Last active
January 9, 2024 04:16
-
-
Save kks32/9ca96f2abc420409acf9373d4852c13d to your computer and use it in GitHub Desktop.
TAPIS Fine tuning LLM
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {"prompt": "What is Abaco?", "completion": "Abaco is an NSF-funded web service and distributed computing platform providing functions-as-a-service (FaaS) to the research computing community. It implements functions using the Actor Model of concurrent computation. Each actor in Abaco is associated with a Docker image, and actor containers are executed in response to messages posted to their inbox. Abaco offers three primary higher-level capabilities: Reactors for event-driven programming, Asynchronous Executors for scaling out function calls within running applications, and Data Adapters for creating microservices from disparate sources of data."} | |
| {"prompt": "How do I get started with Abaco?", "completion": "To get started with Abaco, you need to set up the necessary accounts and install the required software. This includes creating a TACC account and a Docker account. You will also need to install the Tapis Python SDK. Once these steps are completed, you can move on to the Abaco Quickstart, where you will create and execute your first Abaco actor."} | |
| {"prompt": "How do I authenticate with the Tapis APIs?", "completion": "Authentication and authorization to the Tapis APIs use OAuth2. You first need to create a Tapis Client object using your TACC username and password. Then, you can exchange your credentials for an access token. This token is used to determine your identity and permissions. The token is stored and passed by the tapipy `t` object, so you don't have to manually provide the token when using the tapipy operations. The token will expire after 4 hours, at which time you will need to generate a new token."} | |
| {"prompt": "How do I build a Docker image from a Dockerfile?", "completion": "You can build a Docker image from a Dockerfile, which is a text file that serves as a recipe for creating images. The instructions within a Dockerfile either add files/folders to the image, add metadata to the image, or both. After creating your Dockerfile, you can build your image and push it to Docker Hub using the `docker build` and `docker push` commands."} | |
| {"prompt": "How do I register a Docker image as an Abaco actor?", "completion": "To register a Docker image as an Abaco actor, you can use the `actors.add()` method from the tapipy library and pass the arguments describing the actor you want to register through the `body` parameter. After registration, Abaco assigns an id to the actor and associates it with the image, which it begins pulling from the public Docker Hub. You can check the details of your actor, including its status, using the `actors.get()` method."} | |
| {"prompt": "How do I execute an Abaco actor and retrieve the logs?", "completion": "To execute an Abaco actor, you can send it a message using the `send_message()` method. Abaco queues up an execution for your actor and responds with JSON, including an id for the execution contained in the `execution_id`. You can retrieve the details about an execution, including its status, using the `get_execution()` method. The Abaco system collects all standard out from an actor execution and makes it available via the `logs` endpoint. You can retrieve the logs from the execution using the `get_execution_logs()` method, passing out `actor_id` and your `execution_id`."} | |
| {"prompt": "How can I provide sensitive information to the actor in Abaco?", "completion": "You can provide sensitive information to the actor in Abaco by using the `default_environment`. This cannot be put in the image for security reasons."} | |
| {"prompt": "How can I run specific actors on dedicated resources in Abaco?", "completion": "Abaco supports running specific actors within a given tenant on dedicated and/or specialized hardware for performance reasons. This is accomplished through the use of actor `queues`. If you need to run actors on dedicated resources, you should talk to the Abaco development team about your use case."} | |
| {"prompt": "What is the `context` in Abaco and what information does it provide?", "completion": "In Abaco, when an actor container is launched, information about the execution is injected into a number of environment variables. This information is collectively referred to as the `context`. It provides a complete list of variable names and their description, including the id of the actor, the Docker image used to launch this actor container, the id of the worker for the actor overseeing this execution, an OAuth2 access token representing the user who registered the actor, and more."} | |
| {"prompt": "What is the runtime environment in Abaco?", "completion": "The runtime environment in Abaco is the environment in which an Abaco actor container runs. It has been built to accommodate a number of typical use cases encountered in research computing in a secure manner."} | |
| {"prompt": "How does Abaco handle the UID and GID when launching an actor container?", "completion": "When Abaco launches an actor container, it instructs Docker to execute the process using the UID and GID associated with the TACC account of the owner of the actor. This guarantees that an Abaco actor will have exactly the same accesses as the original author of the actor and that files created or updated by the actor process will be owned by the underlying API user. Abaco API users that have elevated privileges within the platform can override the UID and GID used to run the actor when registering the actor."} | |
| {"prompt": "What happens when a message is sent to an Abaco actor?", "completion": "When a message is sent to an Abaco actor, the actor will create an execution with a unique `execution_id` tied to it that will show results, time running, and other stats. Executions also have logs, and when the logs are called for, you'll receive the command line logs of your running execution. Each execution will have exactly one message that can be processed."} | |
| {"prompt": "What are the required attributes when creating a Tapis application?", "completion": "When creating a Tapis application, the required attributes are: `id`, `version` and `containerImage`. Depending on the type of application and specific values for certain attributes there are other requirements. For instance, if `archiveSystemId` is specified then `archiveSystemDir` must be specified."} | |
| {"prompt": "What is the purpose of a Tapis application and what does it represent?", "completion": "A Tapis application represents all the information required to run a Tapis job on a Tapis system and produce useful results. Each application is versioned and is associated with a specific tenant and owned by a specific user who has special privileges for the application. An application definition includes information which allows the Jobs service to stage input prior to launching the application, launch the application, monitor the application during execution, and archive output after application execution."} | |
| {"prompt": "How is the runtime environment of a Tapis job determined?", "completion": "The runtime environment of a Tapis job is determined by values in the job submit request, the application definition and the execution system definition. Generally speaking, for values that can be assigned in multiple places, the values in the job submit request override those in the application definition, which in turn override those in the system definition. However, there are special cases where the values from different definitions are merged."} | |
| {"prompt": "How can I retrieve details for a specific application using CURL?", "completion": "To retrieve details for a specific application using CURL, you can use the following command: `$ curl -H \"X-Tapis-Token: $JWT\" https://tacc.tapis.io/v3/apps/tacc-sample-app-<userid>`. Replace `<userid>` with your user ID."} | |
| {"prompt": "What information is returned when retrieving details for an application?", "completion": "When retrieving details for an application, the response includes information such as the tenant, id, version, description, owner, enabled status, runtime, runtime version, container image, job type, max jobs, max jobs per user, strict file inputs, job attributes, tags, notes, uuid, deleted status, created and updated timestamps."} | |
| {"prompt": "What does the 'enabled' field in the application details response indicate?", "completion": "The 'enabled' field in the application details response indicates whether the application is currently enabled or not. If it is set to true, the application is enabled."} | |
| {"prompt": "How can I retrieve details for all applications using CURL?", "completion": "You can retrieve details for all applications using CURL with the following command: `$ curl -H \"X-Tapis-Token: $JWT\" https://tacc.tapis.io/v3/apps?select=allAttributes`. The response should contain a list of items similar to the single listing shown above."} | |
| {"prompt": "What are the required attributes when creating an application?", "completion": "When creating an application the required attributes are: *id*, *version* and *containerImage*. Depending on the type of application and specific values for certain attributes there are other requirements. For instance, if *archiveSystemId* is specified then *archiveSystemDir* is required."} | |
| {"prompt": "What permissions are available in the Tapis applications?", "completion": "The permissions model allows for fine grained access control of Tapis applications. Permissions are specified as either `*` for all permissions or some combination of the following specific permissions: `(\"READ\",\"MODIFY\",\"EXECUTE\")`. Specifying permissions in all lower case is also allowed. Having `MODIFY` implies `READ`."} | |
| {"prompt": "What is the purpose of the 'tenant' attribute in the application attributes table?", "completion": "The 'tenant' attribute in the application attributes table is used to define the name of the tenant for which the application is defined. It is part of a unique identifier for the application, combined with the 'version' and 'id' attributes."} | |
| {"prompt": "What are the allowed characters for the 'id' and 'version' attributes in the application attributes table?", "completion": "The allowed characters for the 'id' and 'version' attributes are alphanumeric characters [0-9a-zA-Z] and special characters [-._~]. These attributes must be URI safe as per RFC 3986."} | |
| {"prompt": "What does the 'strictFileInputs' attribute indicate in the application attributes table?", "completion": "The 'strictFileInputs' attribute indicates whether a job request is allowed to have unnamed file inputs. If set to TRUE, a job request may only use named file inputs defined in the app. The default value is FALSE."} | |
| {"prompt": "What is the purpose of the 'description' attribute in the JobAttributes Table?", "completion": "The 'description' attribute in the JobAttributes Table is used to provide a description when this application is used to run a job. It can act as a template to be filled in at job runtime using macros."} | |
| {"prompt": "What is the default directory for application assets staging, and can it be customized?", "completion": "The default directory for application assets staging is \${JobWorkingDir}/jobs/\${JobUUID}. This is specified in the 'execSystemExecDir' attribute. It can be customized using macro template variables such as \${JobWorkingDir}."} | |
| {"prompt": "What does the 'archiveOnAppError' attribute indicate in the JobAttributes Table?", "completion": "The 'archiveOnAppError' attribute in the JobAttributes Table indicates whether the outputs should be archived if there is an error while running the job. The default value is TRUE, meaning outputs will be archived by default in case of an error."} | |
| {"prompt": "What is the purpose of the 'appArgs' attribute in the ParameterSet Attributes Table?", "completion": "The 'appArgs' attribute is used for passing command line arguments to the application."} | |
| {"prompt": "What does the 'archiveFilter' attribute in the ParameterSet Attributes Table do?", "completion": "The 'archiveFilter' attribute sets the files to include or exclude when archiving. By default, it includes all files in the 'execSystemOutputDir'."} | |
