSystemRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespResourceUrl>> {
+        if (requestParameters.parentId === null || requestParameters.parentId === undefined) {
+            throw new runtime.RequiredError('parentId','Required parameter requestParameters.parentId was null or undefined when calling createChildSystem.');
+        }
+
+        if (requestParameters.reqPostChildSystem === null || requestParameters.reqPostChildSystem === undefined) {
+            throw new runtime.RequiredError('reqPostChildSystem','Required parameter requestParameters.reqPostChildSystem was null or undefined when calling createChildSystem.');
+        }
+
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        headerParameters['Content-Type'] = 'application/json';
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
+        }
+
+        const response = await this.request({
+            path: `/v3/systems/{parentId}/createChildSystem`.replace(`{${"parentId"}}`, encodeURIComponent(String(requestParameters.parentId))),
+            method: 'POST',
+            headers: headerParameters,
+            query: queryParameters,
+            body: ReqPostChildSystemToJSON(requestParameters.reqPostChildSystem),
+        }, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => RespResourceUrlFromJSON(jsonValue));
+    }
+
+    /**
+     * Create a child system.  The child system gets all of it\'s attributes from it\'s parent except for the following fields:   - *id*   - *effectiveUserId*   - *rootDir*   - *owner*  The owner will be the user who is creating the system.  The caller must have read permission to the parent system. 
+     */
+    async createChildSystem(requestParameters: CreateChildSystemRequest, initOverrides?: RequestInit): Promise<RespResourceUrl> {
+        const response = await this.createChildSystemRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+
+    /**
+     * Make a child system a standalone system.  This will break the connection with it\'s parent, and from this point on, the child system will not be connected to the parent.  This is similar to unlinkFromParent, but permissions are required for the parent system rather than the child system.  Warning, this cannot be undone. 
+     */
+    async unlinkChildrenRaw(requestParameters: UnlinkChildrenRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespChangeCount>> {
+        if (requestParameters.parentSystemId === null || requestParameters.parentSystemId === undefined) {
+            throw new runtime.RequiredError('parentSystemId','Required parameter requestParameters.parentSystemId was null or undefined when calling unlinkChildren.');
+        }
+
+        const queryParameters: any = {};
+
+        if (requestParameters.all !== undefined) {
+            queryParameters['all'] = requestParameters.all;
+        }
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        headerParameters['Content-Type'] = 'application/json';
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
+        }
+
+        const response = await this.request({
+            path: `/v3/systems/{parentSystemId}/unlinkChildren`.replace(`{${"parentSystemId"}}`, encodeURIComponent(String(requestParameters.parentSystemId))),
+            method: 'POST',
+            headers: headerParameters,
+            query: queryParameters,
+            body: ReqUnlinkChildrenToJSON(requestParameters.reqUnlinkChildren),
+        }, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => RespChangeCountFromJSON(jsonValue));
+    }
+
+    /**
+     * Make a child system a standalone system.  This will break the connection with it\'s parent, and from this point on, the child system will not be connected to the parent.  This is similar to unlinkFromParent, but permissions are required for the parent system rather than the child system.  Warning, this cannot be undone. 
+     */
+    async unlinkChildren(requestParameters: UnlinkChildrenRequest, initOverrides?: RequestInit): Promise<RespChangeCount> {
+        const response = await this.unlinkChildrenRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+
+    /**
+     * Make a child system a standalone system.  This will break the connection with it\'s parent, and from this point on, the child system will not be connected to the parent.  Warning, this cannot be undone. 
+     */
+    async unlinkFromParentRaw(requestParameters: UnlinkFromParentRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespChangeCount>> {
+        if (requestParameters.childSystemId === null || requestParameters.childSystemId === undefined) {
+            throw new runtime.RequiredError('childSystemId','Required parameter requestParameters.childSystemId was null or undefined when calling unlinkFromParent.');
+        }
+
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
+        }
+
+        const response = await this.request({
+            path: `/v3/systems/{childSystemId}/unlinkFromParent`.replace(`{${"childSystemId"}}`, encodeURIComponent(String(requestParameters.childSystemId))),
+            method: 'POST',
+            headers: headerParameters,
+            query: queryParameters,
+        }, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => RespChangeCountFromJSON(jsonValue));
+    }
+
+    /**
+     * Make a child system a standalone system.  This will break the connection with it\'s parent, and from this point on, the child system will not be connected to the parent.  Warning, this cannot be undone. 
+     */
+    async unlinkFromParent(requestParameters: UnlinkFromParentRequest, initOverrides?: RequestInit): Promise<RespChangeCount> {
+        const response = await this.unlinkFromParentRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+
+}

