aspera-cli 4.10.0 → 4.12.0

data/lib/aspera/keychain/macos_security.rb

@@ -10,10 +10,10 @@ module Aspera
       # keychain based on macOS keychain, using `security` cmmand line
       class Keychain
         DOMAINS = %i[user system common dynamic].freeze
-        LIST_OPTIONS={
+        LIST_OPTIONS = {
           domain: :c
         }
-        ADD_PASS_OPTIONS={
+        ADD_PASS_OPTIONS = {
           account:  :a,
           creator:  :c,
           type:     :C,
@@ -32,7 +32,7 @@ module Aspera
           getpass:  :g
         }.freeze
         class << self
-          def execute(command,options=nil,supported=nil,lastopt=nil)
+          def execute(command, options=nil, supported=nil, lastopt=nil)
             url = options&.delete(:url)
             if !url.nil?
               uri = URI.parse(url)
@@ -40,20 +40,20 @@ module Aspera
               options[:protocol] = 'htps'
               raise 'host required in URL' if uri.host.nil?
               options[:server] = uri.host
-              options[:path] = uri.path unless ['','/'].include?(uri.path)
+              options[:path] = uri.path unless ['', '/'].include?(uri.path)
               options[:port] = uri.port unless uri.port.eql?(443) && !url.include?(':443/')
             end
-            cmd=['security',command]
-            options&.each do |k,v|
-              raise "unknown option: #{k}" unless supported.has_key?(k)
+            cmd = ['security', command]
+            options&.each do |k, v|
+              raise "unknown option: #{k}" unless supported.key?(k)
               next if v.nil?
               cmd.push("-#{supported[k]}")
               cmd.push(v.shellescape) unless v.empty?
             end
             cmd.push(lastopt) unless lastopt.nil?
-            Log.log.debug("executing>>#{cmd.join(' ')}")
-            result=%x(#{cmd.join(' ')} 2>&1)
-            Log.log.debug("result>>[#{result}]")
+            Log.log.debug{"executing>>#{cmd.join(' ')}"}
+            result = %x(#{cmd.join(' ')} 2>&1)
+            Log.log.debug{"result>>[#{result}]"}
             return result
           end
 
@@ -70,8 +70,8 @@ module Aspera
           end
 
           def list(options={})
-            raise ArgumentError,"Invalid domain #{options[:domain]}, expected one of: #{DOMAINS}" unless options[:domain].nil? || DOMAINS.include?(options[:domain])
-            keychains(execute('list-keychains',options,LIST_OPTIONS))
+            raise ArgumentError, "Invalid domain #{options[:domain]}, expected one of: #{DOMAINS}" unless options[:domain].nil? || DOMAINS.include?(options[:domain])
+            keychains(execute('list-keychains', options, LIST_OPTIONS))
           end
 
           def by_name(name)
@@ -88,15 +88,15 @@ module Aspera
           [string].pack('H*').force_encoding('UTF-8')
         end
 
-        def password(operation,passtype,options)
+        def password(operation, passtype, options)
           raise "wrong operation: #{operation}" unless %i[add find delete].include?(operation)
           raise "wrong passtype: #{passtype}" unless %i[generic internet].include?(passtype)
           raise 'options shall be Hash' unless options.is_a?(Hash)
-          missing=(operation.eql?(:add) ? %i[account service password] : %i[label])-options.keys
+          missing = (operation.eql?(:add) ? %i[account service password] : %i[label]) - options.keys
           raise "missing options: #{missing}" unless missing.empty?
-          options[:getpass]='' if operation.eql?(:find)
-          output=self.class.execute("#{operation}-#{passtype}-password",options,ADD_PASS_OPTIONS,@path)
-          raise output.gsub(/^.*: /,'') if output.start_with?('security: ')
+          options[:getpass] = '' if operation.eql?(:find)
+          output = self.class.execute("#{operation}-#{passtype}-password", options, ADD_PASS_OPTIONS, @path)
+          raise output.gsub(/^.*: /, '') if output.start_with?('security: ')
           return nil unless operation.eql?(:find)
           attributes = {}
           output.split("\n").each do |line|
@@ -121,7 +121,7 @@ module Aspera
     end
 
     class MacosSystem
-      def initialize(name=nil,password=nil)
+      def initialize(name=nil, _password=nil)
         @keychain = name.nil? ? MacosSecurity::Keychain.default_keychain : MacosSecurity::Keychain.by_name(name)
         raise "no such keychain #{name}" if @keychain.nil?
       end
@@ -130,7 +130,8 @@ module Aspera
         raise 'options shall be Hash' unless options.is_a?(Hash)
         unsupported = options.keys - %i[label username password url description]
         raise "unsupported options: #{unsupported}" unless unsupported.empty?
-        @keychain.password(:add,:generic, service: options[:label],
+        @keychain.password(
+          :add, :generic, service: options[:label],
           account: options[:username] || 'none', password: options[:password], comment: options[:description])
       end
 