| {"prompt": "What does the 'inputMode' attribute in the Arg Attributes Table indicate?", "completion": "The 'inputMode' attribute indicates how an argument is to be treated when processing individual job requests. It has four modes: REQUIRED, FIXED, INCLUDE_ON_DEMAND, and INCLUDE_BY_DEFAULT."} | |
| {"prompt": "What does the 'key' attribute represent in the KeyValuePair Attributes Table?", "completion": "The 'key' attribute in the KeyValuePair Attributes Table represents the name of an environment variable. It is required."} | |
| {"prompt": "What does the 'inputMode' attribute indicate in the KeyValuePair Attributes Table?", "completion": "The 'inputMode' attribute in the KeyValuePair Attributes Table indicates how an argument is to be treated when processing individual job requests. It has several modes including REQUIRED, FIXED, INCLUDE_ON_DEMAND, and INCLUDE_BY_DEFAULT. The default mode is INCLUDE_BY_DEFAULT."} | |
| {"prompt": "What does the 'autoMountLocal' attribute mean in the FileInput Attributes Table?", "completion": "The 'autoMountLocal' attribute in the FileInput Attributes Table indicates if the Jobs service should automatically mount file paths into containers. The default setting is TRUE, but it can be set to FALSE to allow the user complete control using 'containerArg' parameters."} | |
| {"prompt": "What are the attributes of the FileInputArray?", "completion": "The attributes of the FileInputArray are 'name', 'description', 'inputMode', 'sourceUrls', and 'targetDir'. The 'name' attribute is a string that serves as an identifying label associated with the input and is required at creation time. The 'description' attribute is an optional string that provides additional information about the input. The 'inputMode' attribute is an enum that can take the values REQUIRED, OPTIONAL, or FIXED, with OPTIONAL being the default. The 'sourceUrls' attribute is an array of sources used by the Jobs service when staging file inputs. The 'targetDir' attribute is a string that specifies the target directory used by the Jobs service when staging file inputs."} | |
| {"prompt": "How can I search for applications using a GET request?", "completion": "To search for applications using a GET request, you can specify a list of search conditions using a query parameter named 'search'. Each search condition must be surrounded with parentheses, have three parts separated by the character '.', and be joined using the character '~'. All conditions are combined using logical AND. The general form for specifying the query parameter is as follows: ?search=(<attribute_1>.<op_1>.<value_1>)~(<attribute_2>.<op_2>.<value_2>)~ ... ~(<attribute_N>.<op_N>.<value_N>). Attribute names can be specified using Camel Case or Snake Case. Supported operators include 'eq', 'neq', 'gt', 'gte', 'lt', 'lte', 'in', 'nin', 'like', 'nlike', 'between', and 'nbetween'."} | |
| {"prompt": "How can I perform a more complex search using a POST request on the dedicated endpoint?", "completion": "To perform a more complex search, you can send a POST request to the endpoint 'apps/search/apps'. The request body must contain json with a top level property name of 'search'. The 'search' property must contain an array of strings specifying the search criteria in an SQL-like syntax. The array of strings are concatenated to form the full search query. The full query must be in the form of an SQL-like 'WHERE' clause. Note that not all SQL features are supported. For example, to search for apps that are owned by 'jdoe' and of type 'FORK' or owned by 'jsmith' and allow for maxJobs less than '5', you can create a local file named 'app_search.json' with the appropriate json and use a CURL command to execute the search."} | |
| {"prompt": "How can I specify which fields to be returned when retrieving applications?", "completion": "When retrieving applications, the fields to be returned can be specified as a comma-separated list using a query parameter named `select`. Attribute names can be given using Camel Case or Snake Case. For example, to return only the attributes `version` and `containerImage`, the CURL command would look like this: `$ curl -H \"X-Tapis-Token: $JWT\" https://tacc.tapis.io/v3/apps?select=version,containerImage`."} | |
| {"prompt": "How can I limit the number of results returned by a query?", "completion": "You can limit the number of results returned by a query using the `limit` query parameter. For example, `limit=10` will limit the number of items returned to 10. You can also use the `skip` parameter to skip a number of items, or the `startAfter` parameter to specify where to start when sorting. For example, `limit=10&orderBy=id(asc),created(desc)&startAfter=101`."} | |
| {"prompt": "What does the `listType` query parameter do?", "completion": "The `listType` query parameter allows you to see additional resources that are available to you. By default, you will only see the resources that you own. The options for `listType` are `OWNED` to include only items owned by you, `SHARED_PUBLIC` to include only items shared publicly, and `ALL` to include all items you are authorized to view."} | |
| {"prompt": "What is the command to install the Tapis Python SDK?", "completion": "The command to install the Tapis Python SDK is `pip3 install tapipy`."} | |
| {"prompt": "What version of Python does `tapipy` work with?", "completion": "`tapipy` works with Python 3."} | |
| {"prompt": "What is the Tapis Python SDK used for?", "completion": "The Tapis Python SDK, tapipy, is used to interact with the TACC-hosted Abaco platform in Python."} | |
| {"prompt": "What is the role of a primary site in a Tapis installation?", "completion": "The primary site in a Tapis installation runs a complete set of Tapis API services and all associated 3rd-party services, such as databases and message queues. The creation of new sites is coordinated through the primary site, and the primary site runs the unique instance of the Sites and Tenants API which maintain the complete registry of all sites and tenants in the installation. The primary site of the main Tapis installation is hosted at the Texas Advanced Computing Center at the tapis.io domain."} | |
| {"prompt": "What are the requirements for an associate site in a Tapis installation?", "completion": "Associate sites are required to run the Tapis Security Kernel, a compliant Token Generator API, and one or more additional Tapis services. Each associate site is managed and operated by a separate, partner institution. For Tapis services not run at the associate site, the corresponding service at the primary site is used for requests. In this way, partner institutions can choose which Tapis services to run within their institution and leverage the primary site deployment for the rest."} | |
| {"prompt": "How does authentication work in the Tapis platform?", "completion": "The default authenticator provided by the Tapis project is based on OAuth2, and this is the authentication mechanism in place for the `tacc` tenant. The OAuth2-based authentication services are available via the `/v3/oauth2` endpoints. OAuth uses different *grant type flows* for generating tokens in different situations. The simplest case is that you want to generate a Tapis OAuth token for yourself; to do this you can use the *password* grant flow, providing your username and password."} | |
| {"prompt": "How do I create an OAuth2 client?", "completion": "To create a client, make a POST request to the Clients API. All fields are optional; if you do not pass a `client_id` or `client_key` in the request, the clients API will generate random ones for you. In order to use the `authorize_code` grant type you will need to set the `callback_url` when registering your client."} | |
| {"prompt": "How can I delete an OAuth2 client?", "completion": "You can delete clients you are no longer using by passing the `client_id` of the client to be deleted. A null response is returned from a successful delete request."} | |
| {"prompt": "How does the authorization code grant type work in OAuth2?", "completion": "The authorization code grant type enables applications to generate tokens on behalf of users without the applications needing to possess user credentials. There are two controllers that must be written to support the authorization code grant type flow. The first controller determines if the user already has a valid access token and directs them to the OAuth2 authorization server when they do not. The second controller processes the authorization code returned and retrieves an access token on the user's behalf. The final step is to register a client with a `callback_url` parameter equal to the URL within your web application where it will handle converting authorization codes into access tokens."} | |
| {"prompt": "What operations can I perform through the Files service?", "completion": "Through the Files service users can perform file listing, uploading, and various operations such as move, copy, mkdir and delete. The service also supports transferring files from one Tapis system to another."} | |
| {"prompt": "How does Tapis handle file listings on S3 type systems?", "completion": "File listings on S3 type systems have some special considerations. Objects in an S3 bucket do not have a hierarchical structure. There are no directories. Everything is an object associated with a key. For S3 the recurse flag is ignored and all objects with keys matching the path as a prefix are always included. When the path is an empty string all objects in the bucket with a prefix matching rootDir will be included."} | |
| {"prompt": "How are symbolic links handled during a move or copy operation on Linux systems?", "completion": "During a move or copy, if a symbolic link is encountered, it will be handled based on whether the link is the source or target and if it points to a file or directory. If the link is the source and points to a file or directory, a new symbolic link is created that points to the same place as the source. If the destination path includes directories that do not exist, they will be created. If the link is the destination and points to a file, the destination is replaced by the source. If it points to a directory, the new file, directory, or link is created inside of the existing directory."} | |
| {"prompt": "How do I create a directory on a Tapis system?", "completion": "To create a directory on a Tapis system at the given path, issue a mkdir request. This operation is currently supported for LINUX, IRODS and GLOBUS type systems."} | |
| {"prompt": "How do I delete a file or folder on a Tapis system?", "completion": "To delete a file or folder, issue a DELETE request for the path to be removed. For an S3 system, the path will represent either a single object or all objects in the bucket with a prefix matching the system rootDir if the path is the empty string."} | |
| {"prompt": "How does Tapis handle symbolic links and special files on Linux Systems during a delete operation?", "completion": "If Tapis encounters a symbolic link during a delete operation, the link will be deleted. The file or directory that the link points to will be unaffected. If the delete encounters a special file (such as a device file or fifo, etc), it will not be deleted, and an error will be returned. If this is in the middle of a recursive delete operation, some files may have been already deleted."} | |
| {"prompt": "How can I initiate a data transfer between two systems in Tapis?", "completion": "To initiate a data transfer between two systems in Tapis, you need to specify the source system id, the directory of the data to be transferred, and the destination system id. For example, if user `aturing` needs to transfer data from `aturing-storage` located in directory `/experiments/experiment-1/` to `aturing-compute`, a request specifying these details will initiate the transfer."} | |
| {"prompt": "How does Tapis handle symbolic links during data transfer on Linux Systems?", "completion": "During data transfer, Tapis will always \"follow links\". If the source of the transfer is a symbolic link to a file or directory, it will transfer the file or directory that is pointed to. If it doesn't exist, it will be an error. In the case of a directory transfer where one of the entries in the directory encountered is a symbolic link, it will be resolved in the same way. However, symbolic links can create situations where infinite recursion can occur. To prevent this, transfers are limited by a recursion depth, with the current maximum depth being 20."} | |
