aspera-cli 4.11.0 → 4.12.0

data/lib/aspera/fasp/resume_policy.rb

@@ -32,12 +32,12 @@ module Aspera
       # calls block a number of times (resumes) until success or limit reached
       # this is re-entrant, one resumer can handle multiple transfers in //
       def execute_with_resume
-        raise 'block manndatory' unless block_given?
+        raise 'block mandatory' unless block_given?
         # maximum of retry
         remaining_resumes = @parameters[:iter_max]
         sleep_seconds = @parameters[:sleep_initial]
         Log.log.debug{"retries=#{remaining_resumes}"}
-        # try to send the file until ascp is succesful
+        # try to send the file until ascp is successful
         loop do
           Log.log.debug('transfer starting')
           begin

data/lib/aspera/fasp/transfer_spec.rb

@@ -23,19 +23,6 @@ module Aspera
         end
       end
       class << self
-        def ascp_opts_to_ts(tspec, opts)
-          return if opts.nil?
-          raise 'ascp options must be an Array' unless opts.is_a?(Array)
-          raise 'transfer spec must be a Hash' unless tspec.is_a?(Hash)
-          raise 'ascp options must be an Array or Strings' if opts.any?{|o|!o.is_a?(String)}
-          tspec['EX_ascp_args'] ||= []
-          raise 'EX_ascp_args must be an Array' unless tspec['EX_ascp_args'].is_a?(Array)
-          # TODO: translate command line args into transfer spec
-          # non translatable args are left in special ts parameter
-          tspec['EX_ascp_args'] = tspec['EX_ascp_args'].concat(opts)
-          return tspec
-        end
-
         def action_to_direction(tspec, command)
           raise 'transfer spec must be a Hash' unless tspec.is_a?(Hash)
           tspec['direction'] = case command.to_sym

data/lib/aspera/faspex_gw.rb

@@ -1,176 +1,95 @@
 # frozen_string_literal: true
 
+require 'aspera/web_server_simple'
 require 'aspera/log'
-require 'aspera/aoc'
-require 'aspera/fasp/transfer_spec'
-require 'aspera/cli/main'
-require 'webrick'
-require 'webrick/https'
-require 'securerandom'
-require 'openssl'
 require 'json'
 