@@ -138,7 +139,7 @@ module Aspera
         raise 'options shall be Hash' unless options.is_a?(Hash)
         unsupported = options.keys - %i[label]
         raise "unsupported options: #{unsupported}" unless unsupported.empty?
-        info = @keychain.password(:find,:generic,label: options[:label])
+        info = @keychain.password(:find, :generic, label: options[:label])
         raise 'not found' if info.nil?
         result = options.clone
         result[:secret] = info['password']

data/lib/aspera/log.rb

@@ -11,28 +11,27 @@ module Aspera
   # Singleton object for logging
   class Log
     include Singleton
+    # where logs are sent to
+    LOG_TYPES = %i[stderr stdout syslog].freeze
     # class methods
     class << self
       # levels are :debug,:info,:warn,:error,fatal,:unknown
-      def levels; Logger::Severity.constants.sort{|a,b|Logger::Severity.const_get(a) <=> Logger::Severity.const_get(b)}.map{|c|c.downcase.to_sym};end
-
-      # where logs are sent to
-      def logtypes; %i[stderr stdout syslog];end
+      def levels; Logger::Severity.constants.sort{|a, b|Logger::Severity.const_get(a) <=> Logger::Severity.const_get(b)}.map{|c|c.downcase.to_sym}; end
 
       # get the logger object of singleton
-      def log; instance.logger;end
+      def log; instance.logger; end
 
       # dump object in debug mode
       # @param name string or symbol
       # @param format either pp or json format
-      def dump(name,object,format=:json)
+      def dump(name, object, format=:json)
         log.debug do
           result =
             case format
             when :json
-              JSON.pretty_generate(object) rescue PP.pp(object,+'')
+              JSON.pretty_generate(object) rescue PP.pp(object, +'')
             when :ruby
-              PP.pp(object,+'')
+              PP.pp(object, +'')
             else
               raise 'wrong parameter, expect pp or json'
             end
@@ -68,12 +67,13 @@ module Aspera
     end
 
     # change underlying logger, but keep log level
-    def logger_type=(new_logtype)
+    def logger_type=(new_log_type)
       current_severity_integer = @logger.level unless @logger.nil?
-      current_severity_integer = ENV['AS_LOG_LEVEL'] if current_severity_integer.nil? && ENV.has_key?('AS_LOG_LEVEL')
+      current_severity_integer = ENV['AS_LOG_LEVEL'] if current_severity_integer.nil? && ENV.key?('AS_LOG_LEVEL')
       current_severity_integer = Logger::Severity::WARN if current_severity_integer.nil?
-      case new_logtype
+      case new_log_type
       when :stderr
+        # typed: Logger
         @logger = Logger.new($stderr)
       when :stdout
         @logger = Logger.new($stdout)
@@ -81,10 +81,10 @@ module Aspera
         require 'syslog/logger'
         @logger = Syslog::Logger.new(@program_name, Syslog::LOG_LOCAL2)
       else
-        raise "unknown log type: #{new_logtype.class} #{new_logtype}"
+        raise "unknown log type: #{new_log_type.class} #{new_log_type}"
       end
       @logger.level = current_severity_integer
-      @logger_type = new_logtype
+      @logger_type = new_log_type
       # update formatter with password hiding
       @logger.formatter = SecretHider.log_formatter(@logger.formatter)
     end

data/lib/aspera/nagios.rb

@@ -10,32 +10,32 @@ module Aspera
     # date offset levels
     DATE_WARN_OFFSET = 2
     DATE_CRIT_OFFSET = 5
-    private_constant :LEVELS,:ADD_PREFIX,:DATE_WARN_OFFSET,:DATE_CRIT_OFFSET
+    private_constant :LEVELS, :ADD_PREFIX, :DATE_WARN_OFFSET, :DATE_CRIT_OFFSET
 