| {"prompt": "How can I grant and revoke permissions to specific users in Tapis?", "completion": "In Tapis, you can grant permissions to specific users by specifying the system ID, the path, and the username of the user you wish to grant permissions to. For example, if user `aturing` wants to allow `aeinstein` to view the results of an experiment located at `/experiment1` on his system `aturing-storage`, he can issue a request with a JSON body specifying these details. To revoke permissions, `aturing` can issue a DELETE request on the path and specify the username of the user whose access he wants to revoke."} | |
| {"prompt": "How can I unshare a path publicly?", "completion": "To unshare a path publicly, you need to remove public sharing for that path on the system. Please note that you must be the owner of the system to do this."} | |
| {"prompt": "What is the PostIts service and how does it work?", "completion": "The PostIts service is a URL service that allows you to create pre-authenticated, disposable URLs to files, directories, buckets, etc in the Tapis Platform's Files service. You have control over the lifetime and number of times the URL can be redeemed, and you can expire a PostIt at any time. The most common use of PostIts is to create URLs to files so that you can share with others without having to upload them to a third-party service."} | |
| {"prompt": "How can I create a PostIt?", "completion": "To create a PostIt, send a POST request to the Files service's Create PostIt endpoint. The url will contain the systemId and the path that will be shared. The body of the post will contain a json document which describes how long the PostIt is valid, and how many times it can be redeemed. There are default values for each of these parameters if they are not included. If the number of times the PostIt may be redeemed (allowedUses) is set to -1, the PostIt may be redeemed an unlimited number of times. The expiration (validSeconds) must always contain a value. If one is not provided, there is a default that is used. The maximum value of 'validSeconds' is the maximum integer value in Java (Integer.MAX_VALUE = 2147483647)."} | |
| {"prompt": "How can I retrieve a single PostIt?", "completion": "Retrieving a single PostIt can be done by issuing a GET request containing the id of the PostIt. This does not add to the redeem count and allows the owner of the PostIt or a tenant admin to view the PostIt. This could be used to see the number of times it's been retrieved, total number of uses allowed, expiration date, etc."} | |
| {"prompt": "How can I update a PostIt?", "completion": "The creator of a PostIt and tenant admins can update a PostIt. When updating a PostIt, the id of the posted is sent as part of the url, and a body containing allowedUses and/or validSeconds can be specified. The validSeconds parameter will add to the date and time as of the update request to compute the new expiration. It does not extend the current expiration by that many seconds. If you need to update the url, you will need to delete or expire this PostIt and create a new one."} | |
| {"prompt": "How can I redeem a PostIt?", "completion": "To redeem a PostIt, use the redeemUrl from the PostIt to make a non-authenticated HTTP GET request. By default if the PostIt you are redeeming points to a path that is a directory, you will get a zip file, and if it's a regular file, you will get an uncompressed file. If you want to force a file to be compressed, you can specify the query parameter zip and set it to true. The redeem URL can also be pasted into the address bar of your favorite browser, and it will download the file pointed to by the PostIt."} | |
| {"prompt": "What types of containers does the Tapis v3 Jobs service support?", "completion": "The Tapis v3 Jobs service supports Docker and Singularity containers."} | |
| {"prompt": "What are the steps taken when a job request is received by the Tapis v3 Jobs service?", "completion": "When a job request is received, the following steps are taken: 1. Request authorization - The tenant, owner, and user values from the request and Tapis JWT are used to authorize access to the application, execution system and, if specified, archive system. 2. Request validation - Request values are checked for missing, conflicting or improper values; all paths are assigned; required paths are created on the execution system; and macro substitution is performed to finalize all job parameters. 3. Job creation - A Tapis job object is written to the database. 4. Job queuing - The Tapis job is queue on an internal queue serviced by one or more Job Worker processes. 5. Response - The initial Job object is sent back to the caller in the response. This ends the synchronous portion of job submission."} | |
| {"prompt": "What is the status of the 'Submit' method in the Beta release of Jobs?", "completion": "The 'Submit' method in the Beta release of Jobs is implemented."} | |
| {"prompt": "What are the required parameters for a job submission request?", "completion": "A job submission request must contain the 'name', 'appId' and 'appVersion' values. These are required parameters for a job submission request."} | |
| {"prompt": "What is the default value for the 'archiveOnAppError' parameter in a job submission request?", "completion": "The default value for the 'archiveOnAppError' parameter in a job submission request is 'true'."} | |
| {"prompt": "How is the 'jobType' parameter determined in a job request?", "completion": "The 'jobType' parameter is determined as follows: 1. If the user specifies jobType in the job request, it is used. 2. Otherwise, if the app.jobType != null, it is used. 3. Otherwise, the execution system is queried and jobType=BATCH if execSys.canRunBatch==true. 4. Otherwise, jobType is set to FORK."} | |
| {"prompt": "What are the default directory assignments in a Tapis system?", "completion": "The default directory assignments in a Tapis system are: rootDir - the root of the file system that is accessible through this Tapis system, jobWorkingDir - the default directory for temporary files used or created during job execution, and dtnMountPoint - the path relative to the execution system's rootDir where the DTN file system is mounted."} | |
| {"prompt": "How are the execution and archive system directories assigned during a job request submission?", "completion": "When a job request is submitted, each of the job's four execution and archive system directories are assigned as follows: 1. If the job submission request assigns the directory, that value is used. Otherwise, 2. If the application definition assigns the directory, that value is used. Otherwise, 3. The default values are assigned."} | |
| {"prompt": "What are the rules governing how job inputs are calculated in Tapis?", "completion": "The rules governing how job inputs are calculated in Tapis are: 1. The effective inputs to a job are the combined inputs from the application and job request. 2. Only named inputs are allowed in application definitions. 3. Application defined inputs are either REQUIRED, OPTIONAL or FIXED. 4. Applications can restrict the number and definitions of inputs (strictFileInputs=true). 5. Anonymous (unnamed) inputs can be specified in the job request unless prohibited by the application definition (strictFileInputs=true). 6. Job request inputs override values set in the application except for FIXED inputs. 7. The tapislocal URL scheme specifies in-place inputs for which transfers are not performed."} | |
| {"prompt": "What is the purpose of the 'tapislocal' URL scheme in Tapis?", "completion": "The 'tapislocal' URL scheme is introduced by Tapis and is only recognized by the Applications and Jobs services. It is used to indicate that a filepath already exists on the execution system and, therefore, does not require data transfer during job execution. It is commonly used for large data sets that cannot reasonably be copied to be mounted directly onto execution systems."} | |
| {"prompt": "What is the 'fileInputArrays' parameter and how is it used in Tapis?", "completion": "The 'fileInputArrays' parameter provides an alternative syntax for specifying inputs in Applications and job requests. It is convenient for specifying multiple inputs destined for the same target directory, an I/O pattern sometimes referred to as 'scatter-gather'. It is an array of JobFileInputArray objects, each of which contains an array of 'sourceUrls' and a single 'targetDir'. However, 'tapislocal' URLs cannot appear in 'sourceUrls' fields."} | |
| {"prompt": "What is the 'parameterSet' argument in a Tapis job and what does it consist of?", "completion": "The job 'parameterSet' argument in Tapis is comprised of several objects including 'appArgs', 'containerArgs', 'schedulerOptions', 'envVariables', 'archiveFilter', and 'logConfig'. These objects can be specified in Tapis application definitions and/or in job submission requests. They are used to pass arguments to the user's application, container runtime, HPC batch scheduler, inject environment variables into the application container, select file archiving, and redirect stdout and stderr respectively."} | |
| {"prompt": "How do I specify command line arguments for the user application?", "completion": "You can specify one or more command line arguments for the user application using the *appArgs* parameter. Arguments specified in the application definition are appended to those in the submission request."} | |
| {"prompt": "How can I specify key/value pairs that will be injected as environment variables into the application's container?", "completion": "You can specify key/value pairs that will be injected as environment variables into the application's container when it's launched using the *envVariables* parameter. Key/value pairs specified in the execution system definition, application definition, and job submission request are aggregated using precedence ordering (system < app < request) to resolve conflicts."} | |
| {"prompt": "How can I use the *archiveFilter* to specify which files should be archived?", "completion": "An *archiveFilter* can be specified in the application definition and/or the job submission request. The *includes* and *excludes* arrays are merged by appending entries from the application definition to those in the submission request. The *excludes* filter is applied first, so it takes precedence over *includes*. If *excludes* is empty, then no output file or directory will be explicitly excluded from archiving. If *includes* is empty, then all files in *execSystemOutputDir* will be archived unless explicitly excluded. If *includes* is not empty, then only files and directories that match an entry and not explicitly excluded will be archived."} | |
| {"prompt": "How can users subscribe to job execution events?", "completion": "Users can subscribe to job execution events through the application definition and job request. These subscriptions are merged to produce a job's initial subscription list. New subscriptions can be added while a job is running, but not after the job has terminated. A job's subscriptions can be listed and deleted. Only job owners or tenant administrators can subscribe to a job. The 'ttlminutes' parameter can specify up to 4 weeks. If the parameter is not specified or if it's set to 0, a default value of 1 week is used."} | |
| {"prompt": "What are the event types to which users can subscribe?", "completion": "Users can subscribe to the following event types: JOB_NEW_STATUS, JOB_INPUT_TRANSACTION_ID, JOB_ARCHIVE_TRANSACTION_ID, JOB_SUBSCRIPTION, JOB_SHARE_EVENT, JOB_ERROR_MESSAGE, JOB_USER_EVENT, and ALL. All event types other than JOB_USER_EVENT are generated by Tapis. A JOB_USER_EVENT contains a user-specified payload that can be sent to an active job using the job's UUID."} | |
| {"prompt": "How are job arguments calculated?", "completion": "Job arguments are calculated based on several rules. All argument in application definitions must be named. Application arguments are either REQUIRED, FIXED or one of two optional types. Anonymous (unnamed) argument can be specified in job requests. Job request argument override values set in the application except for FIXED arguments. The final argument ordering is the same as the order specified in the definitions, with application arguments preceding those from the job request. Application arguments maintain their place even when overridden in the job request. The notes field can be any JSON object."} | |