package/src/apis/CredentialsApi.ts

@@ -4,7 +4,7 @@
  * Tapis Systems API
  * The Tapis Systems API provides for management of Tapis Systems including permissions, credentials and Scheduler Profiles.
  *
- * The version of the OpenAPI document: 1.0.0-rc1
+ * The version of the OpenAPI document: 1.3.3
  * Contact: cicsupport@tacc.utexas.edu
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
@@ -15,24 +15,40 @@
 
 import * as runtime from '../runtime';
 import {
-    ReqCreateCredential,
-    ReqCreateCredentialFromJSON,
-    ReqCreateCredentialToJSON,
+    ReqUpdateCredential,
+    ReqUpdateCredentialFromJSON,
+    ReqUpdateCredentialToJSON,
     RespBasic,
     RespBasicFromJSON,
     RespBasicToJSON,
     RespCredential,
     RespCredentialFromJSON,
     RespCredentialToJSON,
+    RespGlobusAuthUrl,
+    RespGlobusAuthUrlFromJSON,
+    RespGlobusAuthUrlToJSON,
 } from '../models';
 
+export interface CheckUserCredentialRequest {
+    systemId: string;
+    userName: string;
+    authnMethod?: string;
+}
+
 export interface CreateUserCredentialRequest {
     systemId: string;
     userName: string;
-    reqCreateCredential: ReqCreateCredential;
+    reqUpdateCredential: ReqUpdateCredential;
     skipCredentialCheck?: boolean;
 }
 
+export interface GenerateGlobusTokensRequest {
+    systemId: string;
+    userName: string;
+    authCode: string;
+    sessionId: string;
+}
+
 export interface GetUserCredentialRequest {
     systemId: string;
     userName: string;
@@ -50,8 +66,49 @@ export interface RemoveUserCredentialRequest {
 export class CredentialsApi extends runtime.BaseAPI {
 