 module Aspera
   # this class answers the Faspex /send API and creates a package on Aspera on Cloud
-  class FaspexGW
-    class FxGwServlet < WEBrick::HTTPServlet::AbstractServlet
-      def initialize(_server, a_aoc_api_user, a_workspace_id)
-        super
-        @aoc_api_user = a_aoc_api_user
-        @aoc_workspace_id = a_workspace_id
-      end
-
-      # parameters from user to Faspex API call
-      # {"delivery":{"use_encryption_at_rest":false,"note":"note","sources":[{"paths":["file1"]}],"title":"my title","recipients":["email1"],"send_upload_result":true}}
-      #    {
-      #      "delivery"=>{
-      #      "use_encryption_at_rest"=>false,
-      #      "note"=>"note",
-      #      "sources"=>[{"paths"=>["file1"]}],
-      #      "title"=>"my title",
-      #      "recipients"=>["email1"],
-      #      "send_upload_result"=>true
-      #      }
-      #    }
-      def process_faspex_send(request, response)
-        raise 'no payload' if request.body.nil?
-
-        faspex_pkg_parameters = JSON.parse(request.body)
-        faspex_pkg_delivery = faspex_pkg_parameters['delivery']
-        Log.log.debug{"faspex pkg create parameters=#{faspex_pkg_parameters}"}
-
-        # get recipient ids
-        files_pkg_recipients = []
-        faspex_pkg_delivery['recipients'].each do |recipient_email|
-          user_lookup = @aoc_api_user.read(
-            'contacts',
-            { 'current_workspace_id' => @aoc_workspace_id, 'q' => recipient_email })[:data]
-          raise StandardError,
-            "no such unique user: #{recipient_email} / #{user_lookup}" unless !user_lookup.nil? && user_lookup.length.eql?(1)
-
-          recipient_user_info = user_lookup.first
-          files_pkg_recipients.push({
-            'id'   => recipient_user_info['source_id'],
-            'type' => recipient_user_info['source_type']
-          })
-        end
-
-        #  create a new package with one file
-        the_package = @aoc_api_user.create('packages', {
-          'file_names'   => faspex_pkg_delivery['sources'][0]['paths'],
-          'name'         => faspex_pkg_delivery['title'],
-          'note'         => faspex_pkg_delivery['note'],
-          'recipients'   => files_pkg_recipients,
-          'workspace_id' => @aoc_workspace_id
-        })[:data]
-
-        #  get node information for the node on which package must be created
-        node_info = @aoc_api_user.read("nodes/#{the_package['node_id']}")[:data]
-
-        #  get transfer token (for node)
-        node_auth_bearer_token = @aoc_api_user.oauth_token(scope: AoC.node_scope(
-          node_info['access_key'],
-          AoC::SCOPE_NODE_USER))
-
-        # tell Files what to expect in package: 1 transfer (can also be done after transfer)
-        @aoc_api_user.update("packages/#{the_package['id']}", { 'sent' => true, 'transfers_expected' => 1 })
-
-        # to return an error:
-        # response.status=400
-        # return 'ERROR HERE'
-
-        # TODO: check about xfer_*
-        ts_tags = {
-          'aspera' => {
-            'files'      => { 'package_id' => the_package['id'], 'package_operation' => 'upload' },
-            'node'       => { 'access_key' => node_info['access_key'], 'file_id' => the_package['contents_file_id'] },
-            'xfer_id'    => SecureRandom.uuid,
-            'xfer_retry' => 3600
-          }
-        }
-        # this transfer spec is for transfer to AoC
-        faspex_transfer_spec = {
-          'direction'              => 'send',
-          'remote_host'            => node_info['host'],
-          'remote_user'            => Fasp::TransferSpec::ACCESS_KEY_TRANSFER_USER,
-          'ssh_port'               => Fasp::TransferSpec::SSH_PORT,
-          'fasp_port'              => Fasp::TransferSpec::UDP_PORT,
-          'tags'                   => ts_tags,
-          'token'                  => node_auth_bearer_token,
-          'paths'                  => [{ 'destination' => '/' }],
-          'cookie'                 => 'unused',
-          'create_dir'             => true,
-          'rate_policy'            => 'fair',
-          'rate_policy_allowed'    => 'fixed',
-          'min_rate_cap_kbps'      => nil,
-          'min_rate_kbps'          => 0,
-          'target_rate_percentage' => nil,
-          'lock_target_rate'       => nil,
-          'fasp_url'               => 'unused',
-          'lock_min_rate'          => true,
-          'lock_rate_policy'       => true,
-          'source_root'            => '',
-          'content_protection'     => nil,
-          'target_rate_cap_kbps'   => 20_000, # TODO: is this value useful ?
-          'target_rate_kbps'       => 10_000, # TODO: get from where?
-          'cipher'                 => 'aes-128',
-          'cipher_allowed'         => nil,
-          'http_fallback'          => false,
-          'http_fallback_port'     => nil,
-          'https_fallback_port'    => nil,
-          'destination_root'       => '/'
-        }
-        # but we place it in a Faspex package creation response
-        faspex_package_create_result = {
-          'links'         => { 'status' => 'unused' },
-          'xfer_sessions' => [faspex_transfer_spec]
-        }
-        Log.log.info{"faspex_package_create_result=#{faspex_package_create_result}"}
-        response.status = 200
-        response.content_type = 'application/json'
-        response.body = JSON.generate(faspex_package_create_result)
-      end
-
-      def do_GET(request, response)
-        case request.path
-        when '/aspera/faspex/send'
-          process_faspex_send(request, response)
-        else
-          response.status = 400
-          'ERROR HERE'
-        end
-      end
-    end # FxGwServlet
+  class Faspex4GWServlet < WEBrick::HTTPServlet::AbstractServlet
+    # @param app_api [Aspera::AoC]
+    # @param app_context [String]
+    def initialize(server, app_api, app_context)
+      super(server)
+      # typed: Aspera::AoC
+      @app_api = app_api
+      @app_context = app_context
+    end
 
