<a class="reference external" href="https://jupyter.designsafe-ci.org/hub/user-redirect/lab/tree/CommunityData/OpenSees/TrainingMaterial/training-OpenSees-on-DesignSafe/Jupyter_Notebooks/tapisConnect_establishSystemCredentials.ipynb" target="_blank">
<img alt="Try on DesignSafe" src="https://raw.githubusercontent.com/DesignSafe-Training/pinn/main/DesignSafe-Badge.svg" /></a>

# Establish TMS Credentials

by Silvia Mazzoni, DesignSafe, 2025

Before you can submit jobs via Tapis, you need to establish your TMS credentials on the execution system you plan to submit to.<br>
This needs to be done only once per "execution system", such as stampede3, per account.

We will set this up for the three common systems used in DesignSafe: systems = ["stampede3", "ls6", "frontera"]

TMS = Trust Management System: https://tms-documentation.readthedocs.io/en/latest/

## What is TMS?
TMS is a multi-tenant web application exposing a REST API to manage SSH keys, client applications, user delegations, user/MFA authentication, hosts, and user/host account mappings. TMS also has a modules that run on hosts, such as High Performance Computing (HPC) login nodes, VMs or IoT devices.

## Set up User Credentials

The `tapis.systems.checkUserCredential` function in the **Tapis v3 Python SDK (*tapipy*)** is used to check whether the **authenticated user has valid credentials on a given Tapis system**. <br>
Specifically, it answers the question: "**Can this user run jobs or access files on this system (e.g., a cluster or storage system)?**"

### tapis.systems.checkUserCredential
    
* **Usage**
    
    ```python
    t.systems.checkUserCredential(systemId='your-system-id')
    ```

* **Parameters**

    `systemId` (string): The ID of the Tapis system you want to check (e.g., a compute system like `stampede3.tacc.utexas.edu` or a storage system).

* **Returns**

    A response indicating **whether valid credentials are available** (usually a boolean or success message, depending on how the SDK formats it).

* **Typical Use Case**

    Before submitting a job or transferring files, you might want to verify that the Tapis user has valid SSH or access credentials installed for the remote system. For example:
    
    ```python
    resp = t.systems.checkUserCredential(systemId='stampede3.tacc.utexas.edu')
    print(resp.result)  # Will be True if credentials exist, False otherwise
    ```
    
    If `False`, the user needs to:
    
    * Add credentials (e.g., via `systems.createUserCredential`)
    * Or re-authenticate if the current credentials expired

* Learn more: [Tapis Documentation -- Systems](https://tapis.readthedocs.io/en/latest/technical/systems.html)


In [1]:
# Local Utilities Library
# you can remove the logic associated with the local path
import sys,os
relativePath = '../../OpsUtils'
if os.path.exists(relativePath):
    PathOpsUtils = os.path.expanduser(relativePath)
else:
    PathOpsUtils = os.path.expanduser('~/CommunityData/OpenSees/TrainingMaterial/training-OpenSees-on-DesignSafe/OpsUtils')
if not PathOpsUtils in sys.path: sys.path.append(PathOpsUtils)
from OpsUtils import OpsUtils

## User Input

In [2]:
username = 'silvia'
systems = ["stampede3", "ls6", "frontera"]

## Connect to Tapis

In [3]:
t=OpsUtils.connect_tapis()

 -- Checking Tapis token --
 Token loaded from file. Token is still valid!
 Token expires at: 2025-08-22T07:29:28+00:00
 Token expires in: 3:31:47.660505
-- LOG IN SUCCESSFUL! --


### Remove your Existing TMS Credentials *(Optional)*
Do this only **if you must!**<br>
So it should be commented-out.
A simple python function to do this has been saved in DesignSafe Community.

In [4]:
# for system_id in systems:
#     OpsUtils.revoke_tms_credentials(t,system_id,username)

-- CREDENTIALS REMOVED SUCCESSFULLY!!! --
-- CREDENTIALS REMOVED SUCCESSFULLY!!! --
-- CREDENTIALS REMOVED SUCCESSFULLY!!! --


## Establish TMS Credentials
The python function checks whether the user has TMS credentials in the system, if not, it creates new ones.

In [5]:
OpsUtils.show_text_file_in_accordion(PathOpsUtils,['establish_tms_credentials.py'])

In [6]:
for system_id in systems:
    OpsUtils.establish_tms_credentials(t,system_id,username)

 -- TMS User Credentials --
username: silvia
system_id: stampede3
User silvia is missing system credentials.
Establishing new credentials
Established silvia's system credentials.
-- CREDENTIALS ESTABLISHED SUCCESSFULLY!!! --
 -- TMS User Credentials --
username: silvia
system_id: ls6
User silvia is missing system credentials.
Establishing new credentials
Established silvia's system credentials.
-- CREDENTIALS ESTABLISHED SUCCESSFULLY!!! --
 -- TMS User Credentials --
username: silvia
system_id: frontera
User silvia is missing system credentials.
Establishing new credentials
Established silvia's system credentials.
-- CREDENTIALS ESTABLISHED SUCCESSFULLY!!! --