     /**
-     * Create or update credentials in the Security Kernel for given system and *target user* using a request body. Requester must be owner of the system. Credentials for multiple authentication methods may be provided.  Note that user making the request and *target user* may be different and frequently are different.  By default any credentials provided for LINUX type systems are verified. Use query parameter skipCredentialCheck=true to bypass initial verification of credentials.  Note that the attribute authnMethod is allowed but ignored so that the JSON result returned by a GET may be modified and used when making a POST to update credentials. 
-     * Create or update user credentials for a system and target user
+     * Check user credentials by connecting to the system host. Not supported for all system types. Currently supported for LINUX and S3 type systems.  If the *effectiveUserId* for the system is dynamic (i.e. equal to *${apiUserId}*) then *{userName}* is interpreted as a Tapis user and a search is made for credentials associated with *{userName}*.  If the *effectiveUserId* for the system is static (i.e. not *${apiUserId}*) then *{userName}* is ignored and a search is made for credentials associated with *effectiveUserId*.  Operation is allowed if requester is the system owner or a tenant administrator. If the *effectiveUserId* for the system is dynamic (i.e. equal to *${apiUserId}*) then the operation is allowed if *{userName}* is the Tapis user making the request.  Desired authentication method may be specified using query parameter authnMethod=<method>. If not specified then credentials for the system\'s default authentication method are verified. 
+     */
+    async checkUserCredentialRaw(requestParameters: CheckUserCredentialRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespBasic>> {
+        if (requestParameters.systemId === null || requestParameters.systemId === undefined) {
+            throw new runtime.RequiredError('systemId','Required parameter requestParameters.systemId was null or undefined when calling checkUserCredential.');
+        }
+
+        if (requestParameters.userName === null || requestParameters.userName === undefined) {
+            throw new runtime.RequiredError('userName','Required parameter requestParameters.userName was null or undefined when calling checkUserCredential.');
+        }
+
+        const queryParameters: any = {};
+
+        if (requestParameters.authnMethod !== undefined) {
+            queryParameters['authnMethod'] = requestParameters.authnMethod;
+        }
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
+        }
+
+        const response = await this.request({
+            path: `/v3/systems/credential/{systemId}/user/{userName}/check`.replace(`{${"systemId"}}`, encodeURIComponent(String(requestParameters.systemId))).replace(`{${"userName"}}`, encodeURIComponent(String(requestParameters.userName))),
+            method: 'POST',
+            headers: headerParameters,
+            query: queryParameters,
+        }, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => RespBasicFromJSON(jsonValue));
+    }
+
+    /**
+     * Check user credentials by connecting to the system host. Not supported for all system types. Currently supported for LINUX and S3 type systems.  If the *effectiveUserId* for the system is dynamic (i.e. equal to *${apiUserId}*) then *{userName}* is interpreted as a Tapis user and a search is made for credentials associated with *{userName}*.  If the *effectiveUserId* for the system is static (i.e. not *${apiUserId}*) then *{userName}* is ignored and a search is made for credentials associated with *effectiveUserId*.  Operation is allowed if requester is the system owner or a tenant administrator. If the *effectiveUserId* for the system is dynamic (i.e. equal to *${apiUserId}*) then the operation is allowed if *{userName}* is the Tapis user making the request.  Desired authentication method may be specified using query parameter authnMethod=<method>. If not specified then credentials for the system\'s default authentication method are verified. 
+     */
+    async checkUserCredential(requestParameters: CheckUserCredentialRequest, initOverrides?: RequestInit): Promise<RespBasic> {
+        const response = await this.checkUserCredentialRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+
+    /**
+     * Create or update credentials in the Security Kernel for given system and target *userName* using a request body. Credentials for multiple authentication methods may be provided.  The Systems service does not store the secrets in its database, they are persisted in the Security Kernel.  If the *effectiveUserId* for the system is dynamic (i.e. equal to *${apiUserId}*) then *{userName}* is interpreted as a Tapis user and the request body may contain the optional attribute *loginUser* which will be used to map the Tapis user to a username to be used when accessing the system. If the login user is not provided then there is no mapping and the Tapis user is always used when accessing the system.  If the *effectiveUserId* for the system is static (i.e. not *${apiUserId}*) then *{userName}* is interpreted as the login user to be used when accessing the host.  Operation is allowed if requester is the system owner or a tenant administrator. If the *effectiveUserId* for the system is dynamic (i.e. equal to *${apiUserId}*) then the operation is allowed if *{userName}* is the Tapis user making the request.  By default credentials for LINUX and S3 type systems are verified. Use query parameter *skipCredentialCheck=true* to bypass initial credential validation. 
      */
     async createUserCredentialRaw(requestParameters: CreateUserCredentialRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespBasic>> {
         if (requestParameters.systemId === null || requestParameters.systemId === undefined) {
@@ -62,8 +119,8 @@ export class CredentialsApi extends runtime.BaseAPI {
             throw new runtime.RequiredError('userName','Required parameter requestParameters.userName was null or undefined when calling createUserCredential.');
         }
 
-        if (requestParameters.reqCreateCredential === null || requestParameters.reqCreateCredential === undefined) {
-            throw new runtime.RequiredError('reqCreateCredential','Required parameter requestParameters.reqCreateCredential was null or undefined when calling createUserCredential.');
+        if (requestParameters.reqUpdateCredential === null || requestParameters.reqUpdateCredential === undefined) {
+            throw new runtime.RequiredError('reqUpdateCredential','Required parameter requestParameters.reqUpdateCredential was null or undefined when calling createUserCredential.');
         }
 
         const queryParameters: any = {};
@@ -85,15 +142,14 @@ export class CredentialsApi extends runtime.BaseAPI {
             method: 'POST',
             headers: headerParameters,
             query: queryParameters,
-            body: ReqCreateCredentialToJSON(requestParameters.reqCreateCredential),
+            body: ReqUpdateCredentialToJSON(requestParameters.reqUpdateCredential),
         }, initOverrides);
 
         return new runtime.JSONApiResponse(response, (jsonValue) => RespBasicFromJSON(jsonValue));
     }
 