-    class NewUserServlet < WEBrick::HTTPServlet::AbstractServlet
-      def do_GET(request, response)
-        case request.path
-        when '/newuser'
-          response.status = 200
-          response.content_type = 'text/html'
-          response.body = '<html><body>hello world</body></html>'
-        else
-          raise "unsupported path: [#{request.path}]"
-        end
-      end
+    # Map Faspex 4 /send API to AoC package create
+    # parameters from user to Faspex API call
+    # https://developer.ibm.com/apis/catalog/aspera--aspera-faspex-client-sdk/Sending%20Packages%20(API%20v.3)
+    def faspex4_send_to_aoc(faspex_pkg_parameters)
+      faspex_pkg_delivery = faspex_pkg_parameters['delivery']
+      package_data = {
+        # 'file_names'   => faspex_pkg_delivery['sources'][0]['paths'],
+        'name'         => faspex_pkg_delivery['title'],
+        'note'         => faspex_pkg_delivery['note'],
+        'recipients'   => faspex_pkg_delivery['recipients'],
+        'workspace_id' => @app_context
+      }
+      created_package = @app_api.create_package_simple(package_data, true, @new_user_option)
+      # but we place it in a Faspex package creation response
+      return {
+        'links'         => { 'status' => 'unused' },
+        'xfer_sessions' => [created_package[:spec]]
+      }
     end
 
-    def initialize(a_aoc_api_user, a_workspace_id)
-      webrick_options = {
-        Port:        9443,
-        Logger:      Log.log,
-        SSLEnable:   true,
-        SSLCertName: [['CN', WEBrick::Utils.getservername]]
+    def faspex4_send_to_faspex5(faspex_pkg_parameters)
+      faspex_pkg_delivery = faspex_pkg_parameters['delivery']
+      package_data = {
+        'title'      => faspex_pkg_delivery['title'],
+        'note'       => faspex_pkg_delivery['note'],
+        'recipients' => faspex_pkg_delivery['recipients'].map{|name|{'name'=>name}}
+      }
+      package = @app_api.create('packages', package_data)[:data]
+      # TODO: option to send from remote source or httpgw
+      transfer_spec = @app_api.call(
+        operation:   'POST',
+        subpath:     "packages/#{package['id']}/transfer_spec/upload",
+        headers:     {'Accept' => 'application/json'},
+        url_params:  {transfer_type: Aspera::Cli::Plugins::Faspex5::TRANSFER_CONNECT},
+        json_params: {paths: [{'destination'=>'/'}]}
+      )[:data]
+      transfer_spec.delete('authentication')
+      # but we place it in a Faspex package creation response
+      return {
+        'links'         => { 'status' => 'unused' },
+        'xfer_sessions' => [transfer_spec]
       }
-      Log.log.info{"Server started on port #{webrick_options[:Port]}"}
-      @server = WEBrick::HTTPServer.new(webrick_options)
-      @server.mount('/aspera/faspex', FxGwServlet, a_aoc_api_user, a_workspace_id)
-      @server.mount('/newuser', NewUserServlet)
-      trap('INT') { @server.shutdown }
     end
 
-    def start_server
-      @server.start
+    def do_POST(request, response)
+      case request.path
+      when '/aspera/faspex/send'
+        begin
+          raise 'no payload' if request.body.nil?
+          faspex_pkg_parameters = JSON.parse(request.body)
+          Log.log.debug{"faspex pkg create parameters=#{faspex_pkg_parameters}"}
+          faspex_package_create_result =
+            if @app_api.is_a?(Aspera::AoC)
+              faspex4_send_to_aoc(faspex_pkg_parameters)
+            elsif @app_api.is_a?(Aspera::Rest)
+              faspex4_send_to_faspex5(faspex_pkg_parameters)
+            else
+              raise "No such adapter: #{@app_api.class}"
+            end
+          Log.log.info{"faspex_package_create_result=#{faspex_package_create_result}"}
+          response.status = 200
+          response.content_type = 'application/json'
+          response.body = JSON.generate(faspex_package_create_result)
+        rescue => e
+          response.status = 500
+          response['Content-Type'] = 'application/json'
+          response.body = {error: e.message}.to_json
+          Log.log.error(e.message)
+        end
+      else
+        response.status = 400
+        response['Content-Type'] = 'application/json'
+        response.body = {error: 'Bad request'}.to_json
+      end
     end
-  end # FaspexGW
+  end # Faspex4GWServlet
 end # AsperaLm