     # add methods to add nagios error levels, each take component name and message
     LEVELS.each_index do |code|
       name = "#{ADD_PREFIX}#{LEVELS[code]}".to_sym
-      define_method(name){|comp,msg|@data.push({code: code,comp: comp,msg: msg})}
+      define_method(name){|comp, msg|@data.push({code: code, comp: comp, msg: msg})}
     end
 
     class << self
       # process results of a analysis and display status and exit with code
       def process(data)
         raise 'INTERNAL ERROR, result must be list and not empty' unless data.is_a?(Array) && !data.empty?
-        %w[status component message].each{|c|raise "INTERNAL ERROR, result must have #{c}" unless data.first.has_key?(c)}
+        %w[status component message].each{|c|raise "INTERNAL ERROR, result must have #{c}" unless data.first.key?(c)}
         res_errors = data.reject{|s|s['status'].eql?('ok')}
         # keep only errors in case of problem, other ok are assumed so
         data = res_errors unless res_errors.empty?
         # first is most critical
-        data.sort!{|a,b|LEVELS.index(a['status'].to_sym) <=> LEVELS.index(b['status'].to_sym)}
+        data.sort!{|a, b|LEVELS.index(a['status'].to_sym) <=> LEVELS.index(b['status'].to_sym)}
         # build message: if multiple components: concatenate
-        #message = data.map{|i|"#{i['component']}:#{i['message']}"}.join(', ').gsub("\n",' ')
-        message = data.
-          map{|i|i['component']}.
-          uniq.
-          map{|comp|comp + ':' + data.select{|d|d['component'].eql?(comp)}.map{|d|d['message']}.join(',')}.
-          join(', ').
-          tr("\n",' ')
+        # message = data.map{|i|"#{i['component']}:#{i['message']}"}.join(', ').gsub("\n",' ')
+        message = data
+          .map{|i|i['component']}
+          .uniq
+          .map{|comp|comp + ':' + data.select{|d|d['component'].eql?(comp)}.map{|d|d['message']}.join(',')}
+          .join(', ')
+          .tr("\n", ' ')
         status = data.first['status'].upcase
         # display status for nagios
         puts("#{status} - [#{message}]\n")
@@ -45,36 +45,37 @@ module Aspera
     end
 
     attr_reader :data
+
     def initialize
       @data = []
     end
 
-    # comparte remote time with local time
+    # compare remote time with local time
     def check_time_offset(remote_date, component)
       # check date if specified : 2015-10-13T07:32:01Z
-      rtime = DateTime.strptime(remote_date)
-      diff_time = (rtime - DateTime.now).abs
-      diff_disp = diff_time.round(-2)
-      Log.log.debug("DATE: #{remote_date} #{rtime} diff=#{diff_disp}")
-      msg = "offset #{diff_disp} sec"
+      remote_time = DateTime.strptime(remote_date)
+      diff_time = (remote_time - DateTime.now).abs
+      diff_rounded = diff_time.round(-2)
+      Log.log.debug{"DATE: #{remote_date} #{remote_time} diff=#{diff_rounded}"}
+      msg = "offset #{diff_rounded} sec"
       if diff_time >= DATE_CRIT_OFFSET
-        add_critical(component,msg)
+        add_critical(component, msg)
       elsif diff_time >= DATE_WARN_OFFSET
-        add_warning(component,msg)
+        add_warning(component, msg)
       else
-        add_ok(component,msg)
+        add_ok(component, msg)
       end
     end
 
     def check_product_version(component, _product, version)
-      add_ok(component,"version #{version}")
-      # TODO check on database if latest version
+      add_ok(component, "version #{version}")
+      # TODO: check on database if latest version
     end
 
     # translate for display
     def result
       raise 'missing result' if @data.empty?
-      {type: :object_list,data: @data.map{|i|{'status' => LEVELS[i[:code]].to_s,'component' => i[:comp],'message' => i[:msg]}}}
+      {type: :object_list, data: @data.map{|i|{'status' => LEVELS[i[:code]].to_s, 'component' => i[:comp], 'message' => i[:msg]}}}
     end
   end
 end

data/lib/aspera/node.rb

@@ -9,27 +9,28 @@ require 'zlib'
 require 'base64'
 
 module Aspera
-  # Provides additional functions using node API.
-  class Node < Rest
+  # Provides additional functions using node API with gen4 extensions (access keys)
+  class Node < Aspera::Rest
     # permissions
     ACCESS_LEVELS = %w[delete list mkdir preview read rename write].freeze
     # prefix for ruby code for filter
     MATCH_EXEC_PREFIX = 'exec:'
+    HEADER_X_ASPERA_ACCESS_KEY = 'X-Aspera-AccessKey'
+    PATH_SEPARATOR = '/'
 