     /**
-     * Create or update credentials in the Security Kernel for given system and *target user* using a request body. Requester must be owner of the system. Credentials for multiple authentication methods may be provided.  Note that user making the request and *target user* may be different and frequently are different.  By default any credentials provided for LINUX type systems are verified. Use query parameter skipCredentialCheck=true to bypass initial verification of credentials.  Note that the attribute authnMethod is allowed but ignored so that the JSON result returned by a GET may be modified and used when making a POST to update credentials. 
-     * Create or update user credentials for a system and target user
+     * Create or update credentials in the Security Kernel for given system and target *userName* using a request body. Credentials for multiple authentication methods may be provided.  The Systems service does not store the secrets in its database, they are persisted in the Security Kernel.  If the *effectiveUserId* for the system is dynamic (i.e. equal to *${apiUserId}*) then *{userName}* is interpreted as a Tapis user and the request body may contain the optional attribute *loginUser* which will be used to map the Tapis user to a username to be used when accessing the system. If the login user is not provided then there is no mapping and the Tapis user is always used when accessing the system.  If the *effectiveUserId* for the system is static (i.e. not *${apiUserId}*) then *{userName}* is interpreted as the login user to be used when accessing the host.  Operation is allowed if requester is the system owner or a tenant administrator. If the *effectiveUserId* for the system is dynamic (i.e. equal to *${apiUserId}*) then the operation is allowed if *{userName}* is the Tapis user making the request.  By default credentials for LINUX and S3 type systems are verified. Use query parameter *skipCredentialCheck=true* to bypass initial credential validation. 
      */
     async createUserCredential(requestParameters: CreateUserCredentialRequest, initOverrides?: RequestInit): Promise<RespBasic> {
         const response = await this.createUserCredentialRaw(requestParameters, initOverrides);
@@ -101,8 +157,87 @@ export class CredentialsApi extends runtime.BaseAPI {
     }
 