| {"prompt": "What is the JSON schema for defining key/value pairs of strings in various ParameterSet components?", "completion": "The JSON schema for defining key/value pairs of strings in various ParameterSet components is as follows: \n\n\"KeyValuePair\": {\n \"$comment\": \"A simple key/value pair\",\n \"type\": \"object\",\n \"properties\": {\n \"key\": {\"type\": \"string\", \"minLength\": 1},\n \"value\": {\"type\": \"string\", \"minLength\": 0},\n \"description\": {\"type\": \"string\", \"minLength\": 1, \"maxLength\": 2048}\n },\n \"required\": [\"key\", \"value\"],\n \"additionalProperties\": false\n}\n\nBoth the *key* and *value* are required, though the *value* can be an empty string. Descriptions are optional."} | |
| {"prompt": "How does the logConfig JSON schema work?", "completion": "The logConfig JSON schema is used to redirect stdout and stderr to named file(s) in supported runtimes. The schema is as follows: \n\n\"logConfig\": {\n \"$comment\": \"Log file redirection and customization in supported runtimes\",\n \"type\": \"object\",\n \"required\": [ \"stdoutFilename\", \"stderrFilename\" ],\n \"additionalProperties\": false,\n \"properties\": {\n \"stdoutFilename\": {\"type\": \"string\", \"minLength\": 1},\n \"stderrFilename\": {\"type\": \"string\", \"minLength\": 1}\n }\n}\n\nCurrently, only the Singularity (Apptainer) runtime is supported. When specified, both file name fields must be explicitly assigned, though they can be assigned to the same file. If a logConfig object is not specified, or in runtimes where it's not supported, then both stdout and stderr are directed to the default tapisjob.out file in the job's output directory. Output files, even when logConfig is used, are always relative to the ExecSystemOuputDir."} | |
| {"prompt": "What are the standard environment variables passed into each application container run by Tapis?", "completion": "The following standard environment variables are passed into each application container run by Tapis as long as they have been assigned a value: \n\n_tapisAppId - Tapis app ID\n_tapisAppVersion - Tapis app version\n_tapisArchiveOnAppError - true means archive even if the app returns a non-zero exit code\n_tapisArchiveSystemDir - the archive system directory on which app output is archived\n_tapisArchiveSystemId - Tapis system used for archiving app output\n_tapisCoresPerNode - number of cores used per node by app\n_tapisDtnMountPoint - the mountpoint on the execution system for the source DTN directory\n_tapisDtnMountSourcePath - the directory exported by the DTN and mounted on the execution system\n_tapisDtnSystemId - the Data Transfer Node system ID\n_tapisDynamicExecSystem - true if dynamic system selection was used\n_tapisEffeciveUserId - the user ID under which the app runs\n_tapisExecSystemExecDir - the exec system directory where app artifacts are staged\n_tapisExecSystemHPCQueue - the actual batch queue name on an HPC host\n_tapisExecSystemId - the Tapis system where the app runs\n_tapisExecSystemInputDir - the exec system directory where input files are staged\n_tapisExecSystemLogicalQueue - the Tapis queue definition that specifies an HPC queue\n_tapisExecSystemOutputDir - the exec system directory where the app writes its output\n_tapisJobCreateDate - ISO 8601 date, example: 2021-04-26Z\n_tapisJobCreateTime - ISO 8601 time, example: 18:44:55.544145884Z\n_tapisJobCreateTimestamp - ISO 8601 timestamp, example: 2021-04-26T18:44:55.544145884Z\n_tapisJobName - the user-chosen name of the Tapis job\n_tapisJobOwner - the Tapis job's owner\n_tapisJobUUID - the UUID of the Tapis job\n_tapisJobWorkingDir - exec system directory that the app should use for temporary files\n_tapisMaxMinutes - the maximum number of minutes allowed for the job to run\n_tapisMemoryMB - the memory required per node by the app\n_tapisNodes - the number of nodes on which the app runs\n_tapisSysBatchScheduler - the HPC scheduler on the execution system\n_tapisSysBucketName - an object store bucket name\n_tapisSysHost - the IP address or DNS name of the exec system\n_tapisSysRootDir - the root directory on the exec system\n_tapisTenant - the tenant in which the job runs."} | |
| {"prompt": "What is the function of the HOST_EVAL macro in Tapis?", "completion": "The HOST_EVAL macro function in Tapis is used in directory assignments in systems, applications and job requests. It dynamically extracts the value of a named environment variable from an execution or archive host at the time the job request is made. The environment variable's value is retrieved by logging into the host as the Job owner and issuing \"echo $var\". An optional default value can be passed into the HOST_EVAL function for increased application portability. If the environment variable does not exist on the host, then the literal path parameter is returned by the function."} | |
| {"prompt": "What are the possible states of a Tapis job?", "completion": "A Tapis job can be in one of the following states: PENDING, PROCESSING_INPUTS, STAGING_INPUTS, STAGING_JOB, SUBMITTING_JOB, QUEUED, RUNNING, ARCHIVING, BLOCKED, PAUSED, FINISHED, CANCELLED, and FAILED. The initial state is PENDING and the terminal states are FINISHED, CANCELLED and FAILED. The BLOCKED state indicates that the job is recovering from a resource constraint, network problem or other transient problem. When the problem clears, the job will restart from the state in which blocking occurred."} | |
| {"prompt": "What information is included in the notification messages sent by the Jobs service in Tapis?", "completion": "The notification messages sent by the Jobs service in Tapis include a JSON object in the data field that always contains the following fields: jobName, jobOwner, jobUuid, and message. Depending on the Job event type, additional fields may be included. For example, JOB_NEW_STATUS includes newJobStatus and oldJobStatus, JOB_INPUT_TRANSACTION_ID includes transferStatus and transactionId, and JOB_ERROR_MESSAGE includes jobStatus. If the JOB_NEW_STATUS messages indicate a terminal newJobStatus, or JOB_ERROR_MESSAGE messages have eventDetail = \"FINAL_MESSAGE\", additional fields such as blockedCount, remoteJobId, remoteJobId2, remoteOutcome, remoteResultInfo, remoteQueue, remoteSubmitted, remoteStarted, and remoteEnded are included."} | |
| {"prompt": "How does the Tapis v3 Jobs service support Docker and Singularity containers?", "completion": "The Tapis v3 Jobs service supports Docker and Singularity containers by running them natively, without the use of a batch scheduler like Slurm. Jobs launches an application's container on a remote system, monitors the container's execution, and captures the application's exit code after it terminates. Jobs uses SSH to connect to the execution system to issue Docker, Singularity or native operating system commands. To launch a job, the Jobs service creates a bash script, tapisjob.sh, with the runtime-specific commands needed to execute the container."} | |
| {"prompt": "How does the Tapis v3 Jobs service launch a Docker container?", "completion": "To launch a Docker container, the Jobs service will SSH to the target host and issue a command using this template: docker run [docker options] image[:tag|@digest] [application args]. The docker options, image, and application arguments are specified by the user. The container name is set to the job UUID, the container's user is set to the user ID used to establish the SSH session, the container ID file is specified as <JobUUID>.cid in the execSystemExecDir, and the container is removed after execution using the -rm option or by calling docker rm."} | |
| {"prompt": "What are the two ways Tapis provides to launch a Singularity container?", "completion": "Tapis provides two distinct ways to launch a Singularity containers, using singluarity instance start or singularity run. For instance start, the Jobs service will SSH to the target host and issue a command using a specific template. For singularity run, the Jobs service will SSH to the target host and issue a command using a different template. In both cases, the singularity options, image id, and application arguments are specified by the user."} | |
| {"prompt": "What are the requirements for using Singularity start and Singularity run approaches?", "completion": "Singularity start requires the startscript to be defined in the image. Singularity run requires the runscript to be defined in the image. Both approaches allow SSH sessions between Jobs and execution hosts to end without interrupting container execution."} | |
| {"prompt": "What is the recommended termination order for the initially launched program?", "completion": "The initially launched program should be the last part of the application to terminate. It can spawn any number of processes (and threads), but it should not exit before those processes complete."} | |
| {"prompt": "How can I get the details of a specific job?", "completion": "You can get the details of a specific job using PySDK or CURL. The response will include details like job id, name, owner, tenant, status, creation and end time, and other specific details related to the job."} | |
| {"prompt": "How can I check the status of a job using PySDK or CURL?", "completion": "You can check the status of a job using PySDK or CURL by sending a request to the Job Status API. The response will contain a 'status' field which will indicate the current status of the job. For example, a 'FINISHED' status means that the job has completed successfully."} | |
| {"prompt": "How can I retrieve the history of a job using PySDK or CURL?", "completion": "You can retrieve the history of a job using PySDK or CURL by sending a request to the Job History API. The response will contain a list of events that occurred during the job's lifecycle, including the time each event occurred, the new status of the job after each event, and a description of each event."} | |
| {"prompt": "How can I get a list of output files from a job using PySDK or CURL?", "completion": "You can get a list of output files from a job using PySDK or CURL by sending a request to the Job Output Listing API. The response will contain a list of files that were output by the job, including information about each file such as its name, path, size, and last modified time. By default, the job must be in a terminal state (FINISHED or FAILED or CANCELLED) for the API to list the job's output files. However, you can set the 'allowIfRunning' query parameter to true to get the list of output files even if the job is not in a terminal state."} | |
| {"prompt": "How can I download the output files of a job using the Jobs API?", "completion": "The Jobs output download API retrieves the job's output files for a previously submitted job by its UUID. By default, the job must be in a terminal state (FINISHED or FAILED or CANCELLED) for the API to download the job's output files. There is a query parameter allowIfRunning set to false by default. If allowIfRunning=true, the API allows downloading the job output files even if the job is not in the terminal state. Note that if a file is being written at the time of the request, the file is still downloaded with the current content."} | |
| {"prompt": "How can I search for jobs using the dedicated search endpoint in the jobs service?", "completion": "The jobs service provides dedicated search end-points to query jobs based on different conditions. The GET end-point allows to specify the query in the query parameters while the POST end-point allows complex queries in the request body using SQL-like syntax."} | |
| {"prompt": "How can I cancel a job that has been previously submitted and is not in a terminal state?", "completion": "A previously submitted job not in terminal state can be cancelled by its UUID. The response will indicate that the request to cancel the job has been accepted. If the job is in a terminal state, the request will have no effect. If the job is transitioning between active and blocked states, another cancel request may need to be sent."} | |