     # register node special token decoder
     Oauth.register_decoder(lambda{|token|JSON.parse(Zlib::Inflate.inflate(Base64.decode64(token)).partition('==SIGNATURE==').first)})
 
+    # class instance variable, access with accessors on class
+    @use_standard_ports = true
+
     class << self
-      def set_ak_basic_token(ts,ak,secret)
-        Log.log.warn("Expected transfer user: #{Fasp::TransferSpec::ACCESS_KEY_TRANSFER_USER}, "\
-          "but have #{ts['remote_user']}") unless ts['remote_user'].eql?(Fasp::TransferSpec::ACCESS_KEY_TRANSFER_USER)
-        ts['token'] = Rest.basic_creds(ak,secret)
-      end
+      attr_accessor :use_standard_ports
 
       # for access keys: provide expression to match entry in folder
       # if no prefix: regex
       # if prefix: ruby code
-      # if filder is nil, then always match
+      # if expression is nil, then always match
       def file_matcher(match_expression)
         match_expression ||= "#{MATCH_EXEC_PREFIX}true"
         if match_expression.start_with?(MATCH_EXEC_PREFIX)
@@ -39,49 +40,227 @@ module Aspera
       end
     end
 
-    #    def initialize(rest_params)
-    #      super(rest_params)
-    #    end
-
-    # recursively crawl in a folder.
-    # subfolders a processed if the processing method returns true
-    # @param processor must provide a method to process each entry
-    # @param opt options
-    # - top_file_id file id to start at (default = access key root file id)
-    # - top_file_path path of top folder (default = /)
-    # - method processing method (default= process_entry)
-    def crawl(processor,opt={})
-      Log.log.debug("crawl1 #{opt}")
-      # not possible with bearer token
-      opt[:top_file_id] ||= read('access_keys/self')[:data]['root_file_id']
-      opt[:top_file_path] ||= '/'
-      opt[:method] ||= :process_entry
-      raise "processor must have #{opt[:method]}" unless processor.respond_to?(opt[:method])
-      Log.log.debug("crawl #{opt}")
-      #top_info=read("files/#{opt[:top_file_id]}")[:data]
-      folders_to_explore = [{id: opt[:top_file_id], relpath: opt[:top_file_path]}]
-      Log.dump(:folders_to_explore,folders_to_explore)
-      while !folders_to_explore.empty?
+    REQUIRED_APP_INFO_FIELDS = %i[node_info app api workspace_info].freeze
+    REQUIRED_APP_API_METHODS = %i[node_api_from add_ts_tags].freeze
+    private_constant :REQUIRED_APP_INFO_FIELDS, :REQUIRED_APP_API_METHODS
+
+    attr_reader :app_info
+
+    # @param params [Hash] Rest parameters
+    # @param app_info [Hash,NilClass] special processing for AoC
+    def initialize(params:, app_info: nil, add_tspec: nil)
+      super(params)
+      @app_info = app_info
+      # this is added to transfer spec, for instance to add tags (COS)
+      @add_tspec = add_tspec
+      if !@app_info.nil?
+        REQUIRED_APP_INFO_FIELDS.each do |field|
+          raise "INTERNAL ERROR: app_info lacks field #{field}" unless @app_info.key?(field)
+        end
+        REQUIRED_APP_API_METHODS.each do |method|
+          raise "INTERNAL ERROR: #{@app_info[:api].class} lacks method #{method}" unless @app_info[:api].respond_to?(method)
+        end
+      end
+    end
+
+    # update transfer spec with special additional tags
+    def add_tspec_info(tspec)
+      tspec.deep_merge!(@add_tspec) unless @add_tspec.nil?
+      return tspec
+    end
+
+    # @returns [Aspera::Node] a Node or nil
+    def node_id_to_node(node_id)
+      return self if !@app_info.nil? && @app_info[:node_info]['id'].eql?(node_id)
+      return @app_info[:api].node_api_from(node_id: node_id, workspace_info: @app_info[workspace_info]) unless @app_info.nil?
+      Log.log.warn{"cannot resolve link with node id #{node_id}"}
+      return nil
+    end
+
+    # recursively browse in a folder (with non-recursive method)
+    # sub folders are processed if the processing method returns true
+    # @param state [Object] state object sent to processing method
+    # @param method [Symbol] processing method name
+    # @param top_file_id [String] file id to start at (default = access key root file id)