     /**
-     * Highly restricted. Only certain Tapis services authorized. Retrieve credentials for given system, *target user* and authentication method.  Note that user making the request and *target user* may be different and frequently are different.  Desired authentication method may be specified using query parameter authnMethod=<method>. If desired authentication method not specified then credentials for the system\'s default authentication method are returned.  The result includes the field authnMethod indicating the authentication method associated with the returned credentials. 
-     * Retrieve user credentials for a system and target user
+     * Use a Globus *Native App Authorization Code* and a Tapis session Id to generate a pair of access and refresh tokens. The Systems service will use the Tapis Security Kernel to store the tokens for the given system and user. The session Id is a Tapis Id that is used to track the oauth2 flow that is started when a call to the getGlobusAuthUrl endpoint is made. Note that the authorization code as per Globus documentation is valid for 10 minutes. 
+     * Use a Globus authorization code + Tapis session Id to generate tokens
+     */
+    async generateGlobusTokensRaw(requestParameters: GenerateGlobusTokensRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespBasic>> {
+        if (requestParameters.systemId === null || requestParameters.systemId === undefined) {
+            throw new runtime.RequiredError('systemId','Required parameter requestParameters.systemId was null or undefined when calling generateGlobusTokens.');
+        }
+
+        if (requestParameters.userName === null || requestParameters.userName === undefined) {
+            throw new runtime.RequiredError('userName','Required parameter requestParameters.userName was null or undefined when calling generateGlobusTokens.');
+        }
+
+        if (requestParameters.authCode === null || requestParameters.authCode === undefined) {
+            throw new runtime.RequiredError('authCode','Required parameter requestParameters.authCode was null or undefined when calling generateGlobusTokens.');
+        }
+
+        if (requestParameters.sessionId === null || requestParameters.sessionId === undefined) {
+            throw new runtime.RequiredError('sessionId','Required parameter requestParameters.sessionId was null or undefined when calling generateGlobusTokens.');
+        }
+
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
+        }
+
+        const response = await this.request({
+            path: `/v3/systems/credential/{systemId}/user/{userName}/globus/tokens/{authCode}/{sessionId}`.replace(`{${"systemId"}}`, encodeURIComponent(String(requestParameters.systemId))).replace(`{${"userName"}}`, encodeURIComponent(String(requestParameters.userName))).replace(`{${"authCode"}}`, encodeURIComponent(String(requestParameters.authCode))).replace(`{${"sessionId"}}`, encodeURIComponent(String(requestParameters.sessionId))),
+            method: 'POST',
+            headers: headerParameters,
+            query: queryParameters,
+        }, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => RespBasicFromJSON(jsonValue));
+    }
+
+    /**
+     * Use a Globus *Native App Authorization Code* and a Tapis session Id to generate a pair of access and refresh tokens. The Systems service will use the Tapis Security Kernel to store the tokens for the given system and user. The session Id is a Tapis Id that is used to track the oauth2 flow that is started when a call to the getGlobusAuthUrl endpoint is made. Note that the authorization code as per Globus documentation is valid for 10 minutes. 
+     * Use a Globus authorization code + Tapis session Id to generate tokens
+     */
+    async generateGlobusTokens(requestParameters: GenerateGlobusTokensRequest, initOverrides?: RequestInit): Promise<RespBasic> {
+        const response = await this.generateGlobusTokensRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+
+    /**
+     * Retrieve a Globus URL + Session Id that can be used to generate an oauth2 authorization code. In Globus the code is referred to as a *Native App Authorization Code*. The host property of the system is used as the Endpoint Id. Once a user has obtained an authorization code the corresponding Systems endpoint for generating Globus tokens should be called to exchange the code + sessionId for a pair of access and refresh tokens. The session Id is a Tapis Id that is used to track the oauth2 flow that is started when this call is made. Note that the authorization code as per Globus documentation is valid for 10 minutes. 
+     * Retrieve a Globus URL that can be used to generate an authorization code for an OAuth2 flow.
+     */
+    async getGlobusAuthUrlRaw(initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespGlobusAuthUrl>> {
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["X-Tapis-Token"] = this.configuration.apiKey("X-Tapis-Token"); // TapisJWT authentication
+        }
+
+        const response = await this.request({
+            path: `/v3/systems/credential/globus/authUrl`,
+            method: 'GET',
+            headers: headerParameters,
+            query: queryParameters,
+        }, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => RespGlobusAuthUrlFromJSON(jsonValue));
+    }
+
+    /**
+     * Retrieve a Globus URL + Session Id that can be used to generate an oauth2 authorization code. In Globus the code is referred to as a *Native App Authorization Code*. The host property of the system is used as the Endpoint Id. Once a user has obtained an authorization code the corresponding Systems endpoint for generating Globus tokens should be called to exchange the code + sessionId for a pair of access and refresh tokens. The session Id is a Tapis Id that is used to track the oauth2 flow that is started when this call is made. Note that the authorization code as per Globus documentation is valid for 10 minutes. 
+     * Retrieve a Globus URL that can be used to generate an authorization code for an OAuth2 flow.
+     */
+    async getGlobusAuthUrl(initOverrides?: RequestInit): Promise<RespGlobusAuthUrl> {
+        const response = await this.getGlobusAuthUrlRaw(initOverrides);
+        return await response.value();
+    }
+
+    /**
+     * Restricted. Only certain Tapis services authorized.  Retrieve credentials for given system, target *userName* and authentication method.  If the *effectiveUserId* for the system is dynamic (i.e. equal to *${apiUserId}*) then *{userName}* is interpreted as a Tapis user. Note that their may me a mapping of the Tapis user to a host *loginUser*.  If the *effectiveUserId* for the system is static (i.e. not *${apiUserId}*) then *{userName}* is interpreted as the host *loginUser* that is used when accessing the host.  Desired authentication method may be specified using query parameter authnMethod=<method>. If desired authentication method not specified then credentials for the system\'s default authentication method are returned.  The result includes the attribute *authnMethod* indicating the authentication method associated with the returned credentials. 
      */
     async getUserCredentialRaw(requestParameters: GetUserCredentialRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespCredential>> {
         if (requestParameters.systemId === null || requestParameters.systemId === undefined) {
@@ -136,8 +271,7 @@ export class CredentialsApi extends runtime.BaseAPI {
     }
 