| {"prompt": "How can I share a job with another user in the same tenant?", "completion": "A previously submitted job can be shared with a user in the same tenant. The job resources that can be shared are: JOB_HISTORY, JOB_RESUBMIT_REQUEST, JOB_OUTPUT. Currently only READ permission on the resources are allowed."} | |
| {"prompt": "How can I retrieve information about a shared job?", "completion": "You can retrieve information about a shared job using PySDK or CURL. The response will include details such as the tenant, who created the job, the job UUID, the grantee, the job resource, the job permission, and when it was created."} | |
| {"prompt": "How can I unshare a job that I previously shared?", "completion": "You can unshare a previously shared job using PySDK or CURL. The response will confirm that the job resource has been unshared."} | |
| {"prompt": "How can I share job output with another user in the same tenant?", "completion": "You can share job output with another user, for example 'testuser5', in the same tenant. This will allow 'testuser5' to list and download the job output using their own JWT, even if they are not the owner of the job."} | |
| {"prompt": "What actions can a user perform on a shared job output?", "completion": "A user with whom a job output has been shared can perform actions such as listing the job output and downloading the job output. They can do this using their own JWT, even if they are not the owner of the job."} | |
| {"prompt": "Can a user access the history of a job that has been shared with them?", "completion": "Yes, a user with whom a job has been shared can access the job's history, status, and detailed information. They can do this using their own JWT."} | |
| {"prompt": "What are the advantages of Meta V3 over Meta V2?", "completion": "Meta V3 has several advantages over Meta V2. It is built on MongoDB version 4.2 technology and opens up the full functionality of MongoDB as a document store. Projects are free to create metadata and documents in a way that suits their needs. Some of the advantages include: any valid MongoDB document structure can be used, if a search runs in MongoDB CLI, it should run from the API, aggregations are available, database, collection and document creation can be managed by tenant administrator, and the performance is many times faster."} | |
| {"prompt": "How can I migrate from Meta V2 to Meta V3?", "completion": "Migration from Meta V2 to Meta V3 can be accomplished by creating a new database with one or more collections for your project. The tenant administrator can request the initial permissions setup. Once your collection(s) are in place, move the result and associatedIds into your new document model."} | |
| {"prompt": "How can I create a document in Meta V3?", "completion": "To add a json document to a collection in Meta V3, you can use CURL. The response will have an empty response body with a status code of 201 \"Created\" unless the \"basic\" url query parameter is set to true. Setting the \"basic\" parameter to true will give a Tapis Basic response along with the \"_id\" of the newly created document."} | |
| {"prompt": "How can I create a new collection in MongoDB?", "completion": "You can create a new collection of documents by specifying a collection name under a specific database. The API endpoint for this operation is /v3/meta/{db}/{collection}. The response will be 'Status: 201 Collection created' along with an Etag header value for collection identification."} | |
| {"prompt": "How can I delete a collection in MongoDB?", "completion": "To delete a collection, you need to use an administrative method that is only available to tenant or meta administrators. This requires an If-Match header parameter of the Etag for the collection. The Etag value, if not already known, can be retrieved from the \"_meta\" call for a collection. The response will be 'Status: 204 Deleted named collection from the database'."} | |
| {"prompt": "How can I create a new document within a collection in MongoDB?", "completion": "To create a new document within a collection, you need to submit a json document within the request body of a POST request. This will create a new document within the specified collection with a MongoDB autogenerated \"_id\". If you want to add multiple documents, you can POST an array of new documents with a request body for the specified collection. The response will be 'Status: 201 Document created'."} | |
| {"prompt": "What information does an event in Tapis contain?", "completion": "An event in Tapis contains the following information: source, which is the context in which the event happened; type, which is used for routing notifications; subject, which is the subject of event in context of service; seriesId, which is an optional Id that groups events from the same source in a series; timestamp, which is when the event happened; and data, which is optional additional information associated with the event."} | |
| {"prompt": "How is a subscription created in Tapis and what information does it contain?", "completion": "A service can create a subscription for an event type in Tapis. A subscription contains the following information: name, which is an optional short descriptive name; owner, which is a specific user set at create time; description, which is an optional more verbose description; typeFilter, which is a filter used when matching events; subjectFilter, which is a filter used when matching events; deliveryTargets, which is a list of targets to be used when delivering an event; ttlMinutes, which is the time to live in minutes; and expiry, which is the time at which the subscription expires."} | |
| {"prompt": "What is the format of an event type in Tapis?", "completion": "The identifier for each event type in Tapis must have three parts in the format **\<service\>.\<category\>.\<detail\>**. For example *jobs.JOB_NEW_STATUS.PENDING*, *apps.APP.UPDATE* or *files.OBJECT.DELETE*."} | |
| {"prompt": "How does the dispatch service assign events to a bucket manager?", "completion": "The dispatch service assigns events to a bucket manager by taking a hash of the event source, subject and seriesId."} | |
| {"prompt": "How can I configure the Tapis Notifications service for email delivery?", "completion": "To configure the Tapis Notifications service for email delivery, you need to set up an SMTP relay. This is done by setting environment variables for the dispatcher service. The environment variables used to configure email delivery include TAPIS_MAIL_PROVIDER, TAPIS_SMTP_HOST, TAPIS_SMTP_PORT, TAPIS_SMTP_FROM_NAME, TAPIS_SMTP_FROM_ADDRESS, TAPIS_SMTP_AUTH, TAPIS_SMTP_USER, and TAPIS_SMTP_PASSWORD."} | |
| {"prompt": "What happens when the notification delivery method is of type WEBHOOK?", "completion": "When the notification delivery method is of type WEBHOOK, the dispatch worker will deliver the notification using an HTTP POST request. The media type for the request will be application/json and the following header will be added: User-Agent: Tapis/v3. The request body will be a json structure with the notification information."} | |
| {"prompt": "What is the pattern for the 'type' attribute in an event?", "completion": "The pattern for the 'type' attribute in an event is [\<service\>.\<category\>.\<detail\>]. This is used for routing notifications."} | |
| {"prompt": "What does the 'subject' attribute represent in an event?", "completion": "The 'subject' attribute in an event represents the subject of the event in the context of the service. Examples can include job Id, app Id, file path, role name, etc."} | |
| {"prompt": "What is the purpose of the 'seriesId' attribute in an event?", "completion": "The 'seriesId' attribute in an event is an optional Id that groups events from the same source in a series. It is used to preserve the event order during notification delivery."} | |
| {"prompt": "What are the two primary collections in the PgREST API?", "completion": "The two primary collections in the PgREST API are the Management API and the Data API. The Management API, provided at the URL `/v3/pgrest/manage`, includes endpoints for managing the collection of tables, views, stored procedures, and other objects defined in the hosted Postgres database server. The Data API, available at the URL `/v3/pgrest/data`, is used to create, update, and read the rows within the corresponding tables."} | |
| {"prompt": "How does PgREST handle authentication?", "completion": "PgREST currently recognizes Tapis v2 and v3 authentication tokens and uses these for determining access levels. A valid Tapis v2 OAuth token should be passed to all requests to PgREST using the header `Tapis-v2-token`. Tapis v3 OAuth authentication tokens should be passed to all requests to PgREST using the header `X-Tapis-Token`. Additionally, PgREST should be accessible from the Tapis v3 Python SDK (tapipy) now with the addition of v3 authentication."} | |
| {"prompt": "What are the universal roles established by PgREST and what permissions do they grant?", "completion": "PgREST establishes five universal roles: `PGREST_ADMIN` grants user read and write access to all objects in the `/manage` API as well as read and write access to all associated data in the `/data` API. `PGREST_ROLE_ADMIN` grants user role creation and management access to roles in the `/manage/roles` API. `PGREST_WRITE` grants user read and write access to all associated data in the `/data` API. `PGREST_READ` grants user read access to all associated data in the `/data` API. `PGREST_USER` grants permission to user `/views` API. Each view has additional permission rules though. Without any of the above roles, a user will not have access to any PgREST endpoints."} | |
| {"prompt": "How can I retrieve the description of a specific table using its id?", "completion": "You can retrieve a specific table by its `id` by making a GET request to `/v3/pgrest/manage/tables/{table_id}`. Replace `{table_id}` with the actual id of the table you want to retrieve."} | |
| {"prompt": "How can I modify a table as a tenant admin?", "completion": "As a tenant admin, you can modify tables by making a PUT request to `/v3/pgrest/manage/tables/{table_id}`. This feature is only available to admins. You can perform operations like changing the root_url, table_name, comments, endpoints, column_type, adding or dropping a column, dropping a default, or setting a new default on a column in a table. Only one operation is allowed per PUT request."} | |
| {"prompt": "How can I manage and retrieve data stored on tables using the Data API?", "completion": "The Data API provides endpoints for managing and retrieving data stored on tables. For each table defined through the Management API, there is a corresponding endpoint within the Data API with URL `/v3/pgrest/data/{root_url}`, where `{root_url}` is the associated attribute on the table. You can list/create widgets, bulk update multiple widgets, get/update/delete a widget by id using the endpoints provided by the Data API."} | |
| {"prompt": "How can I create a new row in a table using PgREST?", "completion": "To create a new row in a table using PgREST, you need to send a POST request to the `/v3/pgrest/data/{root_url}` URL. The POST message body should be a JSON document providing values for each of the columns inside a single `data` object. The values will first be validated with the json schema generated from the columns data sent in on table creation. This will enforce data types, max lengths, and required fields. The row is then added to the table using pure SQL format and is fully ATOMIC."} | |
| {"prompt": "How can I update an existing row in a table using PgREST?", "completion": "To update an existing row in a table using PgREST, you need to send a PUT request to the `/v3/pgrest/data/{root_url}/{id}` URL. The request message body should be a JSON document providing the columns to be updated and the new values. Only the fields provided in the PUT request body will be modified."} | |
| {"prompt": "How can I retrieve rows from a table using PgREST?", "completion": "To retrieve data from the `/data` API, make an HTTP GET request to the associated URL; an HTTP GET to `/v3/pgrest/data/{root_url}` will retrieve all rows on the associated table, while an HTTP GET to `/v3/pgrest/data/{root_url}/{id}` will retrieve the individual row."} | |