data/lib/aspera/faspex_postproc.rb

@@ -0,0 +1,77 @@
+# frozen_string_literal: true
+
+require 'English'
+require 'aspera/web_server_simple'
+require 'aspera/log'
+require 'json'
+require 'timeout'
+
+module Aspera
+  # this class answers the Faspex /send API and creates a package on Aspera on Cloud
+  class Faspex4PostProcServlet < WEBrick::HTTPServlet::AbstractServlet
+    ALLOWED_PARAMETERS = %i[root script_folder fail_on_error timeout_seconds].freeze
+    def initialize(server, parameters)
+      raise 'parameters must be Hash' unless parameters.is_a?(Hash)
+      @parameters = parameters.symbolize_keys
+      Log.dump(:postproc_parameters, @parameters)
+      raise "unexpected key in parameters config: only: #{ALLOWED_PARAMETERS.join(', ')}" if @parameters.keys.any?{|k|!ALLOWED_PARAMETERS.include?(k)}
+      @parameters[:script_folder] ||= '.'
+      @parameters[:fail_on_error] ||= false
+      @parameters[:timeout_seconds] ||= 60
+      super(server)
+      Log.log.debug{"Faspex4PostProcServlet initialized"}
+    end
+
+    def do_POST(request, response)
+      Log.log.debug{"request=#{request.path}"}
+      begin
+        # only accept requests on the root
+        if !request.path.start_with?(@parameters[:root])
+          response.status = 400
+          response['Content-Type'] = 'application/json'
+          response.body = {status: 'error', message: 'Request outside domain'}.to_json
+          return
+        end
+        if request.body.nil?
+          response.status = 400
+          response['Content-Type'] = 'application/json'
+          response.body = {status: 'error', message: 'Empty request'}.to_json
+          return
+        end
+        # build script path by removing domain, and adding script folder
+        script_file = request.path[@parameters[:root].size .. ]
+        Log.log.debug{"script file=#{script_file}"}
+        script_path = File.join(@parameters[:script_folder], script_file)
+        Log.log.debug{"script=#{script_path}"}
+        webhook_parameters = JSON.parse(request.body)
+        Log.dump(:webhook_parameters, webhook_parameters)
+        # env expects only strings
+        environment = webhook_parameters.each_with_object({}) { |(k, v), h| h[k] = v.to_s }
+        post_proc_pid = Process.spawn(environment, [script_path, script_path])
+        Log.log.debug{"pid=#{post_proc_pid}"}
+        raise 'no pid' if post_proc_pid.nil?
+        # "wait" for process to avoid zombie
+        Timeout.timeout(@parameters[:timeout_seconds]) do
+          Process.wait(post_proc_pid)
+          post_proc_pid = nil
+        end
+        process_status = $CHILD_STATUS
+        raise "script #{script_path} failed with code #{process_status.exitstatus}" if !process_status.success? && @parameters[:fail_on_error]
+        response.status = 200
+        response.content_type = 'application/json'
+        response.body = JSON.generate({status: 'success', script: script_path, exit_code: process_status.exitstatus})
+        Log.log.debug{'Script executed successfully'}
+      rescue => e
+        Log.log.error("Script failed: #{e.class}:#{e.message}")
+        if !post_proc_pid.nil?
+          Process.kill('SIGKILL', post_proc_pid)
+          Process.wait(post_proc_pid)
+          Log.log.error("Killed process: #{post_proc_pid}")
+        end
+        response.status = 500
+        response['Content-Type'] = 'application/json'
+        response.body = {status: 'error', script: script_path, message: e.message}.to_json
+      end
+    end
+  end # Faspex4PostProcServlet
+end # AsperaLm

data/lib/aspera/log.rb

@@ -11,14 +11,13 @@ module Aspera
   # Singleton object for logging
   class Log
     include Singleton
+    # where logs are sent to
+    LOG_TYPES = %i[stderr stdout syslog].freeze
     # class methods
     class << self
       # levels are :debug,:info,:warn,:error,fatal,:unknown
       def levels; Logger::Severity.constants.sort{|a, b|Logger::Severity.const_get(a) <=> Logger::Severity.const_get(b)}.map{|c|c.downcase.to_sym}; end
 
-      # where logs are sent to
-      def logtypes; %i[stderr stdout syslog]; end
-
       # get the logger object of singleton
       def log; instance.logger; end
 