     /**
-     * Highly restricted. Only certain Tapis services authorized. Retrieve credentials for given system, *target user* and authentication method.  Note that user making the request and *target user* may be different and frequently are different.  Desired authentication method may be specified using query parameter authnMethod=<method>. If desired authentication method not specified then credentials for the system\'s default authentication method are returned.  The result includes the field authnMethod indicating the authentication method associated with the returned credentials. 
-     * Retrieve user credentials for a system and target user
+     * Restricted. Only certain Tapis services authorized.  Retrieve credentials for given system, target *userName* and authentication method.  If the *effectiveUserId* for the system is dynamic (i.e. equal to *${apiUserId}*) then *{userName}* is interpreted as a Tapis user. Note that their may me a mapping of the Tapis user to a host *loginUser*.  If the *effectiveUserId* for the system is static (i.e. not *${apiUserId}*) then *{userName}* is interpreted as the host *loginUser* that is used when accessing the host.  Desired authentication method may be specified using query parameter authnMethod=<method>. If desired authentication method not specified then credentials for the system\'s default authentication method are returned.  The result includes the attribute *authnMethod* indicating the authentication method associated with the returned credentials. 
      */
     async getUserCredential(requestParameters: GetUserCredentialRequest, initOverrides?: RequestInit): Promise<RespCredential> {
         const response = await this.getUserCredentialRaw(requestParameters, initOverrides);
@@ -145,8 +279,7 @@ export class CredentialsApi extends runtime.BaseAPI {
     }
 
     /**
-     * Remove credentials from the Security Kernel for given system and *target user*. Requester must be owner of the system.  Note that user making the request and *target user* may be different and frequently are different. 
-     * Remove user credentials for a system and target user
+     * Remove credentials from the Security Kernel for given system and *target user*. Requester must be owner of the system.  Operation is allowed if requester the system owner or a tenant administrator. If the *effectiveUserId* for the system is dynamic (i.e. equal to *${apiUserId}*) then the operation is allowed if *{userName}* is the Tapis user making the request. 
      */
     async removeUserCredentialRaw(requestParameters: RemoveUserCredentialRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespBasic>> {
         if (requestParameters.systemId === null || requestParameters.systemId === undefined) {
@@ -176,8 +309,7 @@ export class CredentialsApi extends runtime.BaseAPI {
     }
 
     /**
-     * Remove credentials from the Security Kernel for given system and *target user*. Requester must be owner of the system.  Note that user making the request and *target user* may be different and frequently are different. 
-     * Remove user credentials for a system and target user
+     * Remove credentials from the Security Kernel for given system and *target user*. Requester must be owner of the system.  Operation is allowed if requester the system owner or a tenant administrator. If the *effectiveUserId* for the system is dynamic (i.e. equal to *${apiUserId}*) then the operation is allowed if *{userName}* is the Tapis user making the request. 
      */
     async removeUserCredential(requestParameters: RemoveUserCredentialRequest, initOverrides?: RequestInit): Promise<RespBasic> {
         const response = await this.removeUserCredentialRaw(requestParameters, initOverrides);

package/src/apis/GeneralApi.ts

@@ -4,7 +4,7 @@
  * Tapis Systems API
  * The Tapis Systems API provides for management of Tapis Systems including permissions, credentials and Scheduler Profiles.
  *
- * The version of the OpenAPI document: 1.0.0-rc1
+ * The version of the OpenAPI document: 1.3.3
  * Contact: cicsupport@tacc.utexas.edu
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
@@ -26,7 +26,7 @@ import {
 export class GeneralApi extends runtime.BaseAPI {
 
     /**
-     * Health check.
+     * Health check. Lightweight non-authenticated check that service is alive.
      */
     async healthCheckRaw(initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespBasic>> {
         const queryParameters: any = {};
@@ -48,7 +48,7 @@ export class GeneralApi extends runtime.BaseAPI {
     }
 
     /**
-     * Health check.
+     * Health check. Lightweight non-authenticated check that service is alive.
      */
     async healthCheck(initOverrides?: RequestInit): Promise<RespBasic> {
         const response = await this.healthCheckRaw(initOverrides);
@@ -56,7 +56,7 @@ export class GeneralApi extends runtime.BaseAPI {
     }
 
     /**
-     * Ready check.
+     * Ready check. Non-authenticated check that service is ready to do work.
      */
     async readyCheckRaw(initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespBasic>> {
         const queryParameters: any = {};
@@ -78,7 +78,7 @@ export class GeneralApi extends runtime.BaseAPI {
     }
 
     /**
-     * Ready check.
+     * Ready check. Non-authenticated check that service is ready to do work.
      */
     async readyCheck(initOverrides?: RequestInit): Promise<RespBasic> {
         const response = await this.readyCheckRaw(initOverrides);

package/src/apis/PermissionsApi.ts

@@ -4,7 +4,7 @@
  * Tapis Systems API
  * The Tapis Systems API provides for management of Tapis Systems including permissions, credentials and Scheduler Profiles.
  *
- * The version of the OpenAPI document: 1.0.0-rc1
+ * The version of the OpenAPI document: 1.3.3
  * Contact: cicsupport@tacc.utexas.edu
  *
  * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
@@ -56,7 +56,6 @@ export class PermissionsApi extends runtime.BaseAPI {
 