| {"prompt": "How can I create a new view using the Views Manage API?", "completion": "To create a new view, you can make a POST request to the `/v3/pgrest/manage/views` endpoint. The request body should be a JSON formatted view definition. The view definition should include the following fields: `view_name`, `select_query`, `from_table`, and optionally `root_url`, `where_query`, `comments`, `permission_rules`, `raw_sql` (admins only), and `materialized_view_raw_sql` (admins only)."} | |
| {"prompt": "What are the rules for creating a view definition?", "completion": "Each view definition can have the following rules: `view_name` (required), `select_query` (required), `from_table` (required), `root_url`, `where_query`, `comments`, `permission_rules`, `raw_sql` (admins only), and `materialized_view_raw_sql` (admins only). If `raw_sql` or `materialized_view_raw_sql` is used, `select_query`, `where_query`, and `from_table` are no longer allowed."} | |
| {"prompt": "How can I refresh the data of a materialized view?", "completion": "If you have created a view using the `materialized_view_raw_sql` attribute, you can refresh the data of the materialized view manually. Data for materialized views is updated at creation, and at refreshes, there is not other automatic refreshing of the data. You can refresh the materialized view data by making a GET request to `https://tenant.tapis.io/v3/pgrest/manage/views/{view_id}/refresh`."} | |
| {"prompt": "How can I create a new role using the API?", "completion": "To create a new role, make a post to `/v3/pgrest/roles/` with a body such as: `{\"role_name\": \"PGREST_My_New_Role\", \"description\": \"A new role!\"}`. This would result in the creation of the `PGREST_My_New_Role` role. Remember, the `role_name` and `description` are required and the `role_name` must start with `PGREST_`."} | |
| {"prompt": "How can I grant or revoke a role to a specific user?", "completion": "To grant or revoke a role to a specific username, make a post to `/v3/pgrest/roles/{role_name}` with a body such as: `{\"method\": \"grant\", \"username\": \"user3234\"}`. This would result in the user, `user3234` being granted the role, `PGREST_My_New_Role`. The `method` and `username` are required parameters. The `method` can be either \"grant\" or \"revoke\", specifying whether to revoke or grant the role to a user."} | |
| {"prompt": "What are the restrictions on role management?", "completion": "Role management is solely allowed for users in the PGREST_ROLE_ADMIN role, or PGREST_ADMIN. These endpoints allow users to create, grant, and revoke SK roles to users. Modifiable roles all must start with `PGREST_`, this ensures users can't change roles that might matter to other services. Users cannot manage the `PGREST_ADMIN`, `PGREST_ROLE_ADMIN`, `PGREST_WRITE`, or `PGREST_READ` roles. However, users can grant or revoke the `PGREST_USER` role."} | |
| {"prompt": "What is the Pods Service?", "completion": "The Pods Service is a web service and distributed computing platform providing pods-as-a-service (PaaS). The service implements a message broker and processor model that requests pods, alongside a health module to poll for pod data, including logs, status, and health. The primary use of this service is to have quick to deploy long-lived services based on Docker images that are exposed via HTTP or TCP endpoints listed by the API. The Pods service provides functionality for two types of pod solutions: Templated Pods for run-as-is popular images and Custom Pods for arbitrary docker images with less functionality."} | |
| {"prompt": "How do I get started with the Pods Service?", "completion": "This Getting Started guide will walk you through the initial steps of setting up the necessary accounts and installing the required software before moving to the Pods Quickstart, where you will create your first Pods service pod. If you are already using Docker Hub and the TACC TAPIS APIs, feel free to jump right to the Pods Quickstart or check out the Pods Live Docs."} | |
| {"prompt": "How do I create a TACC account to use the Pods Service?", "completion": "The main instance of the Pods platform is hosted at the Texas Advanced Computing Center (TACC). TACC designs and deploys some of the world's most powerful advanced computing technologies and innovative software solutions to enable researchers to answer complex questions. To use the TACC-hosted Pods service, please create a TACC account."} | |
| {"prompt": "How do I register a templated Pod using the tapipy library?", "completion": "To register a templated Pod using the tapipy library, you use the `pods.create_pod()` method and pass the arguments describing the pod you want to register through the function parameters. The pod_template should be equal to one of your templated pods."} | |
| {"prompt": "How can I access my pod once it is in the `RUNNING` state?", "completion": "Once your pod is in the `RUNNING` state, and after the networking changes proliferate, you should have access to your pod via the internet. You can access your pod through the network using the url provided in the pod's description when creating the pod or when getting the pod description. In the pod response object, the `url` attribute gives you the url your service is being hosted on."} | |
| {"prompt": "How can I retrieve the logs from my pod?", "completion": "The Pods service collects the latest 10 MB of logs from the pod when running and makes them available via the `logs` endpoint. To retrieve the logs from the pod, you use the `get_pod_logs()` method, passing in `pod_id`."} | |
| {"prompt": "What is Tapipy and how does it work?", "completion": "Tapipy is a Python library for interacting with an instance of the Tapis API framework. The library is automatically generated by referencing the OpenAPI spec files which a Tapis client built from the OpenAPI spec files from TACC's Tapis services. With this functionality a user is able to authorize itself with the Tapis client and have a 'live' library in order to interact with all Tapis services. Usage of tapipy allows for automatic token refreshing, verbose error messages regarding endpoint inputs, and up to date syntax for all services."} | |
| {"prompt": "How do I initialize a Tapis client object using Tapipy?", "completion": "To initialize a Tapis client object, you will replace `your_tacc_username` and `your_tacc_password` with your TACC username and password, preserving the quotation marks shown in the command below. This command will authenticate you with Tapis for your respective `base_url` and store your retrieved token for later `tapipy` calls. The code is as follows: \n\n``` python\nfrom tapipy.tapis import Tapis\nt = Tapis(base_url= \"https://tacc.tapis.io\", username=\"your_tacc_username\", password=\"your_tacc_password\")\nt.get_tokens()\n```"} | |
| {"prompt": "What are the special keyword arguments recognized by Tapipy?", "completion": "Tapipy recognizes two special keyword arguments to all of its methods that correspond to Tapis API calls (i.e., all of its \"operations\"). They are: `_tapis_headers` - a dictionary-like object of header names (keys) and values, and `_tapis_query_parameters` - a dictionary-like object of query parameter names (keys) and values. These special arguments are used for passing headers and query parameters that are not specified in the OpenAPI definition of an endpoint."} | |
| {"prompt": "How can I instantiate Tapipy with only a Tapis access token?", "completion": "Tapipy can be instantiated with only a Tapis access token. This is useful when you have a created token and don't want to provide username and password. The minimal instantiation requires the base_url and the token."} | |
| {"prompt": "How can I refresh Tapipy's Cached Specs?", "completion": "Tapipy uses a cache to organize spec dictionaries as pickled files and has the ability to accept custom spec files. By default Tapipy keeps a set of base spec files in the `{tapipyInstallDir}/specs` folder. These specs are pre-pickled at package build time. To update specs, you can use `t.update_spec_cache()` or `tapipy.tapis.update_spec_cache()` methods."} | |
| {"prompt": "How can I use `t.files.insert` with Tapipy for file upload?", "completion": "Introduced in Tapipy 1.3.2, the library now has native support for `multipart/form-data` input data and headers. This allows us to natively support the `t.files.insert` operation. The previous static workaround, `t.upload(filePath, systemId, local_file_path)`, is now deprecated and will be removed in a future release."} | |
| {"prompt": "How do I inherit from the flaskbase image in Docker?", "completion": "To inherit from the flaskbase image in Docker, you can use the command `FROM: tapis/flaskbase` in your Dockerfile."} | |
| {"prompt": "How can I install additional requirements for the service in Docker?", "completion": "To install additional requirements for the service in Docker, you can copy your requirements.txt file into the Docker image and then run pip install. Here is an example of how you can do this in your Dockerfile: `COPY requirements.txt /home/tapis/requirements.txt RUN pip install -r /home/tapis/requirements.txt`"} | |
| {"prompt": "How can I run a service as a non-root user in Docker?", "completion": "To run a service as a non-root user in Docker, you can use the `RUN` and `USER` commands in your Dockerfile. Here is an example: `RUN chown -R tapis:tapis /home/tapis USER tapis`"} | |
| {"prompt": "How do I set up logging in the `tapisservice.logs` module?", "completion": "To set up logging in the `tapisservice.logs` module, you need to create an instance of the logger in each module where you want to add logs. This can be done by calling the `get_logger` function with the module name."} | |
| {"prompt": "How do I handle errors in REST APIs using the `tapisservice.util` module?", "completion": "To handle errors in REST APIs using the `tapisservice.util` module, you can use the `TapisApi` class and the `flask_errors_dict` dict and `handle_error()` function. Add the following to your `api.py` module: `from flask import Flask`, `from tapisservice.utils import TapisApi, handle_error, flask_errors_dict`. Then set up error handling to use the `handle_error()` function."} | |
| {"prompt": "What is the purpose of the TapisApi object in TapisService?", "completion": "The TapisApi object in TapisService is created with the app object and the flask_errors_dict to establish the 4 stanza structure of error responses. For example, `api = TapisApi(app, errors=flask_errors_dict)`. It is then used to set up error handling with the `handle_error()` function."} | |
| {"prompt": "What are the variables exposed by `tapisservice`?", "completion": "`tapisservice` exposes two sets of similar variables: `g.request_username`, `g.username`, `g.x_tapis_user`, `g.request_tenant_id`, `g.tenant_id`, and `g.x_tapis_tenant`. The `g.request_username` and `g.request_tenant_id` resolve to the values obtained from the incoming request JWT Tapis token. However, the values change to the `x_tapis_*` variants when service accounts send 'on behalf of' requests."} | |
| {"prompt": "How can I use `tapipy` as a Service Account?", "completion": "A service account can still make use of the `tapipy` client, with some changes. You can use the tenant and username from the client, which means the service's tenant and username. For example, `t.systems.get_systems(_tapis_set_x_headers_from_service = True)`. Alternatively, you can use specified `_x_tapis_user` and `_x_tapis_tenant_id` rather than the service's values. For example, `t.systems.get_systems(_x_tapis_user = 'cgarcia', _x_tapis_tenant_id = 'tacc')`."} | |
| {"prompt": "What happens when service accounts send 'on behalf of' requests?", "completion": "When service accounts send 'on behalf of' requests, the values of `g.request_username` and `g.request_tenant_id` change to the `x_tapis_*` variants. This allows services to reference only one variable versus choosing to use `g.username` or `g.x_tapis_user` at runtime. Only services within the same site may complete these OBO requests, and this is checked by `tapisservice`."} | |
| {"prompt": "What is the role of the Security Kernel in Tapis?", "completion": "The Security Kernel (SK) microservice in Tapis provides role-based authorization and secrets management. It uses a PostgreSQL database to store its authorization data and the open source version of HashiCorp Vault as its secrets backend. Authentication is based on JSON Web Tokens (JWTs) managed by the Authentication subsystem."} | |