@@ -68,12 +67,13 @@ module Aspera
     end
 
     # change underlying logger, but keep log level
-    def logger_type=(new_logtype)
+    def logger_type=(new_log_type)
       current_severity_integer = @logger.level unless @logger.nil?
       current_severity_integer = ENV['AS_LOG_LEVEL'] if current_severity_integer.nil? && ENV.key?('AS_LOG_LEVEL')
       current_severity_integer = Logger::Severity::WARN if current_severity_integer.nil?
-      case new_logtype
+      case new_log_type
       when :stderr
+        # typed: Logger
         @logger = Logger.new($stderr)
       when :stdout
         @logger = Logger.new($stdout)
@@ -81,10 +81,10 @@ module Aspera
         require 'syslog/logger'
         @logger = Syslog::Logger.new(@program_name, Syslog::LOG_LOCAL2)
       else
-        raise "unknown log type: #{new_logtype.class} #{new_logtype}"
+        raise "unknown log type: #{new_log_type.class} #{new_log_type}"
       end
       @logger.level = current_severity_integer
-      @logger_type = new_logtype
+      @logger_type = new_log_type
       # update formatter with password hiding
       @logger.formatter = SecretHider.log_formatter(@logger.formatter)
     end

data/lib/aspera/nagios.rb

@@ -50,14 +50,14 @@ module Aspera
       @data = []
     end
 
-    # comparte remote time with local time
+    # compare remote time with local time
     def check_time_offset(remote_date, component)
       # check date if specified : 2015-10-13T07:32:01Z
-      rtime = DateTime.strptime(remote_date)
-      diff_time = (rtime - DateTime.now).abs
-      diff_disp = diff_time.round(-2)
-      Log.log.debug{"DATE: #{remote_date} #{rtime} diff=#{diff_disp}"}
-      msg = "offset #{diff_disp} sec"
+      remote_time = DateTime.strptime(remote_date)
+      diff_time = (remote_time - DateTime.now).abs
+      diff_rounded = diff_time.round(-2)
+      Log.log.debug{"DATE: #{remote_date} #{remote_time} diff=#{diff_rounded}"}
+      msg = "offset #{diff_rounded} sec"
       if diff_time >= DATE_CRIT_OFFSET
         add_critical(component, msg)
       elsif diff_time >= DATE_WARN_OFFSET

data/lib/aspera/node.rb

@@ -15,7 +15,7 @@ module Aspera
     ACCESS_LEVELS = %w[delete list mkdir preview read rename write].freeze
     # prefix for ruby code for filter
     MATCH_EXEC_PREFIX = 'exec:'
-    X_ASPERA_ACCESSKEY = 'X-Aspera-AccessKey'
+    HEADER_X_ASPERA_ACCESS_KEY = 'X-Aspera-AccessKey'
     PATH_SEPARATOR = '/'
 
     # register node special token decoder
@@ -30,7 +30,7 @@ module Aspera
       # for access keys: provide expression to match entry in folder
       # if no prefix: regex
       # if prefix: ruby code
-      # if filder is nil, then always match
+      # if expression is nil, then always match
       def file_matcher(match_expression)
         match_expression ||= "#{MATCH_EXEC_PREFIX}true"
         if match_expression.start_with?(MATCH_EXEC_PREFIX)
@@ -40,8 +40,8 @@ module Aspera
       end
     end
 
-    REQUIRED_APP_INFO_FIELDS = %i[node_info app api plugin].freeze
-    REQUIRED_APP_API_METHODS = %i[node_id_to_api add_ts_tags].freeze
+    REQUIRED_APP_INFO_FIELDS = %i[node_info app api workspace_info].freeze
+    REQUIRED_APP_API_METHODS = %i[node_api_from add_ts_tags].freeze
     private_constant :REQUIRED_APP_INFO_FIELDS, :REQUIRED_APP_API_METHODS
 
     attr_reader :app_info
@@ -72,13 +72,13 @@ module Aspera
     # @returns [Aspera::Node] a Node or nil
     def node_id_to_node(node_id)
       return self if !@app_info.nil? && @app_info[:node_info]['id'].eql?(node_id)
-      return @app_info[:api].node_id_to_api(node_id) unless @app_info.nil?
+      return @app_info[:api].node_api_from(node_id: node_id, workspace_info: @app_info[workspace_info]) unless @app_info.nil?
       Log.log.warn{"cannot resolve link with node id #{node_id}"}
       return nil
     end
 