     /**
      * Retrieve all system related permissions for a given system and user. 
-     * Retrieve system user permissions
      */
     async getUserPermsRaw(requestParameters: GetUserPermsRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespNameArray>> {
         if (requestParameters.systemId === null || requestParameters.systemId === undefined) {
@@ -87,7 +86,6 @@ export class PermissionsApi extends runtime.BaseAPI {
 
     /**
      * Retrieve all system related permissions for a given system and user. 
-     * Retrieve system user permissions
      */
     async getUserPerms(requestParameters: GetUserPermsRequest, initOverrides?: RequestInit): Promise<RespNameArray> {
         const response = await this.getUserPermsRaw(requestParameters, initOverrides);
@@ -95,8 +93,7 @@ export class PermissionsApi extends runtime.BaseAPI {
     }
 
     /**
-     * Create permissions in the Security Kernel for a user. Requester must be owner of the system. Permissions are READ, MODIFY, EXECUTE. 
-     * Grant system user permissions
+     * Create permissions in the Security Kernel for a user. Requester must be owner of the system. Permissions are READ, MODIFY, EXECUTE. MODIFY implies READ. 
      */
     async grantUserPermsRaw(requestParameters: GrantUserPermsRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespBasic>> {
         if (requestParameters.systemId === null || requestParameters.systemId === undefined) {
@@ -133,8 +130,7 @@ export class PermissionsApi extends runtime.BaseAPI {
     }
 
     /**
-     * Create permissions in the Security Kernel for a user. Requester must be owner of the system. Permissions are READ, MODIFY, EXECUTE. 
-     * Grant system user permissions
+     * Create permissions in the Security Kernel for a user. Requester must be owner of the system. Permissions are READ, MODIFY, EXECUTE. MODIFY implies READ. 
      */
     async grantUserPerms(requestParameters: GrantUserPermsRequest, initOverrides?: RequestInit): Promise<RespBasic> {
         const response = await this.grantUserPermsRaw(requestParameters, initOverrides);
@@ -143,7 +139,6 @@ export class PermissionsApi extends runtime.BaseAPI {
 
     /**
      * Remove system user permission from the Security Kernel. Requester must be owner of the system. Permissions are READ, MODIFY, EXECUTE. 
-     * Revoke system user permission
      */
     async revokeUserPermRaw(requestParameters: RevokeUserPermRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespBasic>> {
         if (requestParameters.systemId === null || requestParameters.systemId === undefined) {
@@ -178,7 +173,6 @@ export class PermissionsApi extends runtime.BaseAPI {
 
     /**
      * Remove system user permission from the Security Kernel. Requester must be owner of the system. Permissions are READ, MODIFY, EXECUTE. 
-     * Revoke system user permission
      */
     async revokeUserPerm(requestParameters: RevokeUserPermRequest, initOverrides?: RequestInit): Promise<RespBasic> {
         const response = await this.revokeUserPermRaw(requestParameters, initOverrides);
@@ -187,7 +181,6 @@ export class PermissionsApi extends runtime.BaseAPI {
 
     /**
      * Remove permissions from the Security Kernel for a user. Requester must be owner of the system. Permissions are READ, MODIFY, EXECUTE. 
-     * Revoke system user permissions
      */
     async revokeUserPermsRaw(requestParameters: RevokeUserPermsRequest, initOverrides?: RequestInit): Promise<runtime.ApiResponse<RespBasic>> {
         if (requestParameters.systemId === null || requestParameters.systemId === undefined) {
@@ -225,7 +218,6 @@ export class PermissionsApi extends runtime.BaseAPI {
 
     /**
      * Remove permissions from the Security Kernel for a user. Requester must be owner of the system. Permissions are READ, MODIFY, EXECUTE. 
-     * Revoke system user permissions
      */
     async revokeUserPerms(requestParameters: RevokeUserPermsRequest, initOverrides?: RequestInit): Promise<RespBasic> {
         const response = await this.revokeUserPermsRaw(requestParameters, initOverrides);