+    # @param top_file_path [String] path of top folder (default = /)
+    def process_folder_tree(state:, method:, top_file_id:, top_file_path: '/')
+      raise 'INTERNAL ERROR: top_file_path not set' if top_file_path.nil?
+      raise "INTERNAL ERROR: Missing method #{method}" unless respond_to?(method)
+      folders_to_explore = [{id: top_file_id, path: top_file_path}]
+      Log.dump(:folders_to_explore, folders_to_explore)
+      until folders_to_explore.empty?
         current_item = folders_to_explore.shift
-        Log.log.debug("searching #{current_item[:relpath]}".bg_green)
+        Log.log.debug{"searching #{current_item[:path]}".bg_green}
         # get folder content
         folder_contents =
           begin
             read("files/#{current_item[:id]}/files")[:data]
           rescue StandardError => e
-            Log.log.warn("#{current_item[:relpath]}: #{e.class} #{e.message}")
+            Log.log.warn{"#{current_item[:path]}: #{e.class} #{e.message}"}
             []
           end
-        Log.dump(:folder_contents,folder_contents)
+        Log.dump(:folder_contents, folder_contents)
         folder_contents.each do |entry|
-          relative_path = File.join(current_item[:relpath],entry['name'])
-          Log.log.debug("looking #{relative_path}".bg_green)
+          relative_path = File.join(current_item[:path], entry['name'])
+          Log.log.debug{"looking #{relative_path}".bg_green}
+          # continue only if method returns true
+          next unless send(method, entry, relative_path, state)
           # entry type is file, folder or link
-          if processor.send(opt[:method],entry,relative_path) && entry['type'].eql?('folder')
-            folders_to_explore.push({id: entry['id'],relpath: relative_path})
+          case entry['type']
+          when 'folder'
+            folders_to_explore.push({id: entry['id'], path: relative_path})
+          when 'link'
+            node_id_to_node(entry['target_node_id'])&.process_folder_tree(
+              state:         state,
+              method:        method,
+              top_file_id:   entry['target_id'],
+              top_file_path: relative_path)
           end
         end
       end
+    end # process_folder_tree
+
+    # processing method to resolve a file path to id
+    # @returns true if processing need to continue
+    def process_resolve_node_path(entry, _path, state)
+      # stop digging here if not in right path
+      return false unless entry['name'].eql?(state[:path].first)
+      # ok it matches, so we remove the match
+      state[:path].shift
+      case entry['type']
+      when 'file'
+        # file must be terminal
+        raise "#{entry['name']} is a file, expecting folder to find: #{state[:path]}" unless state[:path].empty?
+        # it's terminal, we found it
+        state[:result] = {api: self, file_id: entry['id']}
+        return false
+      when 'folder'
+        if state[:path].empty?
+          # we found it
+          state[:result] = {api: self, file_id: entry['id']}
+          return false
+        end
+      when 'link'
+        if state[:path].empty?
+          # we found it
+          other_node = node_id_to_node(entry['target_node_id'])
+          raise 'cannot resolve link' if other_node.nil?
+          state[:result] = {api: other_node, file_id: entry['target_id']}
+          return false
+        end
+      else
+        Log.log.warn{"Unknown element type: #{entry['type']}"}
+      end
+      # continue to dig folder
+      return true
+    end
+
+    # Navigate the path from given file id
+    # @param top_file_id [String] id initial file id
+    # @param path [String]  file path
+    # @return [Hash] {.api,.file_id}
+    def resolve_api_fid(top_file_id, path)
+      raise 'file id shall be String' unless top_file_id.is_a?(String)
+      path_elements = path.split(PATH_SEPARATOR).reject(&:empty?)
+      return {api: self, file_id: top_file_id} if path_elements.empty?
+      resolve_state = {path: path_elements, result: nil}
+      process_folder_tree(state: resolve_state, method: :process_resolve_node_path, top_file_id: top_file_id)