     # recursively browse in a folder (with non-recursive method)
-    # subfolders a processed if the processing method returns true
+    # sub folders are processed if the processing method returns true
     # @param state [Object] state object sent to processing method
     # @param method [Symbol] processing method name
     # @param top_file_id [String] file id to start at (default = access key root file id)
@@ -86,29 +86,29 @@ module Aspera
     def process_folder_tree(state:, method:, top_file_id:, top_file_path: '/')
       raise 'INTERNAL ERROR: top_file_path not set' if top_file_path.nil?
       raise "INTERNAL ERROR: Missing method #{method}" unless respond_to?(method)
-      folders_to_explore = [{id: top_file_id, relpath: top_file_path}]
+      folders_to_explore = [{id: top_file_id, path: top_file_path}]
       Log.dump(:folders_to_explore, folders_to_explore)
       until folders_to_explore.empty?
         current_item = folders_to_explore.shift
-        Log.log.debug{"searching #{current_item[:relpath]}".bg_green}
+        Log.log.debug{"searching #{current_item[:path]}".bg_green}
         # get folder content
         folder_contents =
           begin
             read("files/#{current_item[:id]}/files")[:data]
           rescue StandardError => e
-            Log.log.warn{"#{current_item[:relpath]}: #{e.class} #{e.message}"}
+            Log.log.warn{"#{current_item[:path]}: #{e.class} #{e.message}"}
             []
           end
         Log.dump(:folder_contents, folder_contents)
         folder_contents.each do |entry|
-          relative_path = File.join(current_item[:relpath], entry['name'])
+          relative_path = File.join(current_item[:path], entry['name'])
           Log.log.debug{"looking #{relative_path}".bg_green}
           # continue only if method returns true
           next unless send(method, entry, relative_path, state)
           # entry type is file, folder or link
           case entry['type']
           when 'folder'
-            folders_to_explore.push({id: entry['id'], relpath: relative_path})
+            folders_to_explore.push({id: entry['id'], path: relative_path})
           when 'link'
             node_id_to_node(entry['target_node_id'])&.process_folder_tree(
               state:         state,
@@ -156,9 +156,9 @@ module Aspera
     end
 
     # Navigate the path from given file id
-    # @param id initial file id
-    # @param path file path
-    # @return {.api,.file_id}
+    # @param top_file_id [String] id initial file id
+    # @param path [String]  file path
+    # @return [Hash] {.api,.file_id}
     def resolve_api_fid(top_file_id, path)
       raise 'file id shall be String' unless top_file_id.is_a?(String)
       path_elements = path.split(PATH_SEPARATOR).reject(&:empty?)
@@ -170,6 +170,7 @@ module Aspera
     end
 
     # add entry to list if test block is success
+    # @return [TrueClass,FalseClass]
     def process_find_files(entry, path, state)
       begin
         # add to result if match filter
@@ -187,12 +188,16 @@ module Aspera
     end
 
     def find_files(top_file_id, test_block)
-      Log.log.debug{"find_files: fileid=#{top_file_id}"}
+      Log.log.debug{"find_files: file id=#{top_file_id}"}
       find_state = {found: [], test_block: test_block}
       process_folder_tree(state: find_state, method: :process_find_files, top_file_id: top_file_id)
       return find_state[:found]
     end
 
+    def refreshed_transfer_token
+      return oauth_token(force_refresh: true)
+    end
+
     # Create transfer spec for gen4
     def transfer_spec_gen4(file_id, direction, ts_merge=nil)
       ak_name = nil
@@ -201,10 +206,10 @@ module Aspera
       when :basic
         ak_name = params[:auth][:username]
       when :oauth2
-        ak_name = params[:headers][X_ASPERA_ACCESSKEY]
-        token_generation_lambda = lambda{|do_refresh|oauth_token(force_refresh: do_refresh)}
-        ak_token = token_generation_lambda.call(false) # first time, use cache
-        @app_info[:plugin].transfer.token_regenerator = token_generation_lambda unless @app_info.nil?
+        ak_name = params[:headers][HEADER_X_ASPERA_ACCESS_KEY]
+        # TODO: token_generation_lambda = lambda{|do_refresh|oauth_token(force_refresh: do_refresh)}
+        # get bearer token, possibly use cache
+        ak_token = oauth_token(force_refresh: false)
       else raise "Unsupported auth method for node gen4: #{params[:auth][:type]}"
       end
       transfer_spec = {