| {"prompt": "How does the Security Kernel handle role-based authorization?", "completion": "The Security Kernel's role-based authorization is based on an extended version of the Apache Shiro authorization model, which defines both roles and permissions. Each role has a unique name and is assigned an owner. SK provides a set of role endpoints to create, update, query and delete roles. It also provides user endpoints to grant users roles, revoke roles from users, and query the roles assigned to a user."} | |
| {"prompt": "What is the concept of Hierarchical Roles in the Security Kernel?", "completion": "In the Security Kernel, roles can be arranged in directed acyclic graphs (DAGs) based on parent/child relationships. This allows SK users to define roles with fine granularity and then compose them in flexible ways. For example, a parent role 'DirA_Owner' could have 'DirA_Reader' and 'DirA_Writer' as child roles. Users assigned 'DirA_Owner' would implicitly also be assigned 'DirA_Reader' and 'DirA_Writer'."} | |
| {"prompt": "What is the purpose of the SK's typed secrets model?", "completion": "The typed secrets model of SK overlays Vault's native capabilities. It requires users to provide a secretType and secretName on most of its calls. Using this information, SK calculates the virtual paths in Vault being referenced. This means users do not need to understand Vault's naming scheme and SK has complete control of where secrets reside inside of Vault."} | |
| {"prompt": "What types of secrets are supported by SK?", "completion": "SK supports several types of secrets. These include Service Password, JWT Signing Key, DB Credentials, System Credentials, and User secrets. However, only the User secret type can be used by Tapis users; the rest are reserved for Tapis services only."} | |
| {"prompt": "How does SK manage access to Vault?", "completion": "SK uses HashiCorp Vault as its backend database for storing and managing secrets. There is no direct access to Vault for users or services. All access comes through SK, which allows secrets to be created, read, versioned, deleted and destroyed by reflecting in its API the capabilities of Vault's version 2 Key/Value secrets engine."} | |
| {"prompt": "What are the two built-in authorization mechanisms provided by Tapis?", "completion": "Tapis provides two built-in authorization mechanisms. The first facility is implemented using roles and permissions. These controls operate at a low level of abstraction and apply to the individual Tapis resources to which they are associated. The second facility, Tapis shared resources (or simply shared resources), operate at a higher level of abstraction by authorizing complex actions in Tapis."} | |
| {"prompt": "How does the role-based access control (RBAC) work in Tapis?", "completion": "The Security Kernel (SK) in Tapis implements a distributed, role-based access control (RBAC) in which users are assigned roles that limit or allow access to resources. A role is simply a named entity with an owner. Access to specific resources is controlled by assigning roles to users. Tapis supports user-based APIs that check if a user has a certain role. A role can contain zero or more other roles. A contained role is the child of the containing role. A child role can have any number of parents, that is, be contained in any number of other roles. Roles form a forest of directed acyclic graphs. When checking whether a user has been assigned a particular role, SK APIs check whether the user has been assigned that role or any of its parent roles. When a user is assigned a role, the user is also implicitly assigned all the children of that role."} | |
| {"prompt": "What is Tapis sharing and how does it work?", "completion": "Tapis sharing grants some implicit access to all resources needed to perform an action. It defines a runtime context in which limited Tapis authorization is implicitly granted to users performing an action. This context can span multiple services. For example, if a file path is shared with a user, then access to the Tapis system on which the file resides is implicitly granted when the user attempts access through the Files service. Implicit access applies within a certain context and does not apply outside of that context. Implicit authorizations apply only to Tapis resources. Tapis sharing also supports granting public access to resources. The public-grantee access designation allows all users in a tenant access to the shared resource. Where supported, the public-grantee-no-authn access designation grants access to all users, even those that have not authenticated with Tapis."} | |
| {"prompt": "What is a Shared Application Context (SAC) in Tapis?", "completion": "A Shared Application Context (SAC) in Tapis is a concept that recognizes that applications run in the context of a Tapis job. This context is leveraged by multiple, cooperating services to allow limited implicit access to all the resources needed to run a job. This means that for certain resources, the user running the job will have the application owner's authorizations in addition to their own. Users are able to access systems and file paths which they cannot normally access but the application owner can access."} | |
| {"prompt": "What are the SAC-eligible attributes in Tapis?", "completion": "The SAC-eligible attributes in Tapis are: execSystemId, execSystemExecDir, execSystemInputDir, execSystemOutputDir, archiveSystemId, archiveSystemDir, fileInputs sourceUrl, and fileInputs targetPath. These attributes of application definitions are SAC-eligible, meaning that implicit access to the resources they designate can be granted to jobs running in a SAC."} | |
| {"prompt": "How does Tapis handle authorization during job execution in a Shared Application Context?", "completion": "During job execution in a Shared Application Context, Tapis relaxes its access constraints. However, all host authorizations are still enforced. The underlying operating systems' and persistent storage systems' authentication and authorization mechanisms are unchanged, so users have no more low-level access than they would otherwise. This means that users are not conferred any special privileges on application-specified resources outside of job execution and relaxed authorization checking applies only to systems and file paths referenced in the application definition."} | |
| {"prompt": "How are projects defined in the hierarchy of Streams resources?", "completion": "Projects are defined at a top level in the hierarchy of Streams resources. A user registers a project by providing metadata information such as the principal Investigator, project URL, funding resource, etc. A list of authorized users can be added to various project roles to have a controlled access over the project resources. When a project is first registered, a collection is created in the back-end MongoDB. User permissions to access this collection are then set up in the security kernel. Every request to access the project resource or documents within (i.e sites, instruments, variables) goes through a security kernel check and only the authorized user requests are allowed to be processed."} | |
| {"prompt": "What is a site in the context of Streams hierarchy?", "completion": "A site is a geographical location that may hold one or more instruments. Sites are next in the streams hierarchy and they inherit permissions from the projects. Project owners can create sites by providing the geographical information such as latitude, longitude and elevation of the site or GeoJSON encoded spatial information. This spatial information is useful when searching sites or data based on location. In the back-end database a site is represented as a JSON document within the project collection. Site permissions are inherited from the project."} | |
| {"prompt": "What are instruments in the context of Streams API?", "completion": "Instruments are physical entities that may have one or more embedded sensors to sense various parameters such as temperature, relative humidity, specific conductivity, etc. These sensors referred to as variables in Streams API generate measurements, which are stored in the influxDB along with a ISO8601 timestamp. Instruments are associated with specific sites and projects. Information about the instruments such as site and project ids, name and description of the instrument, etc. are stored in the mongoDB sites JSON document."} | |
| {"prompt": "What are the different types of channel actions that can be defined?", "completion": "The different types of channel actions that can be defined are Actor, Job, Slack, Discord, and HTTP Webhook. Each of these actions has different attributes and parameters that need to be defined. For example, the Actor action requires a method, actor_id, and message. The Job action requires a method and job_param. The Slack, Discord, and HTTP Webhook actions require a method, webhook_url, and message. The HTTP Webhook action also requires a data_field."} | |
| {"prompt": "How are permissions managed in the Streams service?", "completion": "Permissions in the Streams service are managed using roles. There are three types of roles: admin, manager, and user. Admins have elevated privileges and can create, update, or delete any of the Streams resources. Managers can perform all read and write operations on Streams resources, but cannot delete them. Users can only perform read operations on the resources and are not authorized to write or delete the resources. When a user creates a project, channel, or template, an admin role is created in the Security Kernel and is assigned to the requesting user."} | |
| {"prompt": "What is the role of the 'method' attribute in channel actions?", "completion": "The 'method' attribute in channel actions is used to specify the type of action that should be performed. For example, if the method is set to 'ACTOR', it means that the action is related to an actor. If the method is set to 'JOB', it means that the action is related to a job. Similarly, if the method is set to 'SLACK', 'DISCORD', or 'WEBHOOK', it means that the action is related to sending a message to Slack, Discord, or a HTTP Webhook respectively."} | |
| {"prompt": "How can I list the user roles on a project, channel or template?", "completion": "To list the user roles on a project, channel or template, you need to provide three parameters: resource_type (project/channel/template), resource_id (project_id/channel_id/template_id), and user (username for whom roles are to be checked). The requesting user must have one of the three roles (admin, manager, user) on the resource."} | |
| {"prompt": "What are the conditions for granting roles to users?", "completion": "Roles can be granted by admins or managers. Admins can grant any of the three roles to other users, while managers can only grant manager and user roles. Users do not have privileges to grant roles. Self role granting is not permitted. The role is granted only if the requesting user has same or higher roles than the role name specified in the request body. If the user already has the role, no action is taken."} | |
| {"prompt": "Who can revoke roles and under what conditions?", "completion": "Only users in the admin role are capable of revoking any of the three roles: admin, manager, and user for other users. Self role revoking is not permitted. Users in manager and user role are not capable of revoking roles."} | |
| {"prompt": "What is the purpose of a Tapis system?", "completion": "A Tapis system represents a server or collection of servers exposed through a single host name or IP address. Each system is associated with a specific tenant. A system can be used for running a job, which includes staging files to a system in preparation for running a job, executing a job on a system, and archiving files and data on a remote system after job execution. A system can also be used for storing and retrieving files and data."} | |
| {"prompt": "What are the required attributes when creating a system?", "completion": "When creating a system the required attributes are: id, systemType, host, defaultAuthnMethod and canExec. Depending on the type of system and specific values for certain attributes there are other requirements."} | |