+      raise "entry not found: #{resolve_state[:path]}" if resolve_state[:result].nil?
+      return resolve_state[:result]
+    end
+
+    # add entry to list if test block is success
+    # @return [TrueClass,FalseClass]
+    def process_find_files(entry, path, state)
+      begin
+        # add to result if match filter
+        state[:found].push(entry.merge({'path' => path})) if state[:test_block].call(entry)
+        # process link
+        if entry[:type].eql?('link')
+          other_node = node_id_to_node(entry['target_node_id'])
+          other_node.process_folder_tree(state: state, method: process_find_files, top_file_id: entry['target_id'], top_file_path: path)
+        end
+      rescue StandardError => e
+        Log.log.error{"#{path}: #{e.message}"}
+      end
+      # process all folders
+      return true
+    end
+
+    def find_files(top_file_id, test_block)
+      Log.log.debug{"find_files: file id=#{top_file_id}"}
+      find_state = {found: [], test_block: test_block}
+      process_folder_tree(state: find_state, method: :process_find_files, top_file_id: top_file_id)
+      return find_state[:found]
+    end
+
+    def refreshed_transfer_token
+      return oauth_token(force_refresh: true)
+    end
+
+    # Create transfer spec for gen4
+    def transfer_spec_gen4(file_id, direction, ts_merge=nil)
+      ak_name = nil
+      ak_token = nil
+      case params[:auth][:type]
+      when :basic
+        ak_name = params[:auth][:username]
+      when :oauth2
+        ak_name = params[:headers][HEADER_X_ASPERA_ACCESS_KEY]
+        # TODO: token_generation_lambda = lambda{|do_refresh|oauth_token(force_refresh: do_refresh)}
+        # get bearer token, possibly use cache
+        ak_token = oauth_token(force_refresh: false)
+      else raise "Unsupported auth method for node gen4: #{params[:auth][:type]}"
+      end
+      transfer_spec = {
+        'direction' => direction,
+        'token'     => ak_token,
+        'tags'      => {
+          'aspera' => {
+            'node' => {
+              'access_key' => ak_name,
+              'file_id'    => file_id
+            } # node
+          } # aspera
+        } # tags
+      }
+      # add specials tags (cos)
+      add_tspec_info(transfer_spec)
+      transfer_spec.deep_merge!(ts_merge) unless ts_merge.nil?
+      # add application specific tags (AoC)
+      the_app = app_info
+      the_app[:api].add_ts_tags(transfer_spec: transfer_spec, app_info: the_app) unless the_app.nil?
+      # add basic token
+      if transfer_spec['token'].nil?
+        ts_basic_token(transfer_spec)
+      end
+      # add remote host info
+      if self.class.use_standard_ports
+        # get default TCP/UDP ports and transfer user
+        transfer_spec.merge!(Fasp::TransferSpec::AK_TSPEC_BASE)
+        # by default: same address as node API
+        transfer_spec['remote_host'] = URI.parse(params[:base_url]).host
+        if !@app_info.nil? && !@app_info[:node_info]['transfer_url'].nil? && !@app_info[:node_info]['transfer_url'].empty?
+          transfer_spec['remote_host'] = @app_info[:node_info]['transfer_url']
+        end
+      else
+        # retrieve values from API
+        std_t_spec = create(
+          'files/download_setup',
+          {transfer_requests: [{ transfer_request: {paths: [{'source' => '/'}] } }] }
+        )[:data]['transfer_specs'].first['transfer_spec']
+        # copy some parts
+        %w[remote_host remote_user ssh_port fasp_port wss_enabled wss_port].each {|i| transfer_spec[i] = std_t_spec[i] if std_t_spec.key?(i)}
+      end
+      return transfer_spec
+    end
+
+    # set basic token in transfer spec
+    def ts_basic_token(ts)
+      Log.log.warn{"Expected transfer user: #{Fasp::TransferSpec::ACCESS_KEY_TRANSFER_USER}, but have #{ts['remote_user']}"} \
+        unless ts['remote_user'].eql?(Fasp::TransferSpec::ACCESS_KEY_TRANSFER_USER)
+      raise 'ERROR: no secret in node object' unless params[:auth][:password]
+      ts['token'] = Rest.basic_creds(params[:auth][:username], params[:auth][:password])
     end
   end
 end