| {"prompt": "How do I register credentials for a Tapis system?", "completion": "To register credentials for a Tapis system, you need to create a local file with your public and private keys. The keys must be encoded on a single line with embedded newline characters. Then, you can use the PySDK or CURL to send a POST request to the Tapis API. An optional attribute loginUser may be included in the request body in order to map the Tapis user to a username to be used when accessing the system."} | |
| {"prompt": "How can I convert a multi-line private key into a single line for use with Tapis?", "completion": "You can use the following linux command to convert a multi-line private key into a single line: `cat $privateKeyFile | awk -v ORS='\\n' '1'`"} | |
| {"prompt": "What steps should I take if I encounter problems when using an ssh keypair as credentials in Tapis?", "completion": "Here are some suggestions on what to check: Ensure that public and private keys are each on one line in the json file and newline characters in private key are properly encoded. Make sure the keypair is not of type OPENSSH and does not have a passphrase. Check that the public key has been added to the authorized_keys file for the target user. The file should be ~/.ssh/authorized_keys. Ensure that the file ~/.ssh/authorized_keys has proper permissions and that MFA is not enabled for the target host."} | |
| {"prompt": "How can I register credentials for a GLOBUS type system in Tapis?", "completion": "For a GLOBUS type system, you will need to use the TOKEN authentication method and generate an `accessToken` and `refreshToken` using two special-purpose System service endpoints. Please note that your Tapis site installation must have been configured by the site administrator to support Globus."} | |
| {"prompt": "How can I retrieve details for all systems I own using CURL?", "completion": "You can retrieve details for all systems you own using CURL with the following command: `$ curl -H \"X-Tapis-Token: $JWT\" https://tacc.tapis.io/v3/systems?select=allAttributes`. The response should contain a list of items similar to the single listing shown above."} | |
| {"prompt": "How can I create a child system?", "completion": "To create a child system, you need to create a local file (for example child_system_example.json) with the following: `{\"id\": \"my-child-<userid>\", \"effectiveUserId\": \"${apiUserId}\", \"rootDir\": \"/home/<userid>\"}`. Replace *<userid>* with your username and ensure that the root directory path is correct. Then use the create child system REST endpoint to create the child system. If you're using PySDK, you can use the following code: `import json from tapipy.tapis import Tapis t = Tapis(base_url='https://tacc.tapis.io', username='<userid>', password='************') with open('child_system_example.json', 'r') as openfile: child_system = json.load(openfile) t.systems.createChildSystem(parentId=\"parent-system\", **child_system)`. If you're using CURL, you can use the following command: `$ curl -X POST -H \"content-type: application/json\" -H \"X-Tapis-Token: $JWT\" https://tacc.tapis.io/v3/systems/parent-system/createChildSystem -d @child_system_example.json`."} | |
| {"prompt": "What fields are maintained independently for child systems?", "completion": "The fields that are maintained independently for child systems are: id, owner, enabled, effectiveUserId, rootDir, deleted, created, and updated. During the creation of a child system, any of these fields may be specified except for created, updated and deleted. All other fields are taken from the parent system."} | |
| {"prompt": "How can I update a child system?", "completion": "Updates to a child system are done just like any other system, however, only certain fields may be updated for a child system. These fields can be updated through special endpoints. For example, 'deleted' and 'enabled' are updated through the endpoints for deleting, undeleting, enabling and disabling."} | |
| {"prompt": "How can I unlink a child system from its parent system?", "completion": "A child system may be unlinked from its parent using the 'unlinkFromParent' endpoint. This is a permanent operation and cannot be undone. This will make the child a standalone system with all of its current settings. If the owner of the child system wants to unlink the child from its parent, they may use the 'unlinkFromParent' endpoint. The owner of a parent system can also decide to unlink child systems from the parent using the 'unlinkChildren' endpoint."} | |
| {"prompt": "What are the minimal definition and restrictions when creating a system?", "completion": "When creating a system the required attributes are: 'id', 'systemType', 'host', 'defaultAuthnMethod' and 'canExec'. Depending on the type of system and specific values for certain attributes there are other requirements. For example, if 'systemType' is S3 then 'bucketName' is required, 'canExec' and 'isDtn' must be false. If 'systemType' is LINUX or IRODS then 'rootDir' is required and must begin with '/'. There are also restrictions based on other attributes such as 'effectiveUserId', 'isDtn', 'canExec', and 'canRunBatch'."} | |
| {"prompt": "What is the sharing feature in Tapis?", "completion": "Sharing in Tapis is a higher level approach to granting access. The sharing API allows you to share a system with a set of users as well as share publicly with all users in a tenant. Sharing provides `READ+EXECUTE` access. When the system has a dynamic *effectiveUserId*, sharing also allows for MODIFY access to all paths for calls made through the Files service. Tapis permissions and sharing are independent of native permissions enforced by the underlying system host."} | |
| {"prompt": "How are authentication credentials handled in Tapis?", "completion": "At system creation time, the authentication credentials may be specified if the effective access user *effectiveUserId* is a specific user and not a dynamic user. If the effective access user is dynamic, then authentication credentials for any user allowed to access the system must be registered in separate API calls. The Systems service does not store credentials. Credentials are persisted by the Security Kernel service and only specific Tapis services are authorized to retrieve credentials."} | |
| {"prompt": "What does the deletion feature do in Tapis?", "completion": "In Tapis, a system may be deleted and undeleted. Deletion means the system is marked as deleted and is no longer available for use. By default, deleted systems will not be included in searches and operations on deleted systems will not be allowed. When listing systems, the query parameter *showDeleted* may be used in order to include deleted systems in the results."} | |
| {"prompt": "What does the 'authnMethod' attribute represent in the Credential Attributes Table?", "completion": "The 'authnMethod' attribute in the Credential Attributes Table indicates the authentication method associated with a retrieved credential. When a credential is retrieved, it is for a specific authentication method. The possible methods include PASSWORD, PKI_KEYS, ACCESS_KEY, and TOKEN."} | |
| {"prompt": "What is the purpose of the 'inputMode' attribute in the KeyValuePair Attributes Table?", "completion": "The 'inputMode' attribute in the KeyValuePair Attributes Table indicates how an argument is to be treated when processing individual job requests. The possible modes include REQUIRED, FIXED, INCLUDE_ON_DEMAND, and INCLUDE_BY_DEFAULT. The default mode is INCLUDE_BY_DEFAULT."} | |
| {"prompt": "What does the 'notes' attribute represent in the KeyValuePair Attributes Table?", "completion": "The 'notes' attribute in the KeyValuePair Attributes Table represents simple metadata in the form of a Json object. This attribute is not used by Tapis."} | |
| {"prompt": "What is the purpose of the 'name' attribute in the LogicalQueue Attributes Table?", "completion": "The 'name' attribute in the LogicalQueue Attributes Table is used to provide a name for the logical queue. This typically matches or is a variant of the HPC queue name."} | |
| {"prompt": "How can I specify the maximum number of jobs that can be queued or running in a logical queue?", "completion": "You can specify the maximum total number of jobs that can be queued or running in a logical queue using the 'maxJobs' attribute in the LogicalQueue Attributes Table."} | |
| {"prompt": "How can I search for systems using a GET request?", "completion": "To search when using a GET request to the `systems` endpoint, you can specify a list of search conditions using a query parameter named `search`. Each search condition must be surrounded with parentheses, have three parts separated by the character `.` and be joined using the character `~`. All conditions are combined using logical AND. For example: `?search=(<attribute_1>.<op_1>.<value_1>)~(<attribute_2>.<op_2>.<value_2>)~ ... ~(<attribute_N>.<op_N>.<value_N>)`"} | |
| {"prompt": "How can I perform a search using a GET request on the dedicated endpoint?", "completion": "To perform a search using a GET request on the dedicated endpoint, you can send a GET request to the search endpoint. A list of search conditions may be specified using a series of query parameters, one for each attribute. All conditions are combined using logical AND. The general form for specifying the query parameters is as follows: `?<attribute_1>.<op_1>=<value_1>&<attribute_2>.<op_2>=<value_2>)& ... &<attribute_N>.<op_N>=<value_N>`. Supported operators include `eq`, `neq`, `gt`, `gte`, `lt`, `lte`, `in`, `nin`, `like`, `nlike`, `between`, `nbetween`."} | |
| {"prompt": "How can I perform a search using a POST request on the dedicated endpoint?", "completion": "To perform a search using a POST request on the dedicated endpoint, you need to send a POST request to the endpoint `systems/search/systems`. The request body must contain json with a top level property name of `search`. The `search` property must contain an array of strings specifying the search criteria in an SQL-like syntax. The array of strings are concatenated to form the full search query. The full query must be in the form of an SQL-like `WHERE` clause. Note that not all SQL features are supported."} | |
| {"prompt": "How can I select specific fields when retrieving systems?", "completion": "When retrieving systems, the fields to be returned may be specified as a comma separated list using a query parameter named `select`. Attribute names may be given using Camel Case or Snake Case. Special select keywords are supported: `allAttributes` and `summaryAttributes`. By default all attributes are returned when retrieving a single resource via the endpoint *systems/\<system_id\>*. By default summary attributes are returned when retrieving a list of systems. Specifying nested attributes is not supported. The attribute `id` is always returned."} | |
| {"prompt": "How can I sort the results of my query in ascending or descending order?", "completion": "You can sort the results of your query by using the `orderBy` query parameter. The value of this parameter is the attribute name you want to sort on, with an optional sort direction. The general format is `<attribute_name>(<dir>)`. The direction may be `asc` for ascending or `desc` for descending. The default direction is ascending. For example, `orderBy=id(asc)` or `orderBy=name(desc),created`."} | |
| {"prompt": "How can I limit the number of results returned by my query?", "completion": "You can limit the number of results returned by your query by using the `limit` query parameter. For example, `limit=10` will limit the number of items returned to 10. If you want to return an unlimited number of items, you can use 0 or less. The default limit is 100. You can also use the `skip` parameter to skip a number of items, or the `startAfter` parameter to specify where to start when sorting."} | |
| {"prompt": "What does the `listType` query parameter do?", "completion": "The `listType` query parameter allows you to see additional resources that are available to you. By default, you will only see the resources that you own. If you set `listType` to `OWNED`, you will only see items owned by you. If you set it to `SHARED_PUBLIC`, you will only see items shared publicly. If you set it to `ALL`, you will see all items you are authorized to view."